The foundation of all IT Business Processes is System Security; to ensure the Confidentiality, Integrity and Availability of Information Technology – ITSE. System Security is increasingly an important business issue due to the exponential growth of Internet users.

Note: The term “information security” means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide – http://en.wikipedia.org/wiki/Information_security

  1. Confidentiality, which means preserving authorized restrictions on access and disclosure, including means for protecting personal privacy and proprietary information; and
  2. Integrity, which means guarding against improper information modification or destruction, and includes ensuring information nonrepudiation and authenticity.
  3. Availability, which means ensuring timely and reliable access to and use of information.

The terms information security, computer security and information assurance are frequently incorrectly used interchangeably. These fields are interrelated often and share the common goals of protecting the confidentiality , integrity and availability of information; however, there are some subtle differences between them. These differences lie primarily in the approach to the subject, the methodologies used, and the areas of concentration. Information security is concerned with the confidentiality, integrity and availability of data regardless of the form the data may take: electronic, print, or other forms. Computer security can focus on ensuring the availability and correct operation of a computer system without concern for the information stored or processed by the computer.

The idea of reasonable control versus absolute control over system security plays a crucial role in the definition of private or public sector System Security policies & procedures documentation. The tone at the top by ‘C-level’ employees in the communication of initial & regular updates to policies and procedures sets the system security standards for the organization.

The failure to communicate policies effectively and to implement procedures efficiently, can be catastrophic.

System security applies to the four ITSE (Network, OS, DB & Application) individually and collectively. At the core of System Security is the Network Operating system that generally controls logical access and security to system resources (not withstanding the importance of System Security of the other ITSEs, i.e. the Network, DB and Application environments).

A sample of the System Security concerns of the Network Operating System is appended below;

  • Anonymous Login to FTP
  • Default account & Passwords.
  • Permissions to Registry, Trust, NTFS, Idle session, Domain Structure.
  • Password Policy & Account Lockout.
  • Access to Privileged IT Functions – e.g. Domain Admin, Administrator, etc.
  • Access to data modification utilities – e.g. DFU, SQL Plus, etc.
  • Monitoring of violation, violation reporting and periodic review.

Other Operating Systems include AS400, Unix/Linux, Mac OS, Legacy systems, etc.

The above texts are a sample of the advisory research & analytical rigor we undertake in our pursuit to get you the right advise!