Do not begin an engagement until you have acquired business insurance. Do not begin an engagement until contracts are signed by both parties. Do not begin an engagement until you have a list of emergency phone numbers. Do not begin an engagement until both parties have signed NDAs. Do not engage if you are unsure […]
Category: Best Practices
Side effects of automated testing
Automated security testing technologies can seriously damage the web applications they are used against. Therefore, it is often recommended to perform automated tests only against systems in demo, testing or pre-production environments. If you target a web application, which performs many database operations, such as updating or inserting new records, some of the following things […]
How to write a disaster recovery plan
Reference: SearchDisasterRecovery and ComputerWeekly An information technology (IT) disaster recovery (DR) plan provides a structured approach for responding to unplanned incidents that threaten an IT infrastructure, which includes hardware, software, networks, processes and people. Protecting your firm’s investment in its technology infrastructure, and protecting your firm’s ability to conduct business are the key reasons for […]
What is a disaster recovery plan?
A disaster recovery plan (DRP) is a documented process or set of procedures to recover and protect a business IT infrastructure in the event of a disaster. Such a plan, ordinarily documented in written form, specifies procedures an organization is to follow in the event of a disaster. It is “a comprehensive statement of consistent […]
How would you make your Linux server more secure?
Install only what you need. Keep your server lean. Install only those packages that you really need. If there are unwanted packages; purge. The fewer the packages the less chance of unpatched code. Run only what you need. This output will show you which services are running on which ports: netstat -npl You should also […]
How would you assess the security of third party vendors with access to your organization?
If a third party vendor has access to your organization and the vendor gets hacked, your company is at risk of losing vital data, confidential employee data and contact lists, and the consequences can range to damaged reputation, stockholder sellouts, insurance claims, extensive financial damage and possibly even bankruptcy. Remember these steps to reduce the […]
Mac Desktop Security Best Practices
This post requires additional information but for now: http://osxdaily.com/2012/01/11/password-protect-files-folders-in-mac-os-x
Linux Server Security Best Practices
Windows Server Security Best Practices
Desktop Security Best Practices
An excellent desktop security best practices document from CCNY at CUNY: https://www.ccny.cuny.edu/sites/default/files/it/upload/Desktop-Security-Best-Practices.pdf