Skip to main content

Advanced Security Practices

This guide is designed for ESPA supporters who want to strengthen their ethical and security practices beyond the basics.
It combines practical steps, ethical considerations, and references to authoritative sources.

Note: This guide assumes readers already understand foundational practices covered in Foundations of Ethics & Security.

Table of Contents

  1. Identity & Access Management
  2. Network Security
  3. Data Protection & Encryption
  4. Ethical Digital Practices
  5. Continuous Review & Improvement
  6. References & Further Reading

Identity & Access Management

Proper IAM reduces the risk of unauthorized access and data breaches.

  • Strong, unique credentials: Use a password manager to generate and store high-entropy passwords. According to NIST SP 800-63B, long passphrases with randomization are more secure than complex character substitutions.

  • Multi-factor authentication (MFA): Prefer hardware-based security keys (FIDO2) over SMS MFA, which can be intercepted. OWASP Authentication Cheat Sheet, 2023

  • Role-based access control (RBAC): Limit permissions to only what users or devices need to perform their tasks. This follows the principle of least privilege, recommended by CIS Controls v8

  • Regular audits: Periodically review account access and privileges. Remove unused accounts promptly to reduce attack surface.

MFA

Multi-factor authentication is an extra verification step beyond username/password, such as an authenticator app or hardware key.

RBAC

Role-Based Access Control; organizes users into roles with predefined access levels to reduce risk.

Principle of Least Privilege

Users or systems are granted only the access necessary for their roles. This minimizes damage if an account or device is compromised.

Network Security (Home & Work)

Securing networks is essential for individuals and organizations.

  • DNS & Filtering: Use privacy-respecting DNS services, e.g., Quad9, which blocks known malicious domains.
  • Segmentation: Separate IoT, guest, and sensitive devices on different network segments.
  • Firewalls & Monitoring: Enable firewalls and monitor traffic for unusual patterns.
  • Patch Management: Keep all routers, firmware, and devices updated with security patches.
Network Segmentation

Dividing a network into zones to isolate devices and reduce potential attack surfaces.

Patch Management

Regularly updating software, firmware, and systems to fix security vulnerabilities.

Privacy-Respecting DNS

A DNS resolver that blocks malicious domains and does not log or sell user data.

Data Protection & Encryption

Protecting sensitive data is critical for privacy and ethical responsibility.

  • Encryption at rest: Store sensitive data encrypted on devices and servers.
  • Encryption in transit: Use HTTPS/TLS for all communications.
  • Secure Backups: Keep multiple copies in physically separated or encrypted storage.
  • Least-privilege sharing: Only share documents with necessary parties.
Encryption at Rest

Encrypting stored data so it cannot be accessed by unauthorized parties.

Encryption in Transit

Encrypting data while it is being transmitted over networks to prevent interception.

Secure Backup

Maintaining multiple copies of critical data in different physical or encrypted locations to prevent loss.

Ethical Digital Practices

Security is inseparable from ethics.

  • Tool Evaluation: Avoid services that exploit user data or violate consent.
  • Transparency: Document team decisions, policies, and access rights.
  • Responsible Sharing: Respect others’ data and privacy.
  • Education: Train yourself and your team continuously.
Ethical Digital Practices

Principles and actions that ensure technology is used responsibly, respecting privacy, consent, and fairness.

Transparency

Being clear and open about data use, decisions, and practices within an organization or community.

Continuous Review & Improvement

Ethics and security evolve constantly. Adopt a mindset of continuous improvement:

  • Schedule periodic audits for systems, access, and policies
  • Track changes, incidents, and lessons learned
  • Update practices based on emerging threats or standards
  • Encourage a culture of reflection, not blame
Continuous Improvement

Ongoing process of evaluating and enhancing security and ethical practices to adapt to evolving risks.

Outcome

After implementing the practices in this guide, readers and organizations will:

  • Apply advanced privacy-focused security measures
  • Build a sustainable foundation for ethical digital operations
  • Foster trust and reliability within their networks and communities

References & Further Reading

  1. NIST Special Publication 800-63B: Digital Identity Guidelines – Authentication and Lifecycle Management (2017–current)
    https://pages.nist.gov/800-63-3/sp800-63b.html

  2. OWASP Authentication Cheat Sheet, 2023
    https://cheatsheetseries.owasp.org/cheatsheets/Authentication_Cheat_Sheet.html

  3. Center for Internet Security (CIS) Controls v8 (2022–2023)
    https://www.cisecurity.org/controls/cis-controls-list/

  4. Quad9 DNS Security Service
    https://www.quad9.net/

  5. Electronic Frontier Foundation (EFF) Security Tips
    https://www.eff.org/pages/security