por Franklin Hines hace 16 años
278
Ver más
1)Security appliances (firewalls, IPS, VPN termination)
2)Authorizations appliances (RADIUS or TACACS+ servers)
1)Security systems
2)Physical security barriers
3)Climate protection systems
4)Security personnel
1)Routine security awarness training
2)Clearly defined security policies
3)Logging config changes
4)Properly screening potential employees
1)Accesses and uses data in accordance with an established security policy
2)Takes reasonable measures to protect the data he or she has access to
3)Uses data for only organizational purposes
1)Keeps up to date backups
2)Verifies the intergrity of backups
3)Restores data from backups
4)Follows policy guidelines to maintain data
1)Initally determines the classification level
2)Routinely reviews documented procedures for classifying data
3)Gives the custodian the resoponsibilty of protecting the data
How personal the data is
How long is the data will be considered relevant
How old is the data
How valuable the date is to the organization
Reasonable probability of causing exceptionally grave damage if disclosed
Reasonalbe probability of casuing serious damage if disclosed
Reasonaable probability of causing damage if disclosed
Could casue embarrassment but not a security threat
Few or no privacy requirements
Tend to be more technical (i.e ping sweeps or port scans)
1)Have knowledge of network and available resources
2)Some level of access granted b/c of job
3)Traditional sec. mechanisms (i.e. IPS and firewalls) are ineffective against
1)Send improperly formatted data to create an unhandled exception error
2)Flood network with a denial-of-service (DoS) attack
1)Modifying the appearance of a corporate website
2)Intercepting and altering and e-commerce transaction
3)Modifying finacial records
1)Use network security mechanisms (firewalls & ACLs)
2)Require credentials (usernames & passwords)
3)Encrypt traffic