SECURITY AND CONTROLS

1
SECURITY AND CONTROLS

• Security The degree to which organisational
  assets and individual property/privacy are
  protected.
• Security must be provided to prevent information
  being lost or destroyed.
• Security and privacy are closely related.
• Data must be secured from system failures and
  unauthorized access

2
Privacy

• Privacy is needed to ensure that users connected
  to a system do not deliberately or inadvertently
  access or change information that does not belong
  to them.

3
Privacy as a System consideration

• A system like an interactive marketing system
  must be built in such a way that producers cannot
  gain access to orders placed with other producers
  and consumers cannot gain access to orders placed
  by other consumers.
• Introduction to Systems Analysis and Design
• - Igor Hawryszkiewycz

4
Privacy

• is the right of people to determine for
  themselves what personal information to share
  with others
• Both Government and private organisations are
  increasingly automating the processing of
  personal information without the consent or
  knowledge of the individuals affected.
• Personal information is sometimes
• used legitimately - social security
• abused - fraud, improperly accessed

5
Privacy

• The questions to be raised are
• What information is stored?
• Who has access to it?
• Who owns the information?
• How is the information used?
• A major dilemma facing society is the conflict
  between the need for private and government
  agencies to keep information for the common good
  versus the rights of the individual to be left
  alone.

6
Privacy protection

• Privacy Legislation
• Commonwealth
• Privacy Act 1988
• Provides broad principles
• Privacy Amendment Act 1990
• Covers credit reporting
• Data-Matching Program Act 1990
• This act enables government agencies and
  departments to match information on individuals.
• Freedom of Information Act 1982
• Australian Tax Act ( numerous amendments)
• Australian Securities Commission Act 1989

7
Computer Security

• Refers the degree of protection offered by the
  safeguards and procedures which can be applied to
  computer hardware, programs, and data.
• System security refers to all aspects of the
  system.
• Involves accuracy and integrity standards of the
  system
• Includes protection against loss, damage
  disclosure

8
System Controls

• Controls are functions or procedures that provide
  assurance that standards of disclosure, integrity
  and accuracy are enforced throughout the system.
• They are the techniques used to attain protection.

9

• Definition of Terms
• Accuracy refers to data entering or leaving a
  system and that it is exactly what it should be.
• Integrity refers to the degree that data files
  represent the actual, current status.
• Confidentiality refers to the release of
  information to those persons with appropriate
  authorisation or permission to receive it.

10
Special problems with computer security.

• Illegal or unauthorised access to information
  does not leave a theft record.
• Not always known that security is compromised.
• Many systems include data communications.
• Exposure to accidental or deliberate damage, loss
  or disclosure.
• Resources of computer systems are shared among
  many users.

11
Privacy (confidentiality, disclosure)

• Is the claim by individuals, groups, or
  institutions to determine when, how and to what
  extent information about them is communicated to
  others.
• It is the consequence of increased accessibility
  to data (not the development of computers).
• Legal and social controls are needed (these can
  be implemented, in some situations, on computers).

12
Types of threat to a system

• Accidental
• Hardware, faulty design, operational
• Acts of God (fire, flood,...)
• These can be as serious as deliberate threats.

13
Deliberate Threats

• Passive techniques
• Observance of information at some point
• Wire tapping, Inspecting waste containers
• Active techniques
• Deletion, modification, removal of data
• Insider (operator to executive)
• Outside (gained illegal access)

14
Motivation

• Use of system without paying
• Access to confidential files
• System subversion
• (causing system to operate incorrectly)
• Arson

15
Layers of Protection

• Societal Controls
• Laws, legal framework, morality.
• Administrative Controls
• Who has access.
• Staff procedures (operation controls).
• Physical Controls
• Locks, alarms, guards, secure cables, fire
  precautions.
• Reduce unauthorised access

16

• Technical Controls
• Input/output controls
• Processing controls,
• Completeness and accuracy checks
• Security built into system.

17

Some controls applicable to these layers can be
built into the system.
18
Security Design

• Fundamental issue is cost
• It may be cheaper to allow theft or damage
• The designer needs to determine the level of
  security required.
• The cost of attaining the required security must
  be compared to system cost and the potential
  losses.

19
Design strategies

• Minimise probability of attack or damage
• Discourage would-be embezzlers from starting
• Minimise damage if it does happen
• Recognise breaches that do occur
• Provide methods to recover from damage (at least
  vital records)

20
Disaster Recovery Plan

• Disaster Recovery Plans are methods of restoring
  data and processing operations if those
  operations are halted by a major disaster, from
  natural causes or man-made.

21
Disaster Recovery Plans

• Disaster Recovery Plans include
• a list of priorities
• personnel requirements
• equipment requirements
• facilities
• data capture and distribution.
• Some businesses can revert temporarily to manual
  services others buy time at a service bureau or
  arrange a mutual aid agreement.

22
Types of System Controls

23
Access Controls

• Limit access to authorised persons only.
• Access Design Principles
• Default to access denial
• Non-secret design If the system cannot be
  described in public literature, then it is not
  secure.
• Exposure of design allows an assessment to be
  made on the reliability of the design.

24
Access Design Principles (cont)

• User Acceptability Must be easy for users, or
  they won't use it (they may use alternatives).
• Complete Mediation Every level of access must be
  mediated.
• Least Privilege Allow user only the minimum
  amount of access necessary to complete their
  task.
• Separation of Privilege
• Don't allow one person control of entire system.
• Require more than one person to allow access.

25
Source Document Controls

• Documents entering the system need to be
  authorised.
• Signatures or initials on all documents
• Pre-numbering controls access to documents and
  assures they are genuine.
• Ensure all documentation is updated to reflect
  current procedures (may also have to limit access
  to documents).

26
Organisational Controls

• Ensure reliability and confidentiality by
  implementing organisational controls.
• Limit access to only part of system.
• Limit access to physical resources.

27
Output Controls

• Ensure that output is accurate and available only
  to authorised persons.
• Output Control Design
• Limit printed copies
• Require receipts.

28
Data Entry Controls / Input Controls

• Ensure accuracy and completeness of transactions.
• Input controls
• Syntax Single field
• Cross field Cross Record
• Communication controls
• Encryption during communication
• Audit trails (Transaction logs)

29
File Controls

• Control the use and reconstruction of files/data.
• File/Data Security Design
• Access Management
• Determine who has access
• Releasing files only for approved uses.
• Process Limitation
• Limit user to time, access rights
• Privacy Transformations
• Data encryption

30
File/Data Security design (cont)

• Auditing and Threat monitoring
• Levels of Authorisation
• Reconstruction
• Backups or transaction logs that allow files to
  be reconstructed if damaged or corrupted.

31
Processing Controls

• Ensure the reliability and accuracy of
  processing.
• Programs must be designed so that they do not
  'crash.
• Programs must be designed so that they producer
  correct results.

32
Fail-Safe Design

• An attempt to minimise the chance of complete
  failure.
• When a component of the system fails, 'graceful
  degradation' should occur rather than total
  collapse.
• Perhaps response time will suffer, or some
  capabilities will be removed, but services should
  be available to any extent possible.
• As soon as possible after failure a workable
  configuration should be established.

33
Network Security

• System users should be identifiable
• User actions must be authorised
• User actions may be monitored
• Data, hardware and software should be locked and
  protected
• Data should be reconstructable, tamperproof,
  auditable.
• Transmission should be fail safe and private
• Vital computer centres should be catastrophe
  proof, replicated.

34
Access Management Techniques

• Techniques designed to prevent unauthorised
  persons from computer services.
• Techniques
• - Terminal identification
• - Terminal protection
• - User identification
• - Provide varying service levels

35
Access Management techniques cont

• Access should not be granted until
• Identified
• (user must have unique name, number)
• Authorised
• (determine if legitimately assigned to info.)
• Authenticated
• (verify persons is who they claim to be)

36

• User Identification

37
Processing Control Techniques for Reliability

• Duplex Systems
• - Some transactions are processed by one system
• - Other processes are completed by another
  system.
• - If one system fails, then all activities
  switch to the remaining system.

38
Duplex System graphic

• SYSTEM A SYSTEM B

39
Twin Systems

• Both systems process all transactions.
• Results are compared, a mismatch indicates a
  fault in one or both systems.
• Used when certainty of results is vital.
• Programs used may be developed separately as well

40
Twin Systems graphic

• SYSTEM A SYSTEM B
• Note The processors may be at different
  locations in both duplex and twin systems.

41
File/Data Control Techniques

• Backup processes
• 1) All data files kept and processed in multiple
  copies.
• - It may be on two or more different storage
  devices.
• - Storage devices may be at different sites.

42
Backup processes cont

• 2) Regular backups with transaction logs kept.
• - Multiple copies may be taken with some stored
  at remote locations.
• - Previous backups with logs are archived.
• - Backups kept in the A B A B A B ... order.

43

• 3) Roll back Roll forward
• - In the event of failure or error, the system
  returns to the last known stable state (roll
  back).
• - Transactions are then applied to bring the
  system up to its current state (roll forward).

44
Encryption

• Changing all codes to make information
  unreadable.
• Decode KUYNUPMVWZMBFIHGUHIDHJ

45
The key is JohnSmith
46
Data input control techniques

• Check Digits
• Part of a code, or number is used to validate its
  entry. Especially good for transposed characters.
• Example
• Test 123AJ using the last digit as the check
  digit and modulus 11 arithmetic.

47
Example 123A becomes

• The check value is (11 - (430 Mod 11)) 10
• The digit becomes char(65 10) J.

48
Data input control techniques (cont)

• Existence tests
• Confirm fields that must contain data do contain
  data.
• Limit range tests
• Check that field contents are within a preset
  range. Appropriate action is taken if a value is
  out of range. (eg maximum withdrawal 10000)

49
Other tests

• Combination test (also cross validation)
• The content of one field determines, or limits,
  other field values. (eg Suburb, Postcode)
• Syntax
• The field entries have the correct syntax.
• (eg POSTCODE PIC 9999).
• Cross Record
• Check field contents against information in
  another record (and/or table). eg. Verify a
  customer number on an order.

50
Batch Control Techniques

• Batch processing is the processing sequentially
  of a large number of similar transactions.
• (eg. Deposits or withdrawals)
• Batch Size
• Each batch consists of a fixed number of
  transactions. At the end of processing, a test is
  applied to determine that the correct number of
  transactions has been applied.

51
Batch control techniques cont

• Batch Sequence
• Each batch is assigned a sequential batch number.
  If a batch is not processed, the missing number
  will identify it.
• Batch Totals
• Prior to processing, a total of all elements to
  be applied is calculated. During processing, the
  same total is calculated as each transaction is
  applied. The totals should match.

52
Transaction Control Techniques

• Transactions are a set of logically related
  message pairs.
• Either none of its operations are performed Or
  all of its operations are performed.
• Incomplete transactions can not reveal incomplete
  results to other transactions.
• Serial application Concurrent application

53
More transaction control techniques

• Sequence
• Each transaction is assigned a serial number.
  This identifies items that are either missing or
  out of sequence.
• Duplicate Processing
• Data is processed on either different equipment
  or in different ways and results compared for
  accuracy.

54

• Duplicate Entry
• Data is entered 2 or more times. The entries are
  compared.
• Completeness checks
• Transactions are not accepted until all
  information necessary is collected.