0P3N Blog

Alternative Testing Methods Application Security: This type of testing is for organizations that offer access to core business functionality through web-based applications. Application security testing examines and qualifies controls over the application and its process flow. Denial-of-Service (DoS): Examines a network’s vulnerability to DoS attacks. War Dialing: A systematic method that calls a range of telephone numbers ...

The operations security deals with the daily activities that are required to preserve the confidentiality, integrity and availability (CIA) of the system after it has been developed and executed. This involves using hardware controls, media controls, and subject controls that are designed to be safeguards against asset threats, as well as daily activities such as the handling of attacks and ...

Human error is often the weak link in security due to a lack of awareness on the employee’s part about the consequences of improper actions, and how that ultimately impacts the system as a whole. Security awareness is a critical component to reducing the incidents of security breaches or breakdowns, but is commonly overlooked. Security awareness programs effective strategy to ...

Under all circumstances, the most important element of physical security is the safeguarding of human life. This is the main goal for all security methods. Flooding, fires, release of toxic materials, and natural disasters jeopardize human life as well as the stability of a facility. Preserving the environment of a facility is an integral function in upholding safety for personnel. ...

Trusted facility management is the selection of a specific user to administer the security functions of a system. This must adhere to requirements for B2 systems and B3 systems. The B2 systems require that the trusted computing base accommodate separate operator and administrator functions, while the B3 systems require that the functions the security administrator are responsible for are explicitly ...

Trusted Recovery: A system failure is a serious security risk because the security controls might be overridden when the system is not functioning properly. Trusted recovery is designed to prevent this type of corruption in the event of such a system failure. It’s required for B3-level and A1-level systems and allows the system to be restarted without disrupting its required ...

Electromagnetic interference (EMI) can create disruptions in the functioning of electronic equipment and can affect the quality of communications, transmissions, and playback. It can also impact data transmission that depend on electromagnetic transport mechanisms, such as telephone, cellular, television, audio, radio, and network mechanisms. There are two types of EMI: common mode EMI, generated by the difference in power between ...

For organizations that depend on databases as part of their business process, the DRP team should cover database recovery planning in the disaster recovery strategy. There are various methods that can be used to ensure protection of the database such as: electronic vaulting, remote journaling, and remote mirroring. Each technique has its own benefits and drawbacks, And the DRP team ...

Heating, Ventilating, and Air Conditioning (HVAC): Maintaining the environment involves maintenance of the heating, ventilating, and air conditioning (HVAC) mechanisms. This is vital in computer and server rooms, which should be kept to a temperature of 60 – 75 degrees Fahrenheit or 15 – 23 degrees Celsius, and the humidity should be sustained between 40 and 60 percent. The humidity ...

There are different types of fire extinguishers that can handle the suppression of different types of fires. If an extinguisher is used improperly or the wrong type of fire extinguisher is used, the fire could escalate and intensify instead of being suppressed. Additionally, fire extinguishers are to be used only when a fire is still in the beginning stage. for ...