Physical - Protection arises from physical boundaries that resist penetration. E
ID: 3840708 • Letter: P
Question
Physical - Protection arises from physical boundaries that resist penetration. Example: a wall around a city. Mechanical - Protection arises from connections that can only change through mechanical intervention that is not available to the attacker. Example: unplugging a computer from the Internet to protect it from a worm. Logical - Protection is controlled by a structured set of rules or other configuration data in a computer - based security device. Example: making a read-only file writable by other users. Functional - Protection arises from the design and operation of functions embedded in software. Example: a program includes instructions to cause it to exit if certain users try to run it. Procedural - Protection arises from compliance with explicitly defined operating procedures. Example: a company only gives building keys to employees above a certain pay grade. Cryptographic - Protection based on transformation of the data using cryptographic techniques. Section 2.6 in the Smith textbook offers a list of 6 high - level security controls. Pick two of them and describe how you personally experience those controls in use on personal, work, or school computer systems. Then describe which of the 6 controls you believe is the easiest for an attacker to defeat, and why.Explanation / Answer
Procedural controls e.g. incident response processes, management oversight, security awareness and training. Procedural measures are those which do not come conveniently under any of the preceding headings. Procedural can also involve the detection of possible issues and problems, and then isolating and dealing with them. This type of security can also include much of the stuff that goes on internally, like information detection and collation.
Procedure security contributes to the sorting of offenders to the right type of prison, which can depend on a number of different things. Procedural security mitigate identified risks by way of policies, procedures or guidelines. As opposed to other controls, procedural controls rely on users to follow rules or performs certain steps that are not necessarily enforced by technical or physical means.
The breach of security objectives during the execution of the procedures is known as threat to the procedures (or procedural threats). We call procedural security analysis the process of understanding the impact and effects of procedural threats, namely courses of actions that can take place during the execution of the procedures, and which are meant to alter, in an unlawful way, the assets manipulated by procedures.
In my workplace as a administrator I donot have access to all the physical servers and my higher authority does as it depends upon the protocol structure which gives us the procedural security control.
Cryptography is a method of storing and transmitting data in a particular form so that only those for whom it is intended can read and process it. Cryptography is about constructing and analyzing protocols that prevent third parties or the public from reading private messages, various aspects in information security such as data confidentiality, data integrity, authentication, and non-repudiation are central to modern cryptography.
As the Internet and other forms of electronic communication become more prevalent, electronic security is becoming increasingly important. Cryptography is used to protect e-mail messages, credit card information, and corporate data. One of the most popular cryptography systems used on the Internet is Pretty Good Privacybecause it's effective and free.
Modern cryptography concerns itself with the following four objectives:
1. Confidentiality 2. Integrity 3. Non-repudiation 4. Authentication.
Procedures and protocols that meet some or all of the above four objectives are known as cryptosystems.
Mechanical security control is vulnerable control among all the six as it deals with only connections of the physical computer system. Without having physical access one can be able to intrude in to the connections. This security control always require one or the other security control as its dependability.
Moreover virtual connections does not deal with the plugins that are available and power security. Intruders always want to attck the servers when it is up and running rather than attack it physically. To have strong security control implementing only mechanical control is not enough and always follows all the security controls in various aspects of the business.