Page 37 - DCAP516_COMPUTER_SECURITY
P. 37

Unit 3: Assurance and Operational Issues




          Checksumming: Security Programs that presumes that program files should not change between  Notes
          updates.
          Computer Security Assurance: It is the degree of confidence one has that the security measures,
          both technical and operational, work as intended to protect the system and the information it
          processes.

          Integrity Verification Programs: Integrity verification programs can be used by such applications
          to look for evidence of data tampering, errors, and omissions.
          Intrusion Detectors:  Intrusion detectors analyze the system audit trail, especially log-ons,
          connections, operating system calls, and various command parameters, for activity that could
          represent unauthorized activity.

          Password Crackers: Password crackers check passwords against a dictionary.
          Security Reviews: Less formal audits are often called security reviews.
          System Performance Monitoring: System performance monitoring analyzes system performance
          logs in real time to look for availability problems, including active attacks (such as the 1988
          Internet worm) and system and network slowdowns and crashes.
          Virus Scanners: Programs that are a popular means of checking for virus infections.

          3.9 Review Questions


          1.   Explain the meaning of computer security assurance.
          2.   Discuss the methodology to select an assurance method.
          3.   Describe the meaning and importance of operational assurance.
          4.   What do you mean by audit? Explain various categories of audit.

          5.   What are the various human issues relating to computer security? Discuss briefly.
          6.   Explain two basic methods to maintain operational assurance.

          Answers: Self Assessment

          1.   Design and implementation assurance  2.  cost.
          3.   extensive testing                 4.  Assurance

          5.   authorizing or accrediting official.  6.  True
          7.   True                              8.  False
          9.   True                              10.  False

          3.10 Further Readings




           Books      Managing Enterprise Information Integrity: Security, Control and Audit Issues, IT
                      Governance Institute.
                      Risks of Customer Relationship Management: A Security, Control, and Audit Approach,
                      PricewaterhouseCoopers Llp.






                                           LOVELY PROFESSIONAL UNIVERSITY                                   31
   32   33   34   35   36   37   38   39   40   41   42