Open main menu

Security

Revision as of 15:59, 13 September 2023 by Admin (talk | contribs) (→‎Resources)

(diff) ← Older revision | Approved revision (diff) | Latest revision (diff) | Newer revision → (diff)
Security Dialog-information.svg
Lets Encrypt
Image shows: Lets Encrypt
Summary
Title: Security
Description: Using SSL and TLS Deployment Best Practices, QualityBox gets an A+ rating for security.
More
Notes: Certificates provided by the Let's Encrypt project
Test: Test on SSL Labs.com
Example: See File:Certificate grade.png





free software that secures your communication

The Onion Router (TOR) project https://www.torproject.org/ is the best known provider of security for your personal communications. TOR acts as an anonymizing layer between you and ALL Internet traffic.

For secure "messaging" there is Jami. Jami is a complete communication platform made by Savoir Faire Linux. Jami is available for all operating systems and devices. Jami offers

  • Instant messaging
  • Audio and video calls
  • Swarms (group chats)
  • Video-conferences and Rendezvous points with no third-party hosting
  • Audio and video message recording
  • Screen sharing and media streaming
  • Built-in plugin platform for new features and experiences
  • Jami can also function as a SIP client

Another popular platform for secure messaging is the Signal app. https://signal.org/

Security Frameworks

14 Security Frameworks You Should Know [1]

Framework Purpose Best Suited For Certification Certification Method Audit Duration Audit Frequency
SOC 2 Manage customer data Companies and their third-party partners N/A Authorized CPA firms 6-month period Every year
ISO 27001 Build and maintain an information security management system (ISMS) Any company handling sensitive data Yes Accredited third-party 1 week-1 month Every year
NIST Cybersecurity Framework Comprehensive and personalized security weakness identification Anyone N/A Self N/A N/A
HIPAA Protect patient health information The healthcare sector Yes The Department of Health and Human Services (third-party) 12 weeks 6 per year
PCI DSS Keep card owner information safe Any company handling credit card information Yes PCI Qualified Security Assessor (third-party) 18 weeks Every year
GDPR Protect the data of people in the EU All businesses that collect the data of EU citizens Yes Third-party About 30 days Depends on preference
HITRUST CSF Enhance security for healthcare organizations and technology vendors The healthcare sector / Anyone Yes Third-party 3-4 months Every year
COBIT Alignment of IT with business goals, security, risk management, and information governance Publicly traded companies Yes ISACA (third-party) N/A N/A
NERC-CIP Keep North America’s bulk electric systems operational The utility and power sector Yes Third-party Up to 3 years Every 5 years
FISMA Protect the federal government’s assets The federal government and third parties operating on its behalf Yes The FISMA Center 12 weeks Every year
NIST Special Publication 800-53 Compliance with the Federal Information Processing Standards' (FIPS) 200 requirements and general security advice Government agencies N/A Self N/A N/A
NIST Special Publication 800-171 Management of controlled unclassified information (CUI) to protect federal information systems Contractors and subcontractors of federal agencies N/A Self N/A N/A
IAB CCPA Protecting California consumers’ data California businesses and advertising tech companies N/A Self N/A N/A
CIS Controls General protection against cyber threats Anyone Yes Third-party

Resources

  1. Linux Foundation IT Policy
  2. https://wiki.mozilla.org/Security
  3. https://github.com/ssllabs/research/wiki/SSL-and-TLS-Deployment-Best-Practices
  4. https://secureframe.com/blog/security-frameworks
  5. How Ubuntu enables your compliance with FedRAMP, FISMA, FIPS, and DISA-STIG This 50 minute video from Canonical can provide insight as to how an Enterprise MediaWiki solution can address the concerns related to these frameworks.

References