1.Stalling and Brown (2012) explained that approaches to computer security can be categorized in three broad categories:
- Security by Correctness
- Security by Isolation
- Security by Obscurity
Security by Correctness
In this section creating software that does not have bugs or any malicious code which will help in acquiring security without any problem. A lot of efforts have been made to achieve security by correctness like, code verifiers, manual code audit, “safe” languages and education of developer etc (Payer, Hartmann and Gross 2012). With the help of safe languages and codes it is being estimated that in around 50 years there will be security systems without any bug.
Security by Isolation
This idea deals with the splitting of computer systems into different parts and make sure that each unit is separated from others in order to secure the rest of the units if any one of them is compromised or malfunctioning. This will be a very complicated work because kernels are monolithic but will be very efficient.
Security by Obscurity
This can also be expressed as security by randomization which is an approach that is based on the assumption that there cannot be a security system without bugs but exploitation bugs can be done and make system unfriendly for the attackers.
2.Physical Security
It is the protection of personnel, network, hardware, data and software from physical actions and protects the system from the events that can cause damage to the agency, institution or an enterprise (Alzain 2012). This includes protection from natural disasters, theft, terrorism, flood and vandalism.
Components of Physical Security
There are three components of physical security which are: Testing, Surveillance and Access Control. Physical security can be achieved completely by hardening the physical sites to protect it against accidents, environmental disasters or attacks. This includes fencing, access control cards, locks, fire suppression system and biometric access control systems. Secondly, Use of surveillance camera can be done in manner to look after the physical locations and other notification system should be implemented which can detect intrusion, heat and smoke. There should a regular procedure maintained to ensure the safety and reduce the recovering time from the natural or man-made disasters.
3.Models to implement Security in the Operating System
There are two basic models to implement security in the operating system, Firstly; model should be capable of determining the policies that secure system should have like, the Bell-La Padula and Biba models which identifies the specific conditions which can be enforced into the security system in order to keep operating system secure and to ensure integrity (Jin and Shen 2012). Second model is that which can lead to complete understanding of the properties of system protection like, HRU model. The characteristics of HRU model can or cannot be decided by an arbitrary system protection in order to ensure the designers that system is protected completely (Cornelissen, Diekkruger and Gierts 2013). For designing a trusted operating system it is very essential to build and analyze the models in manner to protect the system and establish security policies. It also helps in determining what is desirable and what is feasible from the absent codes or program. Using policies will help in the designing of the operating system itself.
4.There are mainly five steps which can be taken towards improving the security system of an organization.
Step 1: Indentify and Prioritize Information
Categorizing information by confidentiality and value a company can prioritize which data needs to be secure first (Karokola, Yngstrom and Kowalski 2012). Areas like account numbers, credit card numbers, social security numbers, personal identification number and other structure information are need to be secured first by highest priority.
Step 2: Study Current Flow of Information and Perform Risk Management
It is necessary to study the flow of information in order to look after that how confidential information is flowing in the organization. It is the straight forward exercise for the major business to identify the confidential information.
Step 3: Determine appropriate information-distribution, access and usage policies
For various types of confidential information distribution policy can be quickly crafted by the organization which will be based on the risk assessment criteria. Emergence of four types of distribution policies can be seen under this section including Customer information, Intellectual property, Employee records and Executive communications.
Step 4: Implementation of monitoring and enforcement system
This implementation should be done in order to controls to monitor the usage of information and traffic, performing enforcement actions and verifying compliance.
Step 5: Progress review periodically
This step includes lather, rinse and repeat. An organization needs to review the system, training and their policies periodically for the maximum effectiveness towards the security system inside the organization.
References:
Stallings, W. and Brown, L., 2012. Computer security. Principles and practice (2 nd ed). Edinburgh Gate: Pearson education limited.
Cornelissen, T., Diekkrüger, B. and Giertz, S., 2013. A comparison of hydrological models for assessing the impact of land use and climate change on discharge in a tropical catchment. Journal of hydrology, 498, pp.221-236.
Karokola, G., Yngström, L. and Kowalski, S., 2012. Secure e-government services: A comparative analysis of e-government maturity models for the developing regions–The need for security services. International Journal of Electronic Government Research (IJEGR), 8(1), pp.1-25.
AlZain, M.A., Pardede, E., Soh, B. and Thom, J.A., 2012, January. Cloud computing security: from single to multi-clouds. In System Science (HICSS), 2012 45th Hawaii International Conference on (pp. 5490-5499). IEEE.
Payer, M., Hartmann, T. and Gross, T.R., 2012, May. Safe loading-a foundation for secure execution of untrusted programs. In Security and Privacy (SP), 2012 IEEE Symposium on (pp. 18-32). IEEE.
Jin, J. and Shen, M., 2012, October. Analysis of Security Models Based on Multilevel Security Policy. In Management of e-Commerce and e-Government (ICMeCG), 2012 International Conference on (pp. 95-97). IEEE.
