Organizational security types

-

1.       Business Continuance
-          Business have come to recognize that some services of the organization have to be delivered continuously without interruption
-          Create an IT Business Continuity plan( Backup business Plan)
-          Focus on getting the network and systems up and running as quickly as possible.

Business continuity and disaster recovery planning
-          Management leadership, goals and requirements, business impact analysis, team building and implementation

Backup alternatives
-          Hardware and software approaches, electronic vaulting

Recovery and testing
-          Strategies for executing recovery, carrying out drills and types of plan testing
Emergency Response
-          Preserving assets and life, reducing fraud, theft and vandalism

2.       Backup / Restoration of Data
-          When we think of backup, we generally think of secure, offsite tape storage that will be available should we accidentally damage or destroy a needed file.
-          Backup includes site space, hardware, software and people as well as data

3.       Audits
-          Information is shared on network via email, attachment, network drives, which pose dangers as well
-          Attackers can easily exploit the networks if proper security is not available in organization
-          Auditing is an essential part expose loopholes in the network and it should be performed in timely manner
-          To check the security of the network
-          A system evaluation of company’s information security and ensures that the company is following set of criteria for maintaining security of the data

How security audits happen?
Analyze software
Data processors
User practice
System configuration

-          Audit process is an ongoing process of determining and preserving operative security policies and involves every resource of an organization
-          It offers a measurable way to examine the security level of an organization Security auditors perform their task with
-          Vulnerability scanner
-          OS (Operating system) examination
-          Network sharing analysis
-          Personal interviews

4.       Security vulnerability testing
-          Network scanning
-          Vulnerability scanning
-          Password cracking
-          Log review
-          Virus detection
-          Penetration testing


Comments

Post a Comment

Popular posts from this blog

Log Review

-
Image
Describe the test and purpose of the test Log analysis is the term used for analysis of computer-generated records for helping organizations, businesses or networks in proactively and reactively mitigating different risks.  Log analysis helps in reducing problem diagnosis, resolution time and in effective management of applications and infrastructure. Checking all the log to find if there ordinary problem Discuss how it works Logs are usually created by network devices, applications, operating systems, and programmable or smart devices. They comprise of several messages that are chronologically arranged and stored on a disk, in files, or in an application like a log collector. Provide example Discuss the solution of there is vulnerability after a test If there is 
Read more

Network planning - Proof of concept

-
How to design a secured network (methods, the steps) The different types of network security design that will aid good network security 1. Identify the assets such as hardware, software, employee 2. Identify the budget of the company 3. Analyze security risk with the solution (virus- install anti virus) 4. Analyze security requirements 5. List down all the software that can be installed in the network 6. List all the asset (Security hardware for example VPN, firewall, antivirus, DMZ) 7. Identify the secure connection (cable or wire) 8. Design or sketch a network 9. Ask other colleague or approval by the organization or the client An organizations need to update their system frequently, because hackers are discovering new flaws in security network and coming out with new methods to gains access to unauthorized networks. 1.     Network access control -        It is for controlling which users can access you network -        Identifying which users and devices a
Read more