Difference between revisions of "Security"

From Freephile Wiki
Jump to navigation Jump to search
VisualWikitext
(9 intermediate revisions by 2 users not shown)
Line 1: Line 1:
{{Feature
+
More to add later.
|image=Cib-lets-encrypt (CoreUI Icons v1.0.0).svg
 
|imgdesc=Lets Encrypt
 
|title=
 
}}
 
{{#set:feature title = {{PAGENAME}} }}
 
{{#set:feature description = Using SSL and TLS Deployment Best Practices, QualityBox gets an A+ rating for security. }}
 
{{#set:feature notes = Certificates provided by the [[Certbot|Let's Encrypt project]] }}
 
{{#set:feature tests =  [https://www.ssllabs.com/ssltest/analyze.html?d={{SERVERNAME}} Test on SSL Labs.com] }}
 
{{#set:feature examples = See [[:File:Certificate grade.png]] }}
 
  
 
+
== Resources ==
==free software that secures your communication==
+
# [https://github.com/lfit/itpol Linux Foundation IT Policy]
 
+
# https://wiki.mozilla.org/Security
[https://www.torproject.org/ The Onion Router] (TOR) project https://www.torproject.org/ is the best known provider of security for your personal communications. TOR acts as an anonymizing layer between you and ALL Internet traffic.
 
 
 
For secure "messaging" there is [https://jami.net Jami]. Jami is a complete communication platform made by [https://savoirfairelinux.com/en Savoir Faire Linux]. Jami is available for all operating systems and devices. Jami offers
 
 
 
* Instant messaging
 
* Audio and video calls
 
* Swarms (group chats)
 
* Video-conferences and Rendezvous points with no third-party hosting
 
* Audio and video message recording
 
* Screen sharing and media streaming
 
* Built-in plugin platform for new features and experiences
 
* Jami can also function as a SIP client
 
 
 
Another popular platform for secure messaging is the '''Signal''' app. https://signal.org/
 
 
 
== Security Frameworks ==
 
 
 
 
 
14 Security Frameworks You Should Know <ref>https://secureframe.com/blog/security-frameworks</ref>
 
{| class="wikitable"
 
!Framework
 
!Purpose
 
!Best Suited For
 
!Certification
 
!Certification Method
 
!Audit Duration
 
!Audit Frequency
 
|-
 
!SOC 2
 
|Manage customer data
 
|Companies and their third-party partners
 
|N/A
 
|Authorized CPA firms
 
|6-month period
 
|Every year
 
|-
 
!ISO 27001
 
|Build and maintain an information security management system (ISMS)
 
|Any company handling sensitive data
 
|Yes
 
|Accredited third-party
 
|1 week-1 month
 
|Every year
 
|-
 
!NIST Cybersecurity Framework
 
|Comprehensive and personalized security weakness identification
 
|Anyone
 
|N/A
 
|Self
 
|N/A
 
|N/A
 
|-
 
!HIPAA
 
|Protect patient health information
 
|The healthcare sector
 
|Yes
 
|The Department of Health and Human Services (third-party)
 
|12 weeks
 
|6 per year
 
|-
 
!PCI DSS
 
|Keep card owner information safe
 
|Any company handling credit card information
 
|Yes
 
|PCI Qualified Security Assessor (third-party)
 
|18 weeks
 
|Every year
 
|-
 
!GDPR
 
|Protect the data of people in the EU
 
|All businesses that collect the data of EU citizens
 
|Yes
 
|Third-party
 
|About 30 days
 
|Depends on preference
 
|-
 
!HITRUST CSF
 
|Enhance security for healthcare organizations and technology vendors
 
|The healthcare sector / Anyone
 
|Yes
 
|Third-party
 
|3-4 months
 
|Every year
 
|-
 
!COBIT
 
|Alignment of IT with business goals, security, risk management, and        information governance
 
|Publicly traded companies
 
|Yes
 
|ISACA (third-party)
 
|N/A
 
|N/A
 
|-
 
!NERC-CIP
 
|Keep North America’s bulk electric systems operational
 
|The utility and power sector
 
|Yes
 
|Third-party
 
|Up to 3 years
 
|Every 5 years
 
|-
 
!FISMA
 
|Protect the federal government’s assets
 
|The federal government and third parties operating on its behalf
 
|Yes
 
|The FISMA Center
 
|12 weeks
 
|Every year
 
|-
 
!NIST Special Publication 800-53
 
|Compliance with the Federal Information Processing Standards' (FIPS)        200 requirements and general security advice
 
|Government agencies
 
|N/A
 
|Self
 
|N/A
 
|N/A
 
|-
 
!NIST Special Publication 800-171
 
|Management of controlled unclassified information (CUI) to protect        federal information systems
 
|Contractors and subcontractors of federal agencies
 
|N/A
 
|Self
 
|N/A
 
|N/A
 
|-
 
!IAB CCPA
 
|Protecting California consumers’ data
 
|California businesses and advertising tech companies
 
|N/A
 
|Self
 
|N/A
 
|N/A
 
|-
 
!CIS Controls
 
|General protection against cyber threats
 
|Anyone
 
|Yes
 
|Third-party
 
|}
 
 
 
==Resources==
 
 
 
#[https://github.com/lfit/itpol Linux Foundation IT Policy]
 
#https://wiki.mozilla.org/Security
 
#https://github.com/ssllabs/research/wiki/SSL-and-TLS-Deployment-Best-Practices
 
#https://secureframe.com/blog/security-frameworks
 
# [https://www.brighttalk.com/webcast/6793/591276 How Ubuntu enables your compliance with FedRAMP, FISMA, FIPS, and DISA-STIG] This 50 minute video from Canonical can provide insight as to how an Enterprise MediaWiki solution can address the concerns related to these frameworks.
 
{{References}}
 
  
 
[[Category:Security]]
 
[[Category:Security]]
[[Category:Frameworks]]
 

Revision as of 13:09, 8 September 2015

More to add later.

Resources[edit | edit source]

  1. Linux Foundation IT Policy
  2. https://wiki.mozilla.org/Security
Retrieved from "https://wiki.freephile.org/wiki/index.php?title=Security&oldid=5753"