Pages

Cyber Security awareness and Controls


INDUCTIONS
  1. CLOUD SECURITY
  2. BACKUP
  3. ACCESS CONTROL
  4. IMPORTANCE OF CYBER SECURITY
  5. EMAIL SECURITY
  6. HUMAN ERROR
  7. IDENTITY THEFT
  8. CYBER SECURITY INCIDENTS
  9. PROTECTING INTELLECTUAL PROPERTY
  10. MIND OF A HACKER
  11. NETWORK SECURITY
  12. INFORMATION RISK MANAGEMENT
  13. INSIDER THREATS
  14. MANAGEMENT ROLE IN CYBER SECURITY
  15. MEASURING INFORMATION SECURITY
  16. PHYSICALLY SECURING INFORMATION AND DEVICES
  17. PASSWORDS
  18. PRIVACY
  19. PROTECTING PAPERWORK
  20. SECURING SUPPLIER RELATIONSHIPS
  21. SECURITY OF MOBILE DEVICES
  22. SOCIAL ENGINEERING
  23. SOCIAL MEDIA
  24. TELEWORKING
  25. VIRUSES


Cloud Security

Cloud computing security or, more simply, cloud security refers to a broad set of policies, technologies, applications, and controls utilized to protect visualized IP, data, applications, services, and the associated infrastructure of cloud computing. It is a sub-domain of computer securitynetwork security, and, more broadly, information security.



Backup

Backup refers to the copying of physical or virtual files or databases to a secondary location for preservation in case of equipment failure or catastrophe. The process of backing up data is pivotal to a successful disaster recovery plan (DRP).

Access control
Access control is a security technique that regulates who or what can view or use resources in a computing environment. It is a fundamental concept in security that minimizes risk to the business or organization.

There are two types of access control: Physical and logical

  1. Physical access control limits access to campuses, buildings, rooms and physical IT assets.
  1. Logical access control limits connections to computer networks, system files and data.


To secure a facility, organizations use electronic access control systems that rely on user credentials, access card readers, auditing and reports to track employee access to restricted business locations and proprietary areas, such as data centers. Some of these systems incorporate access control panels to restrict entry to rooms and buildings as well as alarms and lock down capabilities to prevent unauthorized access or operations.
Access control systems perform identification authentication and authorization of users and entities by evaluating required login credentials that can include passwords, personal identification numbers (PINs), biometric scans, security tokens or other authentication factorsMulti-factor authentication, which requires two or more authentication factors, is often an important part of layered defense to protect access control systems.
These security controls work by identifying an individual or entity, verifying that the person or application is who or what it claims to be, and authorizing the access level and set of actions associated with the username or IP address. Directory services and protocols, including the Local Directory Access Protocol (LDAP) and the Security Assertion Markup Language(SAML), provide access controls for authenticating and authorizing users and entities and enabling them to connect to computer resources, such as distributed applications and web servers.
Organizations use different access control models depending on their compliance requirements and the security levels of information technology they are trying to protect. 



Types of access control

The main types of access control are:
  • Mandatory access control (MAC): A security model in which access rights are regulated by a central authority based on multiple levels of security. Often used in government and military environments, classifications are assigned to system resources and the operating system or security kernel, grants or denies access to those resource objects based on the information security clearance of the user or device. For example, Security Enhanced Linux is an implementation of MAC on the Linux operating system.  
  • Discretionary access control (DAC): An access control method in which owners or administrators of the protected system, data or resource set the policies defining who or what is authorized to access the resource. Many of these systems enable administrators to limit the propagation of access rights. A common criticism of DAC systems is a lack of centralized control.
  • Role-based access control (RBAC): A widely used access control mechanism that restricts access to computer resources based on individuals or groups with defined business functions -- executive level, engineer level 1 -- rather than the identities of individual users. The role-based security model relies on a complex structure of role assignments, role authorizations and role permissions developed using role engineering to regulate employee access to systems. RBAC systems can be used to enforce MAC and DAC frameworks.
  • Rule-based access control: A security model in which the system administrator defines the rules that to govern access to resource objects. Often these rules are based on conditions, such as time of day or location. It is not uncommon to use some form of both rule-based access control and role-based access control to enforce access policies and procedures.
  • Attribute-based access control (ABAC): A methodology that manages access rights by evaluating a set of rules, policies and relationships using the attributes of users, systems and environmental conditions.

Use of access control

The goal of access control is to minimize the risk of unauthorized access to physical and logical systems. Access control is a fundamental component of security compliance programs that ensures security technology and access control policies are in place to protect confidential information, such as customer data. Most organizations have infrastructure and procedures that limit access to networks, computer systems, applications, files and sensitive data, such as personally identifiable information and intellectual property.
Access control systems are complex and can be challenging to manage in dynamic IT environments that involve on-premises systems and cloud services. After some high-profile breaches, technology vendors have shifted away from single sign-on systems to unified access management, which offers access controls for on-premises and cloud environments.

Implementing access control

Access control is a process that is integrated into an organization's IT environment. It can involve identity and access management systems. These systems provide access control software, a user database, and management tools for access control policies, auditing and enforcement.

IMPORTANCE OF CYBER SECURITY
The importance of cyber security is to protect the network and computer systems of the organisation from cyber attack and provide appropriate procedures for its prevention from cyber attacks.

Cyber security frame work is as below.
1- Identification
2-Protection
3-Detection
4-Respond
5-Recover

EMAIL SECURITY
Email security refers to the protection of computer from the suspicious email covering Phishing and malware to cause virus attack to cause damage or loss to the information.

HUMAN ERROR
Human error refers to the violation done by humans without any intentions. Such errors occurs during processing of data due to accidentally or Incidentally. Such
 errors can be protected by awareness of individuals during processing data. 


1 comment:

  1. Employees who are employed in IDLH atmospheres must get exclusive safety training and utilize IDLH-specific equipment and procedures to reduce death and serious injury or illness. It is critical that employees be in a position to carry out such tasks safely. For more information on cyber security discover here.

    ReplyDelete