Blog

  • Operating System States

    • Supervisory: A system routine, or highly privileged routine, is being executed by the system.
    • Ready: Processing can be resumed for an application.
    • Wait: A specific event must be completed before another process resumes.
    • (Needs review: Problem: An application is being run by the system.(?))
  • Control Objects for Information and Related Technology (COBIT)

    Control Objects for Information and Related Technology (COBIT)

    • can be used to as the basis for internal and external security audits.
    • determines the security mechanisms to be implemented for a system.
  • ISO / IEC 27001:2005

    ISO / IEC 27001:2005

    • can be used for certifying a company’s ISMS and making comaprisons to other companies’ ISMSs.
    • Defines a company’s ISMS and how it’s structured, controlled, run, and maintained.
  • ISO / IEC 27002

    ISO / IEC 27002

    • Defines the way in which security mechanisms should be run
    • Provides guidelines for ensuring that security controls are consistent with industry best practices
  • Information Technology Security Evaluation Criteria (ITSEC)

    Information Technology Security Evaluation Criteria (ITSEC) involves evaluation assurance by reviewing the development practices, documentation, configuration management and testing mechanisms of a system. Also, it provides separate ratings for functionality and assurance.

  • Trusted Computer System Evaluation Criteria

    Trusted Computer System Evaluation Criteria aren’t a good evaluation tool for commercial systems, because it’ won’t address the issue of data integrity. It evaluates the security policy and assurance levels of a system.

     

  • Active and passive protection types

    Active

    • Prevents any unauthorized access to objects
    • Includes mechanisms for memory protection

    Passive

    • Prevents the unauthorized disclosure of information
    • Includes the use of cryptographic techniques
  • Questions for potential cloud data storage

    • What are the points of exposure for data flowing in and out of the cloud?
    • How critical is the data to be used within the cloud to the organization’s operations?
    • What data is being considered for use in the cloud?
    • Should the organization adopt a private or public cloud?
  • Security issues in grid computing

    • The grid’s quality of service needs to remain at a level acceptable to users.
    • Host machines on the grid shouldn’t be over-utilized to the extent that their local clients are denied service.
    • Trust levels need to be managed when new grid members join, or existing depart.
  • Fire prevention, suppression and detection

    Prevention

    • Use non-flammable building materials
    • Conduct training on how to respond when a fire occurs

    Suppression

    • Use portable fire extinguishers

    Detection

    • Install heat-detectors
    • Install ionization smoke detectors