SECURITY POLICIES AND PROCEDURES

Get Started. It's Free
or sign up with your email address
Rocket clouds
SECURITY POLICIES AND PROCEDURES by Mind Map: SECURITY POLICIES AND PROCEDURES

1. 2.1.1 Security Policy

1.1. What is a security policy?

1.1.1. A manager might say that a security policy is as a set of management statements that defines an organization’s philosophy of how to safeguard its information.

1.1.2. A security technician might respond that a security policy is the rules for computer access and specific information on how these will be carried out

1.2. The policy outlines the protections that should be enacted to ensure that the organization’s assets face minimal risks.

1.3. A security policy includes the following elements: An acceptable computer usage statement for the organization. The people permitted to use the computer equipment. Devices that are permitted to be installed on a network, as well as the conditions of the installation. Modems and wireless access points are examples of hardware that could expose the network to attacks. Requirements necessary for data to remain confidential on a network. Process for employees to acquire access to equipment and data. This process may require the employee to sign an agreement regarding company rules. It also lists the consequences for failure to comply.

1.4. A security policy, along with the accompanying procedures, standards, and guidelines, is key to implementing information security in an organization.

1.5. Having a written security policy empowers an organization to take appropriate action to safeguard its data.

2. 2.1.2 Security Policy Requirements

2.1. Network technicians and the organization’s management must work together to develop a security policy that ensures that data and equipment are protected against all security threats.

2.2. When creating a security policy, ask the following questions to determine the security factors:

2.2.1. Is the computer located at a home or a business? Home computers are vulnerable to wireless intrusions. Business computers have a high threat of network intrusion, because businesses are more attractive to hackers, and because legitimate users might abuse access privileges.

2.2.2. s there full-time Internet access? The longer a computer is connected to the Internet, the greater the chance of attacks. A computer accessing the Internet must use a firewall and antivirus software.

2.2.3. Is the computer a laptop? Physical security is an issue with laptop computers. There are measures to secure laptops, such as cable locks, biometrics, and tracking techniques.

2.3. When creating a security policy, these are some key areas to address:

2.3.1. 1. Process for handling network security incidents 2. Process to audit existing network security 3. General security framework for implementing network security 4. Behaviors that are allowed 5. Behaviors that are prohibited 6. What to log and how to store the logs: Event Viewer, system log files, or security log files 7. Network access to resources through account permissions 8. Authentication technologies to access data: usernames, passwords, biometrics, and smart cards

2.4. The security policy should also provide detailed information about the following issues in case of an emergency:

2.4.1. 1. Steps to take after a breach in security 2. Who to contact in an emergency 3. Information to share with customers, vendors, and the media 4. Secondary locations to use in an evacuation 5. Steps to take after an emergency is over, including the priority of services to be restored

2.5. Top secret information needs the most security, because the data exposure can be extremely detrimental to a government, a company, or an individual.

2.6. Data can be classified from public to top secret, with several different levels between them.

3. 2.1.3 Usernames and Passwords

3.1. A username and password are two pieces of information that a user needs to log on to a computer.

3.1.1. Keep the naming convention simple so that people do not have a hard time remembering it. Usernames, like passwords, are an important piece of information and should not be revealed.

3.1.2. If you are unable to log on to a computer, do not use another user’s username and password, even if they are your coworker or your friend, because this can invalidate logging.

3.1.2.1. If you are unable to log on to a computer, do not use another user’s username and password, even if they are your coworker or your friend, because this can invalidate logging.

3.1.3. Using secure, encrypted login information for computers with network access should be a minimum requirement in any organization. Malicious software could monitor the network and record plaintext passwords. If passwords are encrypted, attackers must decode the encryption to learn the passwords.

3.2. Three levels of password protection are recommended:

3.2.1. BIOS - Prevents the operating system from booting and the BIOS settings from being changed without the appropriate password.

3.2.2. Login - Prevents unauthorized access to the local computer.

3.2.3. Network - Prevents access to network resources by unauthorized personnel.

4. 2.1.4 Password Requirements

4.1. Passwords should be required to have a minimum length and include uppercase and lowercase letters combined with numbers and symbols.

4.1.1. This is known as a strong password. It is common for a security policy to require users to change their passwords on a regular basis and monitor the number of password attempts before an account is temporarily locked out.

4.2. These are some guidelines to creating strong passwords:

4.2.1. 1. Length - Use at least eight characters. 2. Complexity - Include letters, numbers, symbols, and punctuation. Use a variety of keys on the keyboard, not just common letters and characters. 3. Variation - Change passwords often. Set a reminder to change the passwords you have for email, banking, and credit card websites on the average of every three to four months. 4. Variety - Use a different password for each site or computer that you use.

4.3. To create, remove, or modify a password in Windows 7 or Windows Vista, use the following path. Start > Control Panel > User Accounts

4.4. Screensaver required password

4.4.1. Start > Control Panel > Personalization > Screen Saver.

4.4.2. 1. It is important to make sure that computers are secure when users are away from the computer. 2. A security policy should contain a rule about requiring a computer to lock when the screensaver starts. 3. This will ensure that after a short time away from the computer, the screen saver will start and then the computer cannot be used until the user logs in.

5. 2.1.5 File and Folder Permissions

5.1. Permission levels are configured to limit individual or group user access to specific data.

5.1.1. Both FAT32 and NTFS allow folder sharing and sfolder-level permissions for users with network access.

5.1.2. The additional security of file-level permissions is provided only with NTFS.

5.2. configure folder sharing permissions in Windows 7, use the following path: Right-click the folder and sele

5.2.1. There are four file sharing options to choose from:

5.2.1.1. 1. Nobody

5.2.1.2. 2. Homegroup (Read)

5.2.1.3. 3. Homegroup (Read/Write)

5.2.1.4. 4. Specific People…

5.3. Principle of Least Privilege

5.3.1. Users should be limited to only the resources they need in a computer system or on a network. They should not be able to access all files on a server, for example, if they need to access only a single folder. It may be easier to provide users access to the entire drive, but it is more secure to limit access to only the folder that is needed to perform their job. This is known as the principle of least privilege. Limiting access to resources also prevents malicious programs from accessing those resources if the user’s computer becomes infected.

5.4. Restricting User Permissions

5.4.1. File and network share permissions can be granted to individuals or through membership within a group. If an individual or a group is denied permissions to a network share, this denial overrides any other permissions given. For example, if you deny someone permission to a network share, the user cannot access that share, even if the user is the administrator or part of the administrator group. The local security policy must outline which resources and the type of access allowed for each user and group.

5.5. Restricting User Permissions cont..

5.5.1. When the permissions of a folder are changed, you are given the option to apply the same permissions to all sub-folders. This is known as permission propagation. Permission propagation is an easy way to apply permissions to many files and folders quickly. After parent folder permissions have been set, folders and files that are created inside the parent folder inherit the permissions of the parent folder.

6. 2.2.1 Security Procedures

6.1. Procedures are detailed step-by-step tasks that should be performed to achieve a certain goal. E.g.: we can write procedures on how to install operating systems, configure security mechanisms, implement access control lists, set up new user accounts, assign computer privileges, audit activities, destroy material, report incidents, and much more. Procedures are considered the lowest level in the policy chain because they are closest to the computers and users (compared to policies) and provide detailed steps for configuration and installation issues.

6.2. Procedures spell out how the policy, standards, and guidelines will actually be implemented in an operating environment. If a policy states that all individuals who access confidential information must be properly authenticated, the supporting procedures will explain the steps for this to happen by defining the access criteria for authorization, how access control mechanisms are implemented and configured, and how access activities are audited

6.3. There are a several of security procedures that can be implement in any organization. In this chapter, we will discuss about;

6.3.1. 1. Security Policies (has been discussed) 2. Data Protection 3. Protecting Against Malicious Software

7. 2.2.2 Data Protection

7.1. There are number of approach that we can take to protect our data. Software firewalls, biometrics and smart cards, data backups and data encryption are some of the approaches that we can take to protect our data.

7.2. Software firewalls

7.2.1. A software firewall is a program that runs on a computer to allow or deny traffic between the computer and other computers to which it is connected. The software firewall applies a set of rules to data transmissions through inspection and filtering of data packets. Windows Firewall is an example of a software firewall. It is installed by default when the OS is installed.

7.2.2. Every communication using TCP/IP is associated with a port number. HTTP, for instance, uses port 80 by default. A software firewall, is capable of protecting a computer from intrusion through data ports.

7.3. Biometrics and Smart Cards

7.3.1. Biometric security compares physical characteristics against stored profiles to authenticate people. A profile is a data file containing known characteristics of an individual. A fingerprint, a face pattern, or retina scan are all examples of biometric data.

7.3.2. In theory, biometric security is more secure than security measures such as passwords or smart cards, because passwords can be discovered and smart cards can be stolen. Common biometric devices available include fingerprint readers, retina scanners, and face and voice recognition devices. The user is granted access if their characteristics match saved settings and the correct login information is supplied.

7.3.3. Biometric devices, which measure physical information about a user, are ideal for highly secure areas when combined with a secondary security measure such as a password or pin. However, for most small organizations, this type of solution is too expensive.

7.3.4. A smart card is a small plastic card, about the size of a credit card, with a small chip embedded in it.

7.3.5. The chip is an intelligent data carrier, capable of processing, storing, and safeguarding data. Smart cards store private information, such as bank account numbers, personal identification, medical records, and digital signatures. Smart cards provide authentication and encryption to keep data safe.

7.3.6. A security key fob is a small device that resembles the ornament on a key ring.

7.4. Data Backups

7.4.1. A data backup stores a copy of the information on a computer to removable backup media that can be kept in a safe place. Backing up data is one of the most effective ways of protecting against data loss. Data can be lost or damaged in circumstances such as theft, equipment failure, or a disaster. If the computer hardware fails, the data can be restored from the backup to functional hardware.

7.4.2. Data backups should be performed on a regular basis and included in a security plan. The most current data backup is usually stored offsite to protect the backup media if anything happens to the main facility. Backup media is often reused to save on media costs.

7.4.3. These are some considerations for data backups:

7.4.3.1. Frequency

7.4.3.2. Storage

7.4.3.3. Security

7.4.3.4. Validation

7.5. Data Encryption

7.5.1. Encryption is often used to protect data. Encryption is where data is transformed using a complicated algorithm to make it unreadable. A special key must be used to return the unreadable information back into readable data. Software programs are used to encrypt files, folders, and even entire drives.

7.5.2. Encrypting File System (EFS) is a Windows feature that can encrypt data. EFS is directly linked to a specific user account. Only the user that encrypted the data will be able to access it after it has been encrypted using EFS.

8. 2.2.3 Protection against malicious software

8.1. Certain types of attacks, such as those performed by spyware and phishing, collect data about the user that can be used by an attacker to gain confidential information. You should run virus and spyware scanning programs to detect and remove unwanted software. Many browsers now come equipped with special tools and settings that prevent the operation of several forms of malicious software.

8.2. Avast. McAfee. Norton (Symantec) Trend Micro. AVG8. Agnitum Outpost. BitDefender.