Professional Documents
Culture Documents
A certificate is an electronic file that holds a public key, identifies the owner of
the key and provides the signature to assure that the key does indeed belong to
the identified person
Certificate authority
A trusted person or organization with the power to create and sign certificate
An individual completes the certificate request with the data and public key and
send it to a certificate authority
The authority verifies the authenticity of data and, if the response is positive,
produces a certificate that is sent to the applicant signed with the private key of
the authority
The applicant can now send the certificate to another individual in order to be
authenticated and to give public key
The verification of the identity is conducted by checking the signature on the
certificate from a certificate authority that makes available its public key.
Ensuring electronic security
Train Your Workforce
Organizations can use a security awareness training program to educate their employees
about the importance of data security. Many organizations begin by creating a team to
create a strategic plan for the security awareness training program. The team should
include executive management as well as initiative leaders.
The team can begin developing programs to educate the organization’s workforce. This
training should consist of digital security best practices and phishing testing. Digital
security writer recommends that the program should address drivers of malicious
behaviour to mitigate the risk of insider threats
Ensuring electronic security
Embrace a Data-Centric Security Strategy
Mobile, the Internet of Things (IoT) and the cloud have dissolved the traditional
boundaries of the network. As such, organizations now need to approach network security
from a more holistic and strategic viewpoint. Information security expert urges
organizations to specifically embrace a data-centric approach through which they develop a
strategic understanding of what data they have and how valuable that data is to their
business operations.
Once they have an idea of what data they have, organizations should protect their data by
doing encryption the right way. They should also look to the Center for Internet Security’s
Control 10 – Data Recovery Capabilities. As part of their implementation of this Control,
organizations should develop a robust data backup strategy and test that strategy and their
backups often.
Ensuring electronic security
Implement Multi-Factor Authentication (MFA)
Many of us are quick to change our login credentials following the public disclosure of
a data breach. But by then, it could be too late. As Tripwire Principal Security
Researcher Travis Smith noted in another blog post for The State of Security, many
victimized businesses don’t detect a data breach (if at all) until hundreds of days later.
That gives attackers plenty of time to compromise those exposed accounts before
anyone knows what happened.
Acknowledging that threat, organizations should take additional steps to shore up their
users’ business accounts against compromise. They can do so by following the
requirements of the Centre for Internet Security’s Control 4 – Controlled Use of
Administrative Privileges and using multi-factor authentication (MFA) for all
administrative account access. They should also encourage users to implement MFA
across their personal web accounts.
Ensuring electronic security