2. Data in transit encryption: This refers to the encryption of data that is being transmitted between devices or systems, such as over a network or the internet. This can include email messages, file transfers, and remote access sessions. Data in transit encryption is typically used to prevent unauthorized interception or access to data as it travels across networks.
Both data at rest and data in transit encryption can use a variety of encryption algorithms and protocols to protect data, such as Advanced Encryption Standard (AES), Transport Layer Security (TLS), and Secure Sockets Layer (SSL).
Retention policies
Retention policies refer to a set of guidelines and procedures that determine how long an organization should keep specific types of data or information. Retention policies are important for ensuring that organizations comply with legal and regulatory requirements for data retention, as well as for managing the storage of data and ensuring that it is available when needed.
Retention policies typically specify how long different types of data should be kept, and under what circumstances they can be deleted or archived. For example, an organization might have a retention policy that requires email messages to be retained for seven years, after which they can be deleted. The policy might also specify that certain types of email messages, such as those related to legal or financial matters, should be retained for a longer period of time.
Retention policies can be based on a variety of factors, including legal and regulatory requirements, industry best practices, and the specific needs of the organization. They are typically enforced through the use of data management tools and processes, such as backups, archiving, and data retention schedules.
Data storage
Physical location storage refers to the actual physical space where data is stored, which can be a server room, data center, or other facility. Off-site storage refers to storing data in a different physical location from the primary storage facility, which is usually done for disaster recovery purposes. On-site storage refers to keeping data in the same physical location as the primary storage facility.
Both on-site and off-site storage have their own advantages and disadvantages. On-site storage provides faster access to data and better control over security, but it is also more susceptible to physical damage, theft, and natural disasters. Off-site storage provides better protection against disasters and theft, but it can be more expensive and slower to access data.
Organizations typically choose a combination of on-site and off-site storage depending on their business needs, risk tolerance, and budget. Retention policies also play a role in determining where data is stored and for how long.
UEFI/BIOS passwords
UEFI (Unified Extensible Firmware Interface) and BIOS (Basic Input/Output System)
are firmware interfaces that start the boot process of a computer system. They control the hardware initialization and then pass control to the operating system.
UEFI/BIOS passwords and bootloader passwords are security measures that can be implemented to protect the system from unauthorized access.
UEFI/BIOS passwords are used to protect the firmware settings of a computer system, preventing unauthorized users from modifying these settings. The password is set in the system firmware and prompts the user to enter it before allowing access to the firmware settings.
Bootloader passwords
Bootloader passwords are used to secure the boot process of a computer system. The bootloader is responsible for loading the operating system kernel into memory. A bootloader password prevents unauthorized users from modifying the boot process, which could allow them to gain access to the system or install malware.
Business impact
Business impact refers to the overall effects on a company's operations and finances caused by an event that disrupts or damages its normal business activities. In the context of server administration, business impact can be assessed based on the value of the data being managed and the impact of a disruption or loss of that data on the business operations.
It is essential to prioritize data based on its value to the business, and then ensure that adequate security measures are in place to protect that data. Life-cycle management includes ensuring that proper procedures are followed to ensure that data is backed up, regularly maintained, and securely destroyed when it is no longer needed.
The cost of security measures should be weighed against the potential risks and costs of a security breach or data loss. In some cases, it may be more cost-effective to invest in robust security measures to protect valuable data, while in other cases, it may be more cost-effective to take the risk of not investing in security measures because the data is not as critical to the business. Ultimately, the business impact of data security and disaster recovery should be carefully evaluated and balanced against the costs of implementing and maintaining security measures.
Physical security
Physical security refers to the protection of a physical location or asset from unauthorized access, theft, damage, or destruction. This can include securing buildings, rooms, equipment, and other physical assets. Physical security measures are put in place to prevent unauthorized access, deter potential intruders, and reduce the risk of theft, damage, or loss.
Examples of physical security measures include access control systems (such as keycard readers or biometric scanners), surveillance cameras, security guards, perimeter fencing, alarm systems, and environmental controls (such as fire suppression systems or temperature and humidity monitoring). These measures can help ensure the safety and security of people and assets, and are often part of a larger security plan that includes cybersecurity, risk management, and disaster recovery strategies.
Physical access controls
Physical security refers to the measures taken to secure a physical space or facility, including buildings, data centers, and other assets. Physical access controls are one type of physical security measure, and they involve implementing barriers and other controls to prevent unauthorized access to a physical space.
Here are some examples of physical access controls:
Bollards: These are short, sturdy posts that are often used to prevent vehicles from entering certain areas. They can also be used to prevent people from driving into buildings or other sensitive areas.
Architectural reinforcements: These are design elements that are built into a facility to make it more secure. For example, reinforced walls or doors can make it more difficult for intruders to break in.
Signal blocking: This involves preventing wireless signals from entering or leaving a facility. This can be achieved through the use of signal-blocking materials or by creating a Faraday cage around the facility.
Reflective glass: This type of glass is designed to be one-way, which means that people inside a building can see out, but people outside cannot see in. This can be useful for preventing outsiders from observing sensitive activities or information.
Data center camouflage: It refers to the use of external design elements or landscaping to blend in the appearance of a data center with its surroundings. This is done to make the data center less conspicuous and reduce the likelihood of it being targeted by attackers. Examples of data center camouflage include designing the building to match nearby buildings, using vegetation to obscure the view of the building, or making the building look like an office building or warehouse rather than a data center.
Overall, physical access controls are an important aspect of physical security, and they should be implemented in conjunction with other security measures, such as surveillance cameras and intrusion detection systems.
