C3. Organisational Security
Companies hire cyber secuirity experts to secure their networks.
Organisational Security
- Policies and procedures
- User responsibilities
- Education of IT professionals
- Physical security of system
- Risk assessment and reduction
1. Policies and procedures
- Monitoring
- Education and Training
- Backup and Recovery Schemes
- Configuring and Upgrading software
- Setting up file and folder permissions
1.1 Monitoring
Network monitoring refers to the practice of overseeing the operation of a computer network using specialized management software tools. Network monitoring systems are used to ensure availability and overall performance of computers (hosts) and network services. They let admins monitor access, routers, slow or failing components, firewalls, core switches, client systems and server performance among other network data. Network monitoring systems are typically employed on large scale corporate and university IT networks.
1.2 Education and Training
1.3 Backup and Recovery Schemes
- Step 1: Understand the backup environment
- Step 2: Perform capacity planning
- Step 3: Analyze current policies and procedures
- Step 4: Determine resource constraints
- Step 5: Create a BRMP (Backup and Restore Management Plan)
- Step 6: Implement the plan
- Step 7: Monitor the management plan
1.4 Configuring and Upgrading software
1.5 Setting up file and folder permissions
2. User responsibilities
1. Adherence to specific guidelines
1. Strength of password
1. Installation of new software
2.1 Adherence to specific guidelines
The network users are obliged to stick with the network policies in order to ensure the smooth running of network. These guidelines usually include:
Fair Usage Policy (FUP)
Fair Usage Policy (also known as Fair Access Policy or Bandwidth Cap) is implemented by Internet Service Providers (ISPs) world over. A small number of customers use an excessive amount of the network bandwidth and impairs the experience of a large majority. Through this policy, ISPs seek to address this imbalance and give all users the opportunity to experience the network in the same way
2.2 Strength of password
A Strong Password should -
- Be at least 8 characters in length
- Contain both upper and lowercase alphabetic characters (e.g. A-Z, a-z)
- Have at least one numerical character (e.g. 0-9)
- Have at least one special character (e.g. ~!@#$%^&*()_-+=)
A Strong Password should not -
- Spell a word or series of words that can be found in a standard dictionary
- Spell a word with a number added to the beginning and the end
- Be based on any personal information such as user id, family name, pet, birthday, etc.
Recommendation for users
- Do not share your password with anyone for any reason
- Change your password periodically
- Consider using a passphrase instead of a password
- Do not write your password down or store it in an insecure manner
- Avoid reusing a password
- Avoid using the same password for multiple accounts
- Do not use automatic logon functionality
Recommendation to the network admins
- Enforce strong passwords
- Require periodic password changes
- Require a change of initial or “first-time” passwords
- Force expiration of initial or “first-time” passwords
- Do not use Restricted data for initial or “first-time” passwords
- Always verify a user’s identity before resetting a password
- Never ask for a user’s password
- Change default account passwords
- Implement strict controls for system-level and shared service account passwords
- Do not use the same password for multiple administrator accounts
- Do not allow passwords to be transmitted in plain-text
- Do not store passwords in easily reversible form
- Implement automated notification of a password change or reset
2.3 Installation of new software
Installation of unauthorized computer programs and software, including files downloaded and accessed on the Internet, can easily and quickly introduce serious, fast-spreading security vulnerabilities. Unauthorized software programs, even those seemingly provided by reputable vendors and trusted companies, can introduce viruses and Trojan programs that aid hackers’ attempts to illegally obtain sensitive, proprietary, and confidential data. Protecting the organization’s computers, systems, data, and communications from unauthorized access and guarding against data loss is of paramount importance; adherence to the following Software Installation Policy serves a critical role in the process.
This policy’s purpose is to ensure that every employee, contractor, temporary worker, and volunteer understands and agrees to abide by specific guidelines for software, program, and application installation and use on organization-provided computers, systems, and networks.
3. Education of IT professionals
- Maintenance of skills
- Knowledge of exploits
- Application of updates and patches
4. Physical security of system
- Lock and key
- Logging of entry
- Secure room environments
- Authentication of individual
5. Risk assessment and reduction
- Potential risks
- Penetration testing
- Security audits