Computers > Information Technology > Download, free read

Security for the Digital World within an Ethical Framework by The Digital Enlightenment Forum download in ePub, pdf, iPad

Evaluate the effectiveness of the control measures. This is called authorization. Within the need-to-know principle, network administrators grant the employee the least amount of privileges to prevent employees from accessing more than what they are supposed to. For example, an employee who submits a request for reimbursement should not also be able to authorize payment or print the check. Consider productivity, cost effectiveness, and value of the asset.

Evaluate the effectiveness

The discretionary approach gives the creator or owner of the information resource the ability to control access to those resources. White, Green, Amber, and Red. Violations of this principle can also occur when an individual collects additional access privileges over time.

They inform people on how the business is to be run and how day-to-day operations are to be conducted. The access control mechanisms are then configured to enforce these policies. The bank teller checks the license to make sure it has John Doe printed on it and compares the photograph on the license against the person claiming to be John Doe.

Organizations can implement additional controls according to requirement of the organization. Both perspectives are equally valid, and each provides valuable insight into the implementation of a good defense in depth strategy. The first step in information classification is to identify a member of senior management as the owner of the particular information to be classified.

Usernames and passwords have served their purpose, but they are increasingly inadequate. Defense in depth computing Information security must protect information throughout its lifespan, from the initial creation of the information on through to the final disposal of the information. With this approach, defense in depth can be conceptualized as three distinct layers or planes laid one on top of the other.

Conduct a threat assessment. During its lifetime, information may pass through many different information processing systems and through many different parts of information processing systems. Different computing systems are equipped with different kinds of access control mechanisms. Laws and regulations created by government bodies are also a type of administrative control because they inform the business. Use qualitative analysis or quantitative analysis.

In some cases, the risk can be transferred to another business by buying insurance or outsourcing to another business. Some may even offer a choice of different access control mechanisms. To be effective, policies and other security controls must be enforceable and upheld. The three types of controls can be used to form the basis upon which to build a defense in depth strategy.

This is called