Security: Difference between revisions
No edit summary |
|||
| (6 intermediate revisions by the same user not shown) | |||
| Line 11: | Line 11: | ||
==free software that secures your communication== | |||
[https://www.torproject.org/ The Onion Router] (TOR) project https://www.torproject.org/ is the best known provider of security for your personal communications. TOR acts as an anonymizing layer between you and ALL Internet traffic. | |||
== Resources == | For secure "messaging" there is [https://jami.net Jami]. Jami is a complete communication platform made by [https://savoirfairelinux.com/en Savoir Faire Linux]. Jami is available for all operating systems and devices. Jami offers | ||
# [https://github.com/lfit/itpol Linux Foundation IT Policy] | |||
# https://wiki.mozilla.org/Security | * Instant messaging | ||
# https://github.com/ssllabs/research/wiki/SSL-and-TLS-Deployment-Best-Practices | * Audio and video calls | ||
* Swarms (group chats) | |||
* Video-conferences and Rendezvous points with no third-party hosting | |||
* Audio and video message recording | |||
* Screen sharing and media streaming | |||
* Built-in plugin platform for new features and experiences | |||
* Jami can also function as a SIP client | |||
Another popular platform for secure messaging is the '''Signal''' app. https://signal.org/ | |||
== Security Frameworks == | |||
14 Security Frameworks You Should Know <ref>https://secureframe.com/blog/security-frameworks</ref> | |||
{| class="wikitable" | |||
!Framework | |||
!Purpose | |||
!Best Suited For | |||
!Certification | |||
!Certification Method | |||
!Audit Duration | |||
!Audit Frequency | |||
|- | |||
!SOC 2 | |||
|Manage customer data | |||
|Companies and their third-party partners | |||
|N/A | |||
|Authorized CPA firms | |||
|6-month period | |||
|Every year | |||
|- | |||
!ISO 27001 | |||
|Build and maintain an information security management system (ISMS) | |||
|Any company handling sensitive data | |||
|Yes | |||
|Accredited third-party | |||
|1 week-1 month | |||
|Every year | |||
|- | |||
!NIST Cybersecurity Framework | |||
|Comprehensive and personalized security weakness identification | |||
|Anyone | |||
|N/A | |||
|Self | |||
|N/A | |||
|N/A | |||
|- | |||
!HIPAA | |||
|Protect patient health information | |||
|The healthcare sector | |||
|Yes | |||
|The Department of Health and Human Services (third-party) | |||
|12 weeks | |||
|6 per year | |||
|- | |||
!PCI DSS | |||
|Keep card owner information safe | |||
|Any company handling credit card information | |||
|Yes | |||
|PCI Qualified Security Assessor (third-party) | |||
|18 weeks | |||
|Every year | |||
|- | |||
!GDPR | |||
|Protect the data of people in the EU | |||
|All businesses that collect the data of EU citizens | |||
|Yes | |||
|Third-party | |||
|About 30 days | |||
|Depends on preference | |||
|- | |||
!HITRUST CSF | |||
|Enhance security for healthcare organizations and technology vendors | |||
|The healthcare sector / Anyone | |||
|Yes | |||
|Third-party | |||
|3-4 months | |||
|Every year | |||
|- | |||
!COBIT | |||
|Alignment of IT with business goals, security, risk management, and information governance | |||
|Publicly traded companies | |||
|Yes | |||
|ISACA (third-party) | |||
|N/A | |||
|N/A | |||
|- | |||
!NERC-CIP | |||
|Keep North America’s bulk electric systems operational | |||
|The utility and power sector | |||
|Yes | |||
|Third-party | |||
|Up to 3 years | |||
|Every 5 years | |||
|- | |||
!FISMA | |||
|Protect the federal government’s assets | |||
|The federal government and third parties operating on its behalf | |||
|Yes | |||
|The FISMA Center | |||
|12 weeks | |||
|Every year | |||
|- | |||
!NIST Special Publication 800-53 | |||
|Compliance with the Federal Information Processing Standards' (FIPS) 200 requirements and general security advice | |||
|Government agencies | |||
|N/A | |||
|Self | |||
|N/A | |||
|N/A | |||
|- | |||
!NIST Special Publication 800-171 | |||
|Management of controlled unclassified information (CUI) to protect federal information systems | |||
|Contractors and subcontractors of federal agencies | |||
|N/A | |||
|Self | |||
|N/A | |||
|N/A | |||
|- | |||
!IAB CCPA | |||
|Protecting California consumers’ data | |||
|California businesses and advertising tech companies | |||
|N/A | |||
|Self | |||
|N/A | |||
|N/A | |||
|- | |||
!CIS Controls | |||
|General protection against cyber threats | |||
|Anyone | |||
|Yes | |||
|Third-party | |||
|} | |||
==Resources== | |||
#[https://github.com/lfit/itpol Linux Foundation IT Policy] | |||
#https://wiki.mozilla.org/Security | |||
#https://github.com/ssllabs/research/wiki/SSL-and-TLS-Deployment-Best-Practices | |||
#https://secureframe.com/blog/security-frameworks | |||
# [https://www.brighttalk.com/webcast/6793/591276 How Ubuntu enables your compliance with FedRAMP, FISMA, FIPS, and DISA-STIG] This 50 minute video from Canonical can provide insight as to how an Enterprise MediaWiki solution can address the concerns related to these frameworks. | |||
{{References}} | |||
[[Category:Security]] | [[Category:Security]] | ||
[[Category:Frameworks]] | |||