Difference between revisions of "Security"

From Freephile Wiki
Jump to navigation Jump to search
(Add secureframe reference and Jami note)
 
(2 intermediate revisions by the same user not shown)
Line 13: Line 13:
 
==free software that secures your communication==
 
==free software that secures your communication==
  
[https://www.torproject.org/ The Onion Router] (TOR) project https://www.torproject.org/ is the best known provider of security for your personal communications.
+
[https://www.torproject.org/ The Onion Router] (TOR) project https://www.torproject.org/ is the best known provider of security for your personal communications. TOR acts as an anonymizing layer between you and ALL Internet traffic.
  
There are others too... like [https://jami.net Jami] Jami is a complete communication platform made by Savoir Faire Linux.
+
For secure "messaging" there is [https://jami.net Jami]. Jami is a complete communication platform made by [https://savoirfairelinux.com/en Savoir Faire Linux]. Jami is available for all operating systems and devices. Jami offers
  
https://signal.org/ offers tools that integrate with your iPhone or Android phone and desktop.
+
* Instant messaging
 +
* Audio and video calls
 +
* Swarms (group chats)
 +
* Video-conferences and Rendezvous points with no third-party hosting
 +
* Audio and video message recording
 +
* Screen sharing and media streaming
 +
* Built-in plugin platform for new features and experiences
 +
* Jami can also function as a SIP client
  
<br />
+
Another popular platform for secure messaging is the '''Signal''' app. https://signal.org/
  
 
== Security Frameworks ==
 
== Security Frameworks ==
Line 151: Line 158:
 
#https://github.com/ssllabs/research/wiki/SSL-and-TLS-Deployment-Best-Practices
 
#https://github.com/ssllabs/research/wiki/SSL-and-TLS-Deployment-Best-Practices
 
#https://secureframe.com/blog/security-frameworks
 
#https://secureframe.com/blog/security-frameworks
 
+
# [https://www.brighttalk.com/webcast/6793/591276 How Ubuntu enables your compliance with FedRAMP, FISMA, FIPS, and DISA-STIG] This 50 minute video from Canonical can provide insight as to how an Enterprise MediaWiki solution can address the concerns related to these frameworks.
 
{{References}}
 
{{References}}
  
 
[[Category:Security]]
 
[[Category:Security]]
 
[[Category:Frameworks]]
 
[[Category:Frameworks]]

Latest revision as of 14:59, 13 September 2023

Security Dialog-information.svg
Lets Encrypt
Image shows: Lets Encrypt
Summary
Title: Security
Description: Using SSL and TLS Deployment Best Practices, QualityBox gets an A+ rating for security.
More
Notes: Certificates provided by the Let's Encrypt project
Test: Test on SSL Labs.com
Example: See File:Certificate grade.png





free software that secures your communication[edit | edit source]

The Onion Router (TOR) project https://www.torproject.org/ is the best known provider of security for your personal communications. TOR acts as an anonymizing layer between you and ALL Internet traffic.

For secure "messaging" there is Jami. Jami is a complete communication platform made by Savoir Faire Linux. Jami is available for all operating systems and devices. Jami offers

  • Instant messaging
  • Audio and video calls
  • Swarms (group chats)
  • Video-conferences and Rendezvous points with no third-party hosting
  • Audio and video message recording
  • Screen sharing and media streaming
  • Built-in plugin platform for new features and experiences
  • Jami can also function as a SIP client

Another popular platform for secure messaging is the Signal app. https://signal.org/

Security Frameworks[edit | edit source]

14 Security Frameworks You Should Know [1]

Framework Purpose Best Suited For Certification Certification Method Audit Duration Audit Frequency
SOC 2 Manage customer data Companies and their third-party partners N/A Authorized CPA firms 6-month period Every year
ISO 27001 Build and maintain an information security management system (ISMS) Any company handling sensitive data Yes Accredited third-party 1 week-1 month Every year
NIST Cybersecurity Framework Comprehensive and personalized security weakness identification Anyone N/A Self N/A N/A
HIPAA Protect patient health information The healthcare sector Yes The Department of Health and Human Services (third-party) 12 weeks 6 per year
PCI DSS Keep card owner information safe Any company handling credit card information Yes PCI Qualified Security Assessor (third-party) 18 weeks Every year
GDPR Protect the data of people in the EU All businesses that collect the data of EU citizens Yes Third-party About 30 days Depends on preference
HITRUST CSF Enhance security for healthcare organizations and technology vendors The healthcare sector / Anyone Yes Third-party 3-4 months Every year
COBIT Alignment of IT with business goals, security, risk management, and information governance Publicly traded companies Yes ISACA (third-party) N/A N/A
NERC-CIP Keep North America’s bulk electric systems operational The utility and power sector Yes Third-party Up to 3 years Every 5 years
FISMA Protect the federal government’s assets The federal government and third parties operating on its behalf Yes The FISMA Center 12 weeks Every year
NIST Special Publication 800-53 Compliance with the Federal Information Processing Standards' (FIPS) 200 requirements and general security advice Government agencies N/A Self N/A N/A
NIST Special Publication 800-171 Management of controlled unclassified information (CUI) to protect federal information systems Contractors and subcontractors of federal agencies N/A Self N/A N/A
IAB CCPA Protecting California consumers’ data California businesses and advertising tech companies N/A Self N/A N/A
CIS Controls General protection against cyber threats Anyone Yes Third-party

Resources[edit | edit source]

  1. Linux Foundation IT Policy
  2. https://wiki.mozilla.org/Security
  3. https://github.com/ssllabs/research/wiki/SSL-and-TLS-Deployment-Best-Practices
  4. https://secureframe.com/blog/security-frameworks
  5. How Ubuntu enables your compliance with FedRAMP, FISMA, FIPS, and DISA-STIG This 50 minute video from Canonical can provide insight as to how an Enterprise MediaWiki solution can address the concerns related to these frameworks.

References[edit source]