Page 28 - DCAP516_COMPUTER

Page 28 - DCAP516_COMPUTER_SECURITY

P. 28

Computer Security Avinash Bhagat, Lovely Professional University

Notes Unit 3: Assurance and Operational Issues

CONTENTS
Objectives
Introduction

3.1 Meaning of Computer Security Assurance
3.1.1 Methods and Tools for Obtaining Assurance
3.2 Selecting Assurance Methods

3.3 Planning and Assurance
3.4 Design and Implementation Assurance
3.5 Operational Assurance
3.5.1 Audit Methods and Tools
3.5.2 Monitoring Methods and Tools

3.6 Human Issues
3.6.1 Organizations
3.6.2 People Problems

3.7 Summary
3.8 Keywords
3.9 Review Questions
3.10 Further Readings

Objectives

After studying this unit, you will be able to:

Understand the meaning of computer security assurance
Examine ways to select an assurance method

Discuss the meaning and importance of operational assurance
Introduction

In the last unit you have read about various threats to computer security. In this unit we will
learn about assurance.
Assurance is a measure of how well the system meets its requirements; more informally, how
much you can trust the system to do what it is supposed to do. It does not say what the system is
to do; rather, it only covers how well the system does it. Specifications arise from requirements
analysis, in which the goals of the system are determined. The specification says what the
system must do to meet those requirements. It is a statement of functionality, not assurance, and
can be very formal (mathematical) or informal (natural language). The specification can be
high-level or low-level (for example, describing what the system as a whole is to do vs. what
specific modules of code are to do).

22 LOVELY PROFESSIONAL UNIVERSITY

23 24 25 26 27 28 29 30 31 32 33