8 basic security topics to consider early on

Whenever I feel overwhelmed, I go back to the fundamentals. If you're unsure where to start, consider these 8 basic topics.

1. Understand legal & compliance requirements. Surround yourself with experts who can help you understand the nuances.
2. Have a business continuity plan. Consider how you plan to continue servicing your clients during a crisis.
3. Put in place core policies. Make it clear what the boundaries are and what you expect of team members. Take the time to understand how these rules will affect team dynamics.
4. Maintain an asset inventory and assign ownership. Distribute the management of system and data risk to their respective business owner accross the organization.
5. Reduce your attack surface. Consolidate tools, configure data lifecycle, deprecate old systems.
6. Control access between trust zones. Use simple role-based models, assign roles according to responsibilities and leverage native solutions.
7. Model the relevant threats. Consider your own mistakes, abuses of trust and third-party risk.
8. Rehearse your incident response plan. Make sure you have a reliable secondary communication channel, run your call tree and get clear on how to classify and react to incidents.