Corporate Security and IT Policies - Revision history

Ivanoa at 03:15, 13 April 2009

2009-04-13T03:15:46Z

Ivanoa at 03:05, 13 April 2009

2009-04-13T03:05:09Z

← Older revision		Revision as of 03:05, 13 April 2009
Line 25:		Line 25:
	[[Image:Passwordchange.jpg\|thumb\|A user password policy change window shown in Windows XP.<sup>[5]</sup>]]		[[Image:Passwordchange.jpg\|thumb\|A user password policy change window shown in Windows XP.<sup>[5]</sup>]]

-	~~Security from a software perspective is typically handled by a~~ designated team of network administrator or security administrators. They are responsible for setting the IT Policies that govern employees of the corporation such that all corporate computer systems are safe from attacks.	+	A designated team of network administrator or security administrators typically handles security from a software perspective. They are responsible for setting the IT Policies that govern employees of the corporation such that all corporate computer systems are safe from attacks.

-	The first-line of defense is a corporate [[Network firewall\|firewall]], ~~that~~ sits between the outside world and the corporate network. This gives the security team a lot of customized control on what packets enter and what packets leave the company.	+	The first-line of defense is a corporate [[Network firewall\|firewall]], which sits between the outside world and the corporate network. This gives the security team a lot of customized control on what packets enter and what packets leave the company.

	A second standard security practice is to enforce passwords upon users. For further protection, some companies force their users to change passwords at a set interval - such as every 2 months. A password policy is complementary and can enforce users to create passwords consisting of:		A second standard security practice is to enforce passwords upon users. For further protection, some companies force their users to change passwords at a set interval - such as every 2 months. A password policy is complementary and can enforce users to create passwords consisting of:
Line 36:		Line 36:
	*A minimum number of non-alphanumeric symbols		*A minimum number of non-alphanumeric symbols

-	In some organizations, users do not have rights to install or modify major components of the operating system. This is to prevent opening ports, and installing software which could be open to malicious attack. Software updates are also typically enforced, to keep computers up-to-date with the latest software - decreasing the risk of known attacks.	+	In some organizations, users do not have rights to install or modify major components of the operating system. This is to prevent opening ports, and installing software, which could be open to malicious attack. Software updates are also typically enforced, to keep computers up-to-date with the latest software - decreasing the risk of known attacks.

-	Local data that is stored on ~~harddrives~~ is often encrypted, and security teams attempt to monitor which data leaves the corporation via the Internet or CD/removable media. However, this is one of the weakest points and typically the point of failure, since it is difficult for the security team to know of thousands of emailed or uploaded documents, which are confidential. <sup>[6]</sup>	+	Local data that is stored on hard drives is often encrypted, and security teams attempt to monitor which data leaves the corporation via the Internet or CD/removable media. However, this is one of the weakest points and typically the point of failure, since it is difficult for the security team to know of thousands of emailed or uploaded documents, which are confidential. <sup>[6]</sup>

	Security teams also prevent attackers from stealing data wirelessly through sophisticated encryption algorithms (e.g. 128-bit WEP).		Security teams also prevent attackers from stealing data wirelessly through sophisticated encryption algorithms (e.g. 128-bit WEP).

Ivanoa at 03:02, 13 April 2009

2009-04-13T03:02:28Z

Ivanoa at 03:00, 13 April 2009

2009-04-13T03:00:10Z

Ivanoa at 02:58, 13 April 2009

2009-04-13T02:58:52Z

Ivanoa at 02:57, 13 April 2009

2009-04-13T02:57:38Z

← Older revision		Revision as of 02:57, 13 April 2009
Line 3:		Line 3:
	==Physical Security==		==Physical Security==
	Tech-savvy companies rarely forget software security, or the importance of it. However, physical security is sometimes lowered in priority, given the movement towards a paperless work environment. Physical security is an important security layer, because a decreased guard in this layer could allow for easier software attacks. This could allow physical access to internal computers and therefore increasing probability of software attacks from computers within the organization, which is considered very dangerous.		Tech-savvy companies rarely forget software security, or the importance of it. However, physical security is sometimes lowered in priority, given the movement towards a paperless work environment. Physical security is an important security layer, because a decreased guard in this layer could allow for easier software attacks. This could allow physical access to internal computers and therefore increasing probability of software attacks from computers within the organization, which is considered very dangerous.
-	[[Image:Security_Camera.jpg\|thumb\|Typical security camera used for recording physical perimeter of building.[X]]]	+	[[Image:Security_Camera.jpg\|thumb\|Typical security camera used for recording physical perimeter of building.[3]]]

	[[Image:Monitor_mirror.jpg\|thumb\|left\|Monitor mirrors are used to allow workers to see if there are any wandering eyes behind them trying to see confidential information.[2]]]		[[Image:Monitor_mirror.jpg\|thumb\|left\|Monitor mirrors are used to allow workers to see if there are any wandering eyes behind them trying to see confidential information.[2]]]
Line 19:		Line 19:
	* [[Fingerprint authentication]] - secure method of gaining access to rooms and computers		* [[Fingerprint authentication]] - secure method of gaining access to rooms and computers

-	If these security measures are breached, and an attack does take place, a good security measure to have is an intrusion detection system. A safe system would consist of an alarm, combined with an automated notification system. [X]	+	If these security measures are breached, and an attack does take place, a good security measure to have is an intrusion detection system. A safe system would consist of an alarm, combined with an automated notification system. [4]

	==Software Security==		==Software Security==

Ivanoa at 02:57, 13 April 2009

2009-04-13T02:57:12Z

← Older revision		Revision as of 02:57, 13 April 2009
Line 5:		Line 5:
	[[Image:Security_Camera.jpg\|thumb\|Typical security camera used for recording physical perimeter of building.[X]]]		[[Image:Security_Camera.jpg\|thumb\|Typical security camera used for recording physical perimeter of building.[X]]]

-	[[Image:Monitor_mirror.jpg\|thumb\|left\|Monitor mirrors are used to allow workers to see if there are any wandering eyes behind them trying to see confidential information.[X]]]	+	[[Image:Monitor_mirror.jpg\|thumb\|left\|Monitor mirrors are used to allow workers to see if there are any wandering eyes behind them trying to see confidential information.[2]]]

	Security Cards (or access badges) are a common security feature, typically used on all entrances to secured buildings. Usually a public lobby-area with a receptionist is open for visitors, however, access to the remaining parts of the building are secured with a locked system which requires authorized employees to swipe security passes to gain access.		Security Cards (or access badges) are a common security feature, typically used on all entrances to secured buildings. Usually a public lobby-area with a receptionist is open for visitors, however, access to the remaining parts of the building are secured with a locked system which requires authorized employees to swipe security passes to gain access.

Ivanoa at 02:57, 13 April 2009

2009-04-13T02:57:05Z

← Older revision		Revision as of 02:57, 13 April 2009
Line 61:		Line 61:
	==References==		==References==
	#Wikipedia, Physical Security, 2009. http://en.wikipedia.org/wiki/Physical_Security		#Wikipedia, Physical Security, 2009. http://en.wikipedia.org/wiki/Physical_Security
		+	#Grand Illusions, Monitor Mirror, 2009. http://www.grand-illusions.com/acatalog/monitor_mirror.jpg
	#Reliable Security Systems, CCTV Camera, 2009. http://www.rsscctv.com/images/P/200x200_tkc215_300%2520WEB.jpg		#Reliable Security Systems, CCTV Camera, 2009. http://www.rsscctv.com/images/P/200x200_tkc215_300%2520WEB.jpg
	#SANS Institute, Password Policy, 2006. http://www.sans.org/resources/policies/Password_Policy.pdf		#SANS Institute, Password Policy, 2006. http://www.sans.org/resources/policies/Password_Policy.pdf
	#Cornell University, Cornell Information Technologies, 2009: http://www2.cit.cornell.edu/services/systems_support/images/changepassword2.jpg		#Cornell University, Cornell Information Technologies, 2009: http://www2.cit.cornell.edu/services/systems_support/images/changepassword2.jpg
-	~~#Grand Illusions, Monitor Mirror, 2009. http://www.grand-illusions.com/acatalog/monitor_mirror.jpg~~
	#Device Lock, Corporate Security: Risks of Insider Attack, 2009. http://www.devicelock.com/corporate_security.html		#Device Lock, Corporate Security: Risks of Insider Attack, 2009. http://www.devicelock.com/corporate_security.html

Ivanoa at 02:56, 13 April 2009

2009-04-13T02:56:39Z

← Older revision		Revision as of 02:56, 13 April 2009
Line 1:		Line 1:
-	Corporations need to protect their physical and soft assets in today’s world of thieves and hackers. To do so, they implement IT and Security Policies, which protect their corporations against such attacks. These prevention mechanisms can be split up into three main categories: physical, software, and social (employees). The ultimate goal is to convince a potential attacker that sufficient security measures are in place such that the attack will not be worth while.[X]	+	Corporations need to protect their physical and soft assets in today’s world of thieves and hackers. To do so, they implement IT and Security Policies, which protect their corporations against such attacks. These prevention mechanisms can be split up into three main categories: physical, software, and social (employees). The ultimate goal is to convince a potential attacker that sufficient security measures are in place such that the attack will not be worth while.[1]

	==Physical Security==		==Physical Security==
Line 60:		Line 60:

	==References==		==References==
		+	#Wikipedia, Physical Security, 2009. http://en.wikipedia.org/wiki/Physical_Security
	#Reliable Security Systems, CCTV Camera, 2009. http://www.rsscctv.com/images/P/200x200_tkc215_300%2520WEB.jpg		#Reliable Security Systems, CCTV Camera, 2009. http://www.rsscctv.com/images/P/200x200_tkc215_300%2520WEB.jpg
	#SANS Institute, Password Policy, 2006. http://www.sans.org/resources/policies/Password_Policy.pdf		#SANS Institute, Password Policy, 2006. http://www.sans.org/resources/policies/Password_Policy.pdf
-	~~#Wikipedia, Physical Security, 2009. http://en.wikipedia.org/wiki/Physical_Security~~
	#Cornell University, Cornell Information Technologies, 2009: http://www2.cit.cornell.edu/services/systems_support/images/changepassword2.jpg		#Cornell University, Cornell Information Technologies, 2009: http://www2.cit.cornell.edu/services/systems_support/images/changepassword2.jpg
	#Grand Illusions, Monitor Mirror, 2009. http://www.grand-illusions.com/acatalog/monitor_mirror.jpg		#Grand Illusions, Monitor Mirror, 2009. http://www.grand-illusions.com/acatalog/monitor_mirror.jpg

Ivanoa at 02:55, 13 April 2009

2009-04-13T02:55:45Z

← Older revision		Revision as of 02:55, 13 April 2009
Line 61:		Line 61:
	==References==		==References==
	#Reliable Security Systems, CCTV Camera, 2009. http://www.rsscctv.com/images/P/200x200_tkc215_300%2520WEB.jpg		#Reliable Security Systems, CCTV Camera, 2009. http://www.rsscctv.com/images/P/200x200_tkc215_300%2520WEB.jpg
-	~~#Netmail Support, Password Change Policy, 2009. http://support.netmail.sg/images/changepwd_owa2.gif~~
	#SANS Institute, Password Policy, 2006. http://www.sans.org/resources/policies/Password_Policy.pdf		#SANS Institute, Password Policy, 2006. http://www.sans.org/resources/policies/Password_Policy.pdf
	#Wikipedia, Physical Security, 2009. http://en.wikipedia.org/wiki/Physical_Security		#Wikipedia, Physical Security, 2009. http://en.wikipedia.org/wiki/Physical_Security
-	#~~password change PICTURE~~: http://www2.cit.cornell.edu/services/systems_support/images/changepassword2.jpg	+	#Cornell University, Cornell Information Technologies, 2009: http://www2.cit.cornell.edu/services/systems_support/images/changepassword2.jpg
-	#Mirror ~~monitor PICTURE:~~ http://www.grand-illusions.com/acatalog/monitor_mirror.jpg	+	#Grand Illusions, Monitor Mirror, 2009. http://www.grand-illusions.com/acatalog/monitor_mirror.jpg
-	#http://www.devicelock.com/corporate_security.html	+	#Device Lock, Corporate Security: Risks of Insider Attack, 2009. http://www.devicelock.com/corporate_security.html

	==See Also==		==See Also==

← Older revision		Revision as of 03:15, 13 April 2009
Line 25:		Line 25:
	[[Image:Passwordchange.jpg\|thumb\|A user password policy change window shown in Windows XP.<sup>[5]</sup>]]		[[Image:Passwordchange.jpg\|thumb\|A user password policy change window shown in Windows XP.<sup>[5]</sup>]]

-	A designated team of network administrator or security administrators typically handles security from a software perspective. They are responsible for setting the IT Policies that govern employees of the corporation such that all corporate computer systems are safe from ~~attacks~~.	+	A designated team of network administrator or security administrators typically handles security from a software perspective. They are responsible for setting the IT Policies that govern employees of the corporation, such that all corporate computer systems are safe from attack.

	The first-line of defense is a corporate [[Network firewall\|firewall]], which sits between the outside world and the corporate network. This gives the security team a lot of customized control on what packets enter and what packets leave the company.		The first-line of defense is a corporate [[Network firewall\|firewall]], which sits between the outside world and the corporate network. This gives the security team a lot of customized control on what packets enter and what packets leave the company.
Line 36:		Line 36:
	*A minimum number of non-alphanumeric symbols		*A minimum number of non-alphanumeric symbols

-	In some organizations, users do not have rights to install or modify ~~major~~ components of the operating system. This is to prevent opening ports, and installing software, which could be open to malicious attack. Software updates are also typically enforced, to keep computers up-to-date with the latest software - decreasing the risk of known attacks.	+	In some organizations, users do not have rights to install new software or modify components of the operating system. This is to prevent opening ports and installing unauthorized software, which could be open to malicious attack. Software updates are also typically enforced, to keep computers up-to-date with the latest software - decreasing the risk of known attacks.

-	Local data that is stored on hard drives is often encrypted, and security teams attempt to monitor which data leaves the corporation via the Internet or CD/removable media. However, this is one of the weakest points and typically the point of failure, since it is difficult for the security team to know of thousands of emailed or uploaded documents~~, which~~ are confidential. <sup>[6]</sup>	+	Local data that is stored on hard drives is often encrypted, and security teams attempt to monitor which data leaves the corporation via the Internet or CD/removable media. However, this is one of the weakest points and typically the point of failure, since it is difficult for the security team to know of which of the thousands of emailed or uploaded documents are confidential. <sup>[6]</sup>

	Security teams also prevent attackers from stealing data wirelessly through sophisticated encryption algorithms (e.g. 128-bit WEP).		Security teams also prevent attackers from stealing data wirelessly through sophisticated encryption algorithms (e.g. 128-bit WEP).

	==Social Employee Security==		==Social Employee Security==
-	Although smaller companies ~~sometimes~~ omit discussing social engineering within their security practices, it is strikingly one of the most important areas to cover. Essentially, this type of security mechanism aims to prevent [[social engineering]].	+	Although smaller companies sometime omit discussing social engineering within their security practices, it is strikingly one of the most important areas to cover. Essentially, this type of security mechanism aims to prevent [[social engineering]].

	Companies typically have a statement in their security policy manual such as <sup>[7]</sup>:		Companies typically have a statement in their security policy manual such as <sup>[7]</sup>:
Line 55:		Line 55:
	If someone demands a password, refer them to this document or have them call someone in the Information Security Department.		If someone demands a password, refer them to this document or have them call someone in the Information Security Department.

-	The above is most frequently directed at protecting employees from being manipulated by social engineers. It aims to prevent ~~people~~ from unknowingly giving out important information to an attacker.	+	The above is most frequently directed at protecting employees from being manipulated by social engineers. It aims to prevent employees from unknowingly giving out important information to an attacker.

	IT Administrators typically do not have direct access to view account passwords, either. Instead, passwords are almost always encrypted while stored. Should a user forget his or her password, the administrator must reset the password, rather than being able to view the user’s former password and give it out. Furthermore, if a password is forgotten, another method to prevent social engineering is to ensure the new password is given to the correct individual. In this case, the password is emailed to a password secured account, rather than given over the phone.		IT Administrators typically do not have direct access to view account passwords, either. Instead, passwords are almost always encrypted while stored. Should a user forget his or her password, the administrator must reset the password, rather than being able to view the user’s former password and give it out. Furthermore, if a password is forgotten, another method to prevent social engineering is to ensure the new password is given to the correct individual. In this case, the password is emailed to a password secured account, rather than given over the phone.

← Older revision		Revision as of 03:02, 13 April 2009
Line 1:		Line 1:
-	Corporations need to protect their physical and soft assets in today’s world of thieves and hackers. To do so, they implement IT and Security Policies, which protect their corporations against such attacks. These prevention mechanisms can be split up into three main categories: physical, software, and social (employees). The ultimate goal is to convince a potential attacker that sufficient security measures are in place such that the attack will not be worth while.[1]	+	Corporations need to protect their physical and soft assets in today’s world of thieves and hackers. To do so, they implement IT and Security Policies, which protect their corporations against such attacks. These prevention mechanisms can be split up into three main categories: physical, software, and social (employees). The ultimate goal is to convince a potential attacker that sufficient security measures are in place such that the attack will not be worth while.<sup>[1]</sup>

	==Physical Security==		==Physical Security==
	Tech-savvy companies rarely forget software security, or the importance of it. However, physical security is sometimes lowered in priority, given the movement towards a paperless work environment. Physical security is an important security layer, because a decreased guard in this layer could allow for easier software attacks. This could allow physical access to internal computers and therefore increasing probability of software attacks from computers within the organization, which is considered very dangerous.		Tech-savvy companies rarely forget software security, or the importance of it. However, physical security is sometimes lowered in priority, given the movement towards a paperless work environment. Physical security is an important security layer, because a decreased guard in this layer could allow for easier software attacks. This could allow physical access to internal computers and therefore increasing probability of software attacks from computers within the organization, which is considered very dangerous.
-	[[Image:Security_Camera.jpg\|thumb\|Typical security camera used for recording physical perimeter of building.[3]]]	+	[[Image:Security_Camera.jpg\|thumb\|Typical security camera used for recording physical perimeter of building.<sup>[3]</sup>]]

-	[[Image:Monitor_mirror.jpg\|thumb\|left\|Monitor mirrors are used to allow workers to see if there are any wandering eyes behind them trying to see confidential information.[2]]]	+	[[Image:Monitor_mirror.jpg\|thumb\|left\|Monitor mirrors are used to allow workers to see if there are any wandering eyes behind them trying to see confidential information.<sup>[2]</sup>]]

	Security Cards (or access badges) are a common security feature, typically used on all entrances to secured buildings. Usually a public lobby-area with a receptionist is open for visitors, however, access to the remaining parts of the building are secured with a locked system which requires authorized employees to swipe security passes to gain access.		Security Cards (or access badges) are a common security feature, typically used on all entrances to secured buildings. Usually a public lobby-area with a receptionist is open for visitors, however, access to the remaining parts of the building are secured with a locked system which requires authorized employees to swipe security passes to gain access.
Line 19:		Line 19:
	* [[Fingerprint authentication]] - secure method of gaining access to rooms and computers		* [[Fingerprint authentication]] - secure method of gaining access to rooms and computers

-	If these security measures are breached, and an attack does take place, a good security measure to have is an intrusion detection system. A safe system would consist of an alarm, combined with an automated notification system. [4]	+	If these security measures are breached, and an attack does take place, a good security measure to have is an intrusion detection system. A safe system would consist of an alarm, combined with an automated notification system. <sup>[4]</sup>

	==Software Security==		==Software Security==
	Software security refers to the protection of digital data; this topic also includes hardware necessary to implement software security, such as a computer running the corporate firewall.		Software security refers to the protection of digital data; this topic also includes hardware necessary to implement software security, such as a computer running the corporate firewall.
-	[[Image:Passwordchange.jpg\|thumb\|A user password policy change window shown in Windows XP.[5]]]	+	[[Image:Passwordchange.jpg\|thumb\|A user password policy change window shown in Windows XP.<sup>[5]</sup>]]

	Security from a software perspective is typically handled by a designated team of network administrator or security administrators. They are responsible for setting the IT Policies that govern employees of the corporation such that all corporate computer systems are safe from attacks.		Security from a software perspective is typically handled by a designated team of network administrator or security administrators. They are responsible for setting the IT Policies that govern employees of the corporation such that all corporate computer systems are safe from attacks.
Line 38:		Line 38:
	In some organizations, users do not have rights to install or modify major components of the operating system. This is to prevent opening ports, and installing software which could be open to malicious attack. Software updates are also typically enforced, to keep computers up-to-date with the latest software - decreasing the risk of known attacks.		In some organizations, users do not have rights to install or modify major components of the operating system. This is to prevent opening ports, and installing software which could be open to malicious attack. Software updates are also typically enforced, to keep computers up-to-date with the latest software - decreasing the risk of known attacks.

-	Local data that is stored on harddrives is often encrypted, and security teams attempt to monitor which data leaves the corporation via the Internet or CD/removable media. However, this is one of the weakest points and typically the point of failure, since it is difficult for the security team to know of thousands of emailed or uploaded documents, which are confidential. [6]	+	Local data that is stored on harddrives is often encrypted, and security teams attempt to monitor which data leaves the corporation via the Internet or CD/removable media. However, this is one of the weakest points and typically the point of failure, since it is difficult for the security team to know of thousands of emailed or uploaded documents, which are confidential. <sup>[6]</sup>

	Security teams also prevent attackers from stealing data wirelessly through sophisticated encryption algorithms (e.g. 128-bit WEP).		Security teams also prevent attackers from stealing data wirelessly through sophisticated encryption algorithms (e.g. 128-bit WEP).
Line 45:		Line 45:
	Although smaller companies sometimes omit discussing social engineering within their security practices, it is strikingly one of the most important areas to cover. Essentially, this type of security mechanism aims to prevent [[social engineering]].		Although smaller companies sometimes omit discussing social engineering within their security practices, it is strikingly one of the most important areas to cover. Essentially, this type of security mechanism aims to prevent [[social engineering]].

-	Companies typically have a statement in their security policy manual such as [7]:	+	Companies typically have a statement in their security policy manual such as <sup>[7]</sup>:

	Don't reveal a password to the boss		Don't reveal a password to the boss

← Older revision		Revision as of 03:00, 13 April 2009
Line 19:		Line 19:
	* [[Fingerprint authentication]] - secure method of gaining access to rooms and computers		* [[Fingerprint authentication]] - secure method of gaining access to rooms and computers

-	If these security measures are breached, and an attack does take place, a good security measure to have is an intrusion detection system. A safe system would consist of an alarm, combined with an automated notification system. [1]	+	If these security measures are breached, and an attack does take place, a good security measure to have is an intrusion detection system. A safe system would consist of an alarm, combined with an automated notification system. [4]

	==Software Security==		==Software Security==
	Software security refers to the protection of digital data; this topic also includes hardware necessary to implement software security, such as a computer running the corporate firewall.		Software security refers to the protection of digital data; this topic also includes hardware necessary to implement software security, such as a computer running the corporate firewall.
-	[[Image:Passwordchange.jpg\|thumb\|A user password policy change window shown in Windows XP.[4]]]	+	[[Image:Passwordchange.jpg\|thumb\|A user password policy change window shown in Windows XP.[5]]]

	Security from a software perspective is typically handled by a designated team of network administrator or security administrators. They are responsible for setting the IT Policies that govern employees of the corporation such that all corporate computer systems are safe from attacks.		Security from a software perspective is typically handled by a designated team of network administrator or security administrators. They are responsible for setting the IT Policies that govern employees of the corporation such that all corporate computer systems are safe from attacks.
Line 38:		Line 38:
	In some organizations, users do not have rights to install or modify major components of the operating system. This is to prevent opening ports, and installing software which could be open to malicious attack. Software updates are also typically enforced, to keep computers up-to-date with the latest software - decreasing the risk of known attacks.		In some organizations, users do not have rights to install or modify major components of the operating system. This is to prevent opening ports, and installing software which could be open to malicious attack. Software updates are also typically enforced, to keep computers up-to-date with the latest software - decreasing the risk of known attacks.

-	Local data that is stored on harddrives is often encrypted, and security teams attempt to monitor which data leaves the corporation via the Internet or CD/removable media. However, this is one of the weakest points and typically the point of failure, since it is difficult for the security team to know of thousands of emailed or uploaded documents, which are confidential. [X]	+	Local data that is stored on harddrives is often encrypted, and security teams attempt to monitor which data leaves the corporation via the Internet or CD/removable media. However, this is one of the weakest points and typically the point of failure, since it is difficult for the security team to know of thousands of emailed or uploaded documents, which are confidential. [6]

	Security teams also prevent attackers from stealing data wirelessly through sophisticated encryption algorithms (e.g. 128-bit WEP).		Security teams also prevent attackers from stealing data wirelessly through sophisticated encryption algorithms (e.g. 128-bit WEP).
Line 45:		Line 45:
	Although smaller companies sometimes omit discussing social engineering within their security practices, it is strikingly one of the most important areas to cover. Essentially, this type of security mechanism aims to prevent [[social engineering]].		Although smaller companies sometimes omit discussing social engineering within their security practices, it is strikingly one of the most important areas to cover. Essentially, this type of security mechanism aims to prevent [[social engineering]].

-	Companies typically have a statement in their security policy manual such as [X]:	+	Companies typically have a statement in their security policy manual such as [7]:

	Don't reveal a password to the boss		Don't reveal a password to the boss
Line 63:		Line 63:
	#Grand Illusions, Monitor Mirror, 2009. http://www.grand-illusions.com/acatalog/monitor_mirror.jpg		#Grand Illusions, Monitor Mirror, 2009. http://www.grand-illusions.com/acatalog/monitor_mirror.jpg
	#Reliable Security Systems, CCTV Camera, 2009. http://www.rsscctv.com/images/P/200x200_tkc215_300%2520WEB.jpg		#Reliable Security Systems, CCTV Camera, 2009. http://www.rsscctv.com/images/P/200x200_tkc215_300%2520WEB.jpg
		+	#Wikipedia, Physical Security, 2009. http://en.wikipedia.org/wiki/Physical_Security
	#Cornell University, Cornell Information Technologies, 2009: http://www2.cit.cornell.edu/services/systems_support/images/changepassword2.jpg		#Cornell University, Cornell Information Technologies, 2009: http://www2.cit.cornell.edu/services/systems_support/images/changepassword2.jpg
-	~~#SANS Institute, Password Policy, 2006. http://www.sans.org/resources/policies/Password_Policy.pdf~~
	#Device Lock, Corporate Security: Risks of Insider Attack, 2009. http://www.devicelock.com/corporate_security.html		#Device Lock, Corporate Security: Risks of Insider Attack, 2009. http://www.devicelock.com/corporate_security.html
		+	#SANS Institute, Password Policy, 2006. http://www.sans.org/resources/policies/Password_Policy.pdf

	==See Also==		==See Also==

← Older revision		Revision as of 02:58, 13 April 2009
Line 19:		Line 19:
	* [[Fingerprint authentication]] - secure method of gaining access to rooms and computers		* [[Fingerprint authentication]] - secure method of gaining access to rooms and computers

-	If these security measures are breached, and an attack does take place, a good security measure to have is an intrusion detection system. A safe system would consist of an alarm, combined with an automated notification system. [4]	+	If these security measures are breached, and an attack does take place, a good security measure to have is an intrusion detection system. A safe system would consist of an alarm, combined with an automated notification system. [1]

	==Software Security==		==Software Security==
	Software security refers to the protection of digital data; this topic also includes hardware necessary to implement software security, such as a computer running the corporate firewall.		Software security refers to the protection of digital data; this topic also includes hardware necessary to implement software security, such as a computer running the corporate firewall.
-	[[Image:Passwordchange.jpg\|thumb\|A user password policy change window shown in Windows XP.[X]]]	+	[[Image:Passwordchange.jpg\|thumb\|A user password policy change window shown in Windows XP.[4]]]

	Security from a software perspective is typically handled by a designated team of network administrator or security administrators. They are responsible for setting the IT Policies that govern employees of the corporation such that all corporate computer systems are safe from attacks.		Security from a software perspective is typically handled by a designated team of network administrator or security administrators. They are responsible for setting the IT Policies that govern employees of the corporation such that all corporate computer systems are safe from attacks.
Line 63:		Line 63:
	#Grand Illusions, Monitor Mirror, 2009. http://www.grand-illusions.com/acatalog/monitor_mirror.jpg		#Grand Illusions, Monitor Mirror, 2009. http://www.grand-illusions.com/acatalog/monitor_mirror.jpg
	#Reliable Security Systems, CCTV Camera, 2009. http://www.rsscctv.com/images/P/200x200_tkc215_300%2520WEB.jpg		#Reliable Security Systems, CCTV Camera, 2009. http://www.rsscctv.com/images/P/200x200_tkc215_300%2520WEB.jpg
-	~~#SANS Institute, Password Policy, 2006. http://www.sans.org/resources/policies/Password_Policy.pdf~~
	#Cornell University, Cornell Information Technologies, 2009: http://www2.cit.cornell.edu/services/systems_support/images/changepassword2.jpg		#Cornell University, Cornell Information Technologies, 2009: http://www2.cit.cornell.edu/services/systems_support/images/changepassword2.jpg
		+	#SANS Institute, Password Policy, 2006. http://www.sans.org/resources/policies/Password_Policy.pdf
	#Device Lock, Corporate Security: Risks of Insider Attack, 2009. http://www.devicelock.com/corporate_security.html		#Device Lock, Corporate Security: Risks of Insider Attack, 2009. http://www.devicelock.com/corporate_security.html