Mẹo Which of the following is the best method to prevent unauthorized alteration of online records?
Thủ Thuật Hướng dẫn Which of the following is the best method to prevent unauthorized alteration of online records? 2022
Lê Bình Nguyên đang tìm kiếm từ khóa Which of the following is the best method to prevent unauthorized alteration of online records? được Cập Nhật vào lúc : 2022-09-27 15:50:06 . Với phương châm chia sẻ Thủ Thuật về trong nội dung bài viết một cách Chi Tiết 2022. Nếu sau khi Read Post vẫn ko hiểu thì hoàn toàn có thể lại phản hồi ở cuối bài để Admin lý giải và hướng dẫn lại nha.Unauthorized access is when a person gains entry to a computer network, system, application software, data, or other resources without permission. Any access to an information system or network that violates the owner or operator’s stated security policy is considered unauthorized access. Unauthorized access is also when legitimate users access a resource that they do not have permission to use.
Nội dung chính- How Unauthorized Access OccursDigital Unauthorized Access TacticsPhysical Unauthorized Access TacticsOther Unauthorized
Access TacticsBest Practices for Preventing Unauthorized AccessTake a Defensive Stance Against Unauthorized AccessWhich of the following controls is the most effective for preventing unauthorized access to data and program files?Which of the following is the most likely source of errors in a fully operational computer based system?What does an internal auditor do?Which of the following is the major purpose of the auditor's study and evaluation of the company's computer processing?
The most common reasons for unauthorized entry are to:
- Steal sensitive dataCause damageHold data hostage as part of a ransomware attackPlay a prank
The three primary objectives of preventing unauthorized access are:
- Confidentiality—the protection of sensitive information from unauthorized accessIntegrity—the protection of sensitive information from unauthorized modification or destructionAvailability—the protection of
sensitive information and information systems from unauthorized disruption
How Unauthorized Access Occurs
Understanding how unauthorized access occurs helps guide the implementation of best practices. Many common tactics fall into two broad categories: digital and physical.
Digital Unauthorized Access Tactics
Guessing passwords
Guessing passwords is a common entry vector for unauthorized access. Manual
password guessing is done using social engineering, phishing, or by researching a person to come up with information that could be the password.
In scaled attacks, software is used to automate the guessing of access information, such as user names, passwords, and personal identification numbers (PIN).
Exploiting software vulnerabilities
A mistake in software is referred to as a bug. In most cases, these bugs are annoying, but harmless. However, some bugs are
significant vulnerabilities that can be exploited to gain unauthorized access into applications, networks, operating systems, or hardware. These vulnerability exploits are commonly executed with software or code that can take control of systems and steal data.
Social engineering
Cybercriminals often gain unauthorized access by taking advantage of human vulnerabilities, convincing people to hand over credentials or sensitive data. These attacks,
known as social engineering, often involve some form of psychological manipulation and utilize malicious links in email, pop-ups on websites, or text messages. Common social engineering tactics used to gain unauthorized access include phishing,
smishing, spear phishing, ransomware, and impersonation.
Physical Unauthorized Access Tactics
Cybercriminals often gain unauthorized access to physical spaces to carry out their plans. Some opt to steal laptops or smart devices, then break into them offsite. Others target computers or routers to insert malware.
Tailgating or piggybacking
Tailgating is a tactic used to gain physical access to resources by following an authorized person into a secure building, area, or room. The perpetrator can be disguised as a delivery or repair person, someone struggling with an oversized package who may require assistance, or
someone who looks and acts as if they belong there. Most of these situations occur "in plain sight."
Fraudulent use of access cards
Access cards that are lost, stolen, copied or shared pose an unauthorized access risk.
Door propping
While incredibly simple, propping open a door or window is one of the most effective ways for an insider to help a perpetrator gain unauthorized access to restricted buildings or spaces.
Other Unauthorized Access Tactics
Collusion
A malicious insider can collude with an outsider to provide unauthorized access to physical spaces or digital access to systems. Often, an insider comes up with a plan, then brings in an outsider to help. A more sophisticated third party can help override internal controls and bypass security measures.
Passbacks
Passbacks are instances of sharing credentials or access cards to gain unauthorized access to physical
places or digital systems.
Best Practices for Preventing Unauthorized Access
Electronic Data Protection
- Monitoring should be in place to flag suspicious attempts to access sensitive information.Inventory of the devices on the network should be performed regularly to maintain comprehensive, up-to-date maps.Encryption should be used for viewing, exchanging, and storing sensitive
information.Network drives should be used to store sensitive information to protect it from unauthorized access and for disaster recovery.Mobile devices and personal computing devices should not be used for storing sensitive information.Removable truyền thông and devices should not be used to store sensitive information.Access to systems and data should be limited on a need to use basis, also known as the principle of least privilege.Suspected security
breaches should be reported immediately.
Backup and Disposal of Data
- Data should be backed up and stored according to data governance policies.Sensitive data backed up to cloud storage providers should be encrypted.Backups should be conducted on a regular basis.Data that is no longer needed should be permanently deleted.Professional computer recycling programs should be used for decommissioned computers and devices, with
all data removed prior to the recycling process.Cross shedders should be used to dispose of paper documents.
Password Management and Protection
Organizational leaders should ensure strong password policies and effective compliance programs are in place to prevent unauthorized access, as well as follow these guidelines themselves.
- Unique passwords should be used for each online account.Passwords should be changed for any account or
device that has experienced an unauthorized access incident.Strong passwords should be used that include a combination of letters, numbers, and symbols. A password should not be a word, common phrase, or one that someone with a little personal knowledge might guess, such as the user’s child’s name, address, or phone number.Passwords should never be shared.Passwords should be changed periodically.Passwords should not be written down or stored in an unsecure
location.
System and Device Protection
- Multifactor authentication should be used for all systems.Malware scans should be regularly run on all systems.Computers, laptops, and smart devices should have the lock screen enabled, and should be shut down when not in use for extended periods.Single sign-on (SSO) should be considered to centrally manage users’ access to systems, applications, and networks.Operating systems and
applications should be updated when patches and new versions are available.Anti-virus, anti-malware, and anti-ransomware software should be installed on all computers, laptops, and smart devices.
Electronic Communications Protection—E-Mail, Instant Messaging, Text Messaging, and Social Media
- Sensitive data should only be encrypted or sent as a password-protected file.Attachments or links from untrusted sources should not be opened.
Caution should be taken to avoid phishing scams.
Coach Employees to Avoid Risky Behaviors
- Screens should be positioned so they cannot be viewed by others.Special precautions should be taken when leaving devices unattended in work from home environments.Account recovery questions should not be easy to guess.Pop-ups and shortened URLs should not be clicked on unless from a trusted source.Sensitive information should
not be accessed or discussed in public locations.
Unauthorized Access Incident Response
Timing is of the essence in the sự kiện of an unauthorized access incident. Prior planning and having a team ready to respond is critical.
The National Institute of Standards and Technology offers four steps for incident response handling:
The Incident Response Lifecycle illustrates the steps involved to recover from an unauthorized access incident.Take a Defensive Stance Against Unauthorized Access
The damage from unauthorized access goes beyond time and money; trust and reputation are also casualties.
Protection of sensitive data should be top of mind and a high priority in all organizations. A defensive, proactive approach to preventing unauthorized access can protect information and systems from disclosure, modification, destruction, and disruption.
Egnyte has experts ready to answer your questions. For more than a decade, Egnyte has helped more than 17,000 customers with millions of customers worldwide.
Post a Comment