General Security Plan for Richman Investments
The SSCP (Systems Security Certified Practitioner) consists of the following seven domains:
1. Access Controls – policies, standards and procedures that define who users are, what they can do, which resources and information they can access, and what operations they can perform on a system.
• Software - PacketFence is a fully supported, trusted, Free and Open Source network access control (NAC) solution. Boasting an impressive feature set including a captive-portal for registration and remediation, centralized wired and wireless management, powerful guest management options, 802.1X support, layer-2 isolation of problematic devices; ...view middle of the document...
2, is the complete network monitoring & management, help desk, PC inventory, and software reporting solution to manage Everything IT in small and medium businesses.
4. Risk, Response and Recovery – the review, analysis and implementation processes essential to the identification, measurement and control of loss associated with unplanned adverse events.
5. Cryptography – the protection of information using techniques that ensure its integrity, confidentiality, authenticity and non-repudiation, and the recovery of encrypted information in its original form.
• Software - 7-Zip is open source software under the GNU LGPL license. 7-Zip has ZIP container-based AES-256 encryption. You can easily create a compressed archive of files and add a password to it.
AxCrypt is a type of open source file encryption software that lets you compress, encrypt, decrypt, store, send, and work with individual files. It works with the Windows shell and it uses AES-256 encryption.
6. Networks and Communications – the network structure, transmission methods and techniques, transport formats and security measures used to operate both private and public communication networks.
• Software - JITSI is a VoIP, videoconferencing and instant messaging application for Windows, Linux and Mac OS X. It supports several popular instant messaging and telephony protocols.
• FreeSWITCH is a scalable open source cross-platform telephony platform that is designed to route and interconnect popular communication protocols using audio, video, text or any other form of media.
7. Malicious Code and Activity – countermeasures and prevention techniques for dealing with viruses, worms, logic bombs, Trojan horses and other related forms of intentionally created damaging code.
• Software - ClamAV is an open source (GPL) antivirus engine designed for detecting Trojans, viruses, malware and other malicious threats.
• Gateway Anti-Virus, a Vermont Department of Taxes project, allows applications across the enterprise to check files for viruses by providing a SOAP-based virus scanning web service. Client applications submit files to the web service and the web service uses ClamAV to scan them for viruses.
The user is the first and the weakest link in any system. The security can only be minimized if the user knows the risks involved and how to fight them by this; we...