Know the information system #CyberSecMonth
The importance of an efficient and secure information systemThe field of information systems has expanded considerably with the democratization of new technologies. The multiplication of solutions and tools has therefore transformed the information system into a real challenge for organizations. Nowadays, the information system is made up of so many elements (hardware, software, processes…) that each organization has its own information system. It is therefore essential to have an effective information system. And to optimize your information system, you must already know it.
Know your Information System and map itA good knowledge of the information system (IS) makes it possible to locate sensitive data (specific to the company’s activity) and therefore to take appropriate security measures. Mapping your information system makes it possible to simplify and locate interventions. The advantage of such a scheme is to quickly identify sensitive data and secure it.
Inventor regularly your Information SystemOnce your Information system has been mapped, you can start working on its regular inventory. Your schema should not remain ad vitam eternam at the bottom of your wiki. A regular inventory of the organization’s privileged accounts is essential to protect its sensitive data. This inventory must include all users as well as the various administrative rights. This inventory offers more vigilance regarding intrusion detection and removal of obsolete access. If you have not yet started this process, we advise you to start with an inventory of accounts on your Active Directory, with on one side administrator and user accounts. Be careful, everyone must have a user account in your information system, even the park administrators. Admin accounts should only be used to perform administration actions and not to work on a daily basis.
The arrival and departure procedureUpdating your Information System in case of departure can be a ordeal if there is no procedure. You cannot trust your memory to delete access to your Information System. Fortunately, thanks to your diagram, you know the sensitive assets of your Information System and can start developing your arrival and departure procedure. The arrival and departure procedure facilitates the maintenance and updating of access to the information system. This procedure makes it possible to act in the event of the creation or deletion of computer accounts, the allocation or modification of rights, the management of physical access, the assignment of mobile equipment and the management of sensitive documents. Finally, mastering the equipment connecting to the information system is important to reduce potentially vulnerable entry points. Some of the actions carried out aim at supervised personal or visitor facilities. The implementation of a Wi-Fi network with dedicated SSID remains a highly recommended practice to reduce this risk of vulnerability. Don’t let just anyone into your house!
Recommended tools:Draw.io is a free, intuitive and easy-to-use tool for creating network diagrams. The tool allows to display IP zones, associated addressing plan and routing and security equipment without too much effort. However, it is recommended to host it on your servers for more security. Your Active Directory will be your best ally to manage authentications and permissions on your network. Whether with a Microsoft Active Directory or with its Open Source equivalent Samba-AD, you will be able to manage your users’ rights, manage your employees’ inputs and outputs, all via an easy-to-use management console. Tranquil IT has been a Samba expert for more than 13 years and supports you in your migration to Samba Active Directory to free you from your Microsoft licenses.
Samba Active Directory, expertise on a European scale
CyberSecMonth, a four-part eventFor the sixth edition of CyberSecMonth, ANSSI is covering the event by organizing it into thematic weeks. Thus, every week many workshops and conferences are organized and focus un the theme of cybersecurity.
The four ANSSI themes:
- To have the basics : The first week of October aims to raise awareness among readers about the need to secure their data through passwords and encrypted messages. There are good IT practices, recommendations, an awareness kit and even a serious game on cybersecurity.
- Knowing the profession : This week of October focuses on the digital security professions and the different formations in this field. This is an opportunity to review the recent implementation of the General Data Protection Regulations (GDPR).
- Show interest in risks in order to apply good practices : This theme focuses on online banking transactions and the risk of credit card fraud. The procedure to follow in the event of a cyber attack is also at the center of this weeks theme.
- Understand tomorrow’s issues : ANSSI concludes this CyberSecMonth by trying to anticipate tomorrow’s cyber threats. This theme highlights the specialists who are working to integrate digital security upstream of artificial intelligence projects and connected objects. Thus this approach aims to reduce the vulnerability of computers and networks. ANSSI will also return to the ethical and legal aspect of technological development.
What you don’t want to miss :What to follow during #CyberSecMonth
📽️Mois européen de la cybersécurité 🛡️- Semaine 1: les bases !
Présentation hors compétition de notre vidéo de sensibilisation sur le #phishing 🎣au 2e #Festival du #Film #Sécurité à @EnghienlesBains
Un support de notre #KitSensiCyber - 🔃#ECSM #TousSecNum @FilmSecurite pic.twitter.com/wUoLbgLzcf— Cybermalveillance.gouv.fr (@cybervictimes) 2 octobre 2018
- 5 arguments to adopt the password manager – CNIL
- Cyber defence wants to take the initiative – IM Tech
Join Tranquil IT on Discord thanks to our dedicated server for WAPT, Samba Active Directory and IT!
The end of confinment is finally here! Discover how the team at Tranquil IT has acted and reacted following the reopening of our offices.
How has the team at Tranquil IT organized themselves to work from home?