Systems Securities

Table of Contents

Systems Security1

Introduction1

Elements of Security1

Vulnerability1

Threat1

Risk2

Exposure2

Safeguard Measures2

Objectives of Security System2

Approaches to Develop Security Systems3

Top-Down Approach3

Bottom-Up Approach3

Generally Accepted System Security Principles3

Common IT Security Practices4

Policy5

Program policy5

Issue-Specific Policy5

System-Specific Policy5

Security System Management6

Central Level Security Program6

System Level Program7

Lifecycle Planning7

Personnel and User Issues7

Conclusion8

References9

Bibliography10

Appendix11

Outline11

Systems Security

Introduction

“Systems securities mean preventing the information systems from unauthorized access, use, display, alteration, interruption, or destruction of private content”.

Electronic information sharing is much faster, accurate, reliable and relatively cheaper. All this comes with bundle of problems. One of the heaviest concerns since the initial days of information technology systems is of security. Today, more organizations are sharing data by electronic means, even individual use electronic means to perform their activities, and security concern is for everyone. However, as organizations deal in the competitive environment, the need of security increases. (National Research Council, 1991)

This document provides the basics of systems securities, its need, familiarizes with common practices in it, and provides an overview of managing such systems.

Elements of Security

Vulnerability

It is a weakness in the form of software or hardware that can be exploited by someone. For example, lack of physical security to system's server or unrestricted access of users.

Threat

A possibility that an intruder will identify point of vulnerability and will cause a security issue.

Risk

Risk is chance of loss. The level of chance or likelihood that an intruder will cause a threat to security measures.

Exposure

It is the instance when the system is exposed to potential threats for security breach.

Safeguard Measures

Any step taken to prevent or reduce the vulnerability, dismiss immediate threat, reduce the chances of breach or exposed to such situations is taken as safeguard measures. For Example, hiring security guards or increasing the strength of password (Cornell University, 2012).

Objectives of Security System

The premier role of security systems is to identify, analyze, and estimate the threats and measure the risk associated with each according to predefined standards, rules, procedures, policies guidelines and framework. The administrator running the system can make intelligent decisions and enhance performance of an organization. Security management must define the objectives, rules, standards, guidelines and lay down crisp strategies to develop and run a security management program. Management should also define the goals of the system. Last but not the least, it is the responsibility of management to make sure that all activities are properly aligned, executed and accounted for in a cost effective manner. The objectives of companies differ as per their goals and requirements. However, there are three principles of security which include confidentiality, integrity, and availability (timely access to secured content) which usually prevail.

Approaches to Develop Security Systems

There are many ways to develop effective security programs and systems. Effectiveness of each is dependent on factors like, size of the organization (small/medium/large), and ownership (public/private), and level of importance of that content to be secured.

There are two basic approaches of designing security systems:

Top-Down Approach

As its name indicates that this approach is initiated, and directed by the top management and is channeled via middle level management making its way to staff ...