Security Architecture for Startup


         
 Security Architecture is the design artifacts that describes how the security controls are positioned and how they relate to the overall systems architecture. These controls serve the Purpose to maintain the system's quality attributes such as confidentiality, integrity and availability.

Following is the 10 steps plan required to build Security Architecture For Startup : 
  •  Pick Your battle
  •  Establish a security culture
  •  Pick security platform
  •  Upgrade your software
  •  Physical security
  •  Control the internal network
  •  Secure coding
  •  Protect devices against malware
  •  Perform security audits
  •  BYOD Policies
Pick Your Battle


You can't secure everything, Quantify the monetory damage, likelyhood and mitigation cost of each threat to prioritize time and resource. Below are the list of threats which can taken into consideration as per Goal of the Industry (Budget + Risks).



Establish a Security Culture


Show Your team that Security is Important Factor through communication and example. Provide Periodic Training , Penetration testing and Password management Tools.


  • Executives and Board Members set the Example
  • Authorization and Access
  • Update and Backup Files
  • Deploy and Engaging Cyber Security Awareness Program
  • Employee Cyber Security Awareness Program


Pick Secure Platform

Select Compute Platforms with High Security such as Linux, Chromebooks ,IOS google Apps and Open Secure Systems. Selecting Platform plays an important Role in Security. many Platforms Are Available in market, below are the list of few Platforms :


Operating system platform
  •  Amiga OS
  •  BSM line, FreeAids, NetBSD, OpenBSD
  •  Google Chrome OS
  •  Linux
  •  Google Android
  •  IOS
  •  Mac OS
  •  Microsoft Windows
  •  WINE
  •  IBM/Microsoft Operating System 2
  •  PlayStation Portable
  •  Solaris
  •  Nintendo
  •  Venkit
Software platform
  •  Java - JDK and JRE
  •  .NET Framework
  •  Mozilla Prism Xul and XUL Runne
  •  UniPaaS
  •  Adobe AIR
  •  Mono
  •  Vexi
  •  Flash
  •  UCSD p-System
  •  Steam
  •  UI
  •  Eclipse
Gaming software platforms
  •  Venkit
  •  zMachine
  •  TADS
  •  SCUMM
  •  AGI
Upgrade your Software's

Upgrade your Software's with latest security Patches. set Automatic Safegaurd against software vulnerability that can be exploited by latest virus or malware.

Why patch?

If your computer seems to be working fine, you may wonder why you should apply a patch. By not applying a patch you might be leaving the door open for a malware attack. Malware exploits flaws in a system in order to do its work. In addition, the time frame between an exploit and when a patch is released is continually getting shorter.

What to patch?

Not all of the vulnerabilities that exist in products or technologies will affect you. However, any software you use is a potential source of vulnerabilities that could lead to a compromise of security or identity. The more commonly used a program is, the bigger target it represents and the more likely it is that a vulnerability will be exploited. For the more obscure software you use, contact the vendor to receive updates, patches, or vulnerability alerts. Additionally, don't forget to patch your anti-virus software.


Physical Security

Physical security is often overlooked and its importance underestimated. In favor of more technical threats such as hacking, malware, and cyberespionage. However, breaches of physical security can be carried out with brute force and little or no technical knowledge on the part of an attacker.


Physical security has three important components: access controlsurveillance and testing.


First, Obstacles should be placed in the way of potential attackers and physical sites should be hardened against accidents, attacks or environmental disasters. Such hardening measures include fencing, locks, access control cards, biometric access control systems and fire suppression systems.


Second, physical locations should be monitored using surveillance cameras and notification systems, such as intrusion detection sensors, heat sensors and smoke detectors.


Third, disaster recovery policies and procedures should be tested on a regular basis to ensure safety and to reduce the time it takes to recover from disruptive man-made or natural disasters.



Control The Internal Network

    Ensure your network have secured VPN technology to create safe internet connections to or from your provate networks. mandate strong two factor authentication such as one time password tokens or certificate based smart cards to support this.
  •  Track Every IT Asset
  •  Installed securely configured images on all computers
  •  Lock down all Admin Accounts.
  •  Use DMZ proxy and Light SIEM
  •  Automate Patching
  •  Encrypt and test your backup system
Secure Coding

Securing coding is the practice of developing computer software in a way that guards against the accidental introduction of security vulnerabilities.

Top 10 Secure Coding Practices :
  •  Validate input
  •  Heed compiler warnings
  •  Architect and design for security policies
  •  Keep it simple
  •  Default deny
  •  Adhere to the principle of least privilege
  •  Sanitize data sent to other systems
  •  Practice defense in depth
  •  Use effective quality assurance techniques
  •  Adopt a secure coding standard

Protect Devices Against Malware

There are numerous ways to protect and remove malware from our computers. No one method is enough to ensure your computer is secure. The more layers of defense, the harder for hackers to use your computer. Here are Five simple, but critical steps to protect your computer.

  •  Install Firewall
  •  Install Antivirus Software
  •  Install Anti-Spyware Software
  •  Use Complex and Secure Passwords
  •  Check on the Security Settings of the Browser

Perform Security Audits

    Regularly review security policies to keep up with the latest technologies changes to act proactively rather than ractively to avoid software vulnerabilities


How to manage a successful audit :

  •    Establish a security baseline through annual audits.
  •    Spell out your objectives.
  •    Choose auditors with "real" security experience.
  •    Involve business unit managers early.
  •    Make sure auditors rely on experience, not just checklists.
  •    Insist that the auditor's report reflects your organization's risks.

 BYOD policies

    BYOD stands for Bring Your Own Device. Companies that allow employees to use their own mobile devices need to have a well-thought-out BYOD policy that governs how they can be used. The policies are designed to protect the company from numerous security concerns. Among the things every effective BYOD policy should include are:


Devices: Spell out which specific devices and operating systems the company will support.

Passwords: Requiring all devices to be password-protected adds additional security.
Use: Determine which functions – email, Word documents, etc. – employees can access from their mobile devices.
Applications: Any outside applications that cause extra security concerns should be banned.
Reimbursement: Detail any mobile costs you might reimburse employees for.

Employers should require all employees to sign the BYOD policy upon starting with the company. In addition, employees must be alerted any time a change is made to the policy.



Please Share If you like

Thank You :-)






Comments

  1. Really it is very useful for us..... the information that you have shared is really useful for everyone. If someone wants to know about EHS Software and Occupational Safety Softwares I think this is the right place for you.

    ReplyDelete
  2. Thanks for the valuable information. Cyber security is the backbone for any industries. Today’s world, Hackers are targeting people's increased dependence on digital tools. Information Security Company in Chennai Strategy to maintain cybersecurity include maintaining good cyber hygiene, verifying sources and staying up-to-date on official updates.
    Penetration Testing Services in chennai
    VAPT Services ‎in Chennai
    BCP services in chennai
    Soc Service Provider In chennai
    Business Continuity management service in chennai

    ReplyDelete
  3. Thanks for the valuable information. Are you looking for a one-stop solution to your Information/Cybersecurity needs? IARM, one of the few companies to focus exclusively on End-End Information/Cybersecurity solutions and services providers to organizations across all verticals.
    Top Cyber Security Company in Chennai
    Penetration Testing Provider in Chennai

    ReplyDelete

Post a Comment

Popular posts from this blog

RTR using Falcon Crowdstrike

Top Commands Mostly Used By System Administrator.

SECURITY OPERATION CENTRE

Damn Vulnerable Web Application - Part 1

Cyber Threat Intelligence

Collective Intelligence Framework v3 - Part 1

Top 20 Subdomains Search Engines

Collective Intelligence Framework v3 - Part 2

TrickBot Malware Family - A Deep Dive using Falcon Crowdstrike