Organizational Device Usage
Summary
Purpose
Guiding Questions
Operational Security
Preparation
Outputs
Activities
References and resources for Organizational Device Usage
-
Guidelines: "Guidelines on Firewalls and Firewall Policy" (NIST 800-41)
-
Benchmarks: "Security Configuration Benchmarks" (CIS Security Benchmarks)
-
Repository: "National Checklist Program Repository - Prose security checklists" (National Vulnerability Database)
-
Security Guidance: "Operating Systems Security Guidance" (NSA)
-
Windows Utility: "HardenTools" (Security Without Borders)
-
Guide: "How to Teach Humans to Remember Really Complex Passwords" (Wired)
-
Guide: "Security on Passwords and User Awareness" (HashTag Security)
-
Video: "What’s wrong with your pa$$w0rd?" (TED)
-
Article: "Password Security: Why the horse battery staple is not correct" (Diogo Mónica)
-
Organization: "Passwords Research" (The CyLab Usable Privacy and Security Laboratory (CUPS))
-
Guide: "Hacker Lexicon: What Is Password Hashing?" (Wired)
-
Guide: "7 Password Experts on How to Lock Down Your Online Security" (Wired)
-
Password Survery: [Encountering Stronger Password Requirements:
- identify what privileges services are running as
- identify is the admin user is called admin or root
- Identify if users are logging in and installing software as admin.
- Checklist: "Firewall Configuration Checklist." (NetSPI)
- Identifying if a device is using encryption by OS
- Encryption availablility by OS
- Encryption Guides
-
Guide: "Physical Penetration Test" (About The Penetration Testing Execution Standard)
-
Checklist: "Check list: Office Security" (Frontline Defenders)
-
Manual: Planning, improving and checking security in offices and homes
-
Guide: "Physical Security Assessment - pg. 122" (OSTTM)
-
Guide: "Workbook on Security: Practical Steps for Human Rights Defender at Risk" (Frontline Defenders)
-
Guide: "Protect your Information from Physical Threats" (Frontline Defenders)
-
Policy Template: [Information Security
Device Assessment:
Password Security:
User Attitudes and Behaviors](https://cups.cs.cmu.edu/soups/2010/proceedings/a2_shay.pdf#page=14) (CUPS)
Privilege Separation Across OS:
Examining Firewalls Across OS:
Identifying Software Versions:
Device Encryption By OS:
Anti-Virus Updates:
Identifying Odd/One-Off Services:
Physical Assessment:
Policy Templates](https://www.sans.org/security-resources/policies) (SANS)