HomeAbout UsServicesPartnersSecurity ResourcesNewsContact Us


SECURITY INFORMATION LINKS

SANS Institute - http://www.sans.org
Stay Safe Online - http://statyafeonline.info
United State Computer Emergency Readiness Team - http://www.us-cert.gov

TNC SECURITY GUIDES

Protecting Email/Instant Messages
Ensuring Record Security
Securing Wireless Networks


SECURITY FAQ

What is Security Management?
What are Security Controls?
What is a Security Policy?
What are system/network vulnerabilities?
What are system/network risks?
What are networking attacks?
What are Trojan Horses, Viruses, and Worms?
What are Firewalls?
What are Intrusion Detection Systems?
What are Intrusion Prevention Systems?
What are Virtual Private Networks?


What is Security Management?
Security management includes risk management, information security policies, procedures, standards, guidelines, baselines, information classification, security organization, and security education. These elements protect and mitigate risk to the company's assets, where assets can include company data and computer resources.

Back to top.

What are Security Controls?
Security controls are administrative, physical, and technical. Security controls protect company data and resources.

Administrative controls include the development and publication of policies, standards, procedures, and guidelines, the screening of personnel, security awareness training, and change control procedures.

Physical controls entail controlling individual access to company data and resources.

Technical controls consist of access control mechanisms, passwords, and resource management.

Back to top.

What is a Security Policy?
A security policy is a blueprint or framework of a company's security management program. A security policy defines rules for resource access and usage. Security policies dictate procedures, standards, and guidelines for handling and operating company data and computer resources.

Back to top.

What are system/network vulnerabilities?
Vulnerabilities are software, hardware, or procedural weaknesses that may provide an attacker opportunity to enter a computer or network and have unauthorized access to resources.

Back to top.

What are system/network risks?
Risks are the likelihood that vulnerabilities will be exploited. Risk management is one of the objectives of a security management program.

Back to top.

What are networking attacks?
Network attacks generally are divided into 3 categories:
(1) Access - unauthorized usage of protected computer resources and/or data
(2) Denial of Service - preventing the network from delivering expected services
(3) Reconnaissance - probing the network for vulnerabilities through which Access and/or Denial of Service attacks can be launched
Back to top.

What are Trojan Horses, Viruses, and Worms?
Trojan Horses is a type of access attack. A Trojan Horse is a program with a known behavior, and an unknown (often malicious) behavior.

Viruses are a type of access attack. Viruses are programs that insert themselves into one or more files and then perform some actions.

Worms are typically viruses that copy themselves from one computer to another.

Back to top.

What are Firewalls?
Firewalls are a type of Technical Control that mediates access to a network, allowing and disallowing certain types of access on the basis of a configured security policy.

Back to top.

What are Intrusion Detection Systems?
ID stands for Intrusion Detection, which is a Technical Control for detecting inappropriate, incorrect, or anomalous activity. ID systems that operate on a host to detect malicious activity on that host are called host-based ID systems, and ID systems that operate on network data flows are called network-based ID systems.

Back to top.

What are Intrusion Prevention Systems?
Intrusion Prevention Systems are Technical Controls that perform like Intrusion Detection Systems, but take immediate action to prevent an attack.

Back to top.

What are Virtual Private Networks?
A virtual private network (VPN) is a Technical Control for use in a public telecommunication infrastructure, such as the Internet, to provide remote offices or individual users with secure access to their organization's network.

Back to top.


HomeAbout UsServicesPartnersSecurity ResourcesNewsContact Us
This site designed by SOUPKITCHEN • DESIGN LLC
© 2005 Thompson Network Consulting