Ethics Related to the Collection of Information

By | November 26, 2016
0 Comment
Ethics Related to the Collection of Information

Ethical considerations play a vital role in the design of information systems, particularly in relation to the Confidentiality, Integrity, Availability (CIA) security concept. This article explores various ethical issues that must be addressed in information system design and their relevance to the CIA security triad. It delves into concerns such as the beneficiaries of collected information, privacy and confidentiality of user data, accuracy of information, property and ownership rights, accessibility controls, the purpose of information usage, system availability, and categorization for maintaining integrity. Understanding and addressing these ethical aspects is crucial for ensuring the responsible and secure handling of information within organizations.

Computer Incident Response Teams & Incident Response Policy

By | November 25, 2016
0 Comment
Computer Incident Response Teams & Incident Response Policy

Computer Incident Response Teams (CIRTs or IRTs) play a crucial role in information security incident response. An effective Incident Response Policy is essential for guiding the team in handling incidents and ensuring a coordinated and efficient response. This policy should outline the steps, tasks, and procedures that need to be followed during incident response. It covers various aspects, including communication, escalation, incident tracking, reporting and documentation, investigation checklists, remediation checklists, evidence collection, forensics investigation, data retention, and more. Additionally, the article emphasizes the importance of proper security architecture, baselines, and processes for incident identification. It also highlights the containment, eradication, and recovery phases of incident response, emphasizing the need for caution, evidence gathering, problem correction, and system restoration. By following a well-defined incident response policy and learning from each incident, organizations can improve their incident response capabilities and better protect their systems and data.

Roles in Database Security

By | November 25, 2016
0 Comment
Roles in Database Security

Roles play a crucial role in enhancing database security by granting and denying permissions to groups of users based on their job responsibilities. By effectively managing user access and privileges, roles reduce the security workload for administrators. This article explores the concept of roles in database security, including their benefits, types, and assignment methods. Discover how roles can streamline user access management, improve data protection, and contribute to a more secure database environment.

Guidelines for Media and Data Sanitization: Protecting Confidentiality

By | November 25, 2016
0 Comment
Guidelines for Media and Data Sanitization: Protecting Confidentiality

Media sanitization is a critical process that organizations must undertake when retiring or repurposing information systems. The goal is to ensure that sensitive data stored on media remains protected throughout the retirement process. NIST Special Publication 800-88 provides valuable guidance on media sanitization, emphasizing the need to safeguard the confidentiality of recorded information. There are two primary types of media: hard copy and electronic. Each requires specific measures to render data inaccessible. The process of sanitizing media involves three categories: Clear, Purge, and Destroy. Clear employs logical techniques to protect against simple data recovery methods, while Purge utilizes physical or logical techniques to make data recovery infeasible. Destroy involves techniques that deform or destroy the media, preventing any future use for data storage. Cryptographic Erase (CE) is an effective method when encryption is involved, rendering the data unrecoverable without the encryption key. Physical destruction techniques such as bending, drilling, cutting, shredding, and thermal destruction provide a robust defense against data recovery. By following these guidelines, organizations can effectively protect the confidentiality of sensitive information throughout the retirement process, mitigating the risks associated with data exposure and unauthorized access.

Building an Effective Red Team for Penetration Testing

By | November 25, 2016
0 Comment
Computer Incident Response Teams & Incident Response Policy

Developing an Effective Red Team is crucial for organizations to assess and improve the security of their systems. Penetration testing, or pen-testing, allows simulated attacks to identify vulnerabilities and exploits. However, it requires skilled individuals who can think like attackers and bypass controls effectively. A qualified Red Team must have technical expertise, a malicious mindset, and proficiency in penetration testing tools. The Red Team leader should possess both technical knowledge and business acumen to identify opportunities and quantify threats. With an effective Red Team in place, organizations can uncover vulnerabilities and enhance their system’s security against real-world attacks

Measurement and Metrics in Secure Software Development: CMMI & ISO/IEC 15939

By | November 25, 2016
0 Comment
Measurement and Metrics in Secure Software Development: CMMI & ISO/IEC 15939Software Development: CMMI

Measurement and metrics play a crucial role in improving the security characteristics of software during the development process. This article explores the importance of security metrics and provides guidance on software measurement and analysis based on industry standards such as ISO/IEC 15939 and CMMI. It highlights the key practices for aligning measurement objectives with organizational goals and performing effective measurement and analysis activities. The article emphasizes the significance of addressing security concerns throughout the measurement process and offers insights into formulating measurement objectives to achieve security requirements. Additionally, it provides examples of analytical questions that can help assess vulnerabilities, compliance with security processes, and the identification of critical modules. By implementing these measurement practices, organizations can enhance their software development process to effectively incorporate security requirements. The article emphasizes the need for simplicity in measurements while meeting the information needs of the stakeholders

The Importance of Patch Management

By | November 24, 2016
0 Comment
The Importance of Patch Management

Explore the significance of patch management in enhancing system security and protecting against malicious attacks. Learn about the essential processes involved in effective patch management, including auditing, patch identification, testing, approval, deployment, verification, and compliance management. Discover how a formal patch management system, preferably automated, can help organizations safeguard their Microsoft-based systems and maintain a secure production environment.