Logical access security measures against threats from sources outside system boundries

Systems containing important information should be logged in using a multi-authentication logon, also known as either “two-factor”, “multi-factor” or “dual factor” authentication.

For example, when first logging in with a password, a one-time authentication code can also be sent to the user as a text message. In this case, he has been identified by two factors (knowing the password and owning the phone).

Biometric identifiers (eg fingerprint) and other devices can also be used for two-stage authentication. However, it is worth considering the costs and implications for privacy.

The password management system allows the user in a registration situation to decide how complex a password is to be set this time and to remember it on behalf of the user.

When using the password management system, e.g. the following principles:

• the system will force the use of unique passwords in the future
• the system warns the user to change old recurring passwords
• the system forces you to choose passwords that are complex enough, of high quality
• the system forces the user to change the temporary password the first time they log on
• the system forces you to change the password that may have been compromised in the data leak
• the system prevents the same passwords from being reused
• the system keeps password files separate from other data and strongly encrypted

The organization should have defined guidelines for the generally acceptable use of data systems and for the management of the necessary credentials.

In addition, the owners of data systems classified as 'High' or 'Critical' priority can define, document, and implement more specific guidelines for the use of that particular data system. These guidelines can describe e.g. security requirements related to the data contained in the system.

The organization has developed guidelines for staff that define the acceptable use of various communication services and aim to prevent the disclosure of confidential information to, for example, a phisher or other third parties.

Cyber criminals can exploit configuration errors or technical vulnerabilities in applications, firewalls, or networks to access our information.

An organization must use defense-in-depth technologies to protect against, detect, and respond to cyber-attacks. The techniques should be suitable for controlling physical, logical and administrative controls.

An owner is defined for an organization's networks. The owner is responsible for planning the structure of the network and documenting it.

Separate network areas are used in network design as needed. Domain areas can be defined by e.g.:

• trust level (eg public, workstations, server)
• organizational units (eg HR, financial management)
• or by some combination (for example, a server domain that is connected to multiple organizational units)

Separation can be implemented either with physically separate networks or with logically separate networks.

An appropriate log is generated from the use of the network to enable the detection of actions relevant to cyber security.

The normal state of network traffic (traffic volumes, protocols, and connections) is known. In order to detect anomalies, there is a procedure for detecting events that are different from the normal state of network traffic (for example, anomalous connections or their attempts).