Defending Your Digital Assets Against Hackers,Crackers,Spies,and Thieves by Randall Nichols & Julie J. C H. Ryan

Author:Randall Nichols & Julie J. C H. Ryan [Nichols, Randall & Ryan, Julie J. C H.]
Language: eng
Format: epub
ISBN: 9780072122855
Barnesnoble:
Goodreads: 7327585
Publisher: McGraw-Hill Professional
Published: 2000-01-01T00:00:00+00:00

. . . to make sure . . .

Answering the questions relating to “making sure” involves a detailed understanding of the specific operational environment. How do you make sure? What is meant by “sure”? How much sureness is needed? All of these relate to what kind of system there is, how much computerized operations are being performed versus how much paper-based operations, and who is performing the operations.

In order to know what constitutes “sure,” performance criteria must be specified. This provides the ability to establish thresholds and measurement criteria that together define the concept of “sure” for the specific operational environment. For example, in a hospital environment, a policy may be that no unauthorized person may have access to patient records. Performance criteria associated with this policy is fairly straightforward: The number of unauthorized individuals having access to each patient record must be zero. Testing this proposition is trickier. Testing for this performance criteria requires that all vectors through which access could be had must be examined and monitored to ensure that no unauthorized person gets access to one or more patient records. Considering that Doctor X may be authorized for access to the records of Patient A and Patient B but not for the records of Patient C, the tests and monitoring tools must take into account specific individual privileges, supporting updates as required. If a change is made to access privileges, then the definition of “sure” as interpreted by the auditing and monitoring functions must change too. When Doctor X was not authorized access to the records of Patient C, the practical definition of “sure” included a codicil that Doctor X could not and had not accessed the records of that patient. When Doctor X was called in as a consulting physician to Patient C, the practical definition of “sure” should have changed.

The concept of “sure” is, of necessity, modified by practicality as appropriate to the operational environment. In the above case, doctors as a group are likely to be more trusted in a hospital environment than other groups, such as maintenance staff. The practicality of the situation, then, would tend to limit the thoroughness of checking to establish “sureness” with regard to Doctor X to most likely a cursory check on file access. In this specific situation, “sure” would most likely be defined fairly loosely. However, if the hospital was one that handled heads of state or other dignitaries, the definition of “sureness” could well be interpreted much more strictly, with concomitant checking to establish compliance with the desired state of “sure.”

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.