Know the information system #CyberSecMonth
The importance of an efficient and secure information system
The field of information systems has expanded considerably with the democratization of new technologies. The multiplication of solutions and tools has therefore transformed the information system into a real challenge for organizations. Nowadays, the information system is made up of so many elements (hardware, software, processes…) that each organization has its own information system. It is therefore essential to have an effective information system. And to optimize your information system, you must already know it.
Know your Information System and map it
A good knowledge of the information system makes it possible to locate sensitive data (specific to the company’s activity) and therefore to take appropriate security measures. Mapping your information system makes it possible to simplify and locate interventions. The advantage of such a scheme is to quickly identify sensitive data and secure them.
Inventor regularly your Information System
Once your Information system has been mapped, you can start working on its regular inventory. Your schema should not remain ad vitam eternam at the bottom of your wiki.
A regular inventory of the organization’s privileged accounts is essential to protect sensitive data. This inventory must include all users as well as the various administrative rights. This inventory offers more vigilance regarding intrusion detection and removal of obsolete access.
If you have not yet started this process, we advise you to start with an inventory of accounts on your Active Directory, with on one side administrator and user accounts. Be careful, everyone must have a user account in your information system, even the park administrators. Admin accounts should only be used to perform administration actions and not to work on a daily basis.
The arrival and departure procedure
Updating your Information System in case of departure can be a ordeal if there is no procedure. You cannot trust your memory to delete access to your Information System. Fortunately, thanks to your diagram, you know the sensitive assets of your Information System and can start developing your arrival and departure procedure.
The arrival and departure procedure facilitates the maintenance and updating of access to the information system. This procedure makes it possible to act in the event of the creation or deletion of computer accounts, the allocation or modification of rights, the management of physical access, the assignment of mobile equipment and the management of sensitive documents.
Finally, mastering the equipment connecting to the information system is important to reduce potentially vulnerable entry points. Some of the actions carried out aim at supervised personal or visitor facilities. The implementation of a Wi-Fi network with dedicated SSID remains a highly recommended practice to reduce this risk of vulnerability.
Draw.io is a free, intuitive and easy-to-use tool for creating network diagrams. The tool allows to display IP zones, associated addressing plan and routing and security equipment without too much effort. However, it is recommended to host it on your servers for more security.
Your Active Directory will be your best ally to manage authentications and permissions on your network. Whether with a Microsoft Active Directory or with its Samba-AD Open Source equivalent, you will be able to manage your users’ rights, manage your employees’ inputs and outputs, all via an easy-to-use management console. Tranquil IT has been a Samba expert for more than 13 years and supports you in your migration to Samba Active Directory to free you from your Microsoft licenses.
Samba Active Directory, an expertise on a European scale
The CyberSecMonth, a four-part event
For the sixth edition of CyberSecMonth, ANSSI is covering the event by organizing thematic weeks. Thus, every week many workshops and conferences are organized and focus un the theme of cybersecurity.
The four ANSSI themes:
- Being the basics : The first week of October aims to raise awareness among readers about the need to secure their data, including through passwords and encrypted messages. There are good IT practices, recommendations, an awareness kit and even a serious game on cybersecurity.
- Knowing the professions : This week of October focuses on the digital security professions and the different formations in this field. This is an opportunity to review the recent implementation of the General Data Protection Regulations (GDPR).
- Be interested in risks and apply good practices : This theme focuses on online banking transactions and the risk of credit card fraud. The procedure to follow in the event of a cyber attack is also at the centre of this week.
- Understand tomorrow’s issues : ANSSI concludes this CyberSecMonth by trying to anticipate tomorrow’s cyber threats. This theme highlights the specialists who are working to integrate digital security upstream of artificial intelligence projects and connected objects. Thus this approach aims to reduce the vulnerability of computers and networks. ANSSI will also return to the ethical and legal aspect of technological development.
What you shouldn’t miss:
Who to follow during #CyberSecMonth ?
📽️Mois européen de la cybersécurité 🛡️- Semaine 1: les bases !— Cybermalveillance.gouv.fr (@cybervictimes) 2 octobre 2018
Présentation hors compétition de notre vidéo de sensibilisation sur le #phishing 🎣au 2e #Festival du #Film #Sécurité à @EnghienlesBains
Un support de notre #KitSensiCyber - 🔃#ECSM #TousSecNum @FilmSecurite pic.twitter.com/wUoLbgLzcf
- 5 arguments to adopt the password manager – CNIL
- Cyber defence wants to take the initiative – IM Tech
Find all our recommendations on Twitter and LinkedIn and on hashtag : #TousSecNum, #CyberSecMonth, #ECSM2018 and #ECSM. Also follow our hashtag #CyberConseil to follow Tranquil IT’s advice and discover the following graphics.
Tranquil IT is now referenced to the UGAP through the multi-publisher contract carried by SCC. Behind all these somewhat bureaucratic terms is very good news for those who want to buy the innovative products and services offered by Tranquil IT. What does that mean? In...
This is already the end of the 2018 edition of CyberSecMonth, we hope that you will continue to raise awareness and remain vigilant about the challenges of digital security. On our side, we would like to conclude our CyberAdvice by sharing with you a latest graphic...