Page 243 - DCAP104_EXPOSURE_TO_COMPUTER_DISCPLINES
P. 243

Exposure to Computer Disciplines



                   Notes         Let’s then mark four orthogonal vectors like the main points on a compass, except that they point
                                 to four security concepts.
                                 These concepts are physical security, logistical security, data security and technical security
                                 (Figure 13.2).
                                                       Figure 13.2: Four Components Security




















                                 Each concept by itself is only a part of the overall solution to the risk management problem.
                                 Combined in the proportions necessary for the job at hand, they can have a powerfully deflective
                                 effect.





                                              Explain four components security.

                                 13.1.3 The Need For Security

                                 Administrators normally find that putting together a security policy that restricts both users and
                                 attacks is time consuming and costly. Users also become disgruntled at the heavy security policies
                                 making their work difficult for no discernable reason, causing bad politics within the company.
                                 Planning an audit policy on huge networks takes up both server resources and time, and often
                                 administrators take no note of the audited events. A common attitude among users is that if no
                                 secret work is being performed, why bother implementing security.
                                 There is a price to pay when a half-hearted security plan is put into action. It can result in
                                 unexpected disaster. A password policy that allows users to use blank or weak passwords is a
                                 hacker’s paradise. No firewall or proxy protection between the organization’s private local area
                                 network (LAN) and the public Internet makes the company a target for cyber crime.

                                 Organizations will need to determine the price they are willing to pay in order to protect data and
                                 other assets. This cost must be weighed against the costs of losing information and hardware and
                                 disrupting services. The idea is to find the correct balance. If the data needs minimal protection
                                 and the loss of that data is not going to cost the company, then the cost of protecting that data will
                                 be less. If the data is sensitive and needs maximum protection, then the opposite is normally true.
                                 13.1.4 Security Threats, Attacks and Vulnerabilities

                                 Information is the key asset in most organizations. Companies gain a competitive advantage by
                                 knowing how to use that information. The threat comes from others who would like to acquire
                                 the information or limit business opportunities by interfering with normal business processes.




        236                               LOVELY PROFESSIONAL UNIVERSITY
   238   239   240   241   242   243   244   245   246   247   248