Baltimore Security is protection from, or resilience against, potential harm (or unwanted coercion). It applies to individuals and groups, places and objects, ecosystems and information.
Physical security includes deterrents, access control and monitoring technologies for the purpose of preventing threats to facilities, equipment or data. Security also encompasses the practice of implementing and testing security protocols.
The world is filled with things we want to keep private – financial data, personal messages and photos. Without encryption, criminals can steal this information and use it to commit a range of cybercrimes, including identity theft and blackmail. Encryption scrambles this data into a secret code, which only the intended recipient can decrypt using a key. This allows you to communicate securely online, shop with confidence and use the Internet safely, regardless of where you are or what kind of device you’re using.
The basic principles behind encryption date back to Julius Caesar and the Caesar shift cipher. It shifted letters in a message by an agreed-upon number each time it was sent, making it difficult to read unless you knew the shift pattern. Modern cryptography has evolved to include DES, Diffie-Hellman, RSA and other algorithms that create secure, private communications. This technology can be found in everyday devices such as mobile phones, computers and tablets, as well as many cloud and network security solutions like next-generation firewalls (NGFW), password managers and virtual private networks.
It’s also used in the foundation of the Internet, protecting data that moves across the web between browsers and websites via Hypertext Transfer Protocol (HTTP). You’ll know when a website uses encryption because the URL will start with “https,” meaning it uses Transport Layer Security (TLS) to encrypt your data before sending it over the internet. Encryption also keeps your data private as it moves between devices and servers.
Data is constantly moving around the web and through organizations’ networks. Encryption paired with other security functions like authentication can help protect this information from attackers and other cybersecurity threats, even when it is at rest or in transit.
In fact, several security regulations and standards mandate the use of strong encryption to uphold regulatory compliance. For example, the Health Insurance Portability and Accountability Act requires encrypted storage of healthcare data, while FERPA and the Fair Credit Practices Act require encryption of retail transaction data. In addition, ransomware attacks often rely on encryption to encrypt data and hold it hostage until an organization pays the criminals to release it.
Access Control
Access control ensures that only the right people have the ability to enter certain areas and connect to systems, data or applications. It’s a key component of a zero trust security framework and helps mitigate insider threats by restricting access based on job roles, responsibilities and clearance levels. It’s also an important component of ensuring compliance with industry regulations and security best practices.
It’s a highly scalable approach that allows organizations to create granular policies and adapt them as business needs change. Role-based access control (RBAC) is a popular implementation of access control, allowing administrators to grant or deny privileges based on what role a user is in, and what they are allowed to do within that specific role. For example, a bank teller might only be able to see data related to their personal banking accounts, while a fund manager might have permissions that allow them to view information on the overall financial holdings of a bank.
Discretionary access control, or DAC, is similar to RBAC but decentralizes security decisions and allows users to grant other users permissions on an as-needed basis. While DAC is more flexible than RBAC, it can expose security vulnerabilities as users determine their own security settings and share their privileges with others without the strict oversight of system administrators.
Both DAC and MAC models require some level of verification to give access, whether that be something the person knows, like their password; something they have, such as a token or a piece of equipment they’re carrying; or something they are, such as a fingerprint or an iris scan. This verification process is referred to as authorization and it’s the primary security service that most software provides.
A centralized access control system makes it easier to verify devices and people at scale, so that the risk of unauthorized access is reduced. This translates to lower staffing costs and improved security. In addition, a centralized system helps ensure that all the company’s locations are protected from hackers and other malicious actors. It also protects against the risk of breaches due to unsafe employee behavior, such as using public wifi or adding unknown devices to the network.
Surveillance
Surveillance is the continuous observation of a person, place, or activity for the purpose of information gathering. It can be done by direct observation, or through electronic means such as closed circuit television (CCTV) and interception of electronically transmitted data such as Internet traffic.
Surveilance technologies are a powerful tool for government agencies and law enforcement, but they are also subject to misuse, particularly in authoritarian regimes that lack effective democratic oversight and accountability of police use of these tools. Even in democratic societies, the dangers of surveillance technology abuse remain significant.
In addition to the classic physical surveillance methods of following suspects on foot or in a vehicle, there are now a variety of commercial and military-level sensors that allow human operatives to track people and vehicles remotely. Some commercial systems can track thousands of cars in a city at the same time, and government and military systems are much more sophisticated.
Increasingly, companies and individuals are installing surveillance technology in their homes in the form of smart home devices such as baby monitors and voice-activated “smart speakers” from Amazon and Google. These devices are designed to be always on, continuously listening and tracking the activities of their users, and feeding that information back to the company.
For security purposes, these technologies are often combined with artificial intelligence that can recognize specific activities, such as a gunshot or a car alarm, and trigger an immediate response from the authorities. These types of systems are used in a wide range of industries, from public safety to commercial property management to retail loss prevention.
When a traditional investigative route runs into a dead end, law enforcement agencies can use video surveillance to broadcast an image of the suspect in the hopes that someone who knows them will recognize them and come forward with information about their whereabouts. These high-resolution images can be especially helpful when attempting to identify terrorists who may have changed their appearance or used disguises, such as masks and wigs.
Some governments, such as China and Russia, are pursuing very aggressive surveillance policies that are intended to combat perceived terrorist threats. Other governments, such as the United States, are taking a more cautious approach to surveillance technology because of concerns about privacy and the potential for misuse of the system.
Testing
Testing is used to verify that software or a system functions properly. It is performed to expose errors or other weaknesses, and can help prevent loss of personal details or damage to a company’s reputation. It can also be performed to validate compliance with relevant standards or regulations. Different types of testing include: security testing, load testing, stress testing, compatibility testing and usability testing. Destructive testing, such as fuzzing and software fault injection, is another type of non-functional testing.
Testing is an important activity that can be performed at every stage of software development and deployment. Its key benefits include: identifying vulnerabilities, improving system security, ensuring compliance and validating functionality.