Show pagesourceBack to top Share via Share via... Twitter LinkedIn Telegram Yammer RedditRecent ChangesSend via e-MailPrintPermalink × Table of Contents physical security Management Systems (ISMS) Standards Frameworks Software Web Apps further information Talks communities online tools IT Security see also: Linux Security 🇩🇪 IT security Hacking Block lists physical security physical access restricted to only those whose job responsibilities require that they maintain the equipment or infrastructure of the room. controlled by a strong authentication method, such as an electronic combination lock, a badge reader, a fingerprint reader, or other biometric scanning device. Lock combinations should be changed on a regular basis. Doors: fireproof and secured with deadbolt type locks that can’t be easily picked. Keys to server room doors - both electronic and traditional - should be numbered and the whereabouts of each copy logged. Traditional keys should be marked “Do not duplicate” and electronic keys should be copy protected. no windows through which a person could gain access. If there are windows, they should be bulletproof/shatterproof, and/or protected by metal grates to prevent access if broken. monitored by CCTV or IP cameras 24/7. redundant power sources, such as a generator, to power electronic locks and authentication systems in case of a power failure or outage. Server rooms and IT equipment rooms should not double as office space or storage space or any other shared purpose. complete inventory of server room and IT network room equipment, including brands, models, serial numbers, and physical descriptions, should be completed and kept up to date. system for securely disposing of unwanted discs, tapes, cards, hard drives, printed paper, and anything else that could contain confidential information should be implemented. Management Systems (ISMS) A management system to establish, implement, operate, monitor, review, maintain and improve information security (ISO definition). Standards ISO 27000 ISO 27001 ISO 27002 ISO 27003 ISO 27004 ISO 27005 ISO 27006 ISO 27007 ISO 270014 ISO 270015 PCI DSS NIST: Special Publication 800‐53 Cybersecurity Framework Frameworks Adobe Common Controls Framework (Adobe CCF) Gitlab Control Framework (GCF) Software Name Purpose LOKI Simple IoC client/server scanner with custom signatures, written in python YARA Pattern matching for malware research Web Apps Magento Scanner: MageReport further information Protecting Your System: Physical Security IntelTechniques (Open Source Intelligence) Talks Ten Deadly Sins of Administrators about Windows Security (Microsoft TechEd North America 2012) DEFCON 19: Steal Everything, Kill Everyone, Cause Total Financial Ruin communities Reddit : r/blueteamsec – technical intelligence, research and engineering to help operational [blue|purple] teams defend their estates. r/netsec r/cybersecurity online tools Security Headers – check web server headers for security directives. Last modified: 2023-05-08 06:13