Welcome to YLOAN.COM
HOME MARKETS TRADE SOLUTIONS TECH CONTACT
yloan.com » info » What Are The Principles Of Information Security Design?
Online Business Site Promotion Web misc Affiliate-Revenue Auctions Audio-Streaming Autoresponders Blogging-Rss Email-Marketing Ezine-Publishing Forums Internet-Marketing List-Building PPC-Advertising Podcasting SEO Spam-Blocker Traffic-Building Video-Streaming Web-Design Web-Development Web-Hosting Domain Name soreness web analysis vinyl mlm searching media info spyware access microsoft outlook farmville

What Are The Principles Of Information Security Design?

You can use several well-known security design principles to help you design security for information systems

. These principals have their roots in the design of security for business system processes. Although you might not be able to apply every principle to every security design situation, you will find that using these principles will allow you to quickly see where security can be added. These principles should be part of your framework. Use these security design principles to help you design security for information systems: MCSE

Throughout this book, these principles will be used to explain specific security designs.Separation of duties. Whenever possible, separate the functions of critical operations and assign different parts of the operation to different roles within the organization. For example, programmers should not have network administration privileges; those with backup rights shouldn't have restore rights; and auditors shouldn't be able to modify systems.

Least privilege.Give people only the privileges and access to data that they absolutely need. For example, users shouldn't be administrators on their desktops.

Delegate administrative authority at the organizational unit (OU) level where possible, not domainwide.


Reducing the attack surface. The fewer avenues of attack that are available,the less there is to protect and the less chance there is of the network being com?promised. For example, disable unneeded services, don't install unnecessary ser? vices or applications, and protect sensitive data with encryption. MCSE Certification

Defense in depth Do not rely on one defense. Use many. If one fails, the other might prevent the intrusion or at least give you time to deal with it. For example:

Require authentication, use permissions on shares, use permissions on folders, and use permissions on files.

Use a firewall, use gateway filters for e-mail, harden servers and client computers, train administrators, train users, and create an incident response team.

Diversity of mechanism. If every computer is the same and if every defense mechanism is the same, then they will fail the same way. Use a variety of mechanisms. This is also addressed by providing redundancy and multiple paths. For example, design a classic perimeter network (also known as a DMZ, or demilitarized zone, and a screened subnet) or border network with two firewalls. One firewall should be between the Internet and the border network and the other should be between the border network and the internal network. Do not use the same firewall at each border. If an intruder successfully penetrates the external firewall,you do not want her to be able to use the same attack on the internal firewall.


Use of fail-safe defaults. Systems should always be configured to choose the most secure default action. For example:

Ports on firewalls should always be closed by default. You must open those for which you want to provide access. No access, such as access to a file, should be possible unless it is explicitly given.

Economy of mechanism. Complexity is the enemy of security. The more com? plex security is, the more likely it is to fail. When a security strategy is hard to under? stand, people don't use it or configure it incorrectly. For example, if a smart card must be in the smart card reader to keep a session going, make the smart card the employee ID badge. Because an ID badge must be worn at all times, the user's smart card will always be available to the user. Only one card is therefore necessary for both approved entrance to the building and free access to building facilities and the logon for the computer. In addition, when a user leaves his desk, he must remove the smart card to retrieve the necessary badge for building access. If the computer is configured to log the user off when the card is removed, another secu? rity activity is automatically used and the user doesn't have to remember to do it.

by: endeavor03
Useful Feature Information On An Air Purifier Filters Basic Info On Midwives 192.168.0.1 Detailed Information Orchid Information Made Easy :get To Know 10 Popular Orchid Types Useful Info About Ear Mites How To Find Information About A Person Interesting Information About Hurricane Tarps Toaster Oven Information For Your Consideration Useful Information About Dehumidifier Debugging Why You Should Use A Personal Information Manager (pim) Info On Abba Pure Finish Gel Information On Abba Pure Shine Drop Make An Informed Choice When Considering Adoption
print

Contact

mail:info@yloan.com

www.yloan.com

About us Infoline Team Join us Cooperation

Products

Yloan information

Our Solutions

Presentation Testimonials Examples Our experts Resources

Press Room

Advertisement Interviews Hot news Photos Marketing

Resources

loan info finance info
www.yloan.com guest:  register | login | search IP(216.73.216.35) California / Anaheim Processed in 0.018112 second(s), 7 queries , Gzip enabled , discuz 5.5 through PHP 8.3.9 , debug code: 24 , 4207, 492,
What Are The Principles Of Information Security Design? Anaheim