Thursday , January 24 2019
Home / IT Security (page 4)

IT Security

Types of Biometric Controls

Types of Biometric Controls

There are a number of biometric controls that are used today; below we have the major implementations and their specific pros and cons with regards to access control security.   Fingerprints Fingerprints are the most widely used biometric control available today. Smartcards can carry fingerprint information. Many U.S government office …

Read More »

PERSONNEL SECURITY

PERSONNEL SECURITY

Users can pose the biggest security risk to an organization. Background checks should be performed, contractors who needs to be securely managed, and the users ought to be properly trained and made aware of the security risks, as we will discuss next. Security Awareness and Training Security awareness and training …

Read More »

THE OSI MODEL

THE OSI MODEL

The OSI (Open System Interconnection) reference model is a layered network model. The model is of course abstract; we do not directly run the OSI model in our systems (most now use the TCP/IP model). Rather, it is used as a reference point, so “Layer 1” (physical) is universally understood, …

Read More »

SYSTEM VULNERABILITIES, THREATS, AND COUNTERMEASURES

SYSTEM VULNERABILITIES, THREATS, AND COUNTERMEASURES

System threats, vulnerabilities, and countermeasures describe security architecture and design vulnerabilities, as well as the corresponding exploits that may compromise system security. We will discuss countermeasures, or the mitigating actions of that to reduce the associated risk. COVERT CHANNELS A covert channel is any communication that violates security policy. The …

Read More »

Information Security Governance

Information Security Governance

Information security governance is the information security in the organizational level, which includes senior management, policies, processes, and staffing. It is also the organizational priority provided by the senior leadership, which is required for a successful information security program.   Security Policy and Related Documents Documents such as policies and …

Read More »

Legal and Regulatory Issues

Though general understanding of the major legal systems and their types of law is really essential, it is critical that information security professionals understand the concepts described in the next section. Of course with the ubiquity of information systems, data and applications comes a host of legal issues that require …

Read More »

Types of Attackers

Types of Attackers

Controlling access is not limited to the control of authorized users; it also includes preventing unauthorized access. Information systems may be attacked by a variety of attackers, ranging from script kiddies to worms to militarized attacks. Attackers may use a variety of methods in their attempts to compromise the confidentiality, …

Read More »

Protocol Analyzers

Protocol Analyzers

The terms protocol analyzing and packet sniffing are interchangeable. They refer to the process of monitoring the data that is transmitted across the network. The software that performs the operation is called either an analyzer or a snifter. Sniffers are readily available on the Internet. These tools were initially intended …

Read More »