no more cubes

Category: Security & Privacy

  • Intrusion Detection Technology: Examples

    • Acoustical detection: A bio-hazard laboratory is in a hermetically sealed area of a building.
    • Motion detection: A large warehouse needs after hours protection.
    • Electrostatic detection: A expensive painting on display needs protection.
    • Electro-Mechanical detection: the door to a server room.
    • Electro-Mechanical detection: detects breaks in electrical circuit.
    • Passive Infrared: Detects fluctuations in energy and particle temperature within the protected area.
    • Motion detection: A large warehouse needs after hours protection.
    • Electrostatic detection: detects capacitance changes in a defined field.

  • Components of layered defense

    • Mechanisms for preventing unauthorized access to rooms where sensitive data is stored.
    • Bars on windows that represent possible building entry points.
    • Surveillance devices for securing the perimeter of the organizations’s premisses.
    • A security gate for restricting access to a suite of offices.

  • Securing a safe

    • Create strong combinations for the safelock and change these frequently
    • Install the safe in reinforced concrete

  • Secure HVAC systems

    HVAC is short for „Heating, Ventilation and Air Conditioning“.

    • Installing separate air conditioning for data centers.
    • Maintain positive pressurization

    Also, in the context of access control:

    • Implementing access control for cable runs.
    • Securing ventilation registers from unauthorized access.

  • Preventing Power Problems

    • Install static controls.
    • Use power line conditioners.
    • Installing regulators to ensure clean power.
    • Installing single-socket power line filter suppressant.

  • Disaster Response Roles

    • Responsible for carrying out the recovery processes and tasks: Emergency Response Team
    • Responsible for contaction the organization’s lawyer an/or legal team: Primary site restoration team
    • Responsible for interfacing with the media: Company executives
    • Responsible for setting the emergency plans into motion: Emergency management team

  • BC and DR essentials

    • Information on how to release progress reports  to vendors and the media.
    • Information about how an event is communicated and escalated.
    • A listing of each group’s roles and responsibilities.

  • Technology Recovery Strategies

    • Dual data centers: Two fully functional sites that both support an organization’s functions.
    • Cold sites: Empty spaces containing no technical equipment or resources.
    • Hot sites: Sites fully configured with equipment that actually mirror production sites.
    • Warm sites: Sites containing cabling and networks, but no computers.

  • Recovery Strategy Considerations

    The setup, maintenance, and execution of the recovery strategy must cost no more than the value of protecting the relevant technological asset or business process.

    Ensure that the financial benefit of the chosen strategy equals or outweighs the total cost of the strategy.

  • Plan Test Types

    • Call exercise: To find out how many involved people on the notification list are available any given time.
    • Compact exercise: testing a plan using the most comprehensive type of test.
    • Actual exercise: testing a portion of the plan as realistic as possible.
    • Walk-through exercise: going through the plan and documenting everybody who has a role in it.