Security Policy

A security policy is a document that states in writing how a company plans to protect the company's physical and information technology assets. A security policy document is never finished, but is continuously updated as technology and employee requirements change. A company's security policy may include an acceptable use policy, a description of how the company plans to educate its employees about protecting the company's assets, an explanation of how security measurements will be carried out and enforced, and a procedure for evaluating the effectiveness of the security policy to ensure that necessary corrections will be made.

If it is important to be secure, then it is important to be sure all of the security policy is enforced by mechanisms that are strong enough. There are organized methodologies and risk assessment strategies to assure completeness of security policies and assure that they are completely enforced. In complex systems, such as information systems, policies can be decomposed into sub-policies to facilitate the allocation of security mechanisms to enforce sub-policies. However, this practice has pitfalls. It is too easy to simply go directly to the sub-policies, which are essentially the rules of operation and dispense with the top level policy. That gives the false sense that the rules of operation address some overall definition of security when they do not. Because it is so difficult to think clearly with completeness about security, rules of operation stated as "sub-policies" with no "super-policy" usually turn out to be rambling rules that fail to enforce anything with completeness. Consequently, a top level security policy is essential to any serious security scheme and sub-policies and rules of operation are meaningless without it.

Common Networking Attacks Threats and Solution

USB drives are one of the common ways you can infect a network from inside a firewall. The ubiquity of thumb drives has driven hackers to develop targeted malware that can automatically execute upon connecting with a live USB port.  What's worse is that default operating system configurations typically allow most programs to run automatically. They are also inexpensive, small, hold a lot of data and can be used between multiple computer types.

A solution to this problem is to change the computer's default autorun policies. (Click HERE! To findout how!)

All companies have some forms of sensitive information that absolutely cannot leave the walls of the building. It becomes very dangerous when that information is stored on an unsecured portable computer, as they are easy to walk off with. There have been many cases of publicly disclosed instances of notebooks with sensitive data that have "gone missing." Unless the laptop employs a tough encryption algorithm, data is often easy to recover from any given file system. Implement an encrypted file system for sensitive data.

There are a number of off-the-shelf solutions out there to choose from, along with open source ones such as TrueCrypt. VPN, DV and Wi-Fi access should not be stored persistently on devices such as laptops or netbooks.

Hello World!

hi :D