contestada

Securing Information Systems (I.S.) resources is a complex topic. Understanding the complexity is
necessary if we are to control it.
There are three dimensions of I.S. security that can help companies expose (and reduce) the complexity:
Dimension ONE:
The types of problems that could possibly arise and the corresponding types of objectives that ought to
be pursued.
The first type of problem is the unauthorized use of I.S. resources by those who can get access to them.
The corresponding objective would be:
TO ASSURE ONLY THE AUTHORIZED USE OF I.S. RESOURCES
The second type of problem is that I.S. resources can be modified and tampered with, endangering their
integrity. The corresponding objectives would be:
TO ASSURE THE INTEGRITY OF I.S. RESOURCES
The third type of problem is that I.S. resources can be destroyed and made available due to a variety of
factors. The corresponding objective would be:
TO ASSURE THE CONTINUED AVAILABILITY OF I.S. RESOURCES
Dimension TWO:
The three types of resources are HARDWARE, SOFTWARE, and DATA.
There are nine ways in which dimensions ONE and TWO can be combined:
1. To assure only the authorized use of all hardware
2. To assure only the authorized use of all software
3. To assure only the authorized use of all data
4. To assure the integrity of all hardware
5. To assure the integrity of all software
6. To assure the integrity of all data
7. To assure the continued availability of all hardware
8. To assure the continued availability of all software
9. To assure the continued availability of all data
Dimension THREE:
Each of these nine objectives can be understood more concretely in terms of the various problematic
situations that could arise, the business impacts of those situations, and ways of coping with those
situations, both reactively and proactively.
Reactively = what to do AFTER the problem has occurred.
Proactively = what to do to prevent the problem from happening in the first place.
For example, number 7 from the above list of nine items covers a variety of scenario such as:
A piece of hardware being stolen
An earthquake destroying all hardware at one location
A computer virus disabling all hardware on a network of computers
A union demonstration getting ugly and angry workers attacking a facility and smashing up computers
As you can see, each of the four situations has a different impact and a different method of coping with
it is required. Chain-locking equipment may take care of the first. Falling back temporarily on hardware
installed at other locations of the company may be a solution to the second. Installing anti-virus
software and tightening access may solve the third. And, sealing off the computer center and protecting
it with human security guards may be a viable way of dealing with the fourth.
Question 1:
Now, pretend that you are a committee member of Information Systems Security at a well-known
University. For each of the nine categories listed in Dimension TWO, propose ways of assurance, both
reactively and proactively, when applicable. You should assume that your proposed ways would
become adopted I.S. security policies at the University.

Respuesta :

Otras preguntas