Security


Security is a constant trade-off between functionality and risk-avoidance.

Security consists of those procedures and policies which seek to insure that the right people perform the right actions at the right times using the right resources. Security procedures seek to prevent persons who are not authorized to perform certain actions or use certain resources are restricted or prohibited from doing so.

  • Physical Security is controlling access to physical resources.
    (computer equipment and peripherals, backup media, memoranda or other documents containing confidential or proprietary information)
  • Logical Security is controlling software access.
    (e.g., password challenges)
  • Behavioral Security are procedures that seek to prevent people from misusing computer hardware and software.
    (e.g., employee policies, logging unsuccessful access attempts to a data set)

Logical security is essentially access control. Access control consists of Identification, Authentication, and Authorization. The Identification step requires the user to state his or her identity. This is usually a Username, Login ID, or Account Name. The Authentication step is the system challenging the user to prove he or she is actually the person represented by the Username or Account Name that has just been provided. This can be done in three ways:

  • Something the User Knows. Typically this is a password of some kind, perhaps called a PIN number or "secret code."
  • Something the User Has. This could be a key, a magnetic-stripe card or badge, or some other special device. These items are often called tokens.
  • Something the User Is. This kind of authentication relies on a physical characteristic of the user such as fingerprints or retinal patterns. This is usually called biometrics.

After the user is Identified and Authenticated, Authorization is that portion of Access Control which grants the user access to specific system resources.

A firewall provides a barrier between an internal network and an external network. A firewall restricts (either completely or selectively) data traffic from passing from one side to the other. A firewall may be composed of hardware components, software components, or both.



Systems Analysis and Design Home