Chapter 1. Security Overview


15


(IEEE). The same ideals hold true for information security. Many security consultants and vendors


agree upon the standard security model known as CIA, or Confidentiality, Integrity, and Availability.


This three tiered model is a generally accepted component to assessing risks to sensitive information


and establishing security policy. The following describes the CIA model in greater detail:


Confidentiality   Sensitive information must be available only to a set of pre defined individuals.


Unauthorized transmission and usage of information should be restricted. For example, confiden 


tiality of information ensures that a customer's personal or financial information is not obtained by


an unauthorized individual for malicious purposes such as identity theft or credit fraud.


Integrity   Information should not be altered in ways that render it incomplete or incorrect. Unau 


thorized users should be restricted from the ability to modify or destroy sensitive information.


Availability   Information should be accessible to authorized users any time that it is needed.


Availability is a warranty that information can be obtained with an agreed upon frequency and


timeliness. This is often measured in terms of percentages and agreed to formally in Service Level


Agreements (SLAs) used by network service providers and their enterprise clients.


1.2. Security Controls


Computer security is often divided into three distinct master categories, commonly referred to as


controls:


Physical


Technical


Administrative


These three broad categories define the main objectives of proper security implementation. Within


these controls are sub categories that further detail the controls and how to implement them.


1.2.1. Physical Controls


The physical control is the implementation of security measures in a defined structure used to deter or


prevent unauthorized access to sensitive material. Examples of physical controls are:


Closed circuit surveillance cameras


Motion or thermal alarm systems


Security guards


Picture IDs


Locked and dead bolted steel doors


1.2.2. Technical Controls


The technical control uses technology as a basis for controlling the access and usage of sensitive data


throughout a physical structure and over a network. Technical controls are far reaching in scope and


encompass such technologies as:


Encryption


Smart cards


Network authentication








footer






  


 


 


        

 


 

  

    

      
      
 Home 
      | About Us | Network 
      | Services | Support 
      | FAQ | Control Panel 
      | Order Online |
      Sitemap | Contact

      

      web hosting comparison

      
 

    

  

  




Our partners: 
PHP: Hypertext Preprocessor Best Web Hosting
Java Web Hosting
Inexpensive Web Hosting 
Jsp Web Hosting 




Cheapest Web Hosting
Jsp Hosting
Cheap Hosting



Visionwebhosting.net Business web hosting division of Web 
Design Plus. All rights reserved