Standardizing Security; Security Controls; Physical Controls - Red Hat ENTERPRISE LINUX 4 - SECURITY GUIDE Manual

Hide thumbs Also See for ENTERPRISE LINUX 4 - SECURITY GUIDE:

Manual (410 pages)

System administration manual (400 pages)

Administration manual (200 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

page of 136

/ 136
Contents
Table of Contents
Bookmarks

Table of Contents

1.1.4. Standardizing Security

Enterprises in every industry rely on regulations and rules that are set by standards making bodies

such as the American Medical Association (AMA) or the Institute of Electrical and Electronics

Engineers (IEEE). The same ideals hold true for information security. Many security consultants and

vendors agree upon the standard security model known as CIA, or Confidentiality, Integrity, and

Availability. This three-tiered model is a generally accepted component to assessing risks of sensitive

information and establishing security policy. The following describes the CIA model in further detail:

• Confidentiality — Sensitive information must be available only to a set of pre-defined individuals.

Unauthorized transmission and usage of information should be restricted. For example,

confidentiality of information ensures that a customer's personal or financial information is not

obtained by an unauthorized individual for malicious purposes such as identity theft or credit fraud.

• Integrity — Information should not be altered in ways that render it incomplete or incorrect.

Unauthorized users should be restricted from the ability to modify or destroy sensitive information.

• Availability — Information should be accessible to authorized users any time that it is needed.

Availability is a warranty that information can be obtained with an agreed-upon frequency and

timeliness. This is often measured in terms of percentages and agreed to formally in Service Level

Agreements (SLAs) used by network service providers and their enterprise clients.

1.2. Security Controls

Computer security is often divided into three distinct master categories, commonly referred to as

controls:

• Physical

• Technical

• Administrative

These three broad categories define the main objectives of proper security implementation. Within

these controls are sub-categories that further detail the controls and how to implement them.

1.2.1. Physical Controls

Physical control is the implementation of security measures in a defined structure used to deter or

prevent unauthorized access to sensitive material. Examples of physical controls are:

• Closed-circuit surveillance cameras

• Motion or thermal alarm systems

• Security guards

• Picture IDs

• Locked and dead-bolted steel doors

• Biometrics (includes fingerprint, voice, face, iris, handwriting, and other automated methods used to

recognize individuals)

Standardizing Security

Table of Contents

Standardizing Security; Security Controls; Physical Controls - Red Hat ENTERPRISE LINUX 4 - SECURITY GUIDE Manual

1.1.4. Standardizing Security

1.2. Security Controls

1.2.1. Physical Controls

Related Manuals for Red Hat ENTERPRISE LINUX 4 - SECURITY GUIDE

Related Content for Red Hat ENTERPRISE LINUX 4 - SECURITY GUIDE

Table of Contents