MTI Digital Garden

Security Issues

Oct 30, 20243 min read

Here’s an elaboration on the topics you provided regarding Security Issues:

Security Issues

Physical Protection

  • Environmental Damage Prevention: Organizations must protect their infrastructure from natural disasters, such as floods, earthquakes, and extreme temperatures. This can include:

    • Site Selection: Building in locations less prone to natural disasters.
    • Infrastructure Resilience: Using materials and designs that can withstand environmental stresses.

  • Physical Security Measures: These measures include:

    • Locked Rooms and Equipment: Ensuring that sensitive areas and devices are secured against unauthorized access.
    • Cable Management: Securing keyboards, computers, and other devices to prevent theft or tampering.

  • Electrical Protection: To mitigate risks from power surges:

    • Surge Protectors and Uninterruptible Power Supplies (UPS): Installing these devices can protect equipment from voltage spikes and provide backup power during outages.

  • Noise Protection: This involves:

    • Strategic Placement: Locating computers away from devices that produce electromagnetic interference, like motors or microwaves, to reduce potential data corruption or hardware malfunction.

Surveillance

  • Security Cameras: Proper placement of surveillance cameras can:

    • Deter Theft and Vandalism: The visible presence of cameras can discourage criminal behavior.
    • Provide Evidence: Recorded footage can be invaluable in investigating incidents.

  • Intrusion Detection Systems: Specialists work to:

    • Prevent Unauthorized Access: Implementing measures to detect and respond to breaches in real time.
    • Analyze Breach Attempts: Understanding attack vectors to strengthen defenses.

  • Honeypots: This technique involves:

    • Creating Decoy Systems: Network personnel design systems that mimic real assets, drawing in malicious actors to observe their tactics and motives.

Security Policy and Management

Attackers’ Advantage

  • Asymmetry of Attack: It is typically easier for attackers to exploit vulnerabilities than for defenders to detect and respond to attacks, highlighting the need for robust security practices.

  • Achieving Security: Complete security is unattainable, but:

    • User Responsibility: Users should engage in “safe computing” practices, such as:
      • Avoiding downloads from untrusted sources.
      • Not opening suspicious email attachments.
      • Being wary of fraudulent websites and scams.

  • Luck vs. Diligence: Attackers may succeed due to chance, while defenders must rely on thoroughness, following established standards (like COBIT, ISO), and fostering a culture of security awareness and collaboration.

Security Policy Design Issues

  • Defining Security Levels: Companies need to determine:
    • Their desired security posture and how much they are willing to invest in protective measures.
  • Access Restrictions: It’s critical to evaluate:
    • Not just Internet access, but all potential entry points to the network and physical facilities.
  • Policy Development: A comprehensive security policy is necessary to:
    • Balance risks against protective measures, ensuring all potential threats are considered.

Auditing

  • Audit Creation: Regular audits (both digital and physical) can help:

    • Detect Malfeasance: Identifying unauthorized actions and correcting vulnerabilities.

  • Deterrence: Knowing that audits occur can discourage potential wrongdoers from attempting breaches.

  • Transaction Auditing: Many network operating systems provide tools for:

    • Monitoring Activity: Enabling administrators to track and review transactions and changes made within the system.

  • Criminal Accountability: Numerous cases have shown that thorough auditing can lead to:

    • The apprehension of individuals involved in cybercrime.

Graph View

Backlinks