-
Notifications
You must be signed in to change notification settings - Fork 0
/
asset_security.php
161 lines (161 loc) · 7.62 KB
/
asset_security.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
<?php
include "header.php";
?>
<div class="container-fluid text-center">
<div class="row content">
<div class="col-sm-2">
</div>
<div class="col-sm-8 text-left">
<h1 style="text-align:center;">Asset Security</h1>
<p style="text-align:center;">List of possible actions your organisation can take in other to improve its resilience to cryptojacking attack.</p>
<hr>
<ol>
<li>
<p>
Conduct regular risk assessments to identify potential asset
security vulnerabilities (Feng et al, 2014).
</p>
</li>
<li>
<p>
Develop and implement an asset management program to ensure that
all assets are properly tracked and managed (McLachlan, 2008).
</p>
</li>
<li>
<p>
Implement access controls to ensure that only authorized personnel
have access to critical assets (Ward and Smith, 2002).
</p>
</li>
<li>
<p>
Use encryption to protect data on assets that are vulnerable to
theft or unauthorized access (Sattarova and Kim, 2007).
</p>
</li>
<li>
<p>
Implement strong authentication mechanisms to ensure that only
authorized users have access to critical assets (Campbell et al, 2003).
</p>
</li>
<li>
<p>
Implement physical security controls to protect assets from theft,
damage, or unauthorized access (Stallings, 2014).
</p>
</li>
<li>
<p>
Use intrusion detection systems to monitor and alert security
personnel to any potential security breaches (Debar, 2000).
</p>
</li>
<li>
<p>
Implement firewalls and other network security measures to protect
assets from external threats (Stewart, 2013).
</p>
</li>
<li>
<p>
Conduct regular security audits to identify potential
vulnerabilities and weaknesses in the security system (Pereira and Santos, 2010).
</p>
</li>
<li>
<p>
Implement security policies and procedures to ensure that all
employees are aware of their responsibilities and obligations
regarding asset security (Da Veiga and Ellof, 2010).
</p>
</li>
<li>
<p>
Train employees on the importance of asset security and how to
protect critical assets from security threats (Alshaikh, 2020).
</p>
</li>
<li>
<p>
Implement backup and disaster recovery procedures to ensure that
critical assets can be quickly restored in the event of a security
breach or natural disaster (Hawkins et al, 2000).
</p>
</li>
<li>
<p>
Conduct regular vulnerability scans to identify and mitigate
potential security vulnerabilities in the IT infrastructure (RedLegg, 2022).
</p>
</li>
<li>
<p>
Implement a formal incident response plan to ensure that all
security incidents are quickly and effectively addressed (Scanfone et al, 2008).
</p>
</li>
<li>
<p>
Regularly review and update the security controls in place to
ensure that they are up-to-date and effective in protecting
critical assets from security threats (Ma, 2009).
</p>
</li>
</ol>
<br />
<p>REFERENCES</p>
<p>
Alshaikh, M., 2020. Developing cybersecurity culture to influence employee behavior: A practice perspective. Computers & Security, 98, p.102003. [online] Available from: <a href='https://www.sciencedirect.com/science/article/pii/S0167404820302765'>https://www.sciencedirect.com/science/article/pii/S0167404820302765</a> [Accessed 1 4 2023]
</p>
<p>
Campbell, R., Al-Muhtadi, J., Naldurg, P., Sampemane, G. and Dennis Mickunas, M., 2003, June. Towards security and privacy for pervasive computing. In Software Security—Theories and Systems: Mext-NSF-JSPS International Symposium, ISSS 2002 Tokyo, Japan, November 8–10, 2002 Revised Papers (pp. 1-15). Berlin, Heidelberg: Springer Berlin Heidelberg.
</p>
<p>
Da Veiga, A. and Eloff, J.H., 2010. A framework and assessment instrument for information security culture. Computers & security, 29(2), pp.196-207. [online] Available from: <a href='https://www.sciencedirect.com/science/article/pii/S0167404809000923'>https://www.sciencedirect.com/science/article/pii/S0167404809000923</a> [Accessed 1 4 2023]
</p>
<p>
Debar, H., 2000. An introduction to intrusion-detection systems. Proceedings of Connect, 2000
</p>
<p>
Feng, N., Wang, H.J. and Li, M., 2014. A security risk analysis model for information systems: Causal relationships of risk factors and vulnerability propagation analysis. Information sciences, 256, pp.57-73.
</p>
<p>
Sattarova Feruza, Y. and Kim, T.H., 2007. IT security review: Privacy, protection, access control, assurance and system security. International journal of multimedia and ubiquitous engineering, 2(2).
</p>
<p>
Scarfone, K., Grance, T. and Masone, K., 2008. Computer security incident handling guide. NIST Special Publication, 800(61), p.38.
</p>
<p>
Stallings, W., 2014. Physical Security Essentials. In Cyber Security and IT Infrastructure Protection (pp. 109-134). Syngress. [online] Available from: <a href='https://www.sciencedirect.com/science/article/pii/B9780124166813000045'>https://www.sciencedirect.com/science/article/pii/B9780124166813000045</a> [Accessed 1 4 2023]
</p>
<p>
Stewart, J.M., 2013. Network Security, Firewalls and VPNs. Jones & Bartlett Publishers.
</p>
<p>
Ma, Q., Schmidt, M.B. and Pearson, J.M., 2009. An Integrated Framework for Information Security Management. Review of Business, 30(1).
</p>
<p>
McLachlan, P., 2018. Pocket CIO–The Guide to Successful IT Asset Management: Get to grips with the fundamentals of IT Asset Management, Software Asset Management, and Software License Compliance Audits with this guide. Packt Publishing Ltd.
</p>
<p>
Pereira, T. and Santos, H.M.D., 2010. An audit framework to support information system security management. International Journal of Electronic Security and Digital Forensics, 3(3), pp.265-277. [online] Available from: <a href='https://www.inderscienceonline.com/doi/abs/10.1504/IJESDF.2010.038288'>https://www.inderscienceonline.com/doi/abs/10.1504/IJESDF.2010.038288</a> [Accessed 1 4 2023]
</p>
<p>
RedLegg, 2022. 6 Steps of vulnerability scanning best practices. [online] Available from: <a href='https://www.redlegg.com/blog/6-steps-of-vulnerability-scanning-best-practices'>https://www.redlegg.com/blog/6-steps-of-vulnerability-scanning-best-practices</a> [Accessed 23 April 2023]
</p>
<p>
Hawkins, S.M., Yen, D.C. and Chou, D.C., 2000. Disaster recovery planning: a strategy for data security. Information management & computer security, 8(5), pp.222-230. [online] Available from: <a href='https://www.emerald.com/insight/content/doi/10.1108/09685220010353150/full/html'>https://www.emerald.com/insight/content/doi/10.1108/09685220010353150/full/html</a> [Accessed 1 4 2023]
</p>
<p>
Ward, P. and Smith, C.L., 2002. The development of access control policies for information technology systems. Computers & Security, 21(4), pp.356-371.
</p>
</div>
<div class="col-sm-2">
</div>
</div>
</div>
<?php
include "footer.php";
?>