(Offer)3 Controls to Secure Corporate Offline Computers

Category: Study

Tag: IT Certification


Posted on 2008-11-24. By anonymous.

Description


Information Security has many aspects that are easily overlooked. A frequent major security hole is the offline equipment which is temporarily or permanently out of use. Such equipment is not subject to frequent scrutiny, and information theft from such equipment can go unnoticed for months, or if done properly, never.

Example scenario:

A person working in the position as sales analyst leaves the company. Since his position needs to be filled with a person of strong expertise, HR takes several months to evaluate and recruit the new employee for this position.

All work related resources (PC, scanner, document cabinet) of the former employee are maintained on the same desk, in an open-space office, with 15 people working in the same area.

After 3 months, a new hire is brought in to take over the functions of sales analyst. Being his first day of work, an IT technician is present to reconfigure the PC, set-up the user's account and e-mail.
When the technician tries to boot-up the PC, it gives the legendary "no system disk or disk error" message. When he opens the PC to remove the defective part, he finds out that there is no disk in the PC. He immediately alerts IT management, internal audit and information security.

After 2 weeks of investigation, with the inclusion of the police the thief is found to be a co-worker from the another office on the floor. He was in the process of negotiating terms of employment with a competitor company. To increase his value and get a better deal, knowing that the sales analyst PC is unmonitored, he offered to deliver the sales analysis and plans of the current company.
He took out the hard drive of the analysts PC, wanting to copy the data but didn't return it before the new employee arrived.

Analysis:
The sales analysts PC was left virtually unattended and unmonitored for more then 3 months. Although technically it was within a secure environment (the office), this environment cannot protect you from an insider attack.
What's worse, there are simple and cheap protective measures which would have prevented this incident.

Controls:
In order to prevent incidents as described above, you should implement the following 3 controls on offline computers within your organization

1. Place a tamper-evident seal on the chassis opening point of all PC-s when they are issued to users. This seal must break upon any attempt to open the PC. The serial number of the seal should be recorded on the handover document in two copies - one for IT, one for the user. In case of IT intervention, the new seal serial number should be ammended in the intervention log and archived with the original handover document
2. In case of returning the PC to IT jurisdiction, the PC's configuration should be compared to the documented inventory of the PC as written in the handover document.
3. Implement a procedure for securing of unused equipment:
* All equipment which is not in use must be removed and placed in safe storage under IT's jurisdiction.
* If the PC is to be reinstalled, IT should backup any data onto a DVD and wipe the hard drive using a multi-pass tool before reinstalling the PC and handing it over to another user. The DVD backup should be delivered to the manager of the department where the information originated.
* If the PC is to be re-used as-is, IT should remove the PC into safe storage until it is delivered back to the user.
* As a special case, the PC's of top management, security officers and/or auditors should not be stored under jurisdiction of IT. Instead, they should be stored in safe storage under the jurisdiction of internal audit.

More info
Download:
http://sumptuousworld.blogspot.com/2008/07/3-controls-to-secure-corporate-offline.html


Sponsored High Speed Downloads
9383 dl's @ 3450 KB/s
Download Now [Full Version]
9678 dl's @ 3524 KB/s
Download Link 1 - Fast Download
6864 dl's @ 3362 KB/s
Download Mirror - Direct Download



Search More...
(Offer)3 Controls to Secure Corporate Offline Computers

Search free ebooks in ebookee.com!


Links
Download this book

No active download links here?
Please check the description for download links if any or do a search to find alternative books.


Related Books

  1. Ebooks list page : 1863
  2. 2018-01-05[PDF] Advances in Computers, Volume 84: Dependable and Secure Systems Engineering
  3. 2017-11-15[PDF] Safe, Sound and Secure: How to Protect Your Identity, Privacy, Money, Computers, Cellphones, Car, Home, Email, Internet Use, Wireless Networks, Credit, Debit and ATM Cards and Financial Accounts
  4. 2017-10-23[PDF] The Business Ethics Twin-Track: Combining Controls and Culture to Minimise Reputational Risk (Wiley Corporate F&A)
  5. 2017-01-04[PDF] Advances in Computers, Volume 84: Dependable and Secure Systems Engineering
  6. 2012-10-05Chanel Preston and Beretta James - The Final Offer: Corporate Sluts Snatched in the Boondocks! [Kink/SexAndSubmission] (2012/HD/780Mb/2,33Gb) - Removed
  7. 2012-09-23Chanel Preston and Beretta James - The Final Offer: Corporate Sluts Snatched in the Boondocks! [Kink/SexAndSubmission] (2012/HD/780Mb/2,33Gb) - Removed
  8. 2012-09-23Sex And Submission - Chanel Preston and Beretta James - The Final Offer: Corporate Sluts Snatched in the Boondocks! - Removed
  9. 2012-09-22Chanel Preston and Beretta James - The Final Offer: Corporate Sluts Snatched in the Boondocks! [Kink/SexAndSubmission] - Removed
  10. 2012-09-22Chanel Preston and Beretta James - The Final Offer: Corporate Sluts Snatched in the Boondocks! [Kink/SexAndSubmission] (2012/HD/780Mb) - Removed
  11. 2012-05-12Corporate Finance - A Focused Approach, 4th Edition - Removed
  12. 2012-03-27Checkpoint Controls and Cancer: Volume 2: Activation and Regulation Protocols (Methods in Molecular Biology)
  13. 2012-01-18Secure Computers and Networks: Analysis, Design, and Implementation - Eric A. Fisch
  14. 2012-01-06Secure Computers and Networks: Analysis, Design, and Implementation - Eric A. Fisch
  15. 2011-12-19Secure Computers and Networks: Analysis, Design, and Implementation
  16. 2011-10-10"Computers Helping People with Special Needs, Part II: ICCHP 2010, Proceedings"
  17. 2011-10-10"Computers Helping People with Special Needs, Part I: ICCHP 2010, Proceedings"
  18. 2011-10-10"Computers Helping People with Special Needs: ICCHP 2008 Proceedings" ed. by K. Miesenberger, J. Klaus, W. Zagler, A. Karshmer
  19. 2011-10-10"Computers Helping People with Special Needs" ed. by K. Miesenberger, J. Klaus, W. Zagler, A. Karshmer
  20. 2011-10-10"Computers Helping People with Special Needs: 9th ICCHP 2004. Proceedings"

Comments

No comments for "(Offer)3 Controls to Secure Corporate Offline Computers".


    Add Your Comments
    1. Download links and password may be in the description section, read description carefully!
    2. Do a search to find mirrors if no download links or dead links.
    Back to Top