Page 66 - DCAP309_INFORMATION_SECURITY_AND_PRIVACY
P. 66
Information Security and Privacy
Notes Inside the plant, areas including sensitive data should be accessible only to authorized personnel.
These areas, involving the computer room, should have only a single entry door, which can be
functioned by an appropriate encoded magnetic-strip ID card. Physical controls might involve
having a librarian keep a log. A lockout should appear with repeated faults. Logs should
automatically be kept of the ID number, time of access, and function executed. Further, data
dictionary software offers an automated log of access to software and file information. Intrusion
detection devices like cameras and motion detectors should be accessed to observe sensitive and
high-risk areas against unauthorized individuals.
Every individual function (such as., accounts receivable, payroll) may have its own password so
that users have access to restricted areas of the database. The computer can keep an internal
record of the date and time each file was last updated, and this internal record contrasted against
the log. The hours to use “key” microcomputer files can be restricted, to avert unauthorized
access after usual working hours. Files should be displayed in terms of diverse levels of
confidentiality and security like top secret, confidential, internal use only, and unrestricted.
Confidential information should not be appeared on the screen.
Notes To control access to sensitive data, there should be a mapping of access needs to the
system components. Access rights should depend on job function, and there should occur
an appropriate segregation of duties. Temporary employees should be limited to a particular
project, activity, system, and time period.
Self Assessment
Fill in the blanks:
7. To restrict .................., a security system must be able to differentiate among authorized
and unauthorized individuals.
8. .................. software may be used to have a minimum password time period in which a
new password cannot be modified or a new password comparing an old one will be not
accepted.
5.5 Intrusion Detection System
Intrusion Detection System (IDS) technology is an important component in designing a secure
environment. It is a type of security management system for computers and networks. An IDS
gathers and analyzes information from various areas within a computer or a network to identify
possible security breaches, which include both intrusions and misuse.
It is software and/or hardware designed to detect unwanted attempts at accessing, manipulating,
and/or disabling of computer systems, mainly through a network, such as the Internet. These
attempts may take the form of attacks, as examples, by crackers, malware and/or disgruntled
employees.
An intrusion detection system is used to detect several types of malicious behaviors that can
compromise the security and trust of a computer system. This includes network attacks against
vulnerable services, data driven attacks on applications, host based attacks such as privilege
escalation, unauthorized logins and access to sensitive files, and malware (viruses, trojan horses
and worms).
60 LOVELY PROFESSIONAL UNIVERSITY
