the cia traid
3个A autnentication authorization accounting
zero trust
physical security
物理安全。
barricades/bollards.
water ,bridge;路标? moats 待查 允许行人经过,不允许汽车经过。
access control vestibules
build a perimeter
video surveillance
cctv closed circuit television
- can replace physical guard
guards and access bagdes
lighting
- parking lot
sensors
- infrared motion
- pressure floor and window
- 微波 超波 motion
deception and disruption
honeypots
attract the bad buys,and trap them there. virtual system
honeynets
蜂蜜罐的集合,更真实。network
honeyfiles
files with fake information
honeytokens
add some traceable data to the honeynet,例子有 api credentials 和 fake email addresses,database records,brower cookies,如果data 被盗走了,你知道它在哪里
change management
- update software,operating system,微软每月更新
- a formal change control process
change approval process
avoid downtime,confusion and mistakes
ownership
- an individual or entity needs to make a change ,they own the process,they donot usually perform the actual change.
- the owner manages the process ,process updates are provided to the owner,ensures the process is followed an acceptable
[! example] address label printers needs to be upgraded shipping and receiving department owns the procfess it handles the actual change
stakeholders
受该change的影响的人。 从底层到ceo,小小的改变 影响许多的人。
impact analysis
risk value
test results
sandbox testing environment
backout plan
backups undo the change
maintenance window
change 的时间考虑
technical change management
focused on how