- Get link
- X
- Other Apps
- Get link
- X
- Other Apps
a thorough review involves checklists and many detailed activities. this is the work of experts and specialists. to get started and to obtain control from a management point of view - it is helpful to develop an overall concept where all the details fit in
here is one framework for such a concept that I have called TABLE (easy to remember). the letters stand for:
- TRUST
- ACCESS
- BACKUP
- LOG
- ENCRYPT
TRUST represents the human factor. security is only as good as the people implementing it. think also about the devices and software in which we place our trust. it is not practical to check everything all the time, and many times we may not immediately have the knowledge or the tools available to do that. that is where risk assessment comes in. and what is called the web of trust
particularly important in terms of trust is a sound policy regarding software updates. personally, I believe in clean (fresh) install of the latest stable software every six months and updating on a daily basis. the reason is that I trust the developers and maintainers of the software that I am using as being committed professionals - and spending their efforts on the latest versions
ACCESS is about locking doors and windows and not giving anybody or anything more privileges than needed to do their job. both physically and in the system. it involves organisation and separation of duties. passwords and identification are part of it. any access should always be authorized and logged. in general for any activity there will be separation of the operations from the command and control
as for BACKUPS. there is no cyber security without backups. no matter how professional and diligent you are in terms of prevention - there is always a chance that something will happen anyway. if it does, then damage control is the priority. that is what backups are for
as described in another blog post, cyber security involves intrusion detection. there may not be a smashed window or broken down door when there was an intrusion in the system. an intruder may hide, cover its trails, or lay false trails. the challenge is to detect intrusions as soon as possible and respond appropriately. LOGS can help with that
ENCRYPTION protects data and information from theft. at least to a certain extent. since data and information are valuable they should be protected. even if they were not valuable for us they may be private and be valuable to our customers or suppliers, and we would suffer in business reputation if we lost them. just encrypt everything
so there is your TABLE framework: Trust, Access, Backup, Log and Encrypt
there are others and never feel restricted to come up with something else. the main thing is that you get started thinking and doing
https://funzzionale.com/