Church File Security

Whether government, corporate or faith-based file security is important.

No matter the denomination, church file security is especially important because it may not only deal with money, and privacy but the sanctity of the church community. The member, guest and family information must be protected just as much as the preacher, reverend, deacons, bishops, nuns, and/or administrators.

Coordination of church file security:
It is important to first identify what are the churches sensitive data. You may have in your mind what is or isn’t important files to protect for the church, but you may not have the authority or prerogative to make such an important determination. Even if you do, it important to get ideas from the staff and or clergy of what files should be protected and what level of protection should be considered. And interview or meeting with information owners is the first step.

Access to the church files:
Anyone with access to the church files should sign a user license agreement. This is a standard for security no matter what organization you enter. This is to make sure that those who are trusted with access understand what they can and can not do when entering the system. Items in a basic user license agreement include: what can be copied and/or installed on the system, what can and can not be done while accessing church files, whether or not church files are monitored for heightened security. User License agreements are usually done when multiple people have access to a medium to large network with critical resource (i.e. privacy data, financial information, sensitive data). They are also done for software, website/forum and data base access.

You can find examples of a user license agreement on the Internet.

What Church Files to Protect:
Files in a church community may include mission, member, drive, donation and service information that need to be protected. Any files dealing with any money should be protected always. Personal files of church members should be protected as well as data bases with potentially sensitive information. Even if the church has NO sensitive information, the files that allow any access from the Internet (such as webpages or ftp files and folders) should protected with various levels of security including: Username password (don’t EVER use anonymous for FTP), mandatory user registrations, and file permission lock down.

The reason this is important even for churches with no sensitive information, is that some malicious hackers like to use other organizations resources to upload viruses, spam, scams and pornography.

Regulations to consider:
The Privacy Act of 1974 make it mandatory to protect the personal information of all individuals

No agency shall disclose any record which is contained in a system of records by any means of communication to any person, or to another agency, except pursuant to a written request by, or with the prior written consent of, the individual to whom the record pertains, MORE

Health Insurance Portability and Accountability Act (HIPAA) is another important law to consider when addressing church file security. Among other things, HIPAA deals with the protection of peoples medical and health history.

File Permission:
Files that are sensitive for a church should have some permissions assigned to them to allow only authorized users (system administrators, missionaries, clergy, secretaries) access. This is one part of the access control. Most operating systems have this capability. Don’t forget that not only computers need to be protected, routers, switches and databases also need adequate security.

NSA Security Blackberry

Sectera

The IPhone may look pretty, but the Sectera will kick its ass in a combat zone. If you took the IPhone to Afghanistan there is a good chance that the powdery, flower like sand would eat it its sexy smooth face and spit out a pitted, shiny, $400 dollar paper weight/Frisbee. If your going to combat and have a gritty, dirty critical mission, you’ll need something like the Sectera to keep up with you.

A look at the Sectera.

The Sectera is ruggedized in accordance with MIL-STD-810F. This means that it can be dropped, put in water, survive some level of vibration, humidity, temperature and dust.

More on the Sectera

The Sectéra® Edge™ smartphone converges secure wireless voice and data by combining the functionality of a wireless phone and PDA — all in one easy-to-use handheld device. Developed for the National Security Agency’s Secure Mobile Environment Portable Electronic Device (SME PED) program, the Sectéra Edge is certified to protect wireless voice communications classified Top Secret and below as well as access e-mail and websites classified Secret and below. The Sectéra Edge is the only SME PED that switches between an integrated classified and unclassified PDA with a single key press.

Features

* Versatile
o Secure and non-secure wireless phone, e-mail and web browsing
o Withstands rigors of both tactical and everyday environments
o Global roaming over GSM, CDMA or Wi-Fi* wireless networks
o Software upgradeable to VoIP
o Exchange secure e-mail with government personnel, including S/MIME BlackBerry® users
o IPv6 software upgradeable
* Easy-to-Use
o Familiar Microsoft® Windows® Platform
o Wireless desktop synchronization
o Separation of Classified and Unclassified applications
o One-touch switching between classified and unclassified PDA functions
* Advanced Security Features
o Secure wireless access to the SIPRNET and NIPRNET
o DoD PKI enabled Common Access Card (CAC) support
o Supports DoD 8100.2 requirements
o Type 1 encrypted storage of classified data
o Can be used inside closed areas with “SCIF-Friendly” feature

The ABCs of securing your wireless network

Introduction

Ars Technica’s original Wireless Security Blackpaper was first published back in 2002, and in the intervening years, it has been a great reference for getting the technical lowdown on different wireless security protocols. As a sequel to the original blackpaper, we wanted to do something a little more basic and practical, because the number of devices with 802.11x support has greatly expanded since 2002. Wireless security is no longer the domain of geeks and system administrators, but is now an issue in the lives of everyday users, from the worker with a home office who wants to keep sensitive files secure to the homemaker who wants to avoid an RIAA lawsuit because the teen next door is a wireless-leeching P2P addict.

read more | digg story

Forget Security… start blogging!

blog it
To all would be Information Technology specialist, geeks, and security professionals! Do not put all your eggs in one basket. The corporate world isn’t all that great. Do you really want to be a corporatized zombie in a cubicle farm? Do you want be a work junkie strung out on caffeine with coffee ivy jammed directly into your left ventricle? These are not rhetorical questions. Verily, I say unto you from the front lines of corporate and government mind fields, financial stability is no more unless you have multiple streams of passive income.

I too once dreamed of corporate back rubs, company cars, company Visas. But I’m telling you that on the bottom end of the corporate and government ladder, Robin Leech is not going to wish you Champaign dreams and Strawberry wishes. Robin Leech is going to make you fix his bloody computer and hook up his filthy 802.11g wireless. Robin Leech is going to piss on you like Robert Kelly did to that teenage girl… and you know what the sad part about that is.. you are going to learn to love that golden shower.

Listen. Seriously. All joking aside. I am not an ingrate. I appreciate my employment. I enjoy technology, security and even some of my trips to Hawaii :). I get paid more money than anyone in my family (which isn’t saying much) but one thing I’ve come to realize is that TIME is infinitely more valuable than money (especially the US dollar circa 2008). I figure the only way to get more time is to become completely self employed. Which is something I’d like to do via blogging, one of my favorite pass times (aside from pr0nagraphy). This blog actually makes me a few hundred dollars every month. The crazy things is that Steve Pavilina and Darren Rowse make more in one month from their blogs than many people make in one year. That is what I want to do. And if you are smart (and I KNOW you are) you do too. Start blogging yesterday. Talk about anything to start then turn it into a cash machine as you learn from the Jedi Knights of blogging.

Blog you will, hmm. — Master Yoda

1 2 3