Difference between revisions of "Security"

From Freephile Wiki
Jump to navigation Jump to search
 
(9 intermediate revisions by 2 users not shown)
Line 1: Line 1:
More to add later.
+
{{Feature
 +
|image=Cib-lets-encrypt (CoreUI Icons v1.0.0).svg
 +
|imgdesc=Lets Encrypt
 +
|title=
 +
}}
 +
{{#set:feature title = {{PAGENAME}} }}
 +
{{#set:feature description = Using SSL and TLS Deployment Best Practices, QualityBox gets an A+ rating for security. }}
 +
{{#set:feature notes = Certificates provided by the [[Certbot|Let's Encrypt project]] }}
 +
{{#set:feature tests =  [https://www.ssllabs.com/ssltest/analyze.html?d={{SERVERNAME}} Test on SSL Labs.com] }}
 +
{{#set:feature examples = See [[:File:Certificate grade.png]] }}
  
== Resources ==
+
 
# [https://github.com/lfit/itpol Linux Foundation IT Policy]
+
==free software that secures your communication==
# https://wiki.mozilla.org/Security
+
 
 +
[https://www.torproject.org/ The Onion Router] (TOR) project https://www.torproject.org/ is the best known provider of security for your personal communications. TOR acts as an anonymizing layer between you and ALL Internet traffic.
 +
 
 +
For secure "messaging" there is [https://jami.net Jami]. Jami is a complete communication platform made by [https://savoirfairelinux.com/en Savoir Faire Linux]. Jami is available for all operating systems and devices. Jami offers
 +
 
 +
* Instant messaging
 +
* Audio and video calls
 +
* Swarms (group chats)
 +
* Video-conferences and Rendezvous points with no third-party hosting
 +
* Audio and video message recording
 +
* Screen sharing and media streaming
 +
* Built-in plugin platform for new features and experiences
 +
* Jami can also function as a SIP client
 +
 
 +
Another popular platform for secure messaging is the '''Signal''' app. https://signal.org/
 +
 
 +
== Security Frameworks ==
 +
 
 +
 
 +
14 Security Frameworks You Should Know <ref>https://secureframe.com/blog/security-frameworks</ref>
 +
{| class="wikitable"
 +
!Framework
 +
!Purpose
 +
!Best Suited For
 +
!Certification
 +
!Certification Method
 +
!Audit Duration
 +
!Audit Frequency
 +
|-
 +
!SOC 2
 +
|Manage customer data
 +
|Companies and their third-party partners
 +
|N/A
 +
|Authorized CPA firms
 +
|6-month period
 +
|Every year
 +
|-
 +
!ISO 27001
 +
|Build and maintain an information security management system (ISMS)
 +
|Any company handling sensitive data
 +
|Yes
 +
|Accredited third-party
 +
|1 week-1 month
 +
|Every year
 +
|-
 +
!NIST Cybersecurity Framework
 +
|Comprehensive and personalized security weakness identification
 +
|Anyone
 +
|N/A
 +
|Self
 +
|N/A
 +
|N/A
 +
|-
 +
!HIPAA
 +
|Protect patient health information
 +
|The healthcare sector
 +
|Yes
 +
|The Department of Health and Human Services (third-party)
 +
|12 weeks
 +
|6 per year
 +
|-
 +
!PCI DSS
 +
|Keep card owner information safe
 +
|Any company handling credit card information
 +
|Yes
 +
|PCI Qualified Security Assessor (third-party)
 +
|18 weeks
 +
|Every year
 +
|-
 +
!GDPR
 +
|Protect the data of people in the EU
 +
|All businesses that collect the data of EU citizens
 +
|Yes
 +
|Third-party
 +
|About 30 days
 +
|Depends on preference
 +
|-
 +
!HITRUST CSF
 +
|Enhance security for healthcare organizations and technology vendors
 +
|The healthcare sector / Anyone
 +
|Yes
 +
|Third-party
 +
|3-4 months
 +
|Every year
 +
|-
 +
!COBIT
 +
|Alignment of IT with business goals, security, risk management, and        information governance
 +
|Publicly traded companies
 +
|Yes
 +
|ISACA (third-party)
 +
|N/A
 +
|N/A
 +
|-
 +
!NERC-CIP
 +
|Keep North America’s bulk electric systems operational
 +
|The utility and power sector
 +
|Yes
 +
|Third-party
 +
|Up to 3 years
 +
|Every 5 years
 +
|-
 +
!FISMA
 +
|Protect the federal government’s assets
 +
|The federal government and third parties operating on its behalf
 +
|Yes
 +
|The FISMA Center
 +
|12 weeks
 +
|Every year
 +
|-
 +
!NIST Special Publication 800-53
 +
|Compliance with the Federal Information Processing Standards' (FIPS)        200 requirements and general security advice
 +
|Government agencies
 +
|N/A
 +
|Self
 +
|N/A
 +
|N/A
 +
|-
 +
!NIST Special Publication 800-171
 +
|Management of controlled unclassified information (CUI) to protect        federal information systems
 +
|Contractors and subcontractors of federal agencies
 +
|N/A
 +
|Self
 +
|N/A
 +
|N/A
 +
|-
 +
!IAB CCPA
 +
|Protecting California consumers’ data
 +
|California businesses and advertising tech companies
 +
|N/A
 +
|Self
 +
|N/A
 +
|N/A
 +
|-
 +
!CIS Controls
 +
|General protection against cyber threats
 +
|Anyone
 +
|Yes
 +
|Third-party
 +
|}
 +
 
 +
==Resources==
 +
 
 +
#[https://github.com/lfit/itpol Linux Foundation IT Policy]
 +
#https://wiki.mozilla.org/Security
 +
#https://github.com/ssllabs/research/wiki/SSL-and-TLS-Deployment-Best-Practices
 +
#https://secureframe.com/blog/security-frameworks
 +
# [https://www.brighttalk.com/webcast/6793/591276 How Ubuntu enables your compliance with FedRAMP, FISMA, FIPS, and DISA-STIG] This 50 minute video from Canonical can provide insight as to how an Enterprise MediaWiki solution can address the concerns related to these frameworks.
 +
{{References}}
  
 
[[Category:Security]]
 
[[Category:Security]]
 +
[[Category:Frameworks]]

Latest revision as of 14:59, 13 September 2023

Security Dialog-information.svg
Lets Encrypt
Image shows: Lets Encrypt
Summary
Title: Security
Description: Using SSL and TLS Deployment Best Practices, QualityBox gets an A+ rating for security.
More
Notes: Certificates provided by the Let's Encrypt project
Test: Test on SSL Labs.com
Example: See File:Certificate grade.png





free software that secures your communication[edit | edit source]

The Onion Router (TOR) project https://www.torproject.org/ is the best known provider of security for your personal communications. TOR acts as an anonymizing layer between you and ALL Internet traffic.

For secure "messaging" there is Jami. Jami is a complete communication platform made by Savoir Faire Linux. Jami is available for all operating systems and devices. Jami offers

  • Instant messaging
  • Audio and video calls
  • Swarms (group chats)
  • Video-conferences and Rendezvous points with no third-party hosting
  • Audio and video message recording
  • Screen sharing and media streaming
  • Built-in plugin platform for new features and experiences
  • Jami can also function as a SIP client

Another popular platform for secure messaging is the Signal app. https://signal.org/

Security Frameworks[edit | edit source]

14 Security Frameworks You Should Know [1]

Framework Purpose Best Suited For Certification Certification Method Audit Duration Audit Frequency
SOC 2 Manage customer data Companies and their third-party partners N/A Authorized CPA firms 6-month period Every year
ISO 27001 Build and maintain an information security management system (ISMS) Any company handling sensitive data Yes Accredited third-party 1 week-1 month Every year
NIST Cybersecurity Framework Comprehensive and personalized security weakness identification Anyone N/A Self N/A N/A
HIPAA Protect patient health information The healthcare sector Yes The Department of Health and Human Services (third-party) 12 weeks 6 per year
PCI DSS Keep card owner information safe Any company handling credit card information Yes PCI Qualified Security Assessor (third-party) 18 weeks Every year
GDPR Protect the data of people in the EU All businesses that collect the data of EU citizens Yes Third-party About 30 days Depends on preference
HITRUST CSF Enhance security for healthcare organizations and technology vendors The healthcare sector / Anyone Yes Third-party 3-4 months Every year
COBIT Alignment of IT with business goals, security, risk management, and information governance Publicly traded companies Yes ISACA (third-party) N/A N/A
NERC-CIP Keep North America’s bulk electric systems operational The utility and power sector Yes Third-party Up to 3 years Every 5 years
FISMA Protect the federal government’s assets The federal government and third parties operating on its behalf Yes The FISMA Center 12 weeks Every year
NIST Special Publication 800-53 Compliance with the Federal Information Processing Standards' (FIPS) 200 requirements and general security advice Government agencies N/A Self N/A N/A
NIST Special Publication 800-171 Management of controlled unclassified information (CUI) to protect federal information systems Contractors and subcontractors of federal agencies N/A Self N/A N/A
IAB CCPA Protecting California consumers’ data California businesses and advertising tech companies N/A Self N/A N/A
CIS Controls General protection against cyber threats Anyone Yes Third-party

Resources[edit | edit source]

  1. Linux Foundation IT Policy
  2. https://wiki.mozilla.org/Security
  3. https://github.com/ssllabs/research/wiki/SSL-and-TLS-Deployment-Best-Practices
  4. https://secureframe.com/blog/security-frameworks
  5. How Ubuntu enables your compliance with FedRAMP, FISMA, FIPS, and DISA-STIG This 50 minute video from Canonical can provide insight as to how an Enterprise MediaWiki solution can address the concerns related to these frameworks.

References[edit source]