Free download. Book file PDF easily for everyone and every device. You can download and read online Wireless Operational Security file PDF Book only if you are registered here. And also you can download or read online all Book PDF file that related with Wireless Operational Security book. Happy reading Wireless Operational Security Bookeveryone. Download file Free Book PDF Wireless Operational Security at Complete PDF Library. This Book have some digital formats such us :paperbook, ebook, kindle, epub, fb2 and another formats. Here is The CompletePDF Book Library. It's free to register here to get Book file PDF Wireless Operational Security Pocket Guide.
Browse this book

As stated in Section Departments that hold or use information from outside the Government of Canada e. Departments need to actively monitor their management practices and controls. As part of this responsibility, departments assess and audit IT security and remedy deficiencies where necessary. Departments must conduct an annual assessment of their IT security program and practices to monitor compliance with government and departmental security policies and standards using the IT Security Self-Assessment methodology developed by the Treasury Board Secretariat.

This methodology will be detailed in subsequent documentation. The IT Security Self-Assessment will identify deficiencies and help departments recognize and implement remedial action.

Wireless Operational Security

Based on the results of this self-assessment, departments must develop or update their IT security action plan and determine the resources required to implement it. Planning for IT security audits must be incorporated into the overall departmental internal audit planning process, and prioritized in accordance with the TBS Policy on Internal Audit , departmental and Government of Canada requirements and the overall departmental risk management strategy and practices.

In general, the internal audit planning process assigns priority to the areas of higher materiality and risk, fundamental departmental financial, administrative or control systems and external performance reporting processes. The IT Security Coordinator and the Chief Information Officer must be consulted during each phase of any audit of the IT security program, and in all audits of departmental programs or services that have an IT security component.

The IT Security Coordinator must prepare a written response to the IT security audit and develop an action plan for senior management approval. Departments must inform and regularly remind personnel of IT security responsibilities, concerns and issues. These personnel include all those with access to the governmental information and IT assets. Departments must provide IT security awareness in their employee orientation training.

Departments should incorporate IT security awareness into their broader departmental security awareness program. Departments must ensure that all personnel know of the security risks associated with computers at workstations and other equipment e. Personal Digital Assistants - PDAs , given that the security of the information accessed depends primarily on the person using the equipment.

To increase employee awareness, departments are encouraged to post notices about IT security in all areas where personnel work, and check workstations routinely to ensure personnel are respecting IT security practices. Departments must provide ongoing IT security training to all individuals with significant IT security responsibilities.

Part III provides direction and guidance on some of the technical and operational safeguards that are available. Departments select a combination of these and potentially other safeguards that together reduce the residual risk to an acceptable level. Additional safeguards are described in other security standards and technical documentation.

Read the latest news from Swift Office Cleaning Services

Departments must apply graduated safeguards that are commensurate with the risks to their information and IT assets, with more rigorous safeguards as asset values, service delivery requirements and threats to confidentiality, availability or integrity increase. Factors affecting the graduation level are discussed in Section Departments can reduce overall security costs for IT systems by segregating sensitive information and services and focusing more expensive and restrictive safeguards on a limited array of assets.

When proposing configuration management or system changes, departments must seek the advice of the IT Security Coordinator where changes could potentially compromise security. IT security measures must be incorporated into the routine functions of the Department's problem reporting process or centralized Help Desk facility.

The Help Desk is typically the first point of contact for users to report issues such as password problems, data corruption, network performance issues, or service outages. Where the incident involves a possible security breach, documented response procedures must outline how Help Desk personnel will document the event, identify trends, notify the IT Security Coordinator or an incident response team, and instruct the user on how to proceed.

In support of availability requirements, departments should monitor system and network capacity in order to plan and implement timely capacity changes. Departments must ensure that underlying system services e. Based on a trusted time source, departments provide an accurate time and date throughout their systems and networks.

Trusted time is particularly important in activities as electronic financial transactions and digital signatures, and for audit and investigations. Departments must adopt an active defence strategy that includes prevention, detection, response and recovery PDRR. Prevention is the first line of defence.

Because prevention safeguards can be defeated, departments have to be able to detect incidents rapidly, respond quickly to contain damage, and recover systems and data in a timely manner. Departments must continuously monitor threats and vulnerabilities and, where required, take proactive countermeasures.

During increased Readiness Levels or periods of heightened IT threat, departments are required to increase their vigilance by, for example, increasing the operating hours of a departmental Information Protection Centre IPC to twenty-four hours a day, seven days a week. Departments that have highly sensitive, critical information and IT assets or that depend on complex networks and systems may benefit from establishing a dedicated Information Protection Centre IPC.

An IPC would coordinate active defence within the department, and ensure the department communicates and cooperates with PSEPC and other security organizations. Prevention safeguards protect the confidentiality, integrity, and availability of information and IT assets. Physical security measures, e. Physical security can also protect information and IT assets from fire, floods, earthquakes, and power failure etc.

The requirements set out in section This includes defining security requirements in IT accommodation plans, and using appropriate physical security zones, containers and other security mechanisms to protect IT information and assets. Departments must protect portable devices such as laptops, handheld digital devices and cell phones, given the information they contain and their monetary value.

Departments that need to destroy or dispose of IT media containing classified or protected information must follow the methods and procedures defined in associated technical documentation.

How to operate or set Sysvideo home security WiFi IP camera MIPC APP?

Departments must mark IT media containing classified or protected information in accordance with the Operational Security Standard on the Identification of Assets , and must, in accordance with the Operational Security Standard on Physical Security:. The purpose of personnel security measures is to establish trust in personnel and others, who require access to government systems and networks. The security requirements for personnel screening in section In addition, departments must screen, to at least the secret level, all personnel with privileged access to critical systems.

Departments should consider the cost, quality, effectiveness, ease-of-use, assurance, and impact on the performance of the department's systems when selecting security products. Departments should use evaluated products, especially in systems where the security afforded by that product is assured. Where evaluated products are not selected, departments should validate this choice and provide alternate forms of assurance as part of certification and accreditation.

Departments must incorporate identification and authentication safeguards in all their networks and systems, according to the level or risk for the network or system. When assigning a unique identifier for users, departments must ensure the proper identification of the individual to whom the identifier is issued. Identification and authentication is important because most other security safeguards rely on it.

For low-risk environments e. For higher risk environments e. If additional security is required, departments can use safeguards such as tokens or biometrics. Departments must restrict IT and information access to individuals who have been screened and authorized; have been identified and authenticated; and have a "need to know.

Departments must keep access to the minimum required for individuals to perform their duties i. Departments must withdraw access privileges from individuals including students, contractors, or others with short-term access who leave the organization, and revise access privileges when individuals move to jobs that don't require the same level of access.

When properly used, cryptography is an effective means of ensuring confidentiality, integrity, authentication and non-repudiation. Departments must ensure effective key management, including the protection and recovery of cryptographic keys. Departments must use encryption or other safeguards endorsed or approved by the Communications Security Establishment CSE to protect the electronic communication of classified and Protected C information. However, departments must encrypt protected B information before transmitting it across the Internet or a wireless network.

Public Key Infrastructure PKI is one way that departments can fulfill requirements for authentication, confidentiality, integrity and non-repudiation. PKI provides public key encryption and digital signatures as well as processes for managing public keys. The certificate policies define the security requirements for certificates at various assurance levels. Departments must segregate networks into IT security zones and implement perimeter defence and network security safeguards. The use of IT security zones by all departments ensures a consistent, minimum level of protection of data communication networks across the government.

Departments must strictly control all Public Zone interfaces, including all external uncontrolled networks such as the Internet, at a defined security perimeter. Departments must use perimeter defence safeguards e.

See a Problem?

Off-site use of departmental IT assets can introduce additional information security risks. Departments that allow personnel to access departmental information and IT assets, networks and systems from outside their government offices must establish procedures for such use. To protect the remote computer, the information it contains, and the communications link, departments should use an effective combination of physical protection measures, access controls, encryption, malicious code protection e.

Departments must ensure that personnel working off-site are made aware of their security responsibilities, including the sensitivity and criticality of the information and IT assets they access. The use of wireless devices can introduce additional information security risks. Departments must apply appropriate safeguards and restrict the use of such devices to individuals who have received departmental approval. Users must turn off wireless devices with a voice transmission capability when attending a meeting at which sensitive information, above Protected A, is being shared.

Departments should contact the Communications Security Establishment for further guidance on the use of wireless devices. Most electronic equipment radiates electromagnetic signals that, if intercepted, can compromise sensitive information. Two fundamental approaches to mitigating this risk are source suppression and containment of the information- bearing signals. Departments need to protect telecommunications cabling from unauthorized interception and damage.

Departments must authorize, control and monitor access to telecommunications wiring, spaces and pathways i. Departments should ensure additional protection, such as a Red Distribution System RDS , for the transmission of Protected C and classified information. Where physical security safeguards are impractical, departments should use encryption or other methods approved by the Communication Security Establishment. Safeguards to prevent and detect the integrity of software can help to avoid many potential security incidents.

Departments should configure their operating systems and application software in accordance with security best practices. Departments must configure their systems to control the use of mobile code e. Departments must implement safeguards to "harden" software that is exposed to the Internet e. Web servers and their software or servers supporting sensitive applications. At a minimum, departments should remove or disable unnecessary services and applications and properly configure user authentication. Departments should prohibit the use of unauthorized software, and should have a capability to scan networks to detect unauthorized software.

For more information on software hardening and configuration best practices, refer to the best practices issued by the Communications Security Establishment, the National Institute for Standards and Technology , and the Center for Internet Security. IT systems are vulnerable to malicious code such as viruses, Trojan horses, and network worms.

E-mail file attachments are among the most common sources of malicious code. Departments must install, use and regularly update antivirus software and conduct malicious code scans on all electronic files from external systems.


  1. Wireless Operational Security!
  2. Operational Security Standard: Management of Information Technology Security (MITS).
  3. .
  4. .
  5. .
  6. My Planets: a fictive memoir.

Departments must install new virus definitions as soon as practical. Departments should implement antivirus detection software at several points in the infrastructure including desktop computers, servers, and departmental entry points. To detect incidents, departments can, subject to applicable laws and relevant policies, use firewalls and routers, audit logs, virus and malicious code detection software, system performance tools, health-monitoring tools, integrity checkers, and host- and network-based intrusion detection systems.

The rigor and extent of detection will depend on the level of risk, including the sensitivity in terms of confidentiality, availability and integrity and the system exposure.

Wireless Operational Security by John W. Rittinghouse

To protect information and ensure service delivery departments must continuously monitor system performance to rapidly detect:. At a minimum, departments must include a security audit log function in all IT systems. Departments must incorporate automated, real-time, incident detection tools in high risk systems. To do so, departments must appoint an individual or establish a centre to coordinate incident response and act as a point of contact for communication with respect to government-wide incident response. The Government of Canada systems and networks should be viewed as a single interconnected entity that requires a coordinated incident response.

PSEPC is responsible for coordinating incident response across the federal government and, with other lead agencies, providing technical assistance, advice and information on the handling of IT security incidents. If monitoring reveals an anomaly, departments must determine whether the cause is a security incident, a hardware or software problem, or an increase in client demand.

An IT security incident refers to an adverse event in an information system or network or the threat of the occurrence of such an event. Incidents can include but are not limited to:. To analyze IT security incidents effectively, departments must understand the types of IT security incidents that can occur, their potential impact, the technical and operational environment, and service delivery priorities.

If more than one incident occurs at the same time or is too complex, departments should prioritize and focus on the most significant incident event first. Departments must develop incident response procedures to follow in order to mitigate damage, contain the cause of the incidents and restore services. Given the interconnectivity of the Government of Canada, departments must always, when responding to an IT security incident, consider the impact of their actions or inaction on other federal organizations. Departments must maintain operational records that show how incidents were handled, documenting the chain of events during the incident, noting the time when the incident was detected; the actions taken; the rationale for decisions; details of communications; management approvals or direction; and external and internal reports.

To meet these requirements, departments must. Legal advisors should be consulted where there is suspicion of criminal activity. In the event that the established primary means of communications is not available, departments should establish an alternative means to communicate incident related information. Before reconnecting or restoring services, departments must ensure that all malicious software has been removed and that there is no potential for recurrence or spread.

Departments must restore essential capabilities within the time constraints and the availability requirements specified in the departmental Business Continuity Plan. Note that system recovery should be conducted in a manner that preserves the integrity of evidence, in the event of a criminal investigation of a security breach, for example. For every severe or major IT security incident that occurs, departments must perform a post-incident analysis which summarizes the impact of the incident, including cost, and identifies.

When requested by PSEPC, departments must share the lessons they learn from their post-incident analysis. By sharing such information across the government, departments can learn from the analyses of other departments and lead agencies. Departments should periodically analyze their own security incident statistics to identify recurring problems or patterns of attack and to estimate the overall cost of incidents with a view to improving service delivery. For enquiries regarding this policy instrument, please contact the Security and Identity Management Division.

Other related standards may be found on the Treasury Board Web site. Skip to main content Skip to "About this site". Defines baseline security requirements that federal departments and agencies must fulfill to ensure the security of information and information technology assets under their control. Security Management, Directive on Departmental Terminology: Expand all Collapse all. Purpose This standard defines baseline security requirements that federal departments must fulfill to ensure the security of information and information technology IT assets under their control.

Service delivery requires IT security. IT security practices need to reflect the changing environment. The Government of Canada is a single entity. Working together to support IT security. Decision-making requires continuous risk management. Introduction This part of the standard provides direction and guidance on how to organize and manage a departmental IT security program. Refresh and try again. Open Preview See a Problem? Thanks for telling us about the problem. Return to Book Page.

Wireless Operational Security by John W. Wireless Operational Security 3. This comprehensive wireless network book addresses the operational and day-to-day security management requirements of 21st century companies. Wireless networks can easily be reconfigured, are very mobile, allow for potentially nonstop exposure, and require the level of security be scrutinized even more than for wired networks.

This includes inherent security flaws in vario This comprehensive wireless network book addresses the operational and day-to-day security management requirements of 21st century companies. This includes inherent security flaws in various wireless architectures that result in additional risks to otherwise secure converged wired networks. An even worse scenario is one where an insecure wireless network is connected to a weakly secured or insecure wired network and the wireless subnet is not separated from the wired subnet.

There are approximately a dozen popular books that cover components of the architecture, design, theory, issues, challenges, and recommended policies for wireless security, none of which address them in a practical, operationally-oriented and comprehensive way. Wireless Operational Security bridges this gap.

Paperback , pages. Published March 8th by Digital Press first published January 1st To see what your friends thought of this book, please sign up. To ask other readers questions about Wireless Operational Security , please sign up. Be the first to ask a question about Wireless Operational Security. Lists with This Book. This book is not yet featured on Listopia. Heavenlyray rated it did not like it Oct 03, Syed rated it it was amazing Mar 21,