Apple Security Security 101 for Mac administrators

Securing your device fleet can be an intimating, high-pressure endeavor. Aaron Kiemele, chief information security officer at Jamf, defines what security means for an organization and provides us with risk mitigation strategies.

September 27 2022 by

Hannah Bien

Security 101 for IT Admins

What is security?

Kiemele defines security as “protecting confidentiality, integrity and availability of data.” In order to do so, it’s necessary to understand your reasons for implementing device security measures; this could be the need to follow regulations, respond to a security breach or keep up best practices.

You also need to be familiar with the types of threats your organization faces. This could involve:

  • Cloud vulnerabilities: Cloud implementations can be daunting, but there are tools available to secure them.
  • Malware: Because of potential for wide-spread damage, malware prevention is critical.
  • Phishing: This is one of the most common attack vectors.
  • Social engineering: Sometimes it’s simpler to gain information by exploiting goodwill.

Security frameworks and compliance

It can be helpful to use established frameworks to manage your security risks. Kiemele dives into the NIST cybersecurity framework:

  • Identify: Take inventory of assets
  • Protect: Implement safeguards for your assets
  • Detect: Identify unauthorized actions
  • Respond: Contain and mitigate impact of security events
  • Recover: Restore full functionality following a security event

Compliance with regulations is critical not only for security and building trust with your customers but for preventing being hit with fines and lawsuits. There are a number of standards that can act as a starting point in your security approach. For example, if your company processes payments on a large scale, you need to ensure you are meeting PCI DSS. If you are a public company, you are responsible for upholding SOX compliance. Or if you carry healthcare information, you must follow HIPAA standards. Understanding what these regulations require and ensuring you meet those standards is an excellent starting point for securing your systems.

Risk mitigation strategies

It’s impossible to eliminate risk. Rather, you should aim to calculate risk scores proportional to the probability and impact of an attack. This, along with knowing the cost of mitigation vs. the value of the assets you are securing, allows you to prioritize how to protect your organization.

Kiemele goes into a number of risk mitigation strategies, including:

In particular, identity and access management involving MFA and device management software can provide a simple but effective part of your security solution at a lower cost.

Subscribe to the Jamf Blog

Have market trends, Apple updates and Jamf news delivered directly to your inbox.

To learn more about how we collect, use, disclose, transfer, and store your information, please visit our Privacy Policy.