The Security Manager of Medical Credentials Company, Research Paper Example

C-2 Requirements – Controlled Access Protection

These requirements are mainly used for commercial products and most Operating System sellers use controlled access protection (Bordetsky, & Hayes-Roth,2007).

Functional Requirements

1. Security Audit. These will record information such as date and type of event, type of event and the outcome of the event – success or failure.
2. User Data Protection. Achieved through Discretionary Access Control Policy, Discretionary Control Functions, Object Residual Information Protection and Subject Residual Information Protection.
3. User subject Binding Identification and Authentication. Focuses on: User attribute definition, Strength of Authentication Data, Authentication, Protection Authentication Feedback and Identification
4. Security Management. Involves: Revocation of Object Attributes and Security, Static Attribute Initialization, Management of the Audited Events, Management of User Attributes, Revocation of User Attributes, Management Roles, Management of Object Security Attributes, Management of the Audit Trail Management of Authentication of Data (Meyer, 2003).
5. Protection of the TOE Security Functions. It involves: Abstract Machine Testing, Reference Mediation, Domain Separation and Reliable Time Stamps

Assurance Requirements

1. Configuration Management. Its concerned with: Authorization Controls and the Configuration Management Documentation.
2. Delivery and Operation. It consists of: Delivery Procedures, Installation and Start-up Procedures.
3. It carries out: The Functional Specifications, High Level Design, and Correspondence Demonstration,
4. Guidance Documents. It consists of: Administrator Guidance and User Guidance.
5. Life Cycle Support. It carries out Identification of Security Measures and therefore the engineers should provide a Security Documentation.
6. Security and Testing. Entails an analysis of the Test Coverage, depth of the Testing, Functional Testing and independent Testing.
7. Vulnerability Assessment. Consist of: Guidance Documentation, Strength of TOE Security Function Evaluation and Developer Vulnerability Analysis.

B-3 Requirements – Security Domains

1. Access Control Systems and Methodology. It is involved with protecting computer resources from unauthorized or modification while still providing those resources to the authorized users.
2. Telecommunications and Network Security. Focuses on communications and network protocols and the weaknesses in each.
3. Business Continuity Planning and Disaster Recovery Planning. Deals with issues such as natural disasters and putting measures such as backup media that would ensure business continuity.
4. Security Management Practices. Its primary focus is security awareness which means educating the IT staff and the end users about various security threats, their effects and measures.
5. Security Architecture and Models. Focuses on having security policies and procedures in place.
6. Law, Investigation and Ethics. Covers the legal issues associated with computer security and procedures followed like where to report a crime and also know what would constitute substantial evidence.
7. Application and Systems Development Security. Covers things like Database security models and issues such as integrity of programmers.
8. It involves encryption of data and it’s the most widely used. Its also explains various types of encryption and the calculations behind them and most importantly – securing your security key.
9. Physical security. This involves ensuring that IT equipment such as servers, workstations are secure through security guards and locking doors.

Differences Between Controlled Access Protection and Security Domain

Security Domain more effective and hence the most preferred form of security:

It’s more general though expensive, it caters for the overall organization not only the present threats but future once (Tamara, 2005). Caters for all sorts of security threats from viruses to thefts and even goes to sort of insuring your data from theft and natural disasters

Provides a guideline of the legal issues, the procedures to be followed and knowledge of net forensics

References

Bordetsky, A., & Hayes-Roth, R. (2007). Extending the OSI model for wireless battlefield networks: a design approach to the 8th Layer for tactical hyper-nodes. International Journal of Mobile Network Design and Innovation (IJMNDI), 2(2), 5-12.

Deal, R. (2008). Cisco Certified Network Associate study guide (exam 640-802). New York: McGraw-Hill Professional.

Hummel, S. (2009, May 14). Ezine Articles. Retrieved February 3, 2011, from Network Design Process – Effective Network Planning and Design: http://ezinearticles.com/?NetworkDesign-Process—Effective-Network-Planning-and-Design&id=2348088

Meyer, M. (2003). Mike Meyers’ A+ Guide to PC Hardware. New York: McGraw-Hill Professional.

Tamara, D. (2005). Network+ Guide to Networks. Boston: Cengage Learning.