In Part 1 we defined data incident management and examined how to prepare for incidents when they occur. In this article, we continue the series by examining how to prevent data loss and network outages. The methods of detecting, analyzing, and reporting data issues to recovery teams are explained.
Logical controls, also called technical controls, are used to provide access to your organization’s data in a manner that conforms to management policies. This includes the enforcement of the principles of least privilege and separation of duties. This article looks at both preventive logical controls, in both hardware and software.
In Part 1, I discussed controls for preventing physical access to controlled areas. In this article, we look at detective controls, safeguards to identify when an intruder is attempting or has successfully circumvented one or more barriers.
In Part 1 of this two part series, I examined administrative controls that help prevent security incidents. In this article, I conclude our look at administrative controls by exploring controls designed to detect security incidents in progress or after they’ve occurred. (This article is updated content from the book “Just Enough Security.”)
Access controls prevent unauthorized people from viewing or stealing information assets and employees from accessing sensitive information and systems not required for day-to-day tasks. They fall into three general categories: administrative, logical (technical), and physical. This is the first in a series of articles that examines preventive administrative access controls.
We begin with a definition and overview of security access controls.
(This article is updated content from the book “Just Enough Security.”)
Policies are the heart of a security program. They are management’s statement of support and expected outcomes from security controls. In this article, we examine the various components of a policy. (This article is updated content from the book, “Just Enough Security.”)
User awareness is an essential part of information security. The existence of policies, standards, and guidelines must be known to the employees that handle your data and manage your infrastructure. This article explores the basics of user awareness training. (This article is updated content from the book, “Just Enough Security.”)
The framework around which administrative, technical, and physical controls are built is the security program. This article walks through building a program, including policies. (This article is updated content from the book, “Just Enough Security.”)
Protecting sensitive information and critical systems is a balancing act, balancing constraints with operational effectiveness. This is the first in a series of articles that comprise and introduction to the Just Enough Security (JES) approach to information security. Application of the JES principles provide “reasonable and appropriate” protection for information assets.