Category: Security & Privacy

Information Technology Security Evaluation Criteria (ITSEC) involves evaluation assurance by reviewing the development practices, documentation, configuration management and testing mechanisms of a system. Also, it provides separate ratings for functionality and assurance.

Trusted Computer System Evaluation Criteria aren’t a good evaluation tool for commercial systems, because it’ won’t address the issue of data integrity. It evaluates the security policy and assurance levels of a system.  

Active Prevents any unauthorized access to objects Includes mechanisms for memory protection Passive Prevents the unauthorized disclosure of information Includes the use of cryptographic techniques

What are the points of exposure for data flowing in and out of the cloud? How critical is the data to be used within the cloud to the organization’s operations? What data is being considered for use in the cloud? Should the organization adopt a private or public cloud?

The grid’s quality of service needs to remain at a level acceptable to users. Host machines on the grid shouldn’t be over-utilized to the extent that their local clients are denied service. Trust levels need to be managed when new grid members join, or existing depart.

Prevention Use non-flammable building materials Conduct training on how to respond when a fire occurs Suppression Use portable fire extinguishers Detection Install heat-detectors Install ionization smoke detectors

Attach a shut-off wrench to a cord near the shut-off valve.

The assignment and monitoring of key holders. The decision whether or not to hold master keys. The limitations and controls placed on the duplication of keys. The need for patented cylinder locks, depending on security requirements.

Vault security classifications are supplied by the underwriters laboratory The underwriters laboratory provides standards for the construction of vault doors, floors, walls and ceilings The weight of a safe contributes to its security classification.

InstaKey A key device that can be used to disable a using one turn of a master key to change a lock. IntelliKey A key device that contains a built-in microprocessor, microcomputer, and key-exchange data.