Confidentiality- making sure your data is available to only those allowed.
Integrity- making sure your data has not been altered in any way. Think bank transactions or chemical formulas.
Availability- making sure your data is available. Hackers often use denial of services attacks to bring down your servers or networks by overloading them with packets.
Hackers use attack trees to determine every possible entrance into your networks. This can be through modems connected to your network, routers, switches Matt Adams Womens Jersey , and application vulnerabilities, almost anything connected to your internet.
Make it difficult to determine your OS, which hackers use for Banner Grabbing. This is a simple fix that many systems administrators leave.
Change your banner to display a security warning.
Many people have difficulty understanding security processes alone implementing solutions.
What is SMIRA? Simple methodology for INFOSEC based risk assessment.
Risk management is the practice and process of identifying threats and vulnerabilities to assets. This helps making the correct decisions to implement the necessary safeguards to help your organization carry out its mission.
The goal is to have a list of your critical assets. Critical in understanding mission, objectives and operations and what if scenarios.
Then to implement safeguards to protect those assets.
Vulnerability Assessment
This is when you look for vulnerabilities in existing applications and determine there severity. The vulnerabilities will be rated. This includes physical security, web application reviews, policy and procedure reviews Michael Taylor Womens Jersey , host assessments and OS reviews, and vulnerability scans.
Threat Assessment
This is the process, of identifying existing and potential threats to assets and environments. This will also be based on e can threats come from? Disgruntled employees, script kiddies Adam Eaton Womens Jersey , hackers, crackers, foreign governments, and your competition. You can look for threat indicators in your server Wilmer Difo Womens Jersey , logs, CCTV, intrusion detection systems like SNORT.
What can threats cause?
Loss of business Death Financial loss Corruption of data. Inability to work, servers down or running slowly. Confidentiality issues.
What are assets?
User IT Operations Staff Connectivity Documentation Security Systems Third parties Paper Files Media Sean Doolittle Womens Jersey , like disk, CD's and USB drives. File, Web, EMAIL Max Scherzer Womens Jersey , Storage, Application servers Anything of value to the company.
Hackers like to get there hands on all information no matter how unimportant it may seem it can be used to filter out more information.
How do you protect yourself against threats and protect your assets?
Have policies and procedures in place.
Employee awareness of security issues.
Software security in place
Hardware security in place.
Physical security.
Environmental Security. I.e. water level sensors.
Communication security- to protect your phone lines, and PBX systems.