230 ◾ The Security Risk Assessment Handbook
© 2011 by Taylor & Francis Group, LLC
◾ No Default Shared Keys—Many secure protocols (e.g., IPSec/IKE, WEP)
rely on a precongured shared key to initialize the secure communication
between entities. Attackers armed with the knowledge of the default shared
keys can compromise the secure communication. Organizations should
ensure that no default shared keys are used.
7.1.7 Data Security
e security of the data itself can be further protected through safeguards that
apply to both data in storage and data in transit.
7.1.7.1 Storage
When sensitive data are stored, they may be susceptible to attacks from others shar-
ing the workstation or network, stealing a laptop, or nding a lost ash-memory ...