Security
IT Security Risk
The problems and the dangers of the IT security
A level of threat to organisational continuity
Originating from malicious
Poor quality security policies and testing/audit procedures
IT Security important
To prevent from stealing information
Types of it security risk
Unauthorized use of a system - Hacking
-Unauthorized access is when someone gains access to a website...or other system using someone else's account or other methods.
- E.g Guessing the password of someone account
- Unauthorized access of area of the system such as company (Departments)
Cause:-
loss of the confidentiality
loss of the integrity
loss of the availability of the information technology assets.
How to prevent:-
Provide computer-based access control (Strong Password)
Add additional securities such as biometrics
Restrictions for only department such as HR department the information not for others
Monitor such as BIBD
Protect your information
Unauthorized removal or copying of data or code from a system
Data theft/unauthorized copying of data which means getting information/copying information unauthorized.
Example - By hacking
Stolen - Files, data, information about the company & customer. Marketing strategy, personnel records and private employee data.
Damage to or destruction of physical system assets and environment
Natural disaster - such as earthquake, hurricanes, floods, lightning and fire can cause severe damage to computer systems.
Can cause downtime and low productivity.
Few safeguards can be implemented against natural disasters.
Backup plan/recovery plans and contingency plans in place.
Damage to or destruction of data or code inside or outside the system
Naturally occurring risks
Example - bank, government agency (passport/IC details)
Attackers may be from insiders who logged in to the system or outsider who prompt an innocent user such as download free of cost a malicious program such as Trojan horse or viruses or worms as an exciting game or music.
Why is organizational security important?
To protect the system regards with the hardware and software (resources).
Security Procedures: -
Access control for physical entry - ID swipe, biometrics, passwords
Computer-Based Access control - Passwords, Permissions/privileges (Authorized person in one department)
Visitor notification - Clearance are to be presented - ID's or IC's need to be checked
Systems Logs - Details of who has access to the system
System Auto-lock Policy -When the system is not used in 20 minutes, it will lock automatically
User Permissions
Starters & Leavers Policy
Clear desk policy & documentation handling -
Security Breaches:-
Happens when the security policy/procedures and/or system are violated.
When confidential information us exposed
Denial-of-Service
- Attacks occur when a website is overwhelmed with requests, which blocks other user from the site.
- Example of DDoS Attack, GITHUB: 1,35 TBPS
Malware
- Malicious Software
- Symptoms: System slow down - Annoying ads and pop-up messages, - Browser homepage keeps changing, - Unexpected error messages - Antivirus get disabled
Ransomware
- Need to pay in order to open the lock from the PC
- Hacker gains control of the company system and locks it from use.
Password Attacks
- Attackers try to guess the password until they access to the system
Phishing
- Email or phone calls that seem official to gain access or personal information is called phishing.
- Example - Someone pretending to be a person's bank.
How to Prevent Security Breaches?
Regularly backup files - this can eliminates a ransomware
Keep systems and application s update
Enforce the principle of least privilege
Secure email gateways
Implement defense in depth - Many layers of protection such as antivirus, firewall...
Foster a culture of security in the workplace - helps secure the organization from digital attacks.
Organizational Security Types
Business Continuance
- Services of the organization have to be delivered continuously without interruption.
- In business, it is important to create an IT Business Continuity Plan.
- It depends on how big or small of the organizations.
- The plans focus on getting the network and systems up and running as quickly as possible.
- Recovery planning: Management leadership, goals and requirements, business impact analysis, team building and implementation.
- Backup alternatives: Hardware and software approaches
- Recovery and testing: Strategies for executing recovery, carrying out drills and types of plan testing.
- Emergency response: Preserving assets and life, reducing fraud, theft and vandalism.
Backup / Restoration of Data
- Backup includes site space, hardware, software and people, as well as data.
Security Audits
- To check the security network
- Checking everything to make sure that every thing is proper
- To check whether our network is secured or not.
- It should be performed in timely manner. (Regular check-up of the network)
- it is a system evaluation of a company's information security and ensures that the company is following set of criteria for maintaining security of the data.
- Security audit of a company,:-
Analyze software
Data processors
User practice
System configuration
Audit process determines and preserves operative security and policies and involves every resource of an organization.
Security audit examine the security level of an organization.
The tasks:-
Vulnerability scanner,
OS
Network sharing analysis
personal interviews
Security Vulnerability Testing
- Network Scanning
- Vulnerability Scanning
- Password Cracking
- Log Review
- Virus Detection
- Penetration Testing
Conducting Security audit
- It is a document
Define your Audit
- Focus on one branch or 2 or more branches
Define your threats
- Identify the problems first
- Write down a list of all of your assets
- Common threats
- Negligent Employees
- Phishing Attacks
- Poor Password Behavior
- Malicious Insiders
- DDos Attacks
- BYOD (Bring Your Own Device)
- Malware
- Physical Breach
- Natural Disaster
Assess Current Security Performance
- Monitor the network and detect threats
- Interview employees if they are up-to-date on the latest methods used by hackers to gain access to the systems.
- Conduct vulnerability tests
Solution: Inform the employees about the latest threats that could happen on the computer system.
Prioritize (Risk Scoring)
-The most important first then the least one
- weight the threats - damage and chances occur
Formulate security solutions
- Take the prioritized list of threats and write down a corresponding list of security improvements or best practices to negate eliminate them.
- This list is now your personal to-do list for the coming weeks and months.
- some common solutions
- Employee Education Awareness
- Email protection
- Password Safety & Access Management
- Network Monitoring
- Data backup
- Software update
LO2 - IT SECURITY SOLUTIONS
Network Security
DMZ (Demilitarized Zone) - Immigration
Secure server that adds an additional layer of security to a network and acts as a buffer between a local area network (LAN) and a less secure network which is the Internet.
Purpose - to check whether you have the right access or not.
It is important for securing the network as an additional security.
NAT (Network Address Translation) - Hiding the IP address
A process in which one or more local IP address
It is used to hide the real IP address of the user from the Internet.
When to apply NAT?
When we have our own system.
FWs (Firewall) - Blocking the internet
A system designed to prevent unauthorized access to or from a private network.
Firewalls prevent unauthorized inter
purpose - To check or prevent the unauthorized internet to access the network.
Firewall can be a software and a hardware (as the additional security)
It is important.
For these 3 network security, it is very important to be configured so that to make sure the securities are set up properly. Because, if its not, authorized user can be also block from using the network.
The problems and the dangers of the IT security
A level of threat to organisational continuity
Originating from malicious
Poor quality security policies and testing/audit procedures
IT Security important
To prevent from stealing information
Types of it security risk
Unauthorized use of a system - Hacking
-Unauthorized access is when someone gains access to a website...or other system using someone else's account or other methods.
- E.g Guessing the password of someone account
- Unauthorized access of area of the system such as company (Departments)
Cause:-
loss of the confidentiality
loss of the integrity
loss of the availability of the information technology assets.
How to prevent:-
Provide computer-based access control (Strong Password)
Add additional securities such as biometrics
Restrictions for only department such as HR department the information not for others
Monitor such as BIBD
Protect your information
Unauthorized removal or copying of data or code from a system
Data theft/unauthorized copying of data which means getting information/copying information unauthorized.
Example - By hacking
Stolen - Files, data, information about the company & customer. Marketing strategy, personnel records and private employee data.
Damage to or destruction of physical system assets and environment
Natural disaster - such as earthquake, hurricanes, floods, lightning and fire can cause severe damage to computer systems.
Can cause downtime and low productivity.
Few safeguards can be implemented against natural disasters.
Backup plan/recovery plans and contingency plans in place.
Damage to or destruction of data or code inside or outside the system
Naturally occurring risks
Example - bank, government agency (passport/IC details)
Attackers may be from insiders who logged in to the system or outsider who prompt an innocent user such as download free of cost a malicious program such as Trojan horse or viruses or worms as an exciting game or music.
Why is organizational security important?
To protect the system regards with the hardware and software (resources).
Security Procedures: -
Access control for physical entry - ID swipe, biometrics, passwords
Computer-Based Access control - Passwords, Permissions/privileges (Authorized person in one department)
Visitor notification - Clearance are to be presented - ID's or IC's need to be checked
Systems Logs - Details of who has access to the system
System Auto-lock Policy -When the system is not used in 20 minutes, it will lock automatically
User Permissions
Starters & Leavers Policy
Clear desk policy & documentation handling -
Security Breaches:-
Happens when the security policy/procedures and/or system are violated.
When confidential information us exposed
Denial-of-Service
- Attacks occur when a website is overwhelmed with requests, which blocks other user from the site.
- Example of DDoS Attack, GITHUB: 1,35 TBPS
Malware
- Malicious Software
- Symptoms: System slow down - Annoying ads and pop-up messages, - Browser homepage keeps changing, - Unexpected error messages - Antivirus get disabled
Ransomware
- Need to pay in order to open the lock from the PC
- Hacker gains control of the company system and locks it from use.
Password Attacks
- Attackers try to guess the password until they access to the system
Phishing
- Email or phone calls that seem official to gain access or personal information is called phishing.
- Example - Someone pretending to be a person's bank.
How to Prevent Security Breaches?
Regularly backup files - this can eliminates a ransomware
Keep systems and application s update
Enforce the principle of least privilege
Secure email gateways
Implement defense in depth - Many layers of protection such as antivirus, firewall...
Foster a culture of security in the workplace - helps secure the organization from digital attacks.
Organizational Security Types
Business Continuance
- Services of the organization have to be delivered continuously without interruption.
- In business, it is important to create an IT Business Continuity Plan.
- It depends on how big or small of the organizations.
- The plans focus on getting the network and systems up and running as quickly as possible.
- Recovery planning: Management leadership, goals and requirements, business impact analysis, team building and implementation.
- Backup alternatives: Hardware and software approaches
- Recovery and testing: Strategies for executing recovery, carrying out drills and types of plan testing.
- Emergency response: Preserving assets and life, reducing fraud, theft and vandalism.
Backup / Restoration of Data
- Backup includes site space, hardware, software and people, as well as data.
Security Audits
- To check the security network
- Checking everything to make sure that every thing is proper
- To check whether our network is secured or not.
- It should be performed in timely manner. (Regular check-up of the network)
- it is a system evaluation of a company's information security and ensures that the company is following set of criteria for maintaining security of the data.
- Security audit of a company,:-
Analyze software
Data processors
User practice
System configuration
Audit process determines and preserves operative security and policies and involves every resource of an organization.
Security audit examine the security level of an organization.
The tasks:-
Vulnerability scanner,
OS
Network sharing analysis
personal interviews
Security Vulnerability Testing
- Network Scanning
- Vulnerability Scanning
- Password Cracking
- Log Review
- Virus Detection
- Penetration Testing
Conducting Security audit
- It is a document
Define your Audit
- Focus on one branch or 2 or more branches
Define your threats
- Identify the problems first
- Write down a list of all of your assets
- Common threats
- Negligent Employees
- Phishing Attacks
- Poor Password Behavior
- Malicious Insiders
- DDos Attacks
- BYOD (Bring Your Own Device)
- Malware
- Physical Breach
- Natural Disaster
Assess Current Security Performance
- Monitor the network and detect threats
- Interview employees if they are up-to-date on the latest methods used by hackers to gain access to the systems.
- Conduct vulnerability tests
Solution: Inform the employees about the latest threats that could happen on the computer system.
Prioritize (Risk Scoring)
-The most important first then the least one
- weight the threats - damage and chances occur
Formulate security solutions
- Take the prioritized list of threats and write down a corresponding list of security improvements or best practices to negate eliminate them.
- This list is now your personal to-do list for the coming weeks and months.
- some common solutions
- Employee Education Awareness
- Email protection
- Password Safety & Access Management
- Network Monitoring
- Data backup
- Software update
LO2 - IT SECURITY SOLUTIONS
Network Security
DMZ (Demilitarized Zone) - Immigration
Secure server that adds an additional layer of security to a network and acts as a buffer between a local area network (LAN) and a less secure network which is the Internet.
Purpose - to check whether you have the right access or not.
It is important for securing the network as an additional security.
NAT (Network Address Translation) - Hiding the IP address
A process in which one or more local IP address
It is used to hide the real IP address of the user from the Internet.
When to apply NAT?
When we have our own system.
FWs (Firewall) - Blocking the internet
A system designed to prevent unauthorized access to or from a private network.
Firewalls prevent unauthorized inter
purpose - To check or prevent the unauthorized internet to access the network.
Firewall can be a software and a hardware (as the additional security)
It is important.
For these 3 network security, it is very important to be configured so that to make sure the securities are set up properly. Because, if its not, authorized user can be also block from using the network.
https://www.lifewire.com/using-static-ip-address-on-private-computer-818404
https://www.howtogeek.com/133680/htg-explains-what-is-a-vpn/
Thanks for this blog. I have found some interesting blogs on google. You can check these blogs also which are related to technologies…..
ReplyDeleteAvast Login
garmin.com/express
avg.com/retail
bullguard login
mcafee.com/activate
After reading this blog, I am really amazed as a single piece of information is written after good research on the topic and hence I must recommend reading this
ReplyDeletepost.Netflix Customer Care Service Helpline
The design of the website is really done by an intelligent brain, and also all the content and the information that has been provided here is very nice. How to use AVG Boot-Time Scan?
ReplyDeleteI must admit that the writer is very well skilled, and also has enough experience all of it can be observed and understood well looking at the content of this blog. What should I do if My Yahoo Mail Account Password has stolen?
ReplyDeleteReally amazing! This blog is written very carefully by keeping the reader’s comfort in mind. A well-experienced writer has written this post and every single sentence is written after a good research on the topic. What should be your next step if your Yahoo Account is hacked?
ReplyDeleteIf AVG secure browser not responding has to be fixed, then in that case the user should get the browser removed and then installed once again on the system. AVG Antivirus Secure Browser Not Responding Solutions
ReplyDeleteThis blog is written by a well-experienced writer it helped me out with my Bullguard Help Number in UK-related query. You can know more about BullGuard from this page.
ReplyDeleteCanon Printer-related updates, setup, and installation steps are mentioned in this post. Every sentence is written very carefully for better understanding.HP Helpline Number UK
ReplyDelete