Security documentation
• Security documentation describes how a company addresses security issues
• Questions to be answered in writing on a local security policy:
- What properties require protection?
-What are threatening opportunities?
- What to do if you come to
Breaking security?
Protection of equipment
• Computer theft is the easiest way to steal data, so it must be physically protected
• Methods for physical protection
-Control access
-To use the keys
-Making the rooms
-Equipment with safety screws
• Protection also means:
-use using keyboards to identify with a cipher that keeps the user's data as well as access level
-Bensometric sensors that identify the physical characteristics of the user such as fingerprints or eye retina
Data Protection
• The value of computer equipment is often much lower than the value of the data they hold. There are several ways to protect this data:
-My people with password
- Data encryption
-Firewall defensive
-Saving data
- Smart security
-Siguria biometric
- File system security
Installing upgrades and patches
• Regular security improvements are essential so that attackers will not find open ways to break the security
• It should be well understood and carefully planned to install improvements and patches and find ways to be notified of the latest ones
Security Requirements
• An organization should strive to achieve the highest levels of security protection against loss of data or software and hardware damage
• A security policy involves a comprehensive approach to the required security level and how this will be achieved, including the answers to questions:
-It is the location of the home computer
Or company?
Is it a computer or a laptop?
Security policies
• A security policy is a set of rules, guidelines and checklists, such as:
- Identifying people who are allowed access to computer equipment
- Identification of devices allowed to be installed on the computer network as well as installation conditions
-Defining the requirements required for the retention of confidential computer network data
-Determine the employee process for accessing devices and data
-Definition of an acceptable attitude regarding the use of computer or equipment
• Security policy should provide detailed information on emergent issues eg.
- The steps to be taken after breaking the security
- Who should be contacted in emergency cases
- Information to be shared with clients, manufacturers and media
- Secondary allocation to be used in case of evacuation
- The steps to be taken after the emergency has been completed, including the priority of services to be returned
Hardware security
• Identification of hardware and equipment that can be used to prevent theft, vandalism and data loss
-To stop access, biometrics, walls and / or closed doors can be used
- To protect network infrastructure, telecoms rooms should be secured, detecting unauthorized use of the wireless network and / or installing hardware walls
-To protect individual computers, you should use cable keys, laptop keys for docking stations and / or enclosures
- To protect your data, you can use hard drive protectors
Security of applications
• Application security protects data
Operating system and software applications
- Software security holes
-Detection of System Interventions (IDS)
-Applications and patches in OS
- Anti-virus and anti-malware software
• A cost comparison between loss of data and costs for their protection needs to be made and then decide what is the acceptable level for their safety
Selection of security components
• Factors to consider when deciding on safety components- Advantages and disadvantages of components
-The industries and functions
- Requirements for raising
And their maintenance
- Budget constraints
-Real threats
Security components
• Determination of adequate equipment and equipment security techniques
• The most common techniques
-Fjalëkalimet
-Information and audit
-Enkodimihash
-Enkriptimisimetrik
-Enkriptimiasimetrik
-VPN
No comments