Module 5 - System Security

OBJECTIVES:

The objective of this module is to provide an understanding of the techniques of defining and evaluating mainframe sys¬tem security requirements.

LEARNING OBJECTIVES

Upon completion of this module, the student should be able to:

  • determine the sensitivity of a system;
  • recognize the difference between criticality and sensitivity;
  • determine the corporate impact of loss;
  • relate system sensitivity to security requirements;
  • determine criteria to be met to satisfy security requirements;
  • recognize and evaluate the levels of security of systems.
PREREQUISITE:

The modules “Introduction to Computer Protection” and “Security Fundamentals” are appropriate. In addition, knowl¬edge of computer systems design and requirements would be beneficial. This module should be incorporated at the upper division of undergraduate work so that the student will have achieved a level of maturity that will enhance participation.

Topic Outline:
System Security

  1. Overview 1 Hours
    1. Definitions
    2. Background
      1. Identifying Sensitive Systems
      2. Developing A Security Program And Plan, And
      3. Training Appropriate People Concerned With Both Development And Operation Of Systems
    3. Management Responsibility

  2. System Sensitivity 2 Hours
    1. Criticality
    2. Sensitivity
    3. Source Of Sensitivity Information
    4. Level Of Sensitivity

  3. Security Requirements 3 Hours
    1. Security Policy
    2. Accountability
    3. Assurance
      1. Architecture
      2. Integrity
      3. Testing
      4. Specification/Verification
      5. Facility Management
      6. Configuration Control
      7. Disaster Recovery Or Contingency Planning
      8. Compliance

  4. Levels Of Security 2 Hours

  5. Data Life Cycle 2 Hours
    1. Retention Policy
    2. Destruction Policy

  6. Protection Planning 2 - 5 Hours
    1. System Description
      1. The Physical Location Of The Equipment
      2. Types Of Data And Information
      3. Classification Level
      4. Duration And Importance Of MIS Activity
      5. Equipment Location
      6. Equipment Description By Name And Model Number
      7. Security Officers
      8. Data Processing Terms
      9. System Integrity Study
    2. MIS Security
    3. Communications Security
    4. Information Security
    5. Personnel Security
    6. Physical Security
    7. Contingency Plans