Know the information system #CyberSecMonth

by | Nov 6, 2018 | CyberSecMonth, News & Events

As ANSSI enters its second phase of awareness, we continue our Cyber Advices program as part of CyberSecMonth with our second computer graphics dedicated to the importance of knowing your information system.

The CyberSecMonth, a four-part event

For the sixth edition of CyberSecMonth, ANSSI is covering the event by organizing thematic weeks. Thus, every week many workshops and conferences are organized and focus un the theme of cybersecurity.

The four ANSSI themes:

  1. Being the basics : The first week of October aims to raise awareness among readers about the need to secure their data, including through passwords and encrypted messages. There are good IT practices, recommendations, an awareness kit and even a serious game on cybersecurity.
  2. Knowing the professions : This week of October focuses on the digital security professions and the different formations in this field. This is an opportunity to review the recent implementation of the General Data Protection Regulations (GDPR).
  3. Be interested in risks and apply good practices : This theme focuses on online banking transactions and the risk of credit card fraud. The procedure to follow in the event of a cyber attack is also at the centre of this week.
  4. Understand tomorrow’s issues : ANSSI concludes this CyberSecMonth by trying to anticipate tomorrow’s cyber threats. This theme highlights the specialists who are working to integrate digital security upstream of artificial intelligence projects and connected objects. Thus this approach aims to reduce the vulnerability of computers and networks. ANSSI will also return to the ethical and legal aspect of technological development.

The importance of an efficient and secure information system

The field of information systems has expanded considerably with the democratization of new technologies. The multiplication of solutions and tools has therefore transformed the information system into a real challenge for organizations. Nowadays, the information system is made up of so many elements (hardware, software, processes…) that each organization has its own information system. It is therefore essential to have an effective information system. And to optimize your information system, you must already know it.

The performance of an information system lies in its regular maintenance. The more “healthy” this system is, the more secure and therefore effective it is.

Good practices:

Know your Information System and map it

A good knowledge of the information system makes it possible to locate sensitive data (specific to the company’s activity) and therefore to take appropriate security measures. Mapping your information system makes it possible to simplify and locate interventions. The advantage of such a scheme is to quickly identify sensitive data and secure them.

Inventor regularly your Information System

Once your Information system has been mapped, you can start working on its regular inventory. Your schema should not remain ad vitam eternam at the bottom of your wiki.

A regular inventory of the organization’s privileged accounts is essential to protect sensitive data. This inventory must include all users as well as the various administrative rights. This inventory offers more vigilance regarding intrusion detection and removal of obsolete access.

If you have not yet started this process, we advise you to start with an inventory of accounts on your Active Directory, with on one side administrator and user accounts. Be careful, everyone must have a user account in your information system, even the park administrators. Admin accounts should only be used to perform administration actions and not to work on a daily basis.

The arrival and departure procedure

Updating your Information System in case of departure can be a ordeal if there is no procedure. You cannot trust your memory to delete access to your Information System. Fortunately, thanks to your diagram, you know the sensitive assets of your Information System and can start developing your arrival and departure procedure.

The arrival and departure procedure facilitates the maintenance and updating of access to the information system. This procedure makes it possible to act in the event of the creation or deletion of computer accounts, the allocation or modification of rights, the management of physical access, the assignment of mobile equipment and the management of sensitive documents.

Finally, mastering the equipment connecting to the information system is important to reduce potentially vulnerable entry points. Some of the actions carried out aim at supervised personal or visitor facilities. The implementation of a Wi-Fi network with dedicated SSID remains a highly recommended practice to reduce this risk of vulnerability.

Recommended tools:

Draw.io is a free, intuitive and easy-to-use tool for creating network diagrams. The tool allows to display IP zones, associated addressing plan and routing and security equipment without too much effort. However, it is recommended to host it on your servers for more security.

Your Active Directory will be your best ally to manage authentications and permissions on your network. Whether with a Microsoft Active Directory or with its Samba-AD Open Source equivalent, you will be able to manage your users’ rights, manage your employees’ inputs and outputs, all via an easy-to-use management console. Tranquil IT has been a Samba expert for more than 13 years and supports you in your migration to Samba Active Directory to free you from your Microsoft licenses.

Samba Active Directory, an expertise on a European scale

Tranquil IT has been using Samba for more than 13 years, with more than 270 successful projects. This experience has enabled us to become the first integrator of the Active Directory part of Samba in France. Our technical team is more than used to performing IT asset audits, Active Directory migration or domain mergers. Our proximity to the Samba Team allows us to promote the development of this software but also offer certified datadock training to our customers.
Let yourself be tempted by a powerful Open Source Active Directory !

What you shouldn’t miss:

Who to follow during #CyberSecMonth ?

Articless not to be missed:

Find all our recommendations on Twitter and LinkedIn and on hashtag : #TousSecNum, #CyberSecMonth, #ECSM2018 and #ECSM. Also follow our hashtag #CyberConseil to follow Tranquil IT’s advice and discover the following graphics.

Manage nomandism #CyberSecMonth

Manage nomandism #CyberSecMonth

CyberSecurity Month continues and we continue to share our computer graphics with you. Today our CyberAdvice will highlight the importance of managing nomadism, especially at the level of mobile terminals.The Holiday Book for Digital Security is online! You may know...

Securing administration #CyberSecMonth

Securing administration #CyberSecMonth

CyberSecMonth is coming to an end, we hope you have read a lot of relevant articles and interesting computer graphics. On our side, we still have a few CyberAdvice to share with you and we are counting on the most greedy of you to be present at our meetings (every...