According to NIST, risk assessments are a key part of effective risk management and facilitate decision making at all three tiers in the risk management hierarchy including the organization level, mission/business process level, and information system level. Because...
US-CERT states that all computer users, from home users to professional information security officers, should back up the critical data they have on their desktops, laptops, servers, and even mobile devices to protect it from loss or corruption. Saving just one backup...
Removable media is any form of computer storage or data transfer device that is designed to be inserted and removed from a system. This section provides resources for secure removable storage practices. Implementation Assessment AT&T Cybersecurity – Data...
Data encryption is the process of translating data into a code (ciphertext) so that only people with access to a secret key can read it. Encrypting data is one of the most popular and effective security methods used by an organization. Implementation Assessment Boston...
Implementing personnel security policies and procedures can help to mitigate the risk of individuals using their legitimate access to an asset for unauthorized purposes. Implementation Assessment Department of Agriculture – Personnel Security for Information...
Application security is comprised of steps that are taken to improve the security of an application by identifying, repairing and preventing security vulnerabilities. To help with eliminating vulnerabilities in web and other application software, organizations should...
Maintenance personnel refers to individuals who perform hardware or software maintenance on organizational systems, while PE-2 addresses physical access for individuals whose maintenance duties place them within the physical protection perimeter of the systems....
Media sanitization is a process of irreversibly removing data from the media or the physically destorying the media itself. The goal is to sanitize media so that all data is irreversible. Implementation Assessment Carnegie Mellon University – Data Sanitization...
Change management is the approach to dealing with the transitions made to an organization’s goals, processes, or technologies. Change management’s purpose is to implement strategies for effecting change, controlling change, and helping with adaption to change....
A secure configuration is comprised of measures that are implemented when developing and installing computers and other devices in order to reduce vulnerabilities. Misconfigurations are one of the most common methods that malicious users use to attempt exploitation....
