There are 3 methods 1. Identification 2. Access controls 3. Audit controls 4. System integrity 1. Identification ...
There are 3 methods
1. Identification
2. Access controls
3. Audit controls
4. System integrity
1. Identification :
There are three schemes for identifying persons to the computer. They are :
1. Password : A password is the most commonly used means for authenticating the identity to the people. Passwords should be hard to guess and easy to remember. They should not be recoverable. Experience has shown that many illicit entries to the system are due to written passwords. Another scheme under the “Something you know” category is the picture badge, which identifies the people who bring the work to the center. Although it positively identifies the carrier of the information, the badge does not verify that the person is authorized to submit a job or receive reports from the system.
2. Something you are, such as fingerprints or voice prints.Voice prints is a reliable method for verifying authorized users. The technique essentially analyzes a person’s voice against prerecorded voice patterns of the same person. An exact match allows access to the system.
3. Something you have, such as the credit card, key, or a special terminal. Magnetic stripe credit card readers on terminals identify the operator to the system. The card along with a password gives added assurance of the authentication of the user.
2.Access Control :
Various steps have been taken to control the access to a computer facility. One way is to use an encoded card system with a log-keeping capability. The card serves as a key to unlock doors, including tape storage and other classified areas. The card is essentially a magnetic key and a “Keyport” is a lock. Inserting the card into the lockport unlocks the door. A card that includes a photograph of the bearer may double as an employee ID badge.
Encryption :
An effective and practical way to safeguard data transmitted over the telephone lines is by encryption. Data are scrambled during transmission from one computer or terminal to the other. A plaintext message is transmitted over an unprotected communications channel. To prevent unauthorized acquisition of the message, it is enciphered with a reversible transformation to produce a cryptogram or ciphertext. When it arrives at an authorized receiver, it is decrypted back to the plaintext data form.
Most of today’s encryption is based on the National Bureau of Standards encryption algorithm, known as the Data Encryption Standard (DES). It is a general technique developed in 1977 and used in many commercial network security systems. A system that assures that encryption and decryption are done without human intervention is virtually secure from unauthorized access. Encryption devices for personal computers are available at the chip level and in the software.
3.Audit Controls:
Audit controls protect a system from external security breaches and internal fraud or embezzlement. The resources invested in audit controls , however should balance with the sensitivity of the data being manipulated. One problem with audit controls is that it is difficult to prove their worth until the system has been violated.
Programmers can pirate, modify and even sell software for potential gain. To audit the maintenance process properly, there must be an audit trail from the change requests to the production programs. Various audit software available to do the job properly. Generalized audit software helps the auditor examine files and databases for consistency, correctness and completeness. There are also programs to trace the flow of data through a program and the activity that they generate.
Neither the auditor nor the user can verify the system activities adequately, so the system must check itself. The internal controls required mean that programmers and analysts build controls into every system.
4.System Integrity :
The most costly software loss is the program error. It is possible to eliminate such error through proper testing routines. Parallel runs should be implemented whenever possible. Physical security provides safeguards against the destruction of the hardware, databases, and the documentation; fire , flood, theft, sabotage, and eavesdropping; and the loss of power through proper backup.
The proper use of the file library is another important feature. This involves adequate file backup and reliable personnel to handle the file documentation when needed. File backup means keeping duplicate copies of the master and other key files and storing them in suitable environmental conditions. For tape files, a common procedure is to save the old master file after each update. The most recently created file is called the son, the previous the father, and the one previous to the latter the grandfather. Since it is a costly procedure, the decision to proceed along these lines has to be balanced against potential loss if the files are destroyed.
Recovery/Restart Requirements:
Restoring a damaged database is done by roll forward or rollback procedure.
Rollforward method involves updating a valid copy of the database with with the necessary changes to produce a current version of the database.
Rollback method starts with the current invalid state and removes the records of the activity to produce the prior valid state of the database.
Backup is essential for recovery/restart procedure. If the database is physically damaged then it cannot be rolled back. Only roll forward can be done. For a sequential file a grandfather-father-son approach is followed. In a database environment, master files are not copied as they are updated.. Instead transactions are posted directly to the file which replaces the original data. So to recover documents in such type of storage, backup is required.
System failures and recovery:
There are three types of failures
1.catastrophic failure is one where part of the database is unreadable. To restore use roll forward method of recovery.
2.Logical error occurs when the activity of the database is interrupted with no chance to complete the current transactions. So when the system runs again, it is not sure if the changes have been updated or not. Data though available may be inaccurate. To restore the original contents, rollback method is used.
3.Structural damage. An example is a pointer incorrectly stored in a record that points to a unrelated or nonexistent data. If the problem cannot be corrected by software utility, then the database must be recovered to the most recent up-to-date point before the damage occurred.
1. Identification
2. Access controls
3. Audit controls
4. System integrity
1. Identification :
There are three schemes for identifying persons to the computer. They are :
1. Password : A password is the most commonly used means for authenticating the identity to the people. Passwords should be hard to guess and easy to remember. They should not be recoverable. Experience has shown that many illicit entries to the system are due to written passwords. Another scheme under the “Something you know” category is the picture badge, which identifies the people who bring the work to the center. Although it positively identifies the carrier of the information, the badge does not verify that the person is authorized to submit a job or receive reports from the system.
2. Something you are, such as fingerprints or voice prints.Voice prints is a reliable method for verifying authorized users. The technique essentially analyzes a person’s voice against prerecorded voice patterns of the same person. An exact match allows access to the system.
3. Something you have, such as the credit card, key, or a special terminal. Magnetic stripe credit card readers on terminals identify the operator to the system. The card along with a password gives added assurance of the authentication of the user.
2.Access Control :
Various steps have been taken to control the access to a computer facility. One way is to use an encoded card system with a log-keeping capability. The card serves as a key to unlock doors, including tape storage and other classified areas. The card is essentially a magnetic key and a “Keyport” is a lock. Inserting the card into the lockport unlocks the door. A card that includes a photograph of the bearer may double as an employee ID badge.
Encryption :
An effective and practical way to safeguard data transmitted over the telephone lines is by encryption. Data are scrambled during transmission from one computer or terminal to the other. A plaintext message is transmitted over an unprotected communications channel. To prevent unauthorized acquisition of the message, it is enciphered with a reversible transformation to produce a cryptogram or ciphertext. When it arrives at an authorized receiver, it is decrypted back to the plaintext data form.
Most of today’s encryption is based on the National Bureau of Standards encryption algorithm, known as the Data Encryption Standard (DES). It is a general technique developed in 1977 and used in many commercial network security systems. A system that assures that encryption and decryption are done without human intervention is virtually secure from unauthorized access. Encryption devices for personal computers are available at the chip level and in the software.
3.Audit Controls:
Audit controls protect a system from external security breaches and internal fraud or embezzlement. The resources invested in audit controls , however should balance with the sensitivity of the data being manipulated. One problem with audit controls is that it is difficult to prove their worth until the system has been violated.
Programmers can pirate, modify and even sell software for potential gain. To audit the maintenance process properly, there must be an audit trail from the change requests to the production programs. Various audit software available to do the job properly. Generalized audit software helps the auditor examine files and databases for consistency, correctness and completeness. There are also programs to trace the flow of data through a program and the activity that they generate.
Neither the auditor nor the user can verify the system activities adequately, so the system must check itself. The internal controls required mean that programmers and analysts build controls into every system.
4.System Integrity :
The most costly software loss is the program error. It is possible to eliminate such error through proper testing routines. Parallel runs should be implemented whenever possible. Physical security provides safeguards against the destruction of the hardware, databases, and the documentation; fire , flood, theft, sabotage, and eavesdropping; and the loss of power through proper backup.
The proper use of the file library is another important feature. This involves adequate file backup and reliable personnel to handle the file documentation when needed. File backup means keeping duplicate copies of the master and other key files and storing them in suitable environmental conditions. For tape files, a common procedure is to save the old master file after each update. The most recently created file is called the son, the previous the father, and the one previous to the latter the grandfather. Since it is a costly procedure, the decision to proceed along these lines has to be balanced against potential loss if the files are destroyed.
Recovery/Restart Requirements:
Restoring a damaged database is done by roll forward or rollback procedure.
Rollforward method involves updating a valid copy of the database with with the necessary changes to produce a current version of the database.
Rollback method starts with the current invalid state and removes the records of the activity to produce the prior valid state of the database.
Backup is essential for recovery/restart procedure. If the database is physically damaged then it cannot be rolled back. Only roll forward can be done. For a sequential file a grandfather-father-son approach is followed. In a database environment, master files are not copied as they are updated.. Instead transactions are posted directly to the file which replaces the original data. So to recover documents in such type of storage, backup is required.
System failures and recovery:
There are three types of failures
1.catastrophic failure is one where part of the database is unreadable. To restore use roll forward method of recovery.
2.Logical error occurs when the activity of the database is interrupted with no chance to complete the current transactions. So when the system runs again, it is not sure if the changes have been updated or not. Data though available may be inaccurate. To restore the original contents, rollback method is used.
3.Structural damage. An example is a pointer incorrectly stored in a record that points to a unrelated or nonexistent data. If the problem cannot be corrected by software utility, then the database must be recovered to the most recent up-to-date point before the damage occurred.
