RSM427H1 Lecture Notes - Lecture 9: Access Control List, Access Control, Content-Control Software

What it is: password, anti-virus, access privilege, etc. Confidentiality: person has the ability to see the information; only give information to people that need to do the job, protecting information. As soon there are confidential problem, company needs to report immediately or will have legal problems. Integrity: person has the ability to modify the information. Availability: if the system is unavailable, possibility to lose the customers (if goes down, what is the plan for consistency of operation) Logging and monitoring: anything change in the system needs to be logged; detective control. Locks - automatic locks if the password is incorrect for three attempts; automatic locks if the person leaves the computer for a certain time; physical locks. Policies and procedures: sets the benchmark stating the certain rules in the company. Program change control: get approval from senior, test the change of the program, documented plan; gathering users requirements; Security education: to ensure that employees don"t give information to uncertain people.