When working with any technology, there is always information that needs to be safeguarded or only accessed by individuals that need to know certain information to perform their job function. This process of limiting information access is known as separation of duties in the workplace. Separation duties is used to make it difficult for an individual to violate information security and breach the confidentiality, integrity, or availability of information.
This separation also allows organizations to limit the potential for an insider threat occurring. It does this by limiting what information can be removed or accessed from various sources. For example, if accessing confidential information the organization may only allow those with a clearance of confidential and limit what devices are allowed in the room. They may also require a two-person control, in which one is required to have another authorized person in the room to access certain information. All of these are steps to protect and safeguard information in the IT realm.
Safeguarding information is essential to the organization in order for the organization to remain secure and fully functional. Without these procedures anyone could go into and access and take information that may potentially damage the overall organization.
To learn more , read the following:
FBI Guidance for Combating the Insider Threat. Retrieved from http://www.infosecisland.com/blogview/21321-FBI-Guidance-of-Combating-the-Insider-Threat.html
Separation of Duties for System Adminstrators. Retrieved from http://www.infosecisland.com/blogview/18905-Separation-of-Duties-for-System-Administrators.html
A CISOs Guide on Cybersecurity
Modern CISO Network: Board Book
Sunday, November 10, 2013
Sunday, November 3, 2013
Cryptography: A Way to Secure Information
It seems in today's world that everyone is looking for ways to maintain and keep what privacy they may have. There are daily news stories of how people are upset that their information is shared or collected from the Internet, emails, or social media sites. It's not that they have something to hide, necessarily, but that they have a sense of inherent right to give their information to whom they choose.
Cryptography is a way to help encode or encrypt the information over the Internet. So what is it? In simple terms, a way to scramble up a message or data and send it somewhere and have it decoded back to the original message using a key or cipher. There is software available that can do this process and cryptographic messages can be very simple or very complex.
This process may be used to protect some information but it also can cause for potential unknown or unseen risks to the the systems that use them. The message is secured by the key or cipher but it is not guaranteed that someone who has a program to decode ciphers cant intercept this information or upload other information.
Either way it is a process of securing information to maintain some of the precious security we all want and the privacy when transmitting data. Although, I highly doubt that most average users on the Internet are taking time to encrypt their messages and providing a key or cipher to the other parties to decipher.
To learn more, read the following:
Defending against Crypto Backdoors. Retrieved from https://www.schneier.com/blog/archives/2013/10/defending_again_1.html
CISSP Reloaded Domain 4: Cryptography. Retrieved from http://www.infosecisland.com/blogview/20786-CISSP-Reloaded-Domain-4-Cryptography.html
Cryptography is a way to help encode or encrypt the information over the Internet. So what is it? In simple terms, a way to scramble up a message or data and send it somewhere and have it decoded back to the original message using a key or cipher. There is software available that can do this process and cryptographic messages can be very simple or very complex.
This process may be used to protect some information but it also can cause for potential unknown or unseen risks to the the systems that use them. The message is secured by the key or cipher but it is not guaranteed that someone who has a program to decode ciphers cant intercept this information or upload other information.
Either way it is a process of securing information to maintain some of the precious security we all want and the privacy when transmitting data. Although, I highly doubt that most average users on the Internet are taking time to encrypt their messages and providing a key or cipher to the other parties to decipher.
To learn more, read the following:
Defending against Crypto Backdoors. Retrieved from https://www.schneier.com/blog/archives/2013/10/defending_again_1.html
CISSP Reloaded Domain 4: Cryptography. Retrieved from http://www.infosecisland.com/blogview/20786-CISSP-Reloaded-Domain-4-Cryptography.html
Subscribe to:
Comments (Atom)