Start networking and exchanging professional insights

Register now or log in to join your professional community.

Follow

What are the security measures taken for your office to avoid hacking and data loss?

IT Infrastructure Security

user-image
Question added by Muhammad Anzar , DevOps/DevSecOps Architect , Confidential
Date Posted: 2013/09/04
Moiz Bastawalla
by Moiz Bastawalla , Business Intelligence , Confidential

Information Security is responsibility of every user in the organisation. Based on three principles CIA looks goods on the paper but practically to maintain is a big challenge. There are two aspects to this question1) Hacking, here i would say that hackers cannot hack any system unless an insider is involved to provide information or access to outsider. Hence one should have a good policy to support these kinds of incidents.2) Data Loss, based on organisation to organisation retention of data varies and hence once should define a scalable backup solution based on the data requirement and it's importance. Here very important factor is that in the event of crash or data failure what is the time frame that a business can sustain and function and how fast the data should be available to start the business once again. Based on these factor one should invest in data storage and keeping in the budget allotted for this .

Muhammad Anzar
by Muhammad Anzar , DevOps/DevSecOps Architect , Confidential

My excersize is below

 

  1. Ran nmap application for identifying vulnerability from outside and internally. This will be exposed ports from outside and what are the ports listening from internally.
  2. After getting report, disable all unwanted applications and ports from internal to outside network
  3. Update all the security updates from all servers and desktops on monthly basis
  4. Run security compliance to all the web based applications, outside exposed IP Address. 
  5. Disabled or update the packages as per security compliance report. 
  6. Check the SSL encryption settings ssl checker and update the encryption methods, protocols and package
  7. Dont expose any internal IP directly to outside network without DMZ network. 
  8. All the machines run antvirus and antispyware on daily basis and update from website weekly basis
  9. Enable UDP/TCP request per second for avoiding outside exposed websites through automated scripts
  10. All the applications should use security based coding for forums or intractive session with end users. This will be good chance for system compromise.

Deleted user
by Deleted user

Information Security is one of the fundamental activities at any organization and involves protecting assets, people, customers, vendors, reputation and business and political status.

Information security concerns with three aspects of information:

 1. Confidentiality

 2. Integrity

 3. Availability

Information Security must be handled on several levels and endorsed by the Board of Directors. Information Security is the responsibility of each and every person in the organization, but ultimate responsibility resides with the CEO. Information Security includes several aspects:

 - Policy, standards and procedures, which also include infrastructure and software baselines;

 - Chief Information Security Officer (CISO) and his staff, who are managing day to day security activities and assessments

 - Physical environment security

 - Infrastructure security including network, hardware, communications etc.

 - Secure development and acquisitions, including security embedded in SDLC;

 - Communications security including data loss prevention, intrusion detection, log analysis and antimalware measures

 - Cryptography and certificate management;

 - Access security at all levels;

 - Project management and personnel security;

 - Security architecture and design;

 - Data classification, hadnling and media sanitization;

 - Disaster Recovery and Business Continuity;

 - Security training, awareness and assurance programs.

 

Information Security nust be handled by professionals specifically trained in this subject and who received official certifications like CISSP or ISO.

 

More Questions Like This