IT Security

  • physical access restricted to only those whose job responsibilities require that they maintain the equipment or infrastructure of the room.
    • controlled by a strong authentication method, such as an electronic combination lock, a badge reader, a fingerprint reader, or other biometric scanning device. Lock combinations should be changed on a regular basis.
  • Doors: fireproof and secured with deadbolt type locks that can’t be easily picked.
  • Keys to server room doors - both electronic and traditional - should be numbered and the whereabouts of each copy logged.
    • Traditional keys should be marked “Do not duplicate” and electronic keys should be copy protected.
  • no windows through which a person could gain access. If there are windows, they should be bulletproof/shatterproof, and/or protected by metal grates to prevent access if broken.
  • monitored by CCTV or IP cameras 24/7.
  • redundant power sources, such as a generator, to power electronic locks and authentication systems in case of a power failure or outage.
  • Server rooms and IT equipment rooms should not double as office space or storage space or any other shared purpose.
  • complete inventory of server room and IT network room equipment, including brands, models, serial numbers, and physical descriptions, should be completed and kept up to date.
  • system for securely disposing of unwanted discs, tapes, cards, hard drives, printed paper, and anything else that could contain confidential information should be implemented.

A management system to establish, implement, operate, monitor, review, maintain and improve information security (ISO definition).

  • ISO 27000
    • ISO 27001
    • ISO 27002
    • ISO 27003
    • ISO 27004
    • ISO 27005
    • ISO 27006
    • ISO 27007
    • ISO 270014
    • ISO 270015
  • NIST:
    • Special Publication 800‐53
    • Cybersecurity Framework
Name Purpose
LOKI Simple IoC client/server scanner with custom signatures, written in python
YARA Pattern matching for malware research
Magento Scanner: MageReport
  • Last modified: 2021-04-25 19:13