0P3N Blog

Security management concepts and principles are key components in a security policy and solution procedures. They contain important documents such as policies, practices, and guidelines that establish the framework for a secure information system. These documents present the organization’s information benefits and lay out its security procedures. The main objectives and goals of security are defined within the CIA Triad, ...

A threat is any incident that can cause damage to a system and can create a loss of confidentiality, availability, or integrity. Threats can be deliberate or accidental. A vulnerability is a latent weakness in a system that can be exposed by a threat. Decreasing system vulnerability reduces overall risk and can also limit the impact of threats on the ...

Risk Assessment Risk is the preexisting hazard(s) that may cause damage or loss. It does not assume certainty that a hazard will develop, rather its inherent potential to occur. Risk management is applied to ascertain the presence of risk, measure the potential threat and how to manage it. In taking assertive steps to prevent or manage a known risk, the ...

Qualitative Assessment: Risk Analysis Process Attaching monetary value to the elements of a risk analysis can be challenging. Incorporating qualitative components into the process will help evaluate the quantitative component. A qualitative assessment rates the degree of threats and sensitivity of confidential assets then places them into categories based on their rating. The following ratings can be applied: Low: When ...

Security policies are official, authorized documents that are created in compliance with the security philosophy of an organization. These documents are an overview of the organization’s assets and the degree of protection each asset or group of assets have. Well-crafted, coherent security policies would outline a set of rules to which users in the organization should follow when connecting to ...

Guiding your technical team on their choice of equipment is a good starting-point. The policy terminology will likely not include this kind of information as to which equipment or designs are to be used. Once a decision is made or the equipment is in place, the second objective would be to advise the team in arranging the equipment. The policy ...

Standards, guidelines, and procedures comprise three elements of policy implementation. They present the specifics of the policy, how they should be applied, and what standards and procedures should be practiced. Standards are itemized procedures applied in order to satisfy a policy requirement but do not define the method of implementation. Guidelines are instructions or suggestions of how policies or procedures ...

Organizations qualify their data based on various factors and not all data holds the same value. Depending on the user and their designated role, the data will have greater or less value. Information such as formulas or product development are of high value, and having that data compromised in any way could be catastrophic for an enterprise. Thus, the data ...

Types of Computer Crimes Computer crimes consist of situations where computers are used as a tool to plan or commit the crime; or situations where a computer or a network is the victim of the crime. The most common types of computer crimes: Denial of Service (DoS) and Distributed Denial of Service (DDoS) Password theft Network invasions Emanation eavesdropping Social ...

The laws, regulations, and mandates about the protection of computer-related information are as follows: The U.S. Fair Credit Reporting Act of 1970 deals with consumer reporting agencies. The U.S. Racketeer Influenced and Corrupt Organization (RICO) Act of 1970 that refers to criminal and civil crimes involving racketeers affecting the operation of legitimate businesses; crimes detailed in this act: mail ...