Sunday, May 19, 2013

Layers of protection

Now to focus on the tools and technology behind the protection mechanisms....

Just as there are many facets of information security there are many layers or nets of protection that should be employed to create the most secure environment


Beyond the multiple technologies we should be aware of the 4 key concepts for security of information:
  1. Identification- The mechanism that provides basic information about an unknown entity to the known entity that it wants to communicate with.
  2. Authentication - The validation of a user's identity. Authentication devices can depend on one or more of four factors: what you know, what you have, what you are, and what you produce.
  3. Authorization - The process of determining which actions an authenticated entity can perform in a particular physical or logical area.
  4. Accountability - Do not forget the importance of documentation of actions on a system and the tracing of those actions to a user, who can then be held responsible for those actions. Accountability is performed using system logs and auditing.

No comments:

Post a Comment