• Choose a category
• All
• Classic-Fiction

■ Back up any personal data onto verified removable media.

■ Never walk away from a logged-on workstation.

■ Employ a password-protected screensaver.

■ Don’t use auto-logon features.

■ Be aware of who is around you (and may be watching you) when you log on and when you work with valuable data.

■ Never leave a company notebook, cell phone, or PDA in a position where it can be stolen or compromised while you are away from the office. Cable locks should be used to keep notebooks securely in place whenever you are off site.

The protection of a directory service is based on the initial selection of network operating system and its deployment infrastructure. After these foundational decisions are made, you need to fully understand the technologies employed by your selected directory services system and learn how to make the most functional, yet secure, environment possible. This will usually require the addition of third-party security devices, applications, services, and solutions.

Disaster Planning

Disaster recovery planning and business continuity planning are also an important part of a complete security solution. As an employee, you might not have any involvement in these plans whatsoever. If that’s the case, realize that keeping the details of these plans from the general population of employees is in and of itself a security precaution. The disaster recovery plan and business continuity plan can be used for malicious purposes if they get into the wrong hands. It is common practice to give only relevant portions of the plans to just those specific individuals who are responsible for carrying out sections of the larger plan when an emergency actually occurs.

If you happen to be a person with responsibilities within one of these plans, be sure you keep this information confidential. Always work from the latest and most up-to-date version of the plan. Also, be sure you are fully versed in the steps of the plan long before an emergency occurs. You want to be able to respond by instinct when the pressure is on—don’t wait until an actual event to read all the fine print.

Regardless of whether you have a part in the recovery or continuity plans, you do have a responsibility to yourself and your fellow employees in the event of emergencies. Your responsibility is to assist with anything that will reduce harm and loss of life. This includes knowing how to perform CPR and the Heimlich maneuver, knowing how to use a fire extinguisher, being familiar with multiple escape routes, and more. Your first priority in a disaster is to get everyone to safety. Then you can consider how to minimize losses to the organization.

Documenting Your Environment

When it comes to troubleshooting, documentation might sound mundane and superfluous, but it is a vital aspect of a complete, functioning, and successful security endeavor. With good exhaustive documentation, everything about an environment, from good to bad, will be recorded for future inspection. So, as a budding security expert, you need to document everything. You should document your actions, your discoveries, and your results. Get every instruction, request, or order in writing. Always get “official authority” to perform some action in writing, especially if the action without that authority would be a security breach or a crime. Always document your communications as well as changes to hardware and software. If it is related to security in any way, it needs to be documented.

E-Mail Issues

If malware is one of your biggest security concerns (as it should be), then you need to consider e-mail. It’s the most common delivery mechanism used to deposit malware into your secured environment. E-mail is also often the bearer of hoaxes, spam, phishing, and social engineering attacks. Unfortunately, Internet-based e-mail will always be subject to attack (as well as a means to wage attacks). Internet e-mail delivery is performed in clear text with few means to prevent eavesdropping, alterations, delay, interceptions, and so forth. Currently, the only