2 cissp ® Official Study Guide Eighth Edition



Download 19,3 Mb.
Pdf ko'rish
bet351/881
Sana08.04.2023
Hajmi19,3 Mb.
#925879
1   ...   347   348   349   350   351   352   353   354   ...   881
Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

Credential Management
The storage of credentials in a central location is referred to as credential management. 
Given the wide range of internet sites and services, each with its own particular logon 
requirements, it can be a burden to use unique names and passwords. 
Credential manage-
ment
solutions offer a means to securely store a plethora of credential sets. Often these 
tools employ a master credential set (multifactor being preferred) to unlock the dataset 
when needed. Some credential-management options can even provide auto-login options for 
apps and websites.
Authentication
Authentication on or to a mobile device is often fairly simple, especially for mobile phones 
and tablets. However, a swipe or pattern access shouldn’t be considered true authentica-
tion. Whenever possible, use a password, provide a personal identification number (PIN), 
offer your eyeball or face for recognition, scan your fingerprint, or use a proximity device 
such as an NFC or RFID ring or tile. These means of device authentication are much more 
difficult for a thief to bypass if properly implemented. As mentioned previously, it’s also 
prudent to combine device authentication with device encryption to block access to stored 
information via a connection cable.
Geotagging
Mobile devices with GPS support enable the embedding of geographical location in the 
form of latitude and longitude as well as date/time information on photos taken with these 
devices. This allows a would-be attacker (or angry ex) to view photos from social network-
ing or similar sites and determine exactly when and where a photo was taken. This 
geo-
tagging
can be used for nefarious purposes, such as determining when a person normally 
performs routine activities.
Once a geotagged photo has been uploaded to the internet, a potential cyber-stalker may 
have access to more information than the uploader intended. This is prime material for 
security-awareness briefs for end users.
Encryption
Encryption is often a useful protection mechanism against unauthorized access to data, 
whether in storage or in transit. Most mobile devices provide some form of storage encryp-
tion. When this is available, it should be enabled. Some mobile devices offer native support 
for communications encryption, but most can run add-on software (apps) that can add 
encryption to data sessions, voice calls, and/or video conferences.

Download 19,3 Mb.

Do'stlaringiz bilan baham:
1   ...   347   348   349   350   351   352   353   354   ...   881



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish