Security Plan for company OfisGate

Get Started. It's Free
or sign up with your email address
Rocket clouds
Security Plan for company OfisGate by Mind Map: Security Plan for company OfisGate

1. Deficient Key Security Information

1.1. security elements that need to be preserved :

1.1.1. 1) availability

1.1.2. 2) utility

1.1.3. 3) integrity

1.1.4. 3) authenticity

1.1.5. 4) confidentiality

1.1.6. 5) nonrepudiation

1.2. Source of loss of these element

1.2.1. 1) abuse

1.2.2. 2) misuse

1.2.3. 3) accidental

1.2.4. 4) occurence

1.2.5. 5) natural forces

1.3. acts that cause loss

1.3.1. 1) use of false data

1.3.2. 2) disclosure

1.3.3. 3) inteference with use

1.3.4. 4) copying

1.3.5. 5) misuse or failure to use

1.4. safeguard functionality used to protect these acts :

1.4.1. 1) audit

1.4.2. 2) avoidance

1.4.3. 3) detection

1.4.4. 4) prevention

1.4.5. 5) recovery

1.4.6. 6) mitigation

1.4.7. 7) investigation

2. social engineering

2.1. examples of social engineering

2.1.1. 1)mobile phone

2.1.2. 2) in the office

2.1.3. 3) online

2.2. tips to defending against social engineering

2.2.1. 1)When asked for information, consider whether the person you're talking to deserves the information they're asking about.

2.2.2. 2) provide a detailed briefing "roadshow" on the latest online fraud techniques to key staff

2.2.3. 3) review existing processes, procedures and separation of duties for financial transfers and other important transactions

2.2.4. 4) Question any move that requires revealing your confidential information. This will reduce your vulnerability.

2.2.5. 5) review, refine and test your incident management and phishing reporting systems

3. Poor password and security

3.1. 1)change password regularly

3.2. 2)use passphrases over password

3.3. 3)deploy multiple factors of authentication

3.4. 4)conduct regularly security training

3.5. 5)implement single sign-on

3.6. 6)The staff must not share the password to other people

3.7. 7)The staff must restrict access to their System to reduce the risk of having the password bypassed.

3.8. 8)Install Anti-spyware Software to prevent cyber attacks like keystroke loggers.

4. Apparent lack of personnel awareness of various threats to information

4.1. Ways to increase staff security awareness

4.1.1. Teach employees the critical info that is sensitive and confidential to the business.

4.1.2. Share the company security policies with your staff and ensure security procedures are understood.

4.1.3. Spread the news of latest cyber attacks to make the staff aware of what to expect and what to be suspicious of.

4.1.4. Stress that a security mindset is for everyone, every day.

4.1.5. Share security best practices.

4.1.6. Involve your staff in the fight against cyber crime by inviting them to report any suspicious activity.