INFORMATION SECURITY AND AUDIT
1. Overview of information security
2. Information and Network Security Policies
3. Cryptography and PKI
4. Network security applications
5. Design Principles
6. Compliance, Evaluation system and Law
7. Malicious logic and attacks
8. Vulnerability analysis and IT Audit
9. Intrusion detection and log analysis
LAB WORK -ISA
SOLVED PRACTICE QUESTIONS
PREV NEXT

EMAIL SECURITY 

Email security involves safeguarding email accounts and communications from unauthorized access, loss, or compromise. Organizations can strengthen their email security by implementing policies and utilizing tools designed to defend against threats like malware, spam, and phishing attacks. Email is a prime target for cybercriminals because it serves as an easy entry point to other accounts and devices, often exploiting human error. A single misguided click can trigger a security crisis for the entire organization.

Common Email Protocol : SMTP,IMAP,POP3

Types of Email Attacks

Malicious intent lies at the core of all email attacks, regardless of their form or function. 

Phishing: Attackers impersonate a legitimate organization to trick users into revealing sensitive information.

Spear Phishing: A targeted version of phishing that focuses on specific individuals or organizations using personalized emails.

Ransomware: Malicious software that encrypts files or systems until a ransom is paid.

Malware: Software designed to infiltrate and damage computer systems without the user’s consent.

Spoofing: Attackers forge email headers to make them appear as if the message is from a trusted source.

Email Security Protocol

  • SSL/TLS for HTTPS.
  • SMTPS.
  • StartTLS.
  • SMTP MTA-STS.
  • SPF.

Email Security Policies

Email security policies are rules an organization implements to govern how users interact with messages sent and received via email. 

Policies to enforce email security vary from organization to organization but, in most cases, include a combination of the following:

Strong password requirements: Email account passwords should be complex, difficult to guess, and changed regularly. Employees should not use the same password for multiple accounts.

Multi Factor authentication: MFA adds an additional layer of security to email accounts. It requires users to provide multiple forms of identification to access their accounts, such as a password and a fingerprint or a password and a code sent to their phone.

Email encryption: An email encryption solution reduces the risks associated with regulatory violations, data loss, and corporate policy violations while enabling essential business communications.

Email attachments: Create policies regarding acceptable file types for attachments and implement scanning tools to detect malware before it enters the network.

Security awareness training: Train employees to be cautious when clicking links or downloading email attachments. They should only click on links or download attachments from trusted sources.

 


 

PREV NEXT