Know the information system #CyberSecMonth
As ANSSI enters its second phase of awareness, we continue our Cyber Advice program as part of CyberSecMonth with our second computer graphic dedicated to the importance of knowing your information system.
The importance of an efficient and secure information system
The field of information systems has expanded considerably with the democratization of new technologies. The multiplication of solutions and tools has therefore transformed the information system into a real challenge for organizations. Nowadays, the information system is made up of so many elements (hardware, software, processes…) that each organization has its own information system. It is therefore essential to have an effective information system. And to optimize your information system, you must already know it.
The performance of an information system lies in its regular maintenance. The “healthier” this system is, the more secure and effective it is.
Know your Information System and map it
A good knowledge of the information system makes it possible to locate sensitive data (specific to the company’s activity) and therefore to take appropriate security measures. Mapping your information system makes it possible to simplify and locate interventions. The advantage of such a scheme is to quickly identify sensitive data and secure it.
Regularly inventory your Information System
Once your Information system has been mapped, you can start working on its regular inventory. Your schema should not remain ad vitam eternam at the bottom of your wiki.
A regular inventory of the organization’s privileged accounts is essential to protecting sensitive data. This inventory must include all users as well as the various administrative rights. This inventory offers more vigilance regarding intrusion detection and removal of obsolete access.
If you have not yet started this process, we advise you to start with an inventory of accounts on your Active Directory, starting with administrator and user accounts. Be careful, everyone must have a user account in your information system, even the park administrators. Admin accounts should only be used to perform administration actions and not to work with on a daily basis.
The arrival and departure procedure
Updating your Information System in case of departure can be an ordeal if there is no procedure. You cannot trust your memory to delete access to your Information System. Fortunately, thanks to your diagram, you know the sensitive assets of your Information System and can start developing your arrival and departure procedure.
The arrival and departure procedure facilitates the maintenance and updating of access to the information system. This procedure makes it possible to act in the event of the creation or deletion of computer accounts, the allocation or modification of rights, the management of physical access, the assignment of mobile equipment and the management of sensitive documents.
Finally, mastering the equipment connecting to the information system is important to reduce potentially vulnerable entry points. Some of the actions carried out aim at supervised personal or visitor facilities. The implementation of a Wi-Fi network with dedicated SSID remains a highly recommended practice to reduce this risk of vulnerability.
Draw.io is a free, intuitive and easy-to-use tool for creating network diagrams. The tool allows to display IP zones, associated addressing plan and routing and security equipment without too much effort. However, it is recommended to host it on your servers for more security.
Your Active Directory will be your best ally to manage authentications and permissions on your network. Whether with a Microsoft Active Directory or with its Samba-AD Open Source equivalent, you will be able to manage your users’ rights, manage your employees’ inputs and outputs, all via an easy-to-use management console. Tranquil IT has been a Samba expert for more than 13 years and supports you in your migration to Samba Active Directory to free you from your Microsoft licenses.
Samba Active Directory, an expertise on a European scale
Tranquil IT has been using Samba for more than 13 years, with more than 270 successful projects. This experience has enabled us to become the first integrator of the Active Directory part of Samba in France. Our technical team is more than used to performing IT asset audits, Active Directory migration or domain mergers. Our proximity to the Samba Team allows us to promote the development of this software but also offer certified datadock training to our customers.
The CyberSecMonth, a four-part event
For the sixth edition of CyberSecMonth, ANSSI is covering the event by organizing thematic weeks. Thus, every week many workshops and conferences are organized and focus un the theme of cybersecurity.
The four ANSSI themes:
- Being the basics : The first week of October aims to raise awareness among readers about the need to secure their data, including through passwords and encrypted messages. There are good IT practices, recommendations, an awareness kit and even a serious game on cybersecurity.
- Knowing the professions : This week of October focuses on the digital security professions and the different formations in this field. This is an opportunity to review the recent implementation of the General Data Protection Regulations (GDPR).
- Be interested in risks and apply good practices : This theme focuses on online banking transactions and the risk of credit card fraud. The procedure to follow in the event of a cyber attack is also at the centre of this week.
- Understand tomorrow’s issues : ANSSI concludes this CyberSecMonth by trying to anticipate tomorrow’s cyber threats. This theme highlights the specialists who are working to integrate digital security upstream of artificial intelligence projects and connected objects. Thus this approach aims to reduce the vulnerability of computers and networks. ANSSI will also return to the ethical and legal aspect of technological development.
What you shouldn’t miss:
Who to follow during #CyberSecMonth ?
📽️Mois européen de la cybersécurité 🛡️- Semaine 1: les bases !— Cybermalveillance.gouv.fr (@cybervictimes) 2 octobre 2018
Présentation hors compétition de notre vidéo de sensibilisation sur le #phishing 🎣au 2e #Festival du #Film #Sécurité à @EnghienlesBains
Un support de notre #KitSensiCyber - 🔃#ECSM #TousSecNum @FilmSecurite pic.twitter.com/wUoLbgLzcf
- 5 arguments to adopt the password manager – CNIL
- Cyber defence wants to take the initiative – IM Tech
Find all our recommendations on Twitter and LinkedIn and on hashtag : #TousSecNum, #CyberSecMonth, #ECSM2018 and #ECSM. Also follow our hashtag #CyberConseil to follow Tranquil IT’s advice and discover the following graphics.
"Is this real life? Is this just a fantasy?"Attention, this is not a dream, WAPT 1.8 is (finally) here! Just like you, I have had to be patient before I began writing about the new version; But, it is with great pleasure that I get to present you with newest...
At Tranquil IT, we work on a daily basis with system administrators who are looking for fast and efficient solutions to manage and secure their IT assets, which is certainly why they come to meet us (hello WAPT). And if there is one problem that any AdminSys is likely...
As with many organizations, we took advantage of the calm summer to refocus ourselves on our new projects and recharge our batteries. Now that the September rush has passed, the blog is back in action! I know what you might be thinking after this introduction : " WAPT...