Page 36 - DCAP516_COMPUTER_SECURITY
P. 36
Computer Security
Notes 3.7 Summary
Assurance is a degree of confidence, not a true measure of how secure the system actually
is. Assurance can be quite expensive, especially if extensive testing is done. In selecting
assurance methods, the need for assurance should be weighed against its cost.
The person who needs to be assured is the management official who is ultimately
responsible for the security of the system is the authorizing or accrediting official.
Design and implementation assurance addresses whether the features of a system,
application, or component meets security requirements and specifications.
Assurance involves following three steps:
Specification
Requirements analysis
Statement of desired functionality
Design
How system will meet specification
Implementation
Programs/systems that carry out design
Operational Issues: It is concerned with following three major points:
Cost-Benefit Analysis
Is it cheaper to prevent or recover?
Risk Analysis
Should we protect something?
How much should we protect this thing?
Laws and Customs
Are desired security measures illegal?
Will people do them?
Human Issues: Human issues relating to computer security are mainly discussed under
following headings:
Organizational Problems
Power and responsibility
Financial benefits
People problems
Outsiders and insiders
Social engineering
3.8 Keywords
Assurance: It is a measure of how well the system meets its requirements; more informally, how
much you can trust the system to do what it is supposed to do.
30 LOVELY PROFESSIONAL UNIVERSITY
