There is just one topic this week for the discussion.
Review the supplemental reading material linked above. Pick one of the concepts discussed in the documents and explain it in your own words. Include an example of that concept that explains it in real-world terms. Provide how it applies in today’s cyber-world and how it ties to the IT Strategic or Tactical plans.
Feel free to play devil’s advocate and challenge each other.
Please check this two links:
“The Protection of Information in Computer Systems”, Jerome Saltz
Information Safety & Security:
Security Oriented Computing Security Oriented Computing is a way of preparing for inevitable failures. It is a slight modification to a disaster recovery principle called â€•Recovery Oriented Computing.â€– Both concepts use the term â€•normal accidentâ€– to describe the thought that accidents in key areas are expected and will happen. Security Oriented Computing is an approach to security where the following assumptions are made: 1. All security controls are subject to failure resulting in denial of service or unauthorized access. 2. All people performing configurations or changes to the configurations on systems are prone to introduce holes or cause failures due to improper implementation assumptions or mistakes during implementation. 3. All people performing normal operations can and will cause normal accidents if the computer systems allow them to. Humans interfacing with computers and making decisions introduce extremely high probability for error due to factors such as fatigue, improper training, assumptions, etc. In enterprise computing environments where tens of thousands of nodes, thousands of applications, and millions of processes exist, the probability for a â€•normal accidentâ€– grows exponentially to the point where it is easy to prove mathematically that it is fundamentally impossible to prevent failures. Other steps must be taken to detect when a failure occurs and to reduce the impact of human or system failures. The focus of Security Oriented Computing in any environment is not to simply seek perfection in order to avoid accidents, but rather to expect less than perfection and overcome it. Administrators and implementers can user the following design principles to accomplish this: ï‚· Assessment of weak points â€“ know where the highest probability for failure may occur; ï‚· Detection â€“ be alerted of failures; ï‚· Fail Safe â€“ When a system fails, the safest result should always occur; ï‚· Containment â€“ A failure in one area should not cause a failure throughout; ï‚· Alternating logic â€“ Use multiple control points of differing logic along the process flow; ï‚· Defense in Depth â€“ Use multiple methods at different intervals to promote security; ï‚· Recovery â€“ Mean times between failure and repair should be a short as possible