Please enable JavaScript.
Coggle requires JavaScript to display documents.
IT system security and safety (building controls into an information…
IT system security and safety
Introduction
physical threats
natural:fire,flooding,weather,lightning,
man made: terrorist activity and accidental damage
physical access controls
designed to prevent intruders getting near to computer equipment and/or storage media
e.g personnel, door locks, keypad system, card entry system, intruder alarms
aspects of security
detection
deterrence: computer misuse by personnel can be made grounds for disciplinary action
prevention:it is in practice impossible to prevent all threats cost-effectinely
recovery procedures: if the threat occurs, it consequences can be contained
correction procedures:These ensure the vulnerability is dealt with(for example, by instituting stricter controls)
threat avoidance: these might mean changing the design of the system
building controls into an information system
risk to data
human error/technical error such as malfunctioning hardware or software
natural disasters such as fire, flooding, explosion,impact
deliberate actions such as fraud/commercial espionage/malicious damage
Integrity control
data integrity: in the context of security is preserved when data is the same as in source documents and has not been accidentally or intentionally altered, destroyed or disclosed
systems integrity: refers to system operation conforming to the design specification despite attempts to make it behave incorrectly
integrity control
process: audit trail
output: back-up controls/archiving
Input: (1)passwords and logical access system/administration controls(2)data verification/validation
contingency control: an unscheduled interruption of computing services that requires measures outside the day-to-day routine operating procedures
recovery procedures once the cause of the breakdown has been discovered or corrected
personnel management policies to ensure that the above are implemented properly
standby procedures so that some operations can be performed while normal services are disrupted