427 Botnet fm qxd


Confidentiality Agreements



Download 6,98 Mb.
Pdf ko'rish
bet332/387
Sana03.12.2022
Hajmi6,98 Mb.
#878307
1   ...   328   329   330   331   332   333   334   335   ...   387
Bog'liq
Botnets - The killer web applications

Confidentiality Agreements
Confidentiality agreements
are used to prevent information from being disclosed
outside an organization.They are used to limit the types of information that
www.syngress.com
404
Chapter 11 • Intelligence Resources
427_Botnet_11.qxd 1/9/07 9:56 AM Page 404


may be discussed with third parties, and are often used in environments where
security is an issue. After all, what is the point of having network security if
the people using the network are free to discuss anything they have access to
on a blog or in a bar? Depending on where you work, you may have signed a
confidentiality agreement upon being hired. If you’ve joined a membership
organization that deals with security, you will almost certainly need to abide
by one.
What Can Be Shared
In World War II, there was an adage that “Loose lips sink ships,” meaning that
talking about what you know to the wrong person could cause significant
damage.The same holds true today, especially when it comes to security
issues, which is why confidentiality agreements are used to deter revealing
information to the wrong person. In any confidentiality agreement, you
should restrict information on a need-to-know basis.
In membership organizations that expect information to be kept in confi-
dence, members are allowed to share information with other members, and
the peers and subordinates within their own organization. However, allowing
you to discuss information with your peers at work doesn’t mean discussing
something at the water cooler.The reason for sharing information with others
in your organization should be solely for the purpose of dealing with threats
and improving security.
What Can’t Be Shared
If you do discuss information with someone, many membership organizations
require you not to identify their organization, other organizations, or name
individuals. Releasing information about a third party could provide details
the organization doesn’t want revealed, such as the servers they’re using, fire-
wall information, and other aspects of their network infrastructure. In the
wrong hands, this information could provide some elements that could be
used to attack the system. Additional problems could result if the source was
wrong, and you were spreading false rumors about the third party. At the very
least, it could lead to embarrassment for the third party, if they didn’t want the
information released. If you do name a third party, you should get consent
from the source and get permission from the organization being mentioned.

Download 6,98 Mb.

Do'stlaringiz bilan baham:
1   ...   328   329   330   331   332   333   334   335   ...   387




Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling

kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha


yuklab olish