Difference between revisions of "Security"

From Freephile Wiki
Jump to navigation Jump to search
(format header row)
 
(3 intermediate revisions by the same user not shown)
Line 13: Line 13:
 
==free software that secures your communication==
 
==free software that secures your communication==
  
[https://www.torproject.org/ The Onion Router] (TOR) project https://www.torproject.org/ is the best known provider of security for your personal communications.
+
[https://www.torproject.org/ The Onion Router] (TOR) project https://www.torproject.org/ is the best known provider of security for your personal communications. TOR acts as an anonymizing layer between you and ALL Internet traffic.
  
There are others too... like [https://jami.net Jami]  
+
For secure "messaging" there is [https://jami.net Jami]. Jami is a complete communication platform made by [https://savoirfairelinux.com/en Savoir Faire Linux]. Jami is available for all operating systems and devices. Jami offers
  
https://signal.org/ offers tools that integrate with your iPhone or Android phone and desktop.
+
* Instant messaging
 +
* Audio and video calls
 +
* Swarms (group chats)
 +
* Video-conferences and Rendezvous points with no third-party hosting
 +
* Audio and video message recording
 +
* Screen sharing and media streaming
 +
* Built-in plugin platform for new features and experiences
 +
* Jami can also function as a SIP client
  
<br />
+
Another popular platform for secure messaging is the '''Signal''' app. https://signal.org/
  
 
== Security Frameworks ==
 
== Security Frameworks ==
  
  
14 Security Frameworks You Should Know
+
14 Security Frameworks You Should Know <ref>https://secureframe.com/blog/security-frameworks</ref>
 
{| class="wikitable"
 
{| class="wikitable"
 
!Framework
 
!Framework
Line 151: Line 158:
 
#https://github.com/ssllabs/research/wiki/SSL-and-TLS-Deployment-Best-Practices
 
#https://github.com/ssllabs/research/wiki/SSL-and-TLS-Deployment-Best-Practices
 
#https://secureframe.com/blog/security-frameworks
 
#https://secureframe.com/blog/security-frameworks
 +
# [https://www.brighttalk.com/webcast/6793/591276 How Ubuntu enables your compliance with FedRAMP, FISMA, FIPS, and DISA-STIG] This 50 minute video from Canonical can provide insight as to how an Enterprise MediaWiki solution can address the concerns related to these frameworks.
 +
{{References}}
  
 
[[Category:Security]]
 
[[Category:Security]]
 +
[[Category:Frameworks]]

Latest revision as of 14:59, 13 September 2023

Security Dialog-information.svg
Lets Encrypt
Image shows: Lets Encrypt
Summary
Title: Security
Description: Using SSL and TLS Deployment Best Practices, QualityBox gets an A+ rating for security.
More
Notes: Certificates provided by the Let's Encrypt project
Test: Test on SSL Labs.com
Example: See File:Certificate grade.png





free software that secures your communication[edit | edit source]

The Onion Router (TOR) project https://www.torproject.org/ is the best known provider of security for your personal communications. TOR acts as an anonymizing layer between you and ALL Internet traffic.

For secure "messaging" there is Jami. Jami is a complete communication platform made by Savoir Faire Linux. Jami is available for all operating systems and devices. Jami offers

  • Instant messaging
  • Audio and video calls
  • Swarms (group chats)
  • Video-conferences and Rendezvous points with no third-party hosting
  • Audio and video message recording
  • Screen sharing and media streaming
  • Built-in plugin platform for new features and experiences
  • Jami can also function as a SIP client

Another popular platform for secure messaging is the Signal app. https://signal.org/

Security Frameworks[edit | edit source]

14 Security Frameworks You Should Know [1]

Framework Purpose Best Suited For Certification Certification Method Audit Duration Audit Frequency
SOC 2 Manage customer data Companies and their third-party partners N/A Authorized CPA firms 6-month period Every year
ISO 27001 Build and maintain an information security management system (ISMS) Any company handling sensitive data Yes Accredited third-party 1 week-1 month Every year
NIST Cybersecurity Framework Comprehensive and personalized security weakness identification Anyone N/A Self N/A N/A
HIPAA Protect patient health information The healthcare sector Yes The Department of Health and Human Services (third-party) 12 weeks 6 per year
PCI DSS Keep card owner information safe Any company handling credit card information Yes PCI Qualified Security Assessor (third-party) 18 weeks Every year
GDPR Protect the data of people in the EU All businesses that collect the data of EU citizens Yes Third-party About 30 days Depends on preference
HITRUST CSF Enhance security for healthcare organizations and technology vendors The healthcare sector / Anyone Yes Third-party 3-4 months Every year
COBIT Alignment of IT with business goals, security, risk management, and information governance Publicly traded companies Yes ISACA (third-party) N/A N/A
NERC-CIP Keep North America’s bulk electric systems operational The utility and power sector Yes Third-party Up to 3 years Every 5 years
FISMA Protect the federal government’s assets The federal government and third parties operating on its behalf Yes The FISMA Center 12 weeks Every year
NIST Special Publication 800-53 Compliance with the Federal Information Processing Standards' (FIPS) 200 requirements and general security advice Government agencies N/A Self N/A N/A
NIST Special Publication 800-171 Management of controlled unclassified information (CUI) to protect federal information systems Contractors and subcontractors of federal agencies N/A Self N/A N/A
IAB CCPA Protecting California consumers’ data California businesses and advertising tech companies N/A Self N/A N/A
CIS Controls General protection against cyber threats Anyone Yes Third-party

Resources[edit | edit source]

  1. Linux Foundation IT Policy
  2. https://wiki.mozilla.org/Security
  3. https://github.com/ssllabs/research/wiki/SSL-and-TLS-Deployment-Best-Practices
  4. https://secureframe.com/blog/security-frameworks
  5. How Ubuntu enables your compliance with FedRAMP, FISMA, FIPS, and DISA-STIG This 50 minute video from Canonical can provide insight as to how an Enterprise MediaWiki solution can address the concerns related to these frameworks.

References[edit source]