next up previous
Next: 3.1.2 Access decisions Up: 3.1 Local Network: Security Previous: 3.1 Local Network: Security

3.1.1 Principles

There are some common security attributes that should be present in any system that processes valuable personal or sensitive information. System designs should include mechanisms to enforce the following security attributes.

* Identification and authentication of users

Each user of a computer system should have a unique identification on the system, such as an account number or other user identification code. There must also be a means of verifying that the individual claiming that identity (e.g., by typing in that identifying code at a terminal) is really the authorized individual and not an impostor. The most common means of authentication is by a secret password, known only to the authorized user. But one of the most reliable means of authentication is by a smart card, owned only by the authorized user.

* Authorization capability enforcing the principle of least possible privilege

Beyond ensuring that only authorized individuals can access the system, it is also necessary to limit the users access to information and transaction capabilities. Each person should be limited to only the information and transaction authority that is required by their job responsibilities. This concept, known as the principle of least possible privilege, is a long-standing control practice. There should be a way to easily assign each user just the specific access authorities needed, and I believe that smart card technology could do this job well.

* Individual accountability

From both a control and legal point of view, it is necessary to maintain records of the activities performed by each computer user. The requirements for automated audit trails should be developed when a system is designed. The information to be recorded depends on what is significant about each particular system. To be able to hold individuals accountable for their actions, there must be a positive means of uniquely identifying each computer user and a routinely maintained record of each user's activities.

* Audit mechanisms

Audit mechanisms detect unusual events and bring them to the attention of management. This commonly occurs by violation reporting or by an immediate warning to the computer system operator. The type of alarm generated depends on the seriousness of the event.

A common technique to detect access attempts by unauthorized individuals is to count attempts. The security monitoring functions of the system can automatically keep track of unsuccessful attempts to gain access and generate an alarm if the attempts reach an unacceptable number.

* Performance assurance

A basic design consideration for any information system should be the ability to verify that the system is functioning as intended. Systems that are developed without such design considerations are often very difficult to independently audit or review, leading to the possibility of unintended results or inaccurate processing.

* Recoverability

Because companies can potentially be heavily dependent on a computer system, an important design consideration is the ability to easily recover from troublesome events, whether minor problems or major disruptions of the system. From a design point of view, systems should be designed to easily recover from minor problems, and to be either transportable to another backup computer system or replaced by manual processes in case of major disruption or loss of computer facility.

next up previous
Next: 3.1.2 Access decisions Up: 3.1 Local Network: Security Previous: 3.1 Local Network: Security
Denis Arnaud