How To Host A Website

Menu
  • Home
  • Blog
  • Privacy Policy
  • About Us
  • Contact Us
Home
Articles
Corprate Information Security Lessons
Articles

Corprate Information Security Lessons

Host With The Most April 9, 2020

Information security and asset protection go hand in hand for a business that deals with cash, credit and computers. In the business world the model is shifting to “just in time” logistics and to be successful in that arena information technology is essential.

At the same time, physical security for the building and the employees is also essential. Unfortunately, an overzealous public affairs representative or writer for a product review can negate the best efforts of asset protection and put the company at risk.

Security Capabilities Disclosure is Information Technology Vulnerability

Information Technology (IT) professionals profess that disclosure of password configuration to access a computer system, the type of security or Operating System (OS) being used can provide critical information to those who desire to compromise a system.

Commonly referred to as hackers, the business of penetrating a system involves much more than just computers. Gaining information about business and security systems is often the role of a social engineer. The social engineer finds ways to gain the trust of critical employees to gain enough information. While the tidbits seem little enough alone, when put together a picture emerges that provides a detailed picture and enough information to enable a hacker to gain access.

Commercials about identity theft and bank notices about phishing scams serve to alert consumers and business professionals alike of the dangers of providing too much information to possible criminals. At the same time, the public affairs professional, often with limited IT security training, attempts to promote the company and its accomplishments in many different venues.

Additionally, the manufacturer also attempts to promote their products and detailing specific users can be seen as a way to gain more business from the customer’s competitors and other businesses. It is these types of public disclosures that can damage a company in ways that were unintended and that are preventable.

The Panera Bread Security System Case Study Example

In December of 2018, Security Management published a case study on Panera Bread and how the company saved money by shifting to IP technology for its alarm system. While Panera Bread is not a high risk threat target, the case study provides examples of what a company should avoid. To its credit, this article did disclose that every Panera Bread property is alarmed which could help to reduce the incidence of break-ins and armed robbery. After that, the security violations escalate rapidly into unnecessary disclosure of security information.

The security violations include disclosure that all Panera Bread alarm systems are monitored at a remote site in Broomall, PA. While shifting to IP technology prevents a physical attack from cutting telephone lines at each store site, it does little to prevent a physical attack at the monitoring site in order to conduct a coordinated physical attack a numerous store sites. Not likely for Panera Bread, but again an example of what not to allow in terms of disclosure.

Another violation is identifying that each store utilizes a Honeywell 784i IP Communicator in conjunction with a Honeywell Vista 20P alarm control panel. This type of disclosure allows a potential attacker to acquire the identical equipment and determine vulnerabilities at their leisure.

The errors in disclosure also include that the system uses a polling signal to determine if a line has been cut and does not give consideration that with this information it enables the would be attacker to introduce a duplicate polling signal or an intermediate device that can duplicate the Honeywell equipment such as the device that was used to determine the weakness in the Honeywell components in the first place.

Excessive Self Disclosure Makes Social Engineering Easy

As stated earlier, Panera Bread is unlikely to find itself the victim of a coordinated physical attack but the case study provides examples of what not to disclose. Before releasing information that details any characteristics of a security system or the computer operating system of a business organization it should first be vetted by a security professional who has a good knowledge of hacking capability and social engineering techniques.

As any multidisciplinary security expert knows, information security begins with physical security and both are necessary. A company or any other organization or person should never disclose the security measures in place to anyone except those who have a need to know.

Share
Tweet
Email
Prev Article
Next Article

Related Articles

The web design industry is growing with every day passing. …

How to Make Your Website Number 1

You’ve just had a million-dollar idea for a website. It’s …

How to to Sell a Web Idea

About The Author

Host With The Most

  • What Is The Best Free Web Hosting Service?
  • How To Change Web Hosting Providers
  • Video Hosting Service- How To Host Streaming Video
  • What Makes the Best PC Firewall? Hardware Computer Firewall Tips for the Home PC User
  • How to Start Blogging in a Homeschool Curriculum: It’s Easy for Homeschoolers to Use Blogs and Improve Writing Skills
  • Hosted Exchange Server: Exchange Host Solutions
  • Making Money with Your Website’s Link Page
  • Corprate Information Security Lessons
  • Multiple Domain Hosting- How To Host More Than One Website On One Plan
  • Host Your Own Personal Website- How to Host Your Own Site
  • How Blogs Fit in a Homeschool Writing Curriculum: Ideas to Get Homeschoolers Blogging for Regular Writing Practice
  • How to Make a Website- 5 Simple Steps to Putting a Website Online Fast
  • How To Make a Website Yourself, For Free
  • How to Create a Website In 3 Simple Steps
  • Host Website Builder- Free Website Builders That Come With Hosting Accounts

How To Host A Website

Copyright © 2021 How To Host A Website