Submit the change Approve the change Document the change Test the change Implement the change Report the change

FIN Scan: Uses an IP-bases server’s error-handling mechanism against it. Operation System (OS) Identification: users an operating system’s weaknesses to obtain valuable information. Port sweep: Bombards a servers’s IP address […]

Network architecture Protection mechanisms Platform architecture Security Models Enterprise architecture

Address security, integrity and information flow Graham-Denning: Defines the commands that a subject can execute to create or delete an object. Noninterference: Prevents covert channels and interference attacks. Brewer & […]

Supervisory: A system routine, or highly privileged routine, is being executed by the system. Ready: Processing can be resumed for an application. Wait: A specific event must be completed before […]

Control Objects for Information and Related Technology (COBIT) can be used to as the basis for internal and external security audits. determines the security mechanisms to be implemented for a […]

ISO / IEC 27001:2005 can be used for certifying a company’s ISMS and making comaprisons to other companies’ ISMSs. Defines a company’s ISMS and how it’s structured, controlled, run, and […]

ISO / IEC 27002 Defines the way in which security mechanisms should be run Provides guidelines for ensuring that security controls are consistent with industry best practices

Information Technology Security Evaluation Criteria (ITSEC) involves evaluation assurance by reviewing the development practices, documentation, configuration management and testing mechanisms of a system. Also, it provides separate ratings for functionality […]