System Security Basics 1
Sobczak was one of the earliest researchers involved in defining the psychology of the hacker, cracker
and telephone phreaker. He created security schema for Personal Computers, Minicomputer and Main
frame devices. His knowledge is unique in that he used the techniques hackers created for intrusion and
aggression against them.
Sobczak is recognized. ISPNews published an overview of Sobczak's hacker studies.
Federal Computer Week told their readers about how Sobczak intelligence gathering research ferrets out
spies and data thieves. Electronic Combat Report and Inside Defense Electronics reported upon software
weapons Sobczak located or created to test active response to intrusion attempts. Business
Week editorialized that the dirty tricks' Sobczak identified should be outlawed. Information Week
addressed V-PHAGE (a Sobczak creation) in a feature about LAN security. Newsweek references
Sobczak in a story about technology losses to open source intelligence hobbyists who pirate knowledge.
TIME referenced and used Sobczak's research as the basis for Doug Weller's CYBERWAR cover story.
Sobczak's areas of expertise are as follows:
1. MANAGEMENT OVERVIEW - Informed consultation about the nature of current threats, risks and
vulnerabilities that affect business. We explain the importance of contingency planning and the growing
legal and regulatory pressures that mandate an effective disaster recovery capability.
2. DISASTER PREVENTION - Clients learn the techniques that prevent individuals and groups from
denying or destroying your ability to work.
3. IMPACT ASSESSMENT - We analyze the critical nature of client operations to specify the losses that
might be experienced from disruption or delay of processing time sensitive information.
4. REQUIREMENTS DETERMINATION - We provide guidance defining contingency planning needs
specific to client operations. This guidance allows clients to formulate policy, standards and procedures
consistent with the critical nature of client data and organizational needs. We establish employee trust
thresholds.
5. RECOVERY PLANS - We develop a formal written instruction set, so that anyone designated, can
execute normal operations with minimum disruption. The plan mandates team based recovery.
Procedures describe, in detail, the role of each recovery team member.
6. CONVERSION AND APPLICATION - We diagram methods to execute client alternative operations
capability. Thus defining specific actions and individual responsibilities to ensure coordinated effort via
clearly designed lines of communications when an emergency disrupts operations.
7. RESTORATION - We define critical activities necessary to resuming normalized operations and the
alternate systems available to achieve normalcy. Our initial Impact Assessment is tuned to neutralize
specific damage to processes by ensuring quick return to conventional operation practices.
8. SUBCONTRACTOR IMPLICATIONS - We identify contract processing organizations, intra industry
fall back arrangements and a network of skilled individuals to protect against unnecessary disruption of
normal operations during an emergency.
9. PLAN MAINTENANCE - Sobczak will conduct an initial review of the plan 90 days after acceptance
and then return periodically on a timed basis. This to ensure a clients plans for backup and recovery
remains current and workable.
10. TRAINING AND ORIENTATION - We educate employees, key to regular operations, to ensure the
recovery plan is thoroughly begun.
Sobczak assures that his clients are aware and ready to maximize their internal security. In the following
213 presentation foils you will find an overview of generic security that focuses upon computers and their
accessories within the corporation. Each foil begins with the pronouncement, "Computer Security Makes
Good Sense". It does!!
As you follow the progression of topics, realize that the information presented could be further detailed to
create a encyclopedia of security techniques. The original five day presentation was made in 1986
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
AN INTRODUCTION TO
COMPUTER SECURITY
USING
COMMON SENSE
BUSINESS TECHNIQUES
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
TOPICS TO BE REVIEWED DURING THIS PRESENTATION
JUSTIFICATION BASICS CHARACTER OF THE SECURITY PROBLEM
TYPICAL SECURITY PROBLEMS YOUR SECURITY CONCERNS
PROTECTION CONCEPTS A MISUSE MODEL
COMPOSITION OF ASSETS RISK ANALYSIS
ASSET VALUATION CONTINGENCY PLANNING
AUDIT TYPES AND METHODS SOFTWARE INTEGRITY
DATA INTEGRITY EQUIPMENT
PHYSICAL SECURITY AND MEDIA
PROTECTION MEDIA SECURITY
OPERATING SYSTEM PROTECTION O/S MODEL FOR ENHANCED SECURITY
NETWORK SECURITY IDENTIFICATION/AUTHORIZATION OF USERS
ACCESS CONTROL MECHANISMS ISOLATION AND CAPABILITY CONTROLS
VIRUS THREAT MONITORING
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
COMPUTER SECURITY JUSTIFICATION BASICS
1. SECURITY IS A PROCEDURES MANUAL
2. TRUSTED EMPLOYEES (INSIDERS) CAN'T BE TRUSTED
3. INFORMATION LOSS MOTIVATED BY ??????? REQUIRES SECURITY
4. COMPUTER VIRUSES WILL RUIN OUR BUSINESS
5. JACK HAS SECURITY - HE HAS NOT EXPERIENCED DATA LOSS
6. COMPUTERIZED INFORMATION IS VULNERABLE - WE MUST PROTECT IT
7. TAPPING CONNECTIVITY IS A COMMON PLACE OCCURRENCE
8. USING COMPUTERS INCREASES CRIME
9. BUSINESS NEEDS GOVERNMENT "CLASSIFICATION" APPROACHES
10. CONTINGENCY PLANS ARE ALL THE SECURITY YOU NEED
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
INTRODUCTION
----- COMPUTER SECURITY INVOLVES MORE THAN "JUST" SECURING
THE COMPUTER
----- COMPUTER SECURITY IS AUTOMATED PROTECTION OF DATA AND
CODE
----- COMPUTER SECURITY IS ESSENTIAL TO THE MANAGEMENT OF
INFORMATION RESOURCES
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
CHARACTER OF THE PROBLEM
----- INSUFFICIENT AWARENESS OF THE VALUE OF DATA
----- DEPENDENCE ON COMPUTERS
----- HOSTILE ENVIRONMENT
----- COMPUTERS ARE INHERENTLY VULNERABLE
----- EXPLOITATION OF SYSTEM VULNERABILITIES
----- LACK OF SECURITY AWARENESS
----- LIMITED RESOURCES MAKE SECURITY A SECOND CLASS CITIZEN
----- EMPHASIS ON TRANSPARENT USER SERVICES
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
TYPICAL PROBLEMS
INSUFFICIENT EMPHASIS UNTIDY OPERATIONS
LACK OF VULNERABILITY/THREAT/RISK ASSESSMENT POOR DOCUMENTATION
LACK OF A COMPUTER SECURITY PROGRAM NO PROGRAMMING STDS
LACK OF BALANCE NO CERTIFICATION
INADEQUATE SECURITY PLANNING NO TRAINING PROGRAM
INADEQUATE CONTINGENCY PLANNING LOW EMPLOYEE MORALE
"OPEN" ACCESS COMPUTER CENTERS HIGH RATE OF ERRORS
LACK OF GOOD ACCESS CONTROLS POOR I/O CONTROLS
INADEQUATE SUPERVISION POOR ENFORCEMENT
UNSTRUCTURED DIVISION OF RESPONSIBILITIES NO INTERNAL AUDIT
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
SECURITY CONCERNS
HARDWARE
ACCESS MEDIA DESTRUCTION
THEFT ELECTROMAGNETIC EMANATIONS
ENVIRONMENTAL DAMAGE HARDWARE MODIFICATIONS
MAGNETIC MEDIA DAMAGE LACK OF BUILT-IN SECURITY
HARDWARE ATTACKS
DATA
NATURE OF THE DATA SECURING DATA MEDIA
LABELING DATA CORRUPTION
DATA TRANSMISSION
SOFTWARE
VULNERABILITIES USER ID AND AUTHENTICATION
O/S WEAKNESS SOFTWARE ATTACKS
COMMUNICATIONS ATTACKS
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
RESOURCE PROTECTION
A. ASSETS WHICH DIRECTLY OR INDIRECTLY AFFECT AUTOMATION
PROCESSES
1. DATA
2. SOFTWARE
3. HARDWARE
4. PEOPLE
5. FACILITIES
6. COMMUNICATIONS
7. PROCEDURES
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
RESOURCE PROTECTION
B. CATEGORIES OF THREATS
1. ACCIDENTAL ACTS
2. NATURAL ACTS
3. MALICIOUS ACTS
4. PARADIGM LIMITATIONS
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
RESOURCE PROTECTION
C. IMPACTS OF THREATS
1. DESTRUCTION
2. DISCLOSURE OF "SECRETS"
3. DELAY/DENIAL OF RESOURCES AVAILABILITY
4. MODIFICATION
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
RESOURCE PROTECTION
D. GOALS
1. DETECT
2. IDENTIFY
3. PREVENT
4. MINIMIZE
5. RECOVER
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
A DESCRIPTIVE MODEL OF COMPUTER MISUSE
MR. CURIOUS TROUBLEMAKER (WHO)
MOTIVATION (WHY)
ACCESS (WHERE AND WHEN)
TOOLS WHICH CORRUPT (VEHICLES)
ATTACK (WHAT)
NATURE OF THE ATTACK (AUTHORIZED/UNAUTHORIZED)
THING ATTACKED (TARGET/RESOURCE)
IMPACT ON YOUR FIRM
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
A DESCRIPTIVE MODEL OF COMPUTER MISUSE
THE CURIOUS TROUBLEMAKER (WHO) MIGHT BE:
DATA ENTRY CLERK/ TERMINAL OPERATOR
CLERK/TELLER/SECRETARY
SYSTEM PROGRAMMER/NETWORK ADMINISTRATOR
APPLICATION PROGRAMMER
SECURITY OFFICER
CONSOLE OPERATOR/COMPUTER OPERATOR
MANAGER/SUPERVISOR/FOREMAN
OTHER STAFF WITH OR WITHOUT ACCESS PERMISSION
OUTSIDER - TECHNICALLY KNOWLEDGEABLE
OUTSIDER - NOT TECHNICALLY KNOWLEDGEABLE
MAINTENANCE TECHNICIAN
UNKNOWN
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
A DESCRIPTIVE MODEL OF COMPUTER MISUSE
WHY WOULD SOMEONE SCREW UP MY SYSTEM
DELIBERATE ACCIDENTAL
MATERIAL GAIN IGNORANCE/STUPIDITY
POWER INCOMPETENCE/APATHY/CARELESSNESS
PRESTIGE INADEQUATE DATA VERIFICATION
MALFEASANCE POOR DOCUMENTATION PROCEDURES
MALEVOLENCE LACK OF TRAINING
DUTY POOR ACCOUNTING/AUDIT CONTROLS
ALTRUISM OVERWORK
MISCHIEF/CHALLENGE SOFTWARE COMPLEXITY
CURIOSITY MURPHY'S LAW TYPE HUMAN ERROR
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
A DESCRIPTIVE MODEL OF COMPUTER MISUSE
HOW DID C. TROUBLEMAKER GET THERE (ACCESS)
WHERE WHEN
ON-SITE TERMINAL REGULAR BUSINESS HOURS
HARDWARE OR DIAL-UP AFTER WORK HOURS
OFF-SITE TERMINAL OVERNIGHT
COMPUTER DEVELOPMENT OFFICE WEEKENDS
CLERICAL AREA
COMPUTER CONSOLE
JOB SUBMISSION
OUTPUT PICKUP
OPERATIONS
REMOTE BATCH TERMINAL
COMMUNICATION LINKS
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
A DESCRIPTIVE MODEL OF COMPUTER MISUSE
TOOLS WHICH CORRUPT (WHEN MISUSED)
HARDWARE
SYSTEM SOFTWARE
SYSTEM PRODUCTIVITY AIDS
APPLICATION SOFTWARE
UTILITY PACKAGES
CASE
OPERATIONS ACTIVITIES
DATA INPUT
ALGORITHM DESIGN
SYSTEM PHILOSOPHY (OPEN BEYOND BELIEF)
OUTPUTS
GENERAL SYSTEMS USE
ACCESS EMANATIONS FROM CONNECTIVITY
AUTHORIZED LINKS (BRIDGES AND ROUTERS)
MEDIA
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
A DESCRIPTIVE MODEL OF COMPUTER MISUSE
ACTION
WHAT TYPE
ADD/DELETE/LOOK WITHIN NORMAL JOB/AUTHORITY
TRANSACTIONS OUTSIDE NORMAL JOB
DATA FILES AUTHORIZED BUT ATYPICAL
APPLICATION SOFTWARE
SYSTEM SOFTWARE
IMPROPER USE OF PROCESSOR/LINK
MISAPPROPRIATION OF OUTPUT/MEDIA
COVERT INTERCEPTS
ELECTROMAGNETIC RADIATION
DETECTION
WIRETAPS
IMPROPER WIRING/CONNECTIONS
INADVERTENT CIRCUIT/COMPONENT FAILURE
SOFTWARE DESIGN FLAW
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
A DESCRIPTIVE MODEL OF COMPUTER MISUSE
THING ATTACKED FOR
SALE/USE/TRANSMITTAL OF DATA OR SOFTWARE (PIRACY)
INVENTORY MATERIALS
NEGOTIABLE INSTRUMENTS
SATISFY CURIOSITY
DESTRUCTION OF HARDWARE, SOFTWARE AND DATA
ACCOMPLISH A NON-RELATED TASK (DO A TERM PAPER)
TRANSMIT NON-JOB RELATED DATA
VEHICLE TO CONDUCT WORSE ATTACKS
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
A DESCRIPTIVE MODEL OF COMPUTER MISUSE
IMPACTS
ERRORS AND OMISSIONS
FRAUD AND EMBEZZLEMENT
PRIVACY INTRUSIONS
ALTERATION OF RECORDS
THEFT OF COMPUTERIZED INFO
UNAUTHORIZED USAGE
DENIAL OF SERVICE
EQUIPMENT DAMAGE
NON-PERFORMANCE OF DUTIES
INCREASED VULNERABILITY
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
FUNDAMENTAL PRINCIPLES
IDENTIFICATION
CONTROLLED ACCESS
ISOLATION
INTEGRITY
SURVEILLANCE
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
KNOWING THE COMPOSITION OF ASSETS
1. FACILITIES
BUILDING(S)
COMPUTER ROOM
STORAGE AREAS
DATA PREPARATION AREAS
PHYSICAL PLANT ROOM
FURNITURE
ENVIRONMENTAL SYSTEMS
POWER SYSTEMS
AIR CONDITIONING
WATER
LIGHTING
BACKUP EQUIPMENTS
AUXILIARY POWER
AUXILIARY POWER CONTROLS
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
KNOWING THE COMPOSITION OF ASSETS
2. HARDWARE
PRINCIPAL MACHINE MEDIA
CPU MAGNETIC
CHANNELS DISK PACKS
CONSOLE TAPES
INPUT/OUTPUT DEVICES DISKETTES
DISK DRIVES AND CONTROLLERS CASSETTES
TAPE DRIVES AND CONTROLLERS SMART CARDS
CD ROM DRIVES AND CONTROLLERS
PRINTERS NON-MAGNETIC
BAR CODE/OCR/MICR READERS OCR FORMS
CARD READERS MICROFICHE
IMAGE SCANNERS
PROGRAMMER TERMINALS
INTERFACE EQUIPMENT
USER TERMINALS
NETWORK FRONT ENDS
DATA BASE MACHINES
REAL-TIME SENSORS
ENCRYPTION DEVICES
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
KNOWING THE COMPOSITION OF ASSETS
3. COMMUNICATIONS EQUIPMENT
COMMUNICATION LINES
MODEMS
BRIDGES
ROUTERS
COMMUNICATIONS PROCESSORS
MULTIPLEXORS
SWITCHING DEVICES
SIGNAL BOOSTERS
TELEPHONES
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
KNOWING THE COMPOSITION OF ASSETS
4. SUPPLIES
SPARE DISK PACKS
SPARE TAPES
PAPER AND FORMS
BLANK NEGOTIABLE FORMS
RIBBONS
MICROFICHE FILM
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
KNOWING THE COMPOSITION OF ASSETS
5. PERSONNEL
MANAGEMENT AND SUPERVISION
COMPUTER CENTER STAFF
SECURITY STAFF
BUILDING MAINTENANCE STAFF
USERS
CONTRACTORS
SERVICE PERSONNEL
KNOWLEDGEABLE VISITORS
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
KNOWING THE COMPOSITION OF ASSETS
6. DATA
OPERATING SYSTEMS COMMUNICATIONS SOFTWARE
PURCHASED/LEASED APPS ENCRYPTION SOFTWARE
SYSTEM UTILITIES SECURITY SOFTWARE
IN-HOUSE DEVELOPED APPS DBMS SOFTWARE
DEVELOPMENT/PRODUCTION
SOURCE CLASSIFIED DATA
OBJECT
BACKUP LOGISTICS DATA
PRODUCTION
SOURCE MANUFACTURING DATA
OBJECT
BACKUP STATISTICAL DATA
AUDIT SOFTWARE MARKETING DATA
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
KNOWING THE COMPOSITION OF ASSETS
7. SUPPORT DATA
SYS SPEC MANUALS/SOFTWARE DOCS MANUAL
DEVELOPMENT MEDIA CONTROL
OPERATIONS ACCESS CONTROL
USER SOFTWARE MODS
MAINTENANCE OPERATIONS
PROCEDURES SECURITY VIOLATIONS
COMPANY OPERATIONAL
COMPUTER OPERATIONS
CONTINGENCY
SECURITY
LOGS
AUTOMATED
CONSOLE
UTILIZATION
DATA UPDATES
APPLICATION UPDATES
SECURITY AUDIT
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
KNOWING THE COMPOSITION OF ASSETS
8. SERVICES
MANAGEMENT INFORMATION
OPERATIONS
PLANNING
FINANCIAL
STATISTICAL
PERSONNEL/PAY
INVENTORY
MANUFACTURING
RESEARCH AND DEVELOPMENT
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
LOOKING AT RISKS
DEFINES YOUR BASELINE
FOR
SECURITY
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
RISK ANALYSIS
INTRODUCTION
RISK ANALYSIS IS THE IDENTIFICATION OF RISKS TO BUSINESS
INFORMATION THROUGH THE ANALYSIS OF INFORMATION
ASSETS, THREATS AND VULNERABILITIES
IMPORTANT TERMS
ASSET - ANY RESOURCE
LOSS - UNDESIRABLE RESULT FROM A THREAT
THREAT - A DANGER WHICH CAN CAUSE LOSS
VULNERABILITY - ANY WEAKNESS
RISK - THE MEASURABLE UNCERTAINTY OF LOSS
SECURITY SOLUTION - THE MEANS TO REDUCE LOSS
RISK ANALYSIS OCCURS PRIOR TO SECURITY SOLUTION SELECTION
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
RISK ANALYSIS
PURPOSE:
IDENTIFY RISKS WHICH MANDATE MANAGEMENT ATTENTION
ESTABLISH PRIORITIES FOR SECURITY SOLUTION EVALUATION,
SELECTION, PURCHASE AND IMPLEMENTATION
CREATE DATA FOR SECURITY SOLUTION COST-BENEFIT
ANALYSIS
PRODUCE THE BASELINE FOR LATER AUDITS AND EVALUATIONS
BE A BASIS FOR SECURITY CERTIFICATION
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
RISK ANALYSIS
PHASES:
IDENTIFY ASSETS
ESTIMATE ASSET VALUES
IDENTIFY THREATS
IDENTIFY VULNERABILITIES
CALCULATE RISK
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
RISK ANALYSIS
FACTORS IN ACCOMPLISHING RISK ANALYSIS:
MANAGING A RISK ANALYSIS
INITIAL PLAN
DEFINE SCOPE AND FOCUS OF DETAIL REQUIRED
CURSORY
FOCUSED REVIEW
FULL SCALE STUDY
ESTABLISH SHORT AND LONG TERM GOALS
CHOOSE MOST APPROPRIATE MANAGEMENT
TECHNIQUE
SELECT A RISK ANALYSIS METHODOLOGY
DETERMINE THE RESOURCES REQUIRED
OBTAIN MANAGEMENT APPROVAL
SEEK SENIOR MANAGEMENT REPRESENTATION ON THE
TEAM
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
RISK ANALYSIS
FACTORS IN ACCOMPLISHING RISK ANALYSIS:
INITIAL PLAN
ORGANIZE AN ANALYSIS TEAM
COORDINATE TEAM MEMBER EFFORTS
PROVIDE DIRECTION --ASSIGN TASKS AND DEADLINES
CONTROL THE ANALYSIS
MONITOR PROGRESS AND COMPLETION OF TASKS
SCHEDULE AND CONDUCT PROGRESS REVIEWS
KEEP SENIOR MANAGEMENT INFORMED AND INVOLVED
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
RISK ANALYSIS
FACTORS IN ACCOMPLISHING RISK ANALYSIS:
SELECTING AN ANALYSIS METHODOLOGY
TIE IT TO YOUR GOALS
BALANCE RESOURCES AVAILABLE TO RESOURCES
REQUIRED
DEFINE THE DEPTH OF ANALYSIS
ESTABLISH A DEGREE OF ACCEPTABLE COMPLEXITY
DETERMINE DATA AVAILABILITY
DECIDE FOR ADAPTABLE THE ANALYSIS WILL BE
CHOOSE ANALYTICAL TOOLS AND PROCEDURES
RESOLVE QUALITATIVE ISSUES
SELECT THE DECISION FORMAT TO INVOLVE SENIOR
MANAGEMENT
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
RISK ANALYSIS
METHODOLOGY TYPES
QUANTITATIVE
QUALITATIVE
CHECKLIST
HYBRID (SOME COMBINATION OF THE ABOVE)
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
RISK ANALYSIS
METHODOLOGIES
QUANTITATIVE -- BASED UPON THE DEVELOPMENT OF QUANTITATIVE INPUTS
FOR USE IN COMPUTING LOSS EXPOSURE THIS METHOD REQUIRES FOUR (4) STEPS
1. ASSET IDENTIFICATION AND VALUATION
2. THREAT AND VULNERABILITY EVALUATION
3. COMPUTATION OF ANNUAL LOSS EXPECTANCY (ALE)
4. EVALUATION OF ADDITIONAL COUNTERMEASURES
ADVANTAGES: 1. WELL DOCUMENTED
2. CAN BE DONE IN-HOUSE
DISADVANTAGES: 1. INVOLVES LARGE AMOUNTS OF DATA
2. DIFFICULT TO REVISE AND TRACK
3. MANUAL EFFORT
4. BIASED AT EXTREMES
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
RISK ANALYSIS
METHODOLOGIES
QUALITATIVE -- USES FEDERAL INFORMATION PROCESSING STANDARD TO
DEVELOP AN ANNUAL LOSS EXPOSURE (ALE)
STEPS:
IDENTIFY AND CATEGORIZE THREATS INTO TWO CATEGORIES,
MAJOR AND MINOR
EVALUATE EACH THREAT FOR THE TYPES AND COSTS OF
ADVERSITY IT POSSESSES
IDENTIFY COUNTERMEASURES AND THEIR ANNUALIZED COST
CONDUCT A COST-BENEFIT ANALYSIS AND BALANCE THE RISK
ADVANTAGES: 1. USES STANDARD UNITS OF MEASURE
2. QUANTIFIES MAJOR LOSS FACTORS
3. CONSIDERS THE IMPACT OF SECURITY SOLUTIONS
DISADVANTAGES: 1. INCOMPLETE METHODOLOGY
2. INHERENT FIPS 65 SHORTCOMINGS
3. EXISTING IN PLACE SOLUTIONS IGNORED
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
RISK ANALYSIS
DATA COLLECTION
CHECKLISTS
QUESTIONNAIRES
SITE SURVEYS
INTERVIEWS
RESEARCH IN-HOUSE DOCUMENTS
BUILD SCENARIOS
GENERATE SYSTEM FLOW CHARTS
CONSTRUCT DATA FLOW MODELS
PRODUCE ACCESS PROFILES
CONSULT OUTSIDE IMPARTIAL SOURCES
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
RISK ANALYSIS
WHEN IS IT APPROPRIATE ?
PERIODICALLY TO MEET FIDUCIARY REQUIREMENTS
PRIOR TO THE DESIGN OR ARRIVAL OF A NEW SYSTEM
FOLLOWING A SIGNIFICANT CHANGE TO THE CURRENT
ENVIRONMENT
FOLLOWING THE DISCOVERY OF A SERIOUS SECURITY BREACH
FOLLOWING THE DETERMINATION OF A PREVIOUSLY UNKNOWN
VULNERABILITY
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
RISK ANALYSIS
EXPLAINING RESULTS TO MANAGEMENT
ESTABLISH A MANAGEMENT DECISION FORMAT
CREATE CONSISTENT REPORT FORMATS
OVERVIEW ALL RISKS
MAJOR ONE-TIME LOSS SUMMARY
MAJOR ANNUAL LOSS SUMMARY
HIGH FREQUENCY LOSS SUMMARY
CREATE EXPLANATORY ILLUSTRATIONS
-- PEOPLE COMPREHEND EXAMPLES
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
RISK ANALYSIS
SUMMARY OF PROBLEMS TO SUCCESS
CONVINCING PARTICIPANTS AND SENIOR MANAGEMENT THAT THE HARD
WORK AND TIME IS BOTH NECESSARY AND WORTHWHILE
MAINTAINING PARTICIPANT MOMENTUM IN A UNIVERSE WHICH COMPETES
FOR TIME AND RESOURCES
LACK OF AUTHORIZED RESOURCES
COMPLAINTS CONCERNING THE INEXACT NATURE OF RESULTS
THE RESULTS PRODUCED EXCEED THOSE WHICH MANAGEMENT WILL ACCEPT
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
ASSET VALUATION
VALUE RELATED TO THREAT
VALUE IMPACT
REPLACEMENT DESTRUCTION
CONFIDENTIALITY DISCLOSURE
INTEGRITY MODIFICATION
AVAILABILITY DELAY
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
ASSET VALUATION
REPLACEMENT VALUE -- THE COST OF REPLACING AN ASSET SHOULD IT BE
STOLEN, DESTROYED OR OTHERWISE MADE UNAVAILABLE
CONFIDENTIALITY VALUE -- THE COST IN TERMS OF FINANCIAL LOSS, LOSS
OF PRESTIGE OR THE LOSS OF GOOD WILL IN THE EVENT OF
DISCLOSURE OF DATA OR SOFTWARE
INTEGRITY VALUE -- LOSS THAT OCCURS DUE TO BAD MANAGEMENT
DECISIONS BASED ON INACCURATE DATA, OR THE LOSS OF ASSETS
CONTROLLED BY THE SYSTEM
AVAILABILITY VALUE -- LOSS INCURRED BY DISCONTINUITY OF SERVICE OVER
A PERIOD OF TIME
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
CONTINGENCY PLANS
THE OTHER EXTREME
ACTIONS TAKEN TO SUPPLEMENT SECURITY
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
CONTINGENCY PLANNING
INTRODUCTION
A. WHY ?
EVERY PERSON, SECTION, DEPARTMENT, DIVISION AND
BUSINESS HAS ASSIGNED MISSIONS WHICH REQUIRE
RESOURCES
POSSIBLE COMPROMISE OF SENSITIVE DATA
PERSONNEL SAFETY
MINIMIZE DAMAGE TO THE FIRM
AID RECOVERY AFTER A PROBLEM OCCURS
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
CONTINGENCY PLANNING
HOW MUCH IS ENOUGH
DEPENDS ON THE DURATION OF INTERRUPTION
LIMITED
SERIOUS
MAJOR
CATASTROPHIC
CLASSIFICATION OF DISASTERS
TEMPORARY INTERRUPTIONS
COMMUNICATIONS FAILURE
POWER FLUCTUATION
MINOR SABOTAGE OR VANDALISM
EVACUATION OF SITE
TEMPORARY INACCESSIBILITY
POOR MAINTENANCE PROBLEM
DOMINO EFFECT
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
CONTINGENCY PLANNING
CLASSIFICATION OF DISASTERS
HARDWARE DAMAGE
EQUIPMENT FAILURE
ENVIRONMENTAL PROBLEM
DELIBERATE SABOTAGE OR VANDALISM
HUMAN ERROR
NEGLIGENCE
LOSS OF SOFTWARE OR DOCUMENTATION
FAILED UPDATES
FAILED DOCUMENTATION
REPAIRABLE DAMAGE
INTERRUPTION WITHOUT WORK PLACE RELOCATION
REPLACEMENT TIME
CATASTROPHIC DAMAGE
COMPLETE DESTRUCTION
TOTAL SHUT-DOWN WITH NO MOVE
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
CONTINGENCY PLANNING
SPECTRUM OF DISASTERS
BASIC EFFECT IS INTERRUPTION
INTERRUPTION CONTROLLED EXTERNALLY OR BY TIME
NEED FOR ESTIMATE BEFORE INTERRUPTION
BACKUP DEPENDENT ON ESTIMATES AND DP SYSTEM
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
CONTINGENCY PLANNING
DESIGNING THE CONTINGENCY PLAN
A. COMPONENTS OF A BACKUP/RECOVERY OPERATION
1. DETECTION AND IDENTIFICATION OF INTERRUPTION
2. SELECTION AND BEGIN BACKUP MODE
MANUAL OPERATIONS
TEMPORARY VENDOR
RECIPROCAL AGREEMENT (SISTER SITE)
GUARANTEED BACKUP SITE
DUAL COMPUTER SITES
BACKUP BUILDING
3. OPERATION IN BACKUP MODE
PROCEDURES PREVENT CHAOS
FIRE DRILLS
WRITTEN PLAIN LANGUAGE PROCEDURES
TRANSITION POLICEMAN
CRISIS INTERVENTION TEAM
AUDIT AND ADJUSTMENT
4. RETURN TO NORMAL
LESSONS LEARNED
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
CONTINGENCY PLANNING
DEVELOPMENT OF A CONTINGENCY PLAN
A. CREATING A PLANNING TEAM
1. TEAM FORMATION
2. RESPONSIBILITIES
DEFINE THE PROBLEM
ESTABLISH COURSE OF ACTION
TASKING
ESTABLISH MILESTONES (GANTT, CPM, PERT)
DEFINE AND COMMIT RESOURCES
CONSISTENCY THROUGH PERIODIC MEETINGS
B. DOCUMENTATION OF THE PLAN
1. FAILURE MODE ANALYSIS (USE IT FROM THE RISK ANALYSIS)
CAUSES OF FAILURE
PROBABILITIES OF OCCURRENCE (LIKE TQM)
TIME TO RECOVER (CRITICAL PATH)
TASKS AFFECTED (REORGANIZATION USING SKILLS
INVENTORY)
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
CONTINGENCY PLANNING
DEVELOPMENT OF A CONTINGENCY PLAN
2. ESTIMATE OF PROJECTED LOSS
ECONOMIC/RISK JUSTIFICATION (FROM RISK ANALYSIS)
DOWNTIME/RECOVERY COSTS
PROJECTED ANNUAL LOSS
PHYSICAL
INTANGIBLE
3. SELECTION OF OCCURRENCE MODES
MAJOR, PARTIAL, BRIEF (OVERLOOKED ITEMS)
EVALUATION OF ALL REQUIREMENTS
EXTRAORDINARY INCIDENTAL EXPENSES
DOCUMENTATION
4. DOCUMENTATION
PHASE 1 - INSTRUCTIONS TO DP STAFF
PHASE 2 - EMERGENCY PROCEDURES FOR MGRS
PHASE 3 - DETAILED BACKUP INSTRUCTIONS
PHASE 4 - RECOVERY PLANS
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
CONTINGENCY PLANNING
DEVELOPMENT OF A CONTINGENCY PLAN
5. FINAL REPORT
ECONOMIC BASIS FOR CONTINGENCY PLAN
NARRATIVE OF BACKUP PLAN
IMPLEMENTING THE CONTINGENCY PLAN
TRAINING
TESTING
NON-PERIODIC
IN-LINE (FINE TUNE W/GUIDANCE)
LESSONS LEARNED
LOOP FINDINGS BACK TO THE ORIGINAL TEAM
REDESIGNING THE PLAN
SUMMARY AND CONCLUSION
THERE IS NEVER TOO MUCH PREPARATION
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
AUDITS
VERIFY
SECURITY
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
FOCUS ON AUDITS
PERFORMANCE AUDIT
A. EFFECTIVENESS
IMPROVED TASK ACCOMPLISHMENT
INCREASED OPERATIONAL EFFECTIVENESS
OPTIMIZED TECHNICAL EFFECTIVENESS
ECONOMIC EFFECTIVENESS
B. EFFICIENCY
TIMELINESS
THROUGHPUT
UTILIZATION
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
FOCUS ON AUDITS
CONTROLS AUDIT
DP MANAGEMENT
SEPARATION OF DUTIES
PHYSICAL SECURITY CONTROLS
MEDIA CONTROLS
CONTINGENCY PLANS
POLICIES AND PROCEDURES
USER MANAGEMENT
SEPARATION OF DUTIES
DATA VERIFICATION
DATA RELEVANCY
SYSTEM DESIGN AND CHANGE REVIEWS
POLICIES AND PROCEDURES
SYSTEM DEVELOPMENT
DOCUMENTATION AND PLANS
PROGRAMMING APPROACH
SOFTWARE TEST PROCEDURES
DESIGN REVIEWS AND MODIFICATIONS TO DESIGN
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
SOFTWARE INTEGRITY
INTRODUCTION
NATURE OF THE PROBLEM
- COMPLEXITY OF LARGE PROGRAMS
- SECURITY AND RELIABILITY OF SOFTWARE IS EXTREMELY
DIFFICULT TO ASCERTAIN
- PROGRAMMING STANDARDS ARE VIOLATED BY "CREATIVE"
PROGRAMMERS
- EFFICIENCY IS OFTEN COUNTER PRODUCTIVE TO SECURITY AND
RELIABILITY
- PHYSIOLOGICAL FACTORS
PROGRAM "NOW" DOCUMENT "LATER"
GOOD PROGRAMMERS BREAK RULES THAT IS CREATIVITY
"MY PROGRAM" SYNDROME
TENDENCY TO TRANSFER THE BLAME FOR ABORTED RUNS
TENDENCY TO AVOID/IGNORE TRIVIAL JOBS
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
SOFTWARE INTEGRITY
INTRODUCTION
METHODOLOGY TO IMPROVE SOFTWARE INTEGRITY
DOCUMENTATION STANDARDS AND PRACTICES
PROGRAMMING STANDARDS AND PRACTICES
STRUCTURED PROGRAMMING CONCEPTS
SOFTWARE CERTIFICATION PROCEDURES
CENTRALIZED TEST AND EVALUATION
ADMINISTRATIVE CONTROLS ON SOFTWARE
SOFTWARE AUDIT TECHNIQUES
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
SOFTWARE INTEGRITY
DOCUMENTATION STANDARDS
GOALS
DESCRIBE THE SYSTEM SPECIFICATIONS
PROVIDE MANAGERIAL CONTROL OF DEVELOPMENT, TEST, AND
IMPLEMENTATION
DETERMINE PRIORITIES WITHIN AVAILABLE RESOURCES
ENSURE INCORPORATION OF AUDIT CONTROLS
GUIDE SYSTEM DEVELOPMENT, TEST, EVALUATION, IMPLEMENTATION,
USE, MAINTENANCE AND TRAINING
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
SOFTWARE INTEGRITY
DOCUMENTATION REQUIREMENTS
GENERAL SYSTEMS NARRATIVE DESCRIPTION
SYSTEM FLOW CHARTS
FIRST LEVEL (SYSTEM FLOW - AN OVERVIEW OF MAJOR MODULES)
SECOND LEVEL (EXPANDED INTO SEMI-DETAILED DIAGRAMS (MACRO-
FLOW))
THIRD LEVEL (DETAILED DESCRIPTION OF EACH LOGICAL STEP
(MICRO-FLOW))
TEST AND EVALUATION SPECIFICATIONS
OPERATORS MANUAL
APPLICATION SETUP PROCEDURES/INSTRUCTIONS
ERROR CONDITIONS AND CORRECTION METHOD
BACKUP PROCEDURES
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
SOFTWARE INTEGRITY
DOCUMENTATION REQUIREMENTS
USERS MANUAL
GENERAL SYSTEMS DESCRIPTION
OPERATIONAL PROCEDURES
ERROR CONDITIONS AND CORRECTION METHOD
USER RESPONSIBILITIES
PROGRAM LISTINGS
SOURCE CODE
OBJECT CODE
DATA STRUCTURE DEFINITION
NOTE: DOCUMENTATION REQUIREMENTS WILL VARY SO STANDARDS SHOULD:
1. BE SUFFICIENTLY GENERAL TO ALLOW FLEXIBLE "FIT"
2. PROVIDE DETAILED GUIDANCE TO:
ALLOW PROGRAMMERS TO UNDERSTAND THEIR RESPONSIBILITIES
IN DEVELOPMENT OF ADEQUATE DOCUMENTATION
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
SOFTWARE INTEGRITY
STRUCTURED PROGRAMMING CONCEPTS
MODULAR PROGRAMMING
TRADITIONAL APPROACH TO SOFTWARE DEVELOPMENT
LARGE PROGRAMS ARE SUB-DIVIDED INTO MODULES FOR CONTROL
AND EASE OF DEVELOPMENT
LIMITATIONS:
INSUFFICIENT CONTROL DURING DEVELOPMENT
TESTING IS DEPENDENT UPON TOTAL SYSTEM COMPLETION
STRUCTURED PROGRAMMING
MODULAR PROGRAMMING USING HIERARCHAL STRUCTURES AND
TOP DOWN PROGRAMMING
INTEGRITY AT THE COST OF SIMPLICITY
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
SOFTWARE INTEGRITY
SOFTWARE CERTIFICATION PROCEDURES
PROGRAMS ARE CERTIFIED BY VERIFICATION, VALIDATION, AND TEST
DESIGNED TO ASSURE PROGRAMS FUNCTION AS AUTHORIZED. THE
SYSTEM AND ALL PROGRAMS ARE FULLY TESTED AND INDEPENDENTLY
INSPECTED FOR COMPLIANCE WITH SECURITY PROCEDURES AND USER
REQUIREMENTS BEFORE THEY ARE ACCEPTED TO "ON-LINE" STATUS.
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
SOFTWARE INTEGRITY
SOFTWARE CERTIFICATION PROCEDURES
FUNCTIONAL USER INVOLVEMENTS
DETERMINES REQUIREMENTS
DOCUMENTS/NARRATIVES GENERAL SYSTEM SPECIFICATION
SUBMITS REQUIREMENTS TO DP
PRELIMINARY ANALYSIS OF FEASIBILITY
PARTICIPANTS
FUNCTIONAL USER
DB ADMINISTRATOR
COMPUTER SECURITY SYSTEMS OFFICER
INTERNAL AUDITOR
SYSTEMS ANALYST
MANAGEMENT REPRESENTATIVE
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
SOFTWARE INTEGRITY
SOFTWARE CERTIFICATION PROCEDURES
PRELIMINARY ANALYSIS
ESSENTIAL DOCUMENTATION
GENERAL SYSTEM NARRATIVE DESCRIPTION
LEVEL ONE (SYSTEMS) FLOW CHART
DATA DESCRIPTION INCLUDING SENSITIVITY LEVEL
USER ACCESS REQUIREMENTS
REQUIRED SECURITY/INTEGRITY CONTROLS
AUDIT CONTROLS
SYSTEM COST JUSTIFICATION
PROJECT AUTHORIZATION
APPROVAL BE A CENTRAL APPROVING AUTHORITY
A PROGRAM TASK FORM, I. E., A CONTRACT BETWEEN THE USER AND
DEVELOPER WHICH DEFINES THAT WHICH WILL RESULT
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
SOFTWARE INTEGRITY
SOFTWARE CERTIFICATION PROCEDURES
PROGRAM DEVELOPMENT
ANALYST/PROGRAMMER TEAM(S) PERFORM THE FOLLOWING:
EVALUATE REQUIREMENTS
DEVELOP LEVEL TWO AND LEVEL THREE FLOW CHARTS
DEVELOP (CODE) PROGRAMS
PREPARE DOCUMENTATION
DESK CHECK (INSPECT FOR ERRORS)
TEST AND DEBUG
TRANSFER PROGRAM TO NEXT HIGHER AUTHORITY
WHEN ALL MODULES ARE COMPLETE
SIGN OFF PROGRAM TASK FORM SIGNIFYING COMPLETION
TRANSFER PROGRAMS TO INCREMENTAL TEST LEVEL
VERIFY COMPLIANCE WITH SECURITY PROCEDURE
VERIFY SYSTEM FULFILLS USER REQUIREMENTS
SIGN OFF PROGRAM TEST AND VALIDATION
CONDUCT INTEGRATED SYSTEMS TEST
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
SOFTWARE INTEGRITY
SOFTWARE CERTIFICATION PROCEDURES
PROGRAM TEST AND VALIDATION
A DESIGNATED "CENTRAL" TEST GROUP
EVALUATES USER REQUIREMENTS
DETERMINES TEST CRITERIA
PREPARES TEST DATA
CONDUCTS TEST UNDER CONTROLLED CONDITIONS
EVALUATES RESULTS
FORMULATES RECOMMENDATIONS
SIGNS-OFF SIGNIFYING ACCEPTANCE AND COMPLIANCE WITH
SECURITY PROCEDURES
RECOMMENDS INTRODUCTION "ON-LINE"
OR, RETURNS THE PROGRAMS FOR REVISION
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
SOFTWARE INTEGRITY
SOFTWARE CERTIFICATION PROCEDURES
PROGRAM CERTIFICATION
THE TEST GROUP MAY RECOMMEND:
1. MOVE THE SYSTEM TO "ON-LINE" STATUS
2. RETURN FOR REVISION
PROMOTION TO ON-LINE STATUS
UPDATES THE SYSTEM DIRECTORIES (WATCH CUT-OVER DATE)
OPERATIONS PLACES PROGRAMS ON-LINE USING NORMAL
MAINTENANCE TECHNIQUES
SOURCE PROGRAM AND DOCUMENTATION ARCHIVED
OPERATIONS INSTRUCTIONS DISTRIBUTED AND ACKNOWLEDGED
BY USERS, DATA INPUT, AND SYSTEM OPERATORS
TRAINING OF USERS, DATA INPUT AND SYSTEM OPERATORS
USER EVALUATES PROGRAMS UNDER "LIVE" CONDITIONS
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
SOFTWARE INTEGRITY
CONTROL OF PROGRAM MODIFICATIONS
TYPES
MAJOR SOFTWARE CHANGES (NEW SYSTEM)
MINOR SOFTWARE CHANGES (REVISIONS LESS THAN A NEW SYSTEM)
TEMPORARY CHANGES (TO MEET EXTRAORDINARY ONE-TIME
CONDITIONS)
CONTROL OF SOFTWARE MODIFICATIONS
CONTROLLING CHANGES
DOCUMENTATION OF CHANGES
SOURCE PROGRAM CHANGES
TEST AND EVALUATION
CERTIFICATION OF CHANGES
NOTIFICATION OF CHANGES
MODIFICATION PITFALLS CAN "KILL" SYSTEM EFFECTIVENESS
FAILURE TO TEST MINOR MODIFICATIONS
TEMPORARY CHANGES DO NOT REQUIRE DOCUMENTATION
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
SOFTWARE INTEGRITY
ADMINISTRATIVE CONTROLS ASSURE INTEGRITY
CONTROLS FOR USER PROGRAMS
JOB CONTROL RUN PROCEDURES
PREVENTING EXPLOITATION OF TRAP DOORS
DEALING WITH "TROJAN HORSE" PROBLEMS
THREAT MONITORING MECHANISMS
RESTRICTIONS ON USERS
RESTRICTIONS ON PROGRAMMERS
RESTRICTIONS ON SYSTEMS OPERATORS
SOFTWARE LIBRARIES REQUIRE CONTROLS
SOURCE PROGRAMS WITH INDEXED CHANGE HISTORY
DOCUMENTATION
PROGRAM BACKUP
GENERAL RECOMMENDATIONS
FORCE THE OCCURRENCE OF COLLUSION SHOULD FRAUD OR
EMBEZZLEMENT BE ATTEMPTED
NEED-TO-KNOW
VARY PERSONNEL TO PREVENT COLLUSION
AUDIT RANDOMLY TO ASSURE COMPLIANCE WITH PROCEDURES
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
SOFTWARE INTEGRITY
SOFTWARE AUDIT PROCEDURES
DEFINE THE CRITERIA AND MEASURES OF PERFORMANCE
KNOW YOUR AUDITORS CAPABILITIES AND LIMITATIONS
SOFTWARE AUDIT TECHNIQUES
TEST DATA METHOD
DUPLICATE SYSTEM METHOD
PROGRAM COMPARISON METHOD
CHECK COMPLIANCE W/ESTABLISHED PROCEDURES
"I FOUND A PROBLEM". NOW WHAT ?
REPORT YOUR FINDING TO MANAGEMENT
DETERMINE AND RECOMMEND FOLLOW-UP ACTION(S)
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
SOFTWARE INTEGRITY
IMPLEMENTATION OF INTEGRITY CONTROLS
IMPLEMENTATION PRIORITIES
DO THE EASY THINGS FIRST
JUSTIFY AND BUDGET MEASURES WHICH REQUIRE RESOURCES
EMPLOYEE AWARENESS IS ESSENTIAL
DEALING WITH RESISTANCE TO CHANGE
MANAGEMENT'S RESPONSIBILITIES
EMPLOYEE PARTICIPATION (MAKE IT THEIR IDEA)
EMPLOYEE TRAINING
JOB SWAPPING ENHANCES UNDERSTANDING
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
SOFTWARE INTEGRITY
SUMMARY
SOFTWARE INTEGRITY CAN BE ACHIEVED
SOFTWARE INTEGRITY SUCCESS REQUIRES INDIVIDUAL INITIATIVE AND
PERSEVERANCE TO BE SUCCESSFUL
SOFTWARE INTEGRITY IS A SCIENCE REQUIRING A DEFINED METHODOLOGY
CHANGE MAKES PEOPLE UNCOMFORTABLE
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
DATA INTEGRITY
REQUIREMENTS
ACCURACY
COMPLETENESS
VALIDITY
TIMELINESS
CONFIDENTIALITY
RELEVANCY
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
DATA INTEGRITY
NATURE OF THE CORPORATE PROBLEM
POOR FORM DESIGN
COMPLEXITY
POOR DOCUMENTATION OF INPUT REQUIREMENTS
INADEQUATE TRAINING
INADEQUATE PREVIEW OF INPUT SOURCES
QUANTITY VERSUS QUALITY RESULTS
LACK OF ACCOUNTABILITY FOR INPUTS
INADEQUATE CONTROL OF ERROR CORRECTIONS
INADEQUATE AUDITING
INSUFFICIENT PROCESSING CONTROLS
INSUFFICIENT CONTROL OF OUTPUT
INADEQUATE SECURITY
SOURCES OF ERROR
HARDWARE FAILURES
SOFTWARE INCOMPLETENESS (POOR SYSTEM OR PROGRAM)
OPERATOR FAILURE
ERRONEOUS DATA
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
DATA INTEGRITY
COMPLEXITY OF THE PROBLEM
INSUFFICIENT MANAGEMENT SUPPORT
INTEGRITY CONTROLS OMITTED TO GET SYSTEM "UP"
INTEGRITY CONTROLS SLOW THE SYSTEM
INTEGRITY OMISSIONS POP-UP AFTER THE FACT
TESTING CANNOT PROVE INTEGRITY
PROTECTION OF DATA INTEGRITY
GOALS
PREVENT UNAUTHORIZED DATA MODIFICATION
MINIMIZE DAMAGE SHOULD ANY OCCUR
CREATE "WORKABLE" RECOVERY AND CORRECTION PROCEDURES
CONTROLS
AUTHENTICATION BY USERS
AUTHORIZATION CONTROLS
ACCURACY CHECKS
ACCOUNTABILITY OF TRANSACTIONS
ACCESS CONTROLS
DATA VALIDATION/VERIFICATION CHECKS
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
DATA INTEGRITY
INFORMATION FLOW ANALYSIS
INPUT
OBJECTIVES
ASCERTAIN PROPER LOGGING AT THE SOURCE LEVEL
MATCH INPUT TRANSACTIONS TO PROCESSED TRANSACTIONS
ENSURE PROPER AUTHORIZATION OF TRANSACTIONS
ASSURE WORK FLOW ACCURACY
ENSURE ERROR CORRECTION PROCEDURES ARE FOLLOWED
ASSURE ALL BATCHES ARE ACCOUNTED FOR
CONTROLS
DESIGN INPUT DOCUMENTS FOR CLARITY AND EASE OF USE
PROVIDE SUFFICIENT INSTRUCTIONS
ACCENTUATE IMPORTANT DATA FIELDS
VALIDATE THE DATA
DIRECT INPUT BY SOURCE (MICR, OCR, TERMINAL, ETC,)
PRE-NUMBER SOURCE DOCUMENTS
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
DATA INTEGRITY
INFORMATION FLOW ANALYSIS
INPUT
DATA TRANSFER
PROBLEMS
VARIETY OF SYSTEMS IN USE
SECURITY OF DATA IN TRANSIT
CONTROLS
ACCOUNTABILITY
TRANSFER/RECEIPT LOGS
BATCH TOTALS
ACCESS CONTROLS
DATA TRANSMISSION (DISCUSSED UNDER NETWORK SECURITY)
INPUT CONTROLS
PROBLEMS
TRANSFER OF RESPONSIBILITY
IMPERSONAL
SIMILARITIES WITH DATA COLLECTION MECHANISMS
SOURCE DOCUMENTS -- S/B CONTROLLED PRIOR TO
CONVERSION TO COMPUTER MEDIA
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
DATA INTEGRITY
INFORMATION FLOW ANALYSIS
INPUT
INPUT CONTROLS
CONTROLS
ANALYZE FOR COMPLETENESS
VERIFY THE SOURCE
ACCOUNTABILITY
PRE-NUMBERED SOURCE DOCUMENTS
BATCHING
USE OF A DOCUMENT REGISTER
CONTROL DISPOSITION OF SOURCE DOCUMENTATION
DATA INPUT VALIDATION
ASSURE ACCURACY BEFORE ADDING IT INTO OPERATIONAL
FILES
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
DATA INTEGRITY
INFORMATION FLOW ANALYSIS
INPUT
INPUT CONTROLS
DATA INPUT VALIDATION
CHECKS MUST BE TAILORED TO SPECIFIC DATA
TYPES OF DATA VALIDATION CHECKS
CHARACTER
TEST FOR NUMERIC
TEST FOR ALPHABETIC
TEST FOR SPECIAL CHARACTERS
TEST FOR BLANKS
TEST FOR SIGN
FIELD
LIMIT TEST
RANGE TEST
REASONABLENESS TEST
TEST FOR VALID ITEM/FORMAT.CONSISTENCY
SEQUENCE CHECK
SELF-CHECKING NUMBERS
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
DATA INTEGRITY
INFORMATION FLOW ANALYSIS
INPUT
INPUT CONTROLS
DATA INPUT VALIDATION
TYPES OF DATA VALIDATION CHECKS
TRANSACTION
TEST FOR COMPLETENESS
TEST FOR INTERNAL CONSISTENCY
TEST FOR EXTERNAL CONSISTENCY
SEQUENCE CHECKS
SERIAL NUMBER CHECKS
TEST FOR VALID ITEM
CHECK FOR FALSE KEYING
BATCH
TRANSACTION COUNT
BATCH CONTROL TOTALS
HASH TOTALS
BATCH NUMBER CHECKS
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
DATA INTEGRITY
INFORMATION FLOW ANALYSIS
PROCESSING
OBJECTIVES
ASSURE APPLICATIONS ARE PROCESSED AS INTENDED
DETECT INCONSISTENCIES IN DATA
DETECT INCORRECT ACTIONS BY USERS OR OPERATORS
PROCESSING AUDITS
ARITHMETIC
ROUNDING ERRORS
REASONABLENESS
ARTIFICIAL TRANSACTIONS
AUDIT TRAILS
RECORD OF TRANSACTIONS PROCESSED
AID IN DATA FILE RECONSTRUCTION
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
DATA INTEGRITY
INFORMATION FLOW ANALYSIS
OUTPUT
OBJECTIVES
ASSURE ACCURACY OF PROCESSED DATA
PROVIDE ANALYSIS CAPABILITY
MINIMIZE FRAUD OR EMBEZZLEMENT
ASSURE ADEQUATE CONTROLS
TYPES
REASONABLENESS
SERIAL NUMBERS
A CONTROL RECORD
DETECTING ERRORS IN DATA
SYSTEMS MUST BE MONITORED TO DETECT INDIVIDUAL ERRORS OR
SERIES OF ERRORS IN DATA
METHODS
DATA SAMPLING
SUBJECT REVIEW
CHECKPOINTS
ERROR REPORTS
INPUT/TOTAL BALANCING
AUDITING
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
DATA INTEGRITY
CORRECTING ERRORS
METHODS
INPUT CORRECTION TRANSACTION IN SYSTEM
SEPARATE PURGE PROGRAMS
FOLLOW-UP ANALYSIS
SUMMARY
CONTROL OF DATA INTEGRITY IS A SIGNIFICANT PROBLEM
MANAGEMENT SUPPORT IS MANDATORY
DATA INTEGRITY IS EVERYBODY'S JOB
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
PHYSICAL SECURITY AND MEDIA PROTECTION
PHYSICAL SECURITY PROBLEMS
THREATS
NATURAL DISASTER
INADVERTENT ACTIONS
DELIBERATE ACTIONS
COUNTERMEASURES
PHYSICAL ACCESS CONTROLS
ELECTRIC POWER CONTROLS
ENVIRONMENTAL CONTROLS
FIRE CONTROLS
FLOOD CONTROLS
MEDIA CONTROL
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
PHYSICAL SECURITY AND MEDIA PROTECTION
DATA PROCESSING PHYSICAL SECURITY PROBLEM AREAS
VULNERABILITIES
AREAS IN RELATION TO:
DP CENTER AND ITS BUILDING
COMPUTER EQUIPMENT ROOM
MEDIA LIBRARY
REMOTE TERMINAL SITES
UTILITY SOURCES
ALARM SYSTEMS
OTHER THAN NORMAL WORK HOURS
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
PHYSICAL SECURITY AND MEDIA PROTECTION
SAFEGUARDS
BUILDING DESIGN
COMPUTER CENTER ISOLATION
LIMITED ACCESS ROUTES
INTEGRITY OF CONSTRUCTION
REINFORCEMENT
UNDERGROUND COMMUNICATIONS AND POWER LINES
FAR-REACHING LIGHTING
PHYSICAL BARRIERS
FENCES
BARRED WINDOWS
LOCKS
KEY
COMBINATION
MECHANICAL CIPHER
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
PHYSICAL SECURITY AND MEDIA PROTECTION
AUTOMATED ACCESS SYSTEMS
ELECTRONIC CIPHER
MAGNETIC CARD
DATA KEY
BIOMETRICS
EYE RETINAL PATTERN
FINGERPRINT
SIGNATURE
VOICEPRINT
MANTRAPS
SECURE STORAGE CONTAINERS
SAFE
VAULT
LOCK-ABLE CABINET
GUARDS AND RECEPTIONISTS
ROVING VERSUS STATIC
INTERNAL AND EXTERNAL
MOVEMENT CONTROL - PEOPLE AND THINGS
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
PHYSICAL SECURITY AND MEDIA PROTECTION
ELECTRONIC MONITORS
CCTV
INTRUSION DETECTORS
CONTINUOUS ELECTRICAL CIRCUIT
PRESSURE WIRE
MOTION
ACOUSTICAL
VIBRATION
PHOTOMETRIC
PROXIMITY
OBJECT DETECTORS
METAL
MAGNET
BOMB
ADMINISTRATIVE PROCEDURES
RESTRICTED AREAS
ACCESS LISTS/SIGN-IN LOGS
ID BADGES/PHOTO ALBUM
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
PHYSICAL SECURITY AND MEDIA PROTECTION
ELECTRIC POWER
THREATS
TRANSIENTS
BROWNOUT
BLACKOUT
SAFEGUARDS
MONITORING DEVICES AND ALARMS
SPIKE SUPPRESSOR
ISOLATION TRANSFORMER
VOLTAGE REGULATOR
DUAL FEEDS
ELECTRIC MOTOR-GENERATOR
UNINTERRUPTIBLE POWER SOURCE (UPS)
DIESEL GENERATOR
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
PHYSICAL SECURITY AND MEDIA PROTECTION
ENVIRONMENT
THREATS
TEMPERATURE EXTREMES
HUMIDITY VARIANCE
PARTICLE CONTAMINANTS
SAFEGUARDS
MONITORING DEVICES AND ALARMS
REDUNDANT AND DISTRIBUTED A/C SYSTEMS
INTEGRITY OF CONSTRUCTION
PROVISION FOR EMERGENCY USE OF OUTSIDE AIR
GOOD HOUSEKEEPING PRACTICES
COVERS FOR EQUIPMENT
POSITIVE PRESSURE
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
PHYSICAL SECURITY AND MEDIA PROTECTION
FIRE
THREATS
COMBUSTION
HEAT
PRODUCTS OF COMBUSTION
EXTINGUISHING AGENT
STRUCTURE COLLAPSE
PREVENTION
BUILDING CONSTRUCTION
INTEGRITY OF CONSTRUCTION
FIRE RESISTANT MATERIALS
FIRE PARTITIONS AND DAMPERS
REINFORCE
DP CENTER ISOLATION
PROXIMITY TO FIRE DEPARTMENT
NON-COMBUSTIBLE FURNISHING
FIRE RESISTANT STORAGE CONTAINERS
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
PHYSICAL SECURITY AND MEDIA PROTECTION
FIRE
DETECTION
DETECTORS
FLAME
LIGHT
INFRARED
ULTRAVIOLET
PRODUCT OF COMBUSTION
PHOTOELECTRIC
IONIZATION
DETECTOR LOCATION
PATH OF AIR CURRENTS
DEAD AIR SPACES
EQUIPMENT CABINETS
ALARM SYSTEMS
AUTOMATIC -- LOCATION SPECIFIC -- ANNOYING
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
PHYSICAL SECURITY AND MEDIA PROTECTION
FIRE
EXTINGUISHING
THOROUGH INSPECTION
INTEGRITY OF CONSTRUCTION
ROOM CHARACTERISTICS
EQUIPMENT LOCATION
EXTINGUISHING AGENTS
WATER
CO-2
HALON
METHODS OF AGENT DISTRIBUTION
AUTOMATIC AND MANUAL
LOCAL APPLICATION
TOTAL VOLUME FLOOD
TYPES OF DISTRIBUTION SYSTEMS
PORTABLE
MODULAR
CENTRAL STORAGE
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
PHYSICAL SECURITY AND MEDIA PROTECTION
FIRE
EXTINGUISHING
UTILITY SHUT DOWN PROCEDURES
ACCESS/EVALUATION PATHS
CLEARED
MARKED
LIGHTED
FIRE DEPARTMENT PROCEDURES
RESPONSE TEAM TRAINING
FLOODING
THREAT SOURCES
FLOOD PLAINS
WATER COLLECTION/STORAGE
PATH/COLLECTION OF FIRE FIGHTING WATER
WATER/STEAM PIPES
LEAKS
DRAIN BACKUPS/PUMP FAILURES
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
PHYSICAL SECURITY AND MEDIA PROTECTION
FIRE
FLOODING
PRECAUTIONS
BUILDING LOCATION
BUILDING DESIGN
INTEGRITY OF CONSTRUCTION
WATER RESISTANT CONSTRUCTION
REROUTE WATER PIPES
DP CENTER LOCATION
SEALS AND TRAPS
CHECK VALUE MANAGED DRAIN SYSTEM
EQUIPMENT COVERS
PUMPS
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
PHYSICAL SECURITY AND MEDIA PROTECTION
OTHER CONSIDERATIONS
SUPPORTING UTILITIES
A/C WATER
PUMP ELECTRIC POWER
NEIGHBORING THREATS
CHEMICAL OF LIKE OPERATIONS
CONSTRUCTION
AIRPORT FLIGHT PATH
ROADS POINT TO BUILDING
CRIME
AREAS PRONE TO:
EARTHQUAKE
THUNDERSTORMS
WINDSTORMS
TIDAL
PERIODIC FLOODING
ICE/SNOW
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
PHYSICAL SECURITY AND MEDIA PROTECTION
OTHER CONSIDERATIONS
ELECTROMAGNETIC INTERFERENCE
ELEVATORS
CLEANING EQUIPMENT
POWER LINES
RADIO/TELEVISION TRANSMITTERS
ELECTRIC TRAINS
MICROWAVE COMMUNICATIONS
RADAR
LONG WAVES
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
MEDIA SECURITY
MEDIA INCLUDES
PUNCHED CARD
PAPER TAPE
PLASTIC TAPES
MAGNETIC TAPE/CASSETTE
MAGNETIC DISK/DISKETTE
MAGNETIC DRUM
PAPER OUTPUT (CONTINUOUS AND LASER PAGE)
MICROFICHE
DP EQUIPMENT CIRCUITRY (RAM, ROM, PROM, EPROM)
RIBBON
CARBON PAPER
CRT DISPLAY
MEDIA VULNERABILITIES
LARGE VOLUMES IN SMALL MEDIUM WITH WIDE DISTRIBUTION
NOT HUMAN READABLE
EASILY DAMAGED/DESTROYED
RESIDUAL DATA IS RETAINED ON MEDIUM
MAGNETIC MEDIA IS ENVIRONMENT SENSITIVE
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
MEDIA SECURITY
AREAS TO APPLY PRECAUTIONS
MARKING
INTERNAL LABEL
EXTERNAL LABEL
NON-MAGNETIC I/O
CLASSIFICATION
SENSITIVITY
STORAGE
MAGNETIC MEDIA LIBRARY
SEGREGATED
PHYSICAL ACCESS CONTROL
ENVIRONMENTAL CONTROLS
OFF-SITE BACKUP
SECURE STORAGE AREAS/CONTAINERS
SANITATION
MAGNETIZE/DEGAUSS
OVERWRITE
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
MEDIA SECURITY
DISPOSITION
DISTRIBUTION
AUTHORIZED USER
AUTHORIZED TRANSFER AGENT
REGISTERED MAIL OR BONDED MESSENGER
DISPOSAL
SANITATION
DESTRUCTION
SHRED
INCINERATE
ADMINISTRATIVE CONTROL
CONTROL LOGS
ISSUE/RETURN
INVENTORY
SANITATION/DISPOSAL
OUTPUT DISTRIBUTION
AUTHORIZATION LISTS
MEDIA MANAGEMENT SYSTEMS
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
MEDIA SECURITY
CONCLUSIONS
APPLY SYSTEMS LOGIC TO PHYSICAL SECURITY
MAINTAIN MULTI DIMENSIONAL SECURITY
CONSIDER SECURITY AT SITE SELECTION
PRECAUTIONS REQUIRE PREVENTIVE MAINTENANCE
AUDITS AND INSPECTIONS ARE MANDATORY ON A RANDOM BASIS
USE OUTSIDE - OBJECTIVE - EXPERTISE (CONSULTANTS)
PLAN FOR CONTINGENCIES
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
OPERATING SYSTEM PROTECTION
SCOPE
O/S PROTECTION FUNDAMENTALS
MODEL OF AN O/S
SECURITY FUNCTIONS OF AN O/S
IDENTIFICATION AND ACCESS CONTROL
ISOLATION AND CAPABILITY CONTROL
PROTECTION OF O/S
AUDIT TRAILS
THREAT MONITORING
EMERGENCY CONDITIONS
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
OPERATING SYSTEM PROTECTION
O/S PROTECTION FUNDAMENTALS
PROTECT EVERYTHING FROM EVERYTHING
PROTECT THE O/S FROM USERS
PROTECT USERS FROM EACH OTHER
PROTECT USERS FROM THEMSELVES
PROTECT O/S FROM ITSELF
PROTECT O/S FROM ENVIRONMENT
OBJECTIVES
PREVENT DESTRUCTION, DISCLOSURE, MODIFICATION, DELAY
MINIMIZE DESTRUCTION, DISCLOSURE, MODIFICATION, DELAY
DETECT DESTRUCTION, DISCLOSURE, MODIFICATION, DELAY
RECOVER FROM DESTRUCTION, DISCLOSURE, MODIFICATION,
DELAY
IDENTIFY ATTACK TECHNIQUES (PART OF RISK ANALYSIS)
PERFORMANCE FACTORS
AVAILABILITY (MTBF)
RELIABILITY (MTBE)
MAINTAINABILITY (MTBR)
SUITABILITY / EFFECTIVENESS / ACCEPTABILITY
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
OPERATING SYSTEM PROTECTION
MODEL OF AN O/S
SUPERVISORY
SYSTEM EXECUTIVE
RESOURCE MANAGEMENT
SYSTEM MANAGEMENT
SYSTEM COMMUNICATION
ERROR AND DIAGNOSTIC ROUTINES
DISPATCHER AND SCHEDULER
SYSTEM LOGGING AND RECOVERY ROUTINES
I/O DATA TRANSFER AND BUFFERING
SECURITY
ACCESS CONTROL MECHANISM ALLOCATION MAPS
ID AND PASSWORD DIRECTORY KEY/LOCK PROTECTION
THREAT MONITOR AND RESPONSE FILE ACCESS CONTROL
AUDIT ROUTINES MONITOR RESPONSES
PRIVILEGE CONTROL MECHANISMS ENCRYPTION/DECRYPTION
SUBJECT PROFILE DIRECTORY MEMORY PROTECTION
MECHANISM
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
OPERATING SYSTEM PROTECTION
MODEL OF AN O/S
NON-SUPERVISORY
FILE ALLOCATION AND MAINTENANCE ROUTINES
FILE ALLOCATION MAPS
RESIDUE ERASE ROUTINES
ACCESS REQUEST ROUTINES
FILE DIRECTORIES
DATA HANDLING ROUTINES
UTILITIES
IDENTIFICATION AND ACCESS CONTROL
IDENTIFICATION/AUTHENTICATION OF USERS
ACCESS CONTROL MECHANISM
ISOLATION AND CAPABILITY CONTROLS
RESTRICTIONS ON USER PROGRAMS
CONTROL OF USER PRIVILEGE
MEMORY PROTECTION CONCEPTS AND TECHNIQUES
COMPARTMENTALIZATION
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
OPERATING SYSTEM PROTECTION
PROTECTION SCHEMA
PROBLEMS
INCOMPLETE PARAMETER VALIDATION
INADEQUACIES OF ID /AUTHORIZATION / AUTHENTICATION
EXPLOITABLE LOGIC ERRORS
ASYNCHRONOUS VALIDATION ERRORS
SHARING OF PRIVILEGED DATA
VARIABLE PROHIBITION OR LIMIT
INCONSISTENT VALIDATION PARAMETERS
SOLUTIONS
SOFTWARE FIXES
REDUCTION OF USER CAPABILITIES
SUPERVISION OF PEOPLE
COMPARTMENTED OPERATION
HARDWARE MONITORS
PERIODIC O/S RELOADING
BIT-BY-BIT CHECKING
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
OPERATING SYSTEM PROTECTION
SURVEILLANCE
THREAT MONITORING
AUDIT TRAILS
FILE ACCESS CONTROLS
LEAST PRIVILEGE
VALIDATE USER ACCESS REQUEST PARAMETERS
ENCRYPTION
CAPABILITY CONTROL
BACK-END PROCESSOR
DATABASE MACHINES
OPERATIONS AND MAINTENANCE
STANDARD OPERATING PROCEDURES
START-UP
OPERATION
SHUT-DOWN
MAINTENANCE
BACKUP
COMPUTER SECURITY MAKES GOOD SENSE
..............................................................................................................................................
OPERATING SYSTEM PROTECTION
OPERATIONS AND MAINTENANCE
ABNORMAL CONDITION PROCEDURES
CONTROL OF O/S CHANGES
AUTHORIZATION
DOCUMENTATION
VERIFICATION
TEST AND EVALUATION
CERTIFICATION
NOTIFICATION
CONTINGENCY PLAN OF O/S PROBLEMS
VULNERABILITY REPORTING / PROBLEM-SITUATION SHARING
SUMMARY
O/S SECURITY IS COMPLEX