Unlock the full potential of your projects.
Show full map
Copy and edit map Copy

SECURITY POLICIES AND PROCEDURES

Other
Muhd Syafiq
Get Started. It's Free
or sign up with your email address
Similar Mind Maps Mind Map Outline
SECURITY POLICIES AND PROCEDURES by Mind Map: SECURITY POLICIES AND PROCEDURES

1. 2.1 UNDERSTAND SECURITY POLICIES

1.1. DEFINITION OF SECURITY POLICY

1.1.1. A security policy is a written document in an organization outlining how to protect the organization from threats

1.2. Requirements of Security Policy

1.2.1. IDENTIFY ALL OF A COMPANY'S ASSETS

1.2.2. IDENTIFY POTENTIAL THREATS TO THOSE ASSETS

1.2.3. UPDATED REGULARLY

1.3. THE IMPORTANCE OF AN SECURITY POLICY

1.3.1. "To ensure compliance is a critical step to prevent and mitigate security breaches

1.4. HOW TO MAKE IT EFFECTIVE?

1.4.1. Update it in response to changes in your company

1.4.2. Update from previous breaches

1.4.3. Update changes to any new threats

1.5. SECURITY POLICY REQUIREMENTS

1.5.1. Identify organizational issues that impact information security policy

1.5.2. Identify the various classes of policy users

1.5.3. Organize information security policies and standards into meaningful categories

1.5.4. Review draft policies and standards with management, users, and legal counsel

1.5.5. Train all personnel in the organization’s information security policies and standards

1.5.6. Enforce the information security policies and standards

1.5.7. Review and modify policies and standards, as appropriate but at least annually

1.6. USERNAMES AND PASSWORDS

1.6.1. Username is user identification. It’s used to build a unique digital profile about the user specifically

1.6.2. Password is our authentication. Password authentication relies on a secret value that is known only to the user.

1.7. PASSWORD REQUIREMENTS

1.7.1. ENFORCE PASSWORD HISTORY

1.7.2. MINI/MAX PASSWORD AGE

1.7.3. MINIMUM PASSWORD LENGTH

1.7.4. COMPLEXITY REQUIREMENTS

1.7.5. USE STRONG PASSPHRASES

1.7.6. RESET PASSWORD

1.7.7. PASSWORD AUDIT

1.7.8. E-MAIL NOTIFICATIONS

1.7.9. STORE PASSWORD USING REVERSIBLE ENCRYPTION FOR ALL USERS POLICY

1.8. File and Folder Permissions

1.8.1. To specify who and what can read, write, modify, and access the files and folder

1.8.2. Provides a way of organizing a drive

1.8.3. It specifies how data is stored on the drive and what types of information can be attached to files—filenames, permissions, and other attributes.

1.8.3.1. FILE AND FOLDER PERMISSIONS IN WINDOWS: NTFS AND FAT32

1.8.3.1.1. Set of logical constructs that an operating system can use to track manage files on a disk volume.

1.8.3.1.2. NTFS (NT file system; sometimes New Technology File System) is the file system that the Windows OS uses for storing and retrieving files on a hard disk.

1.8.3.1.3. (File Allocation Table32) The 32-bit version of the FAT file system.

2. 2.2 UNDERSTAND SECURITY PROCEDURES

2.1. SECURITY PROCEDURES

2.1.1. Procedures are detailed step-by-step tasks

2.1.2. Procedures are considered the lowest level in the policy chain and provide detailed steps for configuration and installation issues.

2.2. DATA PROTECTION

2.2.1. "Data protection is the process of safeguarding important information from corruption or loss. "

2.3. STEPS TO PROTECT DATA

2.3.1. Apply Software Updates

2.3.2. Protect Passwords

2.3.3. Disable LockScreen Notifications

2.3.4. Lock Your Apps

2.3.5. Keep Your Browsing to Yourself

2.3.6. Encrypt Your Data

2.3.7. Back It Up

2.4. ENCRYPTION TECHNOLOGY

2.4.1. ENCRYPTION TERMINOLOGIES

2.4.1.1. A. ENCRYPTION Encryption is the method by which information is converted into secret code that hides the information's true meaning. The science of encrypting and decrypting information is called cryptography.

2.4.1.2. B. CIPHER TEXT In cryptography, cipher text (ciphertext) is data that has been encrypted. Cipher text is unreadable until it has been converted into plain text (decrypted) with a key.

2.4.1.3. C. DECRYPTION Encryption is the process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext.

2.4.1.4. D. CRYPTANALYSIS Cryptanalysis is the study of analyzing information systems in order to study the hidden aspects of the systems. Cryptanalysis is used to breach cryptographic security systems and gain access to the contents of encrypted messages, even if the cryptographic key is unknown.

2.5. COMMON COMMUNICATION ENCRYPTION TYPES

2.5.1. a. Symmetric Encryption

2.5.2. b. Asymmetric Encryption

2.5.3. c. Hash Encoding