3.3 - Countermeasures and Prevention

 3.3 - Countermeasures and prevention 

 

Key Terms: 

    • Bollard – A physical barrier to deter intruders. 
    • Strip-cut shredder – A device that cuts paper into long, thin strips. 
    • Crosscut shredder – A device that cuts paper both horizontally and vertically, turning it into confetti. 
    • Full backup – A backup of every piece of an organisation's data. 
    • Incremental backup – A process that backs up every file that has been changed since the last backup. 
    • Differential backup – A process that backs up every file since the last full backup. 

 

Hiring and Termination 

This is the most important policy a business should have. The HR department must complete a background check of each employee and contact references listed. They should also review educational records and request for the employee to sign an NDA. Finally, they should outline an AUP (acceptable use policy) to determine what the employee can and can’t do. If an employee is terminated, an exit interview must be conducted to review the NDA and return all company equipment. Lastly, they should be suspended from accessing the company network. 

 

Help Desk 

A help desk procedure is put in place to ensure real employees are verified. The help desk must follow the caller ID and employee callback policies when verifying employees are real. A secondary authentication method like a cognitive password can also be used before giving information. 

 

Employee Identification 

Employees may be given ID badges that they must always wear whilst on site. This is to identify real employees working against potential attackers. The ID badges can also contain RFID chips that can open locked doors. This allows the business to control who has access to which room. For example, an IT technician may need access to a server room whilst a sales manager doesn’t. Guests should also be given a visitor badge that gives them very limited access to the building. If an employee spots someone without a badge, they should be trained to report it immediately or confront the person (whichever the business feels right). Employees should also be educated to prevent piggybacking/tailgating through locked doors. 

 

Physical Prevention 

Bollards can be used to deter intruders. A bollard is a type of perimeter protection and can be retractable posts, concrete pillars or objects purposefully put in the way to deter attackers. 

 

User Awareness 

Employees should be taught to check any link destinations, not to click on email links, and trained on types of HTTPS protocols on sites where sensitive information is involved. A HTTPS site will contain a lock icon next to the URL in the address bar. This means that the connection is encrypted between the site and the user however it doesn’t mean the site administrator is verified. Sites that have a green lock in the address bar mean that the administrator is verified, and the connection is secure. 

 

Escort Guests 

If a guest is scheduled to come inside the facility, an escort should be provided as to make sure they don’t have any malicious intentions. A guest should also be prohibited from accessing the company’s main network. For example, in the case of Wi-Fi, a guest network can be setup to isolate the guests from the primary network. Employees should never write down passwords as an attacker could physically steal them. If they have trouble remembering passwords, educate them to use an encrypted password manager. Employees must also never give out their password to anyone no matter who they claim are or what they say their intentions are. They should also be careful when sending emails as most email protocols (POP3, IMAP, SMTP) transmit emails through unencrypted, plaintext. 

 

Paper Shredding 

Employees should be taught to shred paper before they throw it away. This is one of the best ways to protect documents from being leaked. A strip-cut shredder cuts paper into long strips. This is usually secure however; dumpster divers can put the papers back together again in most cases. A cross-cut shredder is much more secure as it shreds paper horizontally and vertically. This makes it almost impossible to put the document back together again. 

 

Backups 

Most organisations backup data once a day. There are 3 main types of backups: 

    • Full backup – The most secure backup. It will duplicate every single piece of data, so everything is backed up. 
    • Incremental backup – Backs up every file that has been changed since the last backup. This is a lot faster than a full backup however, restoring data can take more time as you would have to restore the original full backup as well as every single incremental in order. 
    • Differential backup – Backs up every file that has been changed since the last full backup. This backup allows data to be restored quickly as you will only have to restore 2 backups. 

Comments

Post a Comment

Popular posts from this blog

OSA Summer 2023 Mock - Task 1, Assignment 1

Image
  OSA Summer 2023 Mock – Task 1           Legal requirements   The company must ensure they are compliant with the correct legislation whilst the project is undertaken.   If any person is working at height, the correct safety measures to prevent injury or death must be imposed under The Work at Height Regulations 2005. They must have an appropriate safety harness on and hazardous areas at height should be i dentified in the risk assessment.   By storing data internally on a local file server, the business is responsible for maintaining the confidentiality, availability and integrity of that data. They must comply with The Data Protection Act 2018 and General Data Protection Regulations.   Display screen equipment regulations (DSE) should be considered when installing workstations. Ergonomic and posture-friendly chairs should be installed and employees given appropriate breaks from working around screens.     Data p...
Read more

OSA Assignment 1 - Task 1 GUIDE

  OSA Assignment 1 – Task 1 Guide     Exam parameters   Time length – 3 hours   Marks available – 20     Task 1: Planning   In this task you are required to submit :   A project plan   Gantt chart showing th e critical path   Explanation of legal requirements   Physical and digital threat countermeasures   Annotated floor plan     Gantt Chart   The Gantt Chart is the first document you should create. This details each phase of the project alongside the timescale to complete it.   Ensure you make a note of the deadline for the project along with any pre-requisites such as cabling. This should all be implemented into your Gantt Chart.   You can follow a layout like this:   Project:   Pre considerations (Gathering project timescale, risk assessments, ...)   Planning (Devising project plan, identifying budget, ...)   Design (Research hardware, identify topology, ...)   Pre ...
Read more

Useful Core A Acronyms

  Useful core A acronyms     NGO – Non governmental organisation   KPI – Key performance indicator   USP – Unique selling point   CRM – Customer relationship management   Saas – Software as a service   CAB – Change advisory board   SMARTER – Specific, measurable, accurate , realistic, time-bound, evaluate, re-evaluate   IPO – Intellectual property office   RCD – Registered community designs   UCD – Unregistered community designs   TNA – Training needs analysis   PRR – Post project reviews   COBC – Code of business conduct   BCS – British computing society   ML – Machine learning   CVS – Computer vision syndrome   RSI – Repetitive strain injury   DSE – Display screen equipment   HSE – Health and safety executive   ODD – Optical disk drive   RPM – Revolutions per minute   CPU – Central processing unit   RAM – Random access memory   EMI – Electromagnetic inter...
Read more