Scribd Logo
Upload

Welcome to Scribd!

  • 20 views

    CH 6 PDF

    Uploaded by

    Biplove Pokhrel

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    CH 6 PDF

    Uploaded by

    Biplove Pokhrel
    20 views7 pages

    Original Title

    ch-6.pdf

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    20 views7 pages

    CH 6 PDF

    Uploaded by

    Biplove Pokhrel

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 7

    Security

    ➢ The goals of an installation, and its security policy, dictate the functionality
    required of the site.
    ➢ The distribution of functionality throughout the site’s network is critical to
    improving the security of the site.
    ➢ The functionality of each part of the network controls the nature and
    configuration of each host on the network

    3/1/2020 Information Security and Audit Ch-6 Sunil Dahal IOE, Pashchimanchal Campus 2
    Security
    ➢ Data related to company plans is to be kept secret. In particular, sensitive
    corporate data, such as data involved in developing potential products, is
    to be available only to those who need to know.
    ➢ When a customer provides data (such as a credit card number) as part of a
    purchase, the data, and all information about the customer, are to be
    available only to those who fill the order.
    ➢ Company analysts may obtain statistics about a number of orders for
    planning purposes.
    ➢ Releasing sensitive data requires the consent of the company’s officials
    and lawyers.

    3/1/2020 Information Security and Audit Ch-6 Sunil Dahal IOE, Pashchimanchal Campus 3
    Security
    ➢ Policy development
    ➢ Data classes
    Public data
    Development data
    Corporate data
    Customer data
    ➢ User classes
    Outsiders
    Developers
    Executives
    Employee
    3/1/2020 Information Security and Audit Ch-6 Sunil Dahal IOE, Pashchimanchal Campus 4
    Network Organization

    3/1/2020 Information Security and Audit Ch-6 Sunil Dahal IOE, Pashchimanchal Campus 5
    System security
    ➢ What are the system security concerns based on where they are located.
    ➢ For instance for a web server in DMZ and a web server in the development
    network.
    ✓ Policy

    ✓ Network

    ✓ Users

    ✓ Authentication

    ✓ Processes

    3/1/2020 Information Security and Audit Ch-6 Sunil Dahal IOE, Pashchimanchal Campus 6
    User Security
    ➢ U1. Only users have access to their accounts.
    ➢ U2. No other user can read or change a file without the owner's
    permission.
    ➢ U3. Users shall protect the integrity, confidentiality, and availability of their
    files.
    ➢ U4. Users shall be aware of all commands that they enter, or that are
    entered on their behalf.

    3/1/2020 Information Security and Audit Ch-6 Sunil Dahal IOE, Pashchimanchal Campus 7

    You might also like