We want to keep our information confidential.
- We use:
- Encryption for data at rest (for instance AES256), full disk encryption.
- Secure transport protocols for data in motion. (SSL, TLS or IPSEC).
- Good best practices for data in use – clean desk, no shoulder surfing, screen view angle protector, PC locking (automatic and when leaving).
- Strong passwords, multi factor authentication, masking, Access Control, Need-to-Know, Least Privilege.
- Threats:
- Attacks on your encryption (cryptanalysis).
- Social engineering.
- Key loggers (software/hardware), cameras, Steganography.
- IOT (Internet Of Things) – The growing number of connected devices we have pose a new threat, they can be a backdoor to other systems.