Security_Designs

Security Designs Research/Study Plans This paper describes design methods that will help Information security professionals develop a strategy to protect the availability, integrity, and confidentiality of data in an organization's information technology (IT) system. It will be of interest to information resource managers, computer security officials, and administrators, and of particular value to those trying to establish computer security policies. The methodology offers a systematic approach to this important task and, as a final precaution, also involves establishing contingency plans in case of a disaster. Data in an IT system is at risk from various sources—user errors and malicious and non-malicious attacks. Accidents can occur and attackers can gain access to the system and disrupt services, render systems useless, or alter, delete, or steal information. An IT system may need protection for one or more of the following aspects of data: · Confidentiality. The system contains information that requires protection from unauthorized disclosure. Examples: Timed dissemination information (for example, crop report information), personal information, and proprietary business information. · Integrity. The system contains information that must be protected from unauthorized, unanticipated, or unintentional modification. Examples: Census information, economic indicators, or financial transactions systems. · Availability. The system contains information or provides services that must security, attack, policies, should, attacks, information, vulnerabilities, system, strategy, damage, controls, plan, contingency, possible, data, threats, systems, proactive, computer, team, procedures, access, various, type, server, organization, threat, taken, minimize, determine, administrator, steps, response, recovery, methods, incident