Posts Tagged ‘security controls’

Security risk assessment process and countermeasures

The Security Risk Assessment Handbook: A Complete Guide for Performing Security Risk Assessments The following are the common steps that should be taken to perform a security risk assessment. These are just basic common steps which should not be followed as is but modified based on organization assessment scope and business requirements. • Identify the […]

Leave a Comment

What is a risk assessment framework

Image by Adam Melancon via Flickr The Security Risk Assessment Handbook: A Complete Guide for Performing Security Risk Assessments Definition – A risk assessment framework (RAF) is a strategy for prioritizing and sharing information about the security risks to an information technology (IT) infrastructure. A good RAF organizes and presents information in a way that […]

Leave a Comment

Security Controls and Principles

Principles of Information Security For security controls to be effective apply the pillars of information security –Principle of least privilege –Separation of duties –Economy of mechanism –Complete mediation –Open design Least Privilege • “Need to Know” • Default deny – essentially , don’t permit any more to occur than is required to meet business or […]

Comments (1)

Due Diligence, and Security Assessments

Image via Wikipedia Fighting Computer Crime: A New Framework for Protecting Information Risk assessment demands due diligence, which makes business sense and derives organization mission. Due care care is also about applying the specific control that counts. In information security, due diligence means a complete and comprehensive effort is made to avoid a security breach […]

Comments (6)

Open Network and Security

Open networks are heterogeneous environment where users like to use all the applications and systems at any given time. In a heterogeneous environment, each department run different hardware and software, but you can control the protocols which will work on this environment. Universities are famous for open network. Most Universities network is comprised of a […]

Leave a Comment

Laptop and traveling precautions

Best practice emphasize the fact to backup the data if you can’t live without it, in the same way a traveler must avoid taking sensitive data on the road unless it’s absolutely necessary to do so. If you do plan to take sensitive data with you on the laptop, the necessary security controls must be […]

Comments (2)

SmartPhone and Security

Mobile spyware is malicious software which is used to spy and control mobile devices (BlackBerry, PDAs, Windows Mobile and Cell Phones). Mobile spyware will not only intercept the message between two devices but also determine the location of the device. Basically, mobile spyware software is installed on a mobile device to spy on them. Small […]

Comments (1)