Security 101: Your Data and External Threat
CISA Training in Abuja
,
CISSP Training
,
Data Management
,
Data Security
,
Information Security
,
Information Security Training in Abuja
,
ISACA
,
Threats
1 comment
Security 101: Your Data and External Threat
Data which relate to you as an individual is valuable to you, other organisations and the bad guys. It doesn’t matter where this data is located or the format stored; if online, it becomes more vulnerable and constantly threatened by those who want to gain unauthorised access to it. These attacks often time comes from skilled and experienced hackers who try to circumvent system security to gain access then escalate privileges to retrieve whatever they want to and use it for whatever purpose they want.
The first step towards protecting your personal data from external threats is User Awareness. People are said to be the weakest link and can easily be tricked into releasing sensitive information that ought not to be. Therefore the user needs to be aware of these various means used in stealing information. For organisations, every employee has a role to play in securing organisation’s data not minding their role within the organisation. They all need security awareness
Data Classification: data need to be classified based on how sensitive they are to an individual or an organisation. Based on the sensitivity, access should be granted on a need-to-know basis. So that only employees with access right can access such data. More sensitive information such as financial information and/or credit card information should be stored encrypted according to Payment Card Industry Data Security Standards (PCIDSS). Policies, compliance controls and segregation of duties can be setup by the top management
Securing Network Perimeter: external threats to data are basically via the internet on networks. As long as an individual or organisation is connected to other networks, then that organisation is vulnerable to external threats. It doesn’t matter how secure you feel you are, “security is a process and not a state.” And therefore there is a need to constantly tighten up network defences. Firewall should be installed and properly configured to filter inbound and outbound traffic. Other network monitoring and intrusion prevention and detection tools can be installed.
And finally, having a Password Policy: It’s a lot easier to use easy to remember passwords, same password for different accounts and also vendor’s default passwords. This way one won’t have to struggle trying to remember what the password is. But these are easily guessable and crackable and therefore highly discouraged. It is recommended to use different mix of characters (upper, lower and special characters), different password for different online accounts and should be constantly be changed.
Want to keep external threat at bay? Make security a culture.
The first step towards protecting your personal data from external threats is User Awareness. People are said to be the weakest link and can easily be tricked into releasing sensitive information that ought not to be. Therefore the user needs to be aware of these various means used in stealing information. For organisations, every employee has a role to play in securing organisation’s data not minding their role within the organisation. They all need security awareness
Data Classification: data need to be classified based on how sensitive they are to an individual or an organisation. Based on the sensitivity, access should be granted on a need-to-know basis. So that only employees with access right can access such data. More sensitive information such as financial information and/or credit card information should be stored encrypted according to Payment Card Industry Data Security Standards (PCIDSS). Policies, compliance controls and segregation of duties can be setup by the top management
Securing Network Perimeter: external threats to data are basically via the internet on networks. As long as an individual or organisation is connected to other networks, then that organisation is vulnerable to external threats. It doesn’t matter how secure you feel you are, “security is a process and not a state.” And therefore there is a need to constantly tighten up network defences. Firewall should be installed and properly configured to filter inbound and outbound traffic. Other network monitoring and intrusion prevention and detection tools can be installed.
And finally, having a Password Policy: It’s a lot easier to use easy to remember passwords, same password for different accounts and also vendor’s default passwords. This way one won’t have to struggle trying to remember what the password is. But these are easily guessable and crackable and therefore highly discouraged. It is recommended to use different mix of characters (upper, lower and special characters), different password for different online accounts and should be constantly be changed.
Want to keep external threat at bay? Make security a culture.
Got comments? Send to article@managementedgeltd.com
Subscribe to:
Posts
(
Atom
)
1 comment :
Post a Comment