6 Security Rules To Make A Secure Network For Your Organization - That Computer Engineer

Breaking

Learn | Teach | Explore

Friday, April 7, 2017

6 Security Rules To Make A Secure Network For Your Organization



1.Confidentiality: 

The information of a user must be securely exchanged. We may use the cryptographic or steganographic techniques to mask the information. Use of insecure transmission protocol is vulnerable to information theft or loss. Masking of passwords and other sensitive information can be masked with "*". This again enhances the confidentiality of a software, website or program.
We all want to keep some information confidential. For example, our messages.

2.Integrity

By integrity, we mean that there should be no change in the system values or the information stored by the user. Any form of code injection or attack may affect the data of the user. However, such attacks can be prevented by using consistent mechanisms like CRC's, checksum, hashes, etc. Developing of a function by the software developer that allows the user to check for accuracy or consistency of his data is also a good step against such attacks. In the bank, while transactions are made, an equal amount must be subtracted from the sender that is added to the receiver.


3.Availablity

The data should be available to user anytime based on his needs. The software should be able to support a large number of users simultaneously. If the data is not available to users at the required time, there must be some sort of function telling users about the time required for recovery of data or for how long data will remain unavailable. Sometimes non-availability of data to user may cause him a loss. 

4.Authentication

There should be some mechanism such that users are able to access data only after providing authentication credentials related to the same. Login passwords, biometrics, forms, etc are some common examples of authentication. Almost every site, including Facebook, involves such security mechanism where we have to enter our login id and a password to access our data. Banks for online transfer of money use PIN, debit card number, and expiry date for security. Certificates may also be used for mutual authentication.
5. Authorization

Access to highly sensitive information is restricted to certain users only. The administrator has all the rights to create, read, update or delete some data. An unauthorized user can only read the data. This prevents unnecessary modification of data maintaining the data security. Without authorization, the data will lose its purity.

6.Accountability

Within a large organization, the data plays an important role. Any small modification of data may affect the company negatively. Consider the scenario of a bank. A large amount of money is being transferred daily. For every transaction made, a particular employee related to that transaction must be accountable. Including time stamps for the login also prove beneficial in this case.

1 comment: