Please enable JavaScript.
Coggle requires JavaScript to display documents.
Security Plan - Coggle Diagram
Security Plan
software
Firewalls
have two firewalls from different vendors
Change Default Passwords
Update regularly
SSL Certificates on websites
Encrypts traffic
Use MD5
Encrypts data in transit
WAP's
Change Default Passwords
Have high up rather than low down
Restricts access to the physical device
Anti Virus
Have 2 anti virus software from different vendors
Change Default Passwords
Update Regularly
Network connected devices should be segmented and have any original passwords changed
Net Monitoring tools
Monitor employees Emails and browsing history
Block any other ports in the users computers that are unneeded
Done using the BIOS
Encrypt Documents
use security groups so that only payroll people can see payroll
Machine certificates
Have trained staff or bots that can track wireshark logs
Have them monitor the logs for failed logins
have them report any issues or anomalies in the system
Radware
Lansweeper
Does a network asset audit
Ipsec
Policies and Procedures
Policy: Passwords must be a minimum of 12 charecters long and contain letters numbers and symbols
Procedure: send out monthly bait phishing attacks on staff
Policy: Passwords must not be shared via email or other service
Procedure: have a penetration test every quarter
Policy: Passwords must be changed ever quarter
Procedure: Have regular overnight patching
Policy: Restrict use of company issued Email addresses
Procedure: keep disaster recovery data in two seperate devices
Policy: No usb devices allowed in the computer
Procedure: Quarterly test on antivirus
Policy: when new computer is installed password protect the BIOS .
Policy: When a new PC is installed block any unneeded ports in the BIOS
Physical
Chip and Pin
Log all entries and exits
Barbed wire
CCTV
Change Default Passwords
Segment from the network
Kingston Computer locks
Bars on windows
seperate room for cardholder computer
Anti Tailgating
Keycards
Drive by security
Legal
GDPR
https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679
Data protection Act
https://www.legislation.gov.uk/ukpga/2018/12/pdfs/ukpga_20180012_en.pdf
PCI Compliancy
https://www.commerce.uwo.ca/pdf/PCI_DSS_v3-2-1.pdf
Computer Missuse Act
https://www.legislation.gov.uk/ukpga/1990/18/pdfs/ukpga_19900018_en.pdf
GFSC
https://www.gfsc.gg/sites/default/files/uploads/13548%20GFSC%20REGULATORY%20FRAMEWORK%20BROCHURE%20AW%20%28SINGLE%20PAGE%29.pdf
AGC
https://www.gamblingcontrol.org/wp-content/uploads/2018/08/ICSG-Version-4.2_FINAL.pdf
Network
Segment Wi-Fi
VLans
Guest Wi-Fi
Roll Based Access
Example: pay roll people can only see payroll
Create Security Groups
Make files only visible to certain security groups
Assign every user a unique ID for tracing purposes
keep logs of held data
Segment computers, CCTV, AirCon
Keep the data of cardholders on a computer that is locked away
Have the computer only have the needed software to decrease the attack vector
Block the ports in the BIOS
Have heavily restricted internet access to said computer
Track anyone entering the room that holds the cardholder data using chip and pin
have the computer segmented from the network
Use certificates to encrypt the database to protect data at rest
Make the computer files only visable to Administrators
Disable all services that are unneeded
Confidentiality
Encrypt Files
Role based access
Integrity
Limit file access
use data validation
Availability
MAD (Maximum Allowed Downtime)
Backup tapes
Cloud backups
speedy disaster recovery
disloyal consumers