0P3N Blog

There are several types of physical access control methods that can be applied to administer, monitor, and manage access to a facility. These physical access control mechanisms range from deterrents to detection mechanisms. If facilities that have different sections, divisions, or areas that are designated as public, private, or restricted should have specialized physical access controls, monitoring, and prevention mechanisms ...

Penetration testing, which is also referred to as ethical hacking, tests a system’s defense against attacks, and performs a detailed analysis of the system’s weaknesses. A penetration test can also be applied to ascertain what happens when the system goes into reaction-mode to an attack and what information can be collected from the system. The three types of penetration tests ...

Alternative Testing Methods Application Security: This type of testing is for organizations that offer access to core business functionality through web-based applications. Application security testing examines and qualifies controls over the application and its process flow. Denial-of-Service (DoS): Examines a network’s vulnerability to DoS attacks. War Dialing: A systematic method that calls a range of telephone numbers ...

The operations security deals with the daily activities that are required to preserve the confidentiality, integrity and availability (CIA) of the system after it has been developed and executed. This involves using hardware controls, media controls, and subject controls that are designed to be safeguards against asset threats, as well as daily activities such as the handling of attacks and ...

Human error is often the weak link in security due to a lack of awareness on the employee’s part about the consequences of improper actions, and how that ultimately impacts the system as a whole. Security awareness is a critical component to reducing the incidents of security breaches or breakdowns, but is commonly overlooked. Security awareness programs effective strategy to ...

Under all circumstances, the most important element of physical security is the safeguarding of human life. This is the main goal for all security methods. Flooding, fires, release of toxic materials, and natural disasters jeopardize human life as well as the stability of a facility. Preserving the environment of a facility is an integral function in upholding safety for personnel. ...

Trusted facility management is the selection of a specific user to administer the security functions of a system. This must adhere to requirements for B2 systems and B3 systems. The B2 systems require that the trusted computing base accommodate separate operator and administrator functions, while the B3 systems require that the functions the security administrator are responsible for are explicitly ...

Trusted Recovery: A system failure is a serious security risk because the security controls might be overridden when the system is not functioning properly. Trusted recovery is designed to prevent this type of corruption in the event of such a system failure. It’s required for B3-level and A1-level systems and allows the system to be restarted without disrupting its required ...

Electromagnetic interference (EMI) can create disruptions in the functioning of electronic equipment and can affect the quality of communications, transmissions, and playback. It can also impact data transmission that depend on electromagnetic transport mechanisms, such as telephone, cellular, television, audio, radio, and network mechanisms. There are two types of EMI: common mode EMI, generated by the difference in power between ...

For organizations that depend on databases as part of their business process, the DRP team should cover database recovery planning in the disaster recovery strategy. There are various methods that can be used to ensure protection of the database such as: electronic vaulting, remote journaling, and remote mirroring. Each technique has its own benefits and drawbacks, And the DRP team ...