no more cubes

Author: Andreas

  • Information Technology Security Evaluation Criteria (ITSEC)

    Information Technology Security Evaluation Criteria (ITSEC) involves evaluation assurance by reviewing the development practices, documentation, configuration management and testing mechanisms of a system. Also, it provides separate ratings for functionality and assurance.

  • Trusted Computer System Evaluation Criteria

    Trusted Computer System Evaluation Criteria aren’t a good evaluation tool for commercial systems, because it’ won’t address the issue of data integrity. It evaluates the security policy and assurance levels of a system.

     

  • Active and passive protection types

    Active

    • Prevents any unauthorized access to objects
    • Includes mechanisms for memory protection

    Passive

    • Prevents the unauthorized disclosure of information
    • Includes the use of cryptographic techniques

  • Questions for potential cloud data storage

    • What are the points of exposure for data flowing in and out of the cloud?
    • How critical is the data to be used within the cloud to the organization’s operations?
    • What data is being considered for use in the cloud?
    • Should the organization adopt a private or public cloud?

  • Security issues in grid computing

    • The grid’s quality of service needs to remain at a level acceptable to users.
    • Host machines on the grid shouldn’t be over-utilized to the extent that their local clients are denied service.
    • Trust levels need to be managed when new grid members join, or existing depart.

  • Fire prevention, suppression and detection

    Prevention

    • Use non-flammable building materials
    • Conduct training on how to respond when a fire occurs

    Suppression

    • Use portable fire extinguishers

    Detection

    • Install heat-detectors
    • Install ionization smoke detectors

  • Natural gas security measures

    Attach a shut-off wrench to a cord near the shut-off valve.

  • Considerations for key control

    • The assignment and monitoring of key holders.
    • The decision whether or not to hold master keys.
    • The limitations and controls placed on the duplication of keys.
    • The need for patented cylinder locks, depending on security requirements.

  • Safes, Vaults and secured containers

    • Vault security classifications are supplied by the underwriters laboratory
    • The underwriters laboratory provides standards for the construction of vault doors, floors, walls and ceilings
    • The weight of a safe contributes to its security classification.

  • Instakey and Intellikey

    InstaKey

    A key device that can be used to disable a using one turn of a master key to change a lock.

    IntelliKey

    A key device that contains a built-in microprocessor, microcomputer, and key-exchange data.