Creating A Company Culture For Security-Design Documents

 

CREATING A COMPANY CULTURE FOR SECURITY- DESIGN DOCUMENT Creatng a company securiy culure, here few hings o bear mind in order o creae a securiy policy ha will preven, reduce or medicae risks. Such hings are he requiremen of on an organizaton because based on i hey priories heir securiy concerns. Auhentcaton: Since he company is online reail Organizaton, you man wan o form an auhentcaton process ha have a srong password policy sysem ha is dicul for brue force aack, ha enforce; lengh requiremens, characer complexiy, check for he presen of dictonary words, and never o record or wrie password down in a plain ex or share i wih o anyone. Also password roaton policy should be encouraged. Exernal websie securiy: As IT suppor specialiss charged wih hese responsibilites, you migh wan o look for one he followings; mul-facor auhentcaton for user like password and pins, Biomerics like fascial, voice recogniton, nger prins ec., VPN connecton services o enhance daa encrypton.\ Inernal websie securiy: For inernal websie securiy, you may wan o consider RADIUS or Remote Authentication Dial-In

User Service, which uses protocol that provides AAA services for users on a network. It's a very common protocol used to manage access to internal networks resources and services by verifying user credentials using a configured authentication scheme. Remote access solution: For remote access solution, you want to consider using VPN services in order to application and service using SSL or TLS certificates.

Firewall and basic rules recommendation: Recommending firewall and basic rules requires understanding which services are necessary and which that is not so that you can recommend implicit deny principle or concept which expresses that anything not explicitly permitted or allowed should be denied. This is dierent from blocking all traic, since an implicit deny configuration will still let traic pass that you have defined as allowed. This can be done through ACL configurations. Wireless security: For wireless security, I will go for WAP2 since is a security enhancement to WPA. Users must ensure the mobile device and AP/router are configured using the same WPA version and pre-shared key (PSK) which make it diicult for an attacker gain access into network resources.\

VLAN configuration recommendation:

 

Laptop security configuration: For this, you are to assign permission based on the resources, an employee needs to get job done. Encourage strong password policy. If use remotely, VPN connection should be encouraged. Application policy recommendation: Application that is not needed used be disable Regular app update and patches should be deployed to fill security concerns. Since card payment system is involved, PCI-DSS policy should be applied

Security and privacy recommendation: In this, you are to recommend how to oversee the access and use of sensitive data, It is best to use principle of less privilege and regular auditing of data access log to ensure that sensitive data are only accessed by authorized user.