Date post: | 11-Jul-2015 |
Category: |
Technology |
Upload: | kudzi-chikwatu |
View: | 414 times |
Download: | 0 times |
Manage systems
problems
relating to
security and long
term support
Identify the security requirements of a system and
introduce appropriate procedures and precautions
INFORMATION SECURITY
• Information systems security is the protection of information systems against unauthorized access to or modification of information whether in storage, processing, or transit, and against denial of service to authorized users, including those measures necessary to detect, document, and counter such threats.
• The first process in developing any information security program is identification, you need to understand what needs to be protected and why.
WHY IS IT IMPORTANT?
Most modern organizations
in the public and private
sector depend on their
information systems in order
to be able to operate reliably
We are all affected in our
daily lives by computer
failures in trans- port
systems, utility companies,
banks and other financial
institutions, hospitals,
ambulance dispatching
systems, supermarkets and
government offices
WHAT INFORMATION
SECURITY AIMS TO DO:
• Confidentiality. The only people to see the data are those authorised to see it. Private data is kept private; personal privacy is respected.
• Integrity. There are limits on who can change the data.
• Availability. Data is available at all times to authorised users.
• Accountability. It should be possible to discover after the event who has modified what data.
PROCEDURES AND
PRECAUTIONSAnti-Virus Policy
The computer will have an anti-virus program installed. The anti-virus program and all its supporting files – virus signatures, etc. – will be updated regularly, based on the schedule set by the software vendor. Further, the program will be configured to provide maximum protection, except where to do so would affect overall system performance.
Backup Policy
All data files rated Critical or High risk will be backed up to tape frequently weekly. Two alternating sets of tapes will be used; if one set of tapes should be corrupted, the other can be used to restore the data. For safety, the backup tapes will be stored in a separate room in a fireproof box or safe.
Conti….
Computer Recovery Policy –
The homeowner’s insurance policy will be amended by adding a rider covering the replacement cost of the computer system hardware and software. This rider will be reviewed annually and updated to reflect changes in the cost of replacement.
Firewall Policy –
A small office/home office (SOHO) firewall will be installed and configured to block unauthorized access to the computer from the Internet. At a minimum, the firewall will provide network address translation (NAT) and dynamic host configuration protocol (DHCP) services.
Audit trial
Serious study and revision of the system
must be done, checking for any loophole
which could be a possible weak point into
system.
Password Policy
Access to the computer will be controlled by
the use of system passwords. Individual user
accounts will be created and a password
assigned to that account
Password characteristics
Passwords must be no less than eight
characters in length
o small letters, capital letters, numbers,
and/or punctuation marks.
Should not be predictable
Changed frequently
Should not be written down
Should not be shared
PROCEDURES AND
PRECAUTIONSAccess Policy –
The logs files shall be used to keep record
on which each individual accessed the
system at what time what the individual
accessed and modified. The individuals
shall only access the system resources using
their passwords.
Only persons who maintain data will be
allowed to run or access the files.
Conti…
Confidentiality Policy –
All documents that are no longer of use,
particularly those containing credit card
numbers or other personally identifiable
information, should be properly discarded.
They can be shredded prior to being
disposed of or burnt.
Conti..
Infrastructure Environment Policy –
An uninterruptible power supply will be
installed and the computer, monitor, and
firewall will be plugged into it. The printer,
speakers, and other hardware will be
plugged into a surge protected power strip,
which will be plugged directly into the
wall socket.
Conti..
Data security measures
During data transmission data should be encrypted and decrypted at the backup centre.
Access privileges shall be enacted to control access of users to valuable data and information to uphold data security.
Burglar proof windows should be installed on data storage and backup rooms.
Guards should be employed to watch over both hardware and software resources
Alarm systems should be installed to detect and alarm the security of unauthorized entry into the information storage rooms.
Direct capture (CCTV) cameras should be used for surveillance +
Conti..
Management Policies
The system analyst should recommend that the management should enforce certain policies to ensure that there is maximum security such as:
• No transfer of the organization information from the system at any time under any circumstances without written permission from the management.
• No opening of any mail attachment without scanning for viruses and threats.
Develop procedures to manage the maintenance
aspects of an operational system
4 TYPES OF MAINTENANCE
Corrective maintenance
Perfective maintenance
Adaptive maintenance
Preventative maintenance
Maintenance of an operational
system
• Re-examine all policies and procedures about security. Are all employees aware of security policies?
• Carry out audits internally and use occasional penetration surveys.
• Allocate resources to securing systems according to the degree of risk.
• Use the latest versions of anti-virus software and firewall protection
Conti….
• Continuous security training
• Continuous risk assessment
• Perform peer review
• Develop security test data
• Test backup, contingency and disaster
recovery plan