This chapter discusses how to guarantee the safety and integrity of team members, credentials, devices, tools and software.
Instead of trying to exploit the service directly, the adversaries may go after team members, managers and partners working on the project. The project should aim to protect team communications, devices and authorization keys so that they are unlikely to get compromised. This involves following basic IT security practices, cyberhygiene, key management and limiting the impact of potentially leaked data.
Physical security, like door access keys and security cameras, is de-emphasized because these security aspects rarely reflect the reality of a mobile contemporary worker. Regardless of the broken physical security, the service should stay intact and uncompromised.
- Basic security practices
- Dangerous file attachments
- Password manager
- Third party devices
- Encrypted computers
- Encrypted mobile devices
- Minimized email usage
- Two-factor authentication on email
- Two-factor authentication for admins
- Passphrase on server login keys
- Two-factor authentication on server login
- Audited server login keys
- Software installation from safe sources
- Limited sensitive data access
- Logged sensitive data access
- Data scrubbing