The UK Information Commissioner’s Office (ICO) has identified eight important areas of computer security that have frequently arisen during their investigations of data breaches.
The eight areas are:-
- Software updates
- SQL injection (65% of organisations have been breached by a SQL Injection attack)
- Unnecessary services
- Decommissioning of software or services
- Password storage
- Configuration of SSL and TLS
- Inappropriate locations for processing data
- Default credentials
The ICO has provided advice for all eight areas. The report can be found here.