ius and bits

It was published today on the website of ENISA , the paper entitled " How to Shop Safely Online ", which also contains my contribution as a contributor, which explores issues related to online shopping and, of course, related to security profiles. Read the rest of this entry »

On February 18 ENISA (European Network and Information Security Agency), the European Aviation Safety Agency, has published two new documents on internet safety.

The first document is a handbook for parents and guardians; the document in English version is available here . The Decalogue is a particularly interesting reference for those not familiar with the Internet, given that children today are very knowledgeable about the issues associated with new technologies.

In addition to the document, ENISA has published a handbook for other workers that contains the basic rules for safety on the Internet. This document is available for workers here .

As usual documents are extremely valuable and interesting.

Continuing the previous articles of the day, below the last part of the 10 good practice of ENISA .

6. Visitator the

All visitors must be registered and signed on arrival and exit.

All visitors must have a badge to be worn at all times while browsing the business-building

Follow the visitors around the building business all the time. Allow visitors to wander around the office is not safe.

7. Reports about the loss and / or damage to mobile devices business and accidents

Report of loss and / or damage to mobile devices business (eg phones, PDAs or USB drive) of the IT department of your organization.

Report on any portable device found at the company IT department of your organization.

Report any breach of security and / or accidents, even if you are unsure.

Report suspicious activity on the workstation and the unexpected unavailability of an application, if you have received any notice in advance by your IT department.

8. Protect your information outside the organization

When you are outside the organization, be sure to store sensitive information and equipment safely at all times to prevent theft or loss. Especially when you are in public places manage information carefully.

Be aware that someone can hear the conversation. Do not make available to all confidential information in your organization.

When traveling or working from a remote location to protect themselves against those who may take possession of codes and passwords.

9. Comply with corporate security policies and procedures

Comply with safety policies and procedures.

Ensuring the confidentiality, integrity and availability of data.

Comply with legal principles, such as copyright, intellectual property, privacy, and software licenses.

If you know of colleagues who are in violation of security policies and procedures, immediately inform managers.

10. Provide feedback to further refine the solutions applied and security policies

provide feedback to further refine the solutions applied and security policies.

Suggest the purchase of additional software, if necessary, to conduct the activities.

ask questions or make suggestions to improve the solutions and security policies.

Source: ENISA

I continue the publication of the document ENISA on the 10 rules of good practices within the particular business. The following additional rules:

3. Use e-mail and the Internet with care

• Do not open unknown e-mail and attachments
• Do not click on hyperlinks in e-mail suspicious.
• forward e-mail where appropriate. Think of the message to delete the history before doing so.
• share documents in PDF format to ensure that the files can not be easily modified.
• confidential information must be encrypted when sent via e-mail.
• surf the Internet with care.
• do not share information about your organization and your role on social networking sites.
• avoid participating in blog where your presence and your opinions can be interpreted as those of your organization.
• do not download documents and material from third parties are not trusted.
• not access, download, store or transmit any unlawful or offensive
• remember that surfing the Internet using your workstation can be traced

4. Use of mobile business: laptops, USB drives, cell phones and Blackberry

Laptops

• Do not install or use illegal software and / or unauthorized because it compromises the security of your data and you violate the law
• turn off wireless connections when not needed.
• connect your laptop to the network of your organization to regularly update the security checks
• to backup the information stored in the laptop
• lock your laptop when you leave your desk to go to a meeting, if you take a break and / or lunch
• not allow other people to connect their USB drive into a laptop, especially unsecured personal dives
• Do not leave your laptop unattended.
• do not leave your laptop visible inside the car

USB drives

• use an encrypted USB drive
• limit the number of business data that are stored on the USB drive, especially on personal drives unsafe
• connecting the USB drive to your keychain / lanyard to prevent loss: the small size of USB flash drives makes these devices easier to lose or be stolen. In addition, the greater storage capacity increases the amount of data at potential risk of unauthorized access. USB flash drives are usually placed in bags, backpacks, laptop bags, jackets, pants pockets, or are left unattended workstations. The number of accidents has increased recently for USB drive lost, forgotten, borrowed or stolen without permission
• invite users to put the USB flash drive in read-only mode using the physical switch to prevent the transmission of viruses: some USB flash drives include a physical switch to put the unit in a read-only mode to prevent the computer host writes or modifies data on disk
• scan the USB flash drive, after copying files from one machine to unknown and / or to prevent unauthorized transmission of viruses
• before you connect your USB drive in someone else's computer, delete all files that are not relevant for the operation to be performed
• backup information: be able to recover data residing on USB flash drives

Mobile phones and BlackBerry

• turn off the wireless (ie Bluetooth and WLAN), when not in use. The Bluetooth technology allows electronic devices to communicate with each other through a short-range radio link. Some Bluetooth mobile phones suffer from software bugs that lead to the practice of Bluejacking and Bluesnarfing. Bluejacking is when someone sends an anonymous text by creating a message and then send it to another Bluetooth enabled mobile phone. Bluejacking can be used to send unsolicited messages. Bluesnarfing is used to copy personal information, such as the list of contacts from one handset to another.
• do not leave your cell phone or Blackberry unattended. Otherwise, it could lead to data loss

5. Managing information with care

• mark any document with the appropriate classification code
• protect sensitive content with a password to prevent someone from changing or eliminating them
• clean desk rule: Do not leave sensitive information around. Carefully dispose of the documents.
• Do not leave sensitive information on conference facilities and meeting rooms common to avoid their exposure to any person using the room after you.
• Secure printing: print, copy and scan the information only if necessary. Remember to collect the output document from the printer
• Always destroy documents containing sensitive information and / or marked "confidential"
• Do not store all the information on the local disk.
• ensure that any third parties who work with you have signed a nondisclosure agreement before providing any sensitive information

Publish the last part tomorrow.

Source: ENISA

S ecurity A gency e tra le varie attività svolte viene anche coordinata una Awareness Raising Community. ENISA is an acronym for E uropean N etwork I nformation S ecurity and A gency and between the various activities are also coordinated a Community Awareness Raising.

The AR Community is an international group which includes experts who have an interest free to engage in awareness of safety issues. I am a member of this AR-C and participate in activities that are proposed.

Recently, in July this year, it published a document that is a good guide as best practices regarding security. I think it useful, not least in raising dell'awareness to disclose these 10 rules in steps. So now I will indicate only the first part relating to points 1 and 2.

1. Using Passwords

The password is the equivalent of the lock of your home on the Internet. Passwords are the best defense and through good use of passwords you can keep your identity safe and confidential and sensitive information.

Use a strong password

• The password for your computer is the key to accdere to all information - both business and personal - that have registered on your computer and online accounts. Use a strong password to protect your data: use at least eight characters combining letters (uppercase and lowercase), numbers and symbols. The greater the variety of characters you have in your password, the harder it is to guess. Do not use personal information - name, the child's name, date of birth, etc. - that someone might already know or easily obtain and try to avoid common words: some hackers use programs that try every word in the dictionary.

Change your password regularly

• If you believe that your system has been compromised change passwords immediately.

Keep your password secret

• Your password is unique and should not be shared with anyone.
• Where possible, try to learn your password to memory. Is there a strategy to save them.
• If you write your password down, be careful where you store. Do not leave trccia of your passwords anywhere.

Use different passwords

• Use different passwords for each online account to be accessed (or at least a series of passwords). If you use the same password for multiple accounts, and the attacker gains access to an account will be able to access all your accounts.

2. Protect your computer

• Lock your desktop when you leave your desk to go to a meeting, during a break and / or lunch.
• Do not allow other people to connect their USB drive to your computer, especially unsecured personal drives.
• Do not install or use illegal software and / or unauthorized software if you are compromising data security and violating the law. And 'possible to open the vulnerabilities of your organization's network.
• Do not connect any personal disc, music player and / or USB drives to your computer.
• Do not connect your personal laptop to the network of your organization as they may contain viruses or malware.

End part one.