Computer Security – The Layered Approach, Research Paper Example

Introduction

It was S. Harris that asserted that effective computer security required a layered approach. (S.Harris, 2012). Many people assume that a good firewall will protect the computer system from intrusion. The firewall is however merely one component of a broader strategy that needs to be adopted in order to provide more effective security. This concept is termed ‘layering’ or providing strength in depth. Companies will vary in their systems security approach but the following security layers are common:-

• Establish a security strategy and forming protection policies for the organization
• Provision of host system security
• Computer Security Auditing
• Provision of security over the router, particularly network access
• Firewalls
• Intrusion detection systems
• Incident response planning (Sans, 2012).

A multiple layered security plan will provide a greater deterrent to hackers and others who try to obtain unauthorised access to your system. No single policy or system can adequately provide protection of the organizations system. It is the deployment of a comprehensive security strategy that provides the optimum amount of protection.

PRO’s of Adopting a Layered Approach

Security Managers are responsible for the overarching strategy that provides coverage of these important assets. The duties can be classified into the following sub headings:

• Protection of the Assets : Includes recording of assets, insurance coverage of assets, secure environment of assets, and back-up of assets;
• Disaster Recovery: Disaster Recovery Plan ( emergency plan), Business Continuity Plan, security of secondary site;
• System Security : Access to the systems, Password protection, control of authorized users ( restrictions), security of information ( data vaults, secure back-up site);
• Corporate Security policy: Ensuring that corporate security policy measures are carried out and enforced.

Adopting a layered approach provides a more in depth means of protecting your data and computer assets. Particular items would include: levels of encryption, security and audit policies, password protection, ant-virus solutions, restriction of internet access, access recognition, appropriate firewall architecture. (Pfleeger, C.P. 2003)

CON’s of Adopting a Layered Approach

The most obvious being added layers of security increase costs and can be expensive. The damage of a sustained attack however can prove even more expensive. It also may require additional human resources to support the security team, again increasing costs. This can however be scaled in accordance with the size and needs of the business. More recently the threat of terrorism has been added to the Security Managers busy agenda. This was highlighted during the IRA terrorist campaign conducted on the square mile of London resulting in the blasts at Bishops gate (1993) and St. Mary’s Axe (1992). These caused severe disruption to many City Financial Institutions and resulted in considerable loss of life. Strategy now has to consider how the assets and people might be protected from such an attack. This has been broadened to consider the consequences of natural disasters that include such items as Fire, Flood, and Earthquakes etc.

References

Charles P. Pfleeger, S. L. (2003). Security in Computing. Saddle River NJ: Pearson Education.

S.Harris. (2012). CISSP al in one exam guide 6th ed. New York: McGraw Hill.

Sans. (2012, 1 7). Intrusion Detection FAQ. Retrieved from Sans: http://www.sans.org/security-resources/idfaq/layered_defense.php