A Taxonomy of Loss

Article Index

Page 2 of 5

Elements of the Computing Environment

Just as a computer system is more than the computers themselves, so the risks to which a system is exposed are more than just physical.

Considering all the elements that contribute to the worth of a system helps reveal these different risks.

System Components

The value of a computer system rests in its utility to an organization. This value is represented by the capital cost of the equipment and software; the business information managed by the system and the outputs (reports, email, web pages) produced by the system.

Each system component has different associated security risks ranging from purely physical theft to the intangible cost of customer satisfaction and confidence.

Hardware

The purely physical structures; processors, disk drives, memory, monitors etc.

Software

The applications required to use the hardware; operating system, database, web server, email.

Data

The information used by and stored on the computer system; documents, spreadsheets, databases etc.

Network

The interconnection mechanism to allow information exchange and access to shared resources; wiring, network hubs and switches, routers, firewalls

Communications

The (usually) independent systems which carry the remote part of computer networks; PSTN, ISDN, frame relay, ATM

System Useability

A computer system which is unused is of no value. Appropriate training, system reliability and availability all contribute to the overall useability of the system.

Any event which compromises the usability of a computer system reduces the value of that system and can be regarded as a direct cost to the organization.

The User Population

Each section of the user population places unique demands on a computer system and have different perspective on the value and cost of the system.

The distribution of users can reflect a range of security risks which must be addressed and a variety of sometimes conflicting interests which must be reconciled.

End users

May rely on the computer system to perform their daily work. Generally only require access to those services that are appropriate to their work function.

Unit managers

Have specific business outcomes, such as sales targets or unit profits, to achieve.

Business units require different types of access and services from the computer system. For instance, only the finance group uses the general ledger system, the sales force requires remote or roaming access.

Senior managers

Have wider, strategic views of the business objectives. Without the active support of key senior managers, most computer systems initiatives fail to achieve their potential.

Systems managers

Responsible for providing access to sections of the computer systems to end users and for managing the performance of the system. Systems managers face a major challenge in balancing the needs of disparate users against the limited resources available.

The different specific computer systems (database, desktop, email, web, network) also present different security and value issues.

Customers, suppliers etc

Need to communicate with the organization through the web page, email, shared databases or information archives.

Any external connection to a computer system represents a major security risk; it can also represent significant added value.

Attackers

The black hats. Seek to compromise computer systems; sometimes your own users are the attackers.

Search Tags

psychology  testing  moodle  programming  office  owncloud  email  process  open source  implementation  vba  browser  software  documentation  wireless  security  joomla  analysis  website  audit

Features Articles

Online surveys

How do you know what your customers want? Perhaps you should ask them.

Surveying your internal or external customers gives you hard information on which to base decisions about product development, marketing campaigns, resourcing or any other area where you organisation or department interacts with another group (which means in nearly everything you do).

Documentation

It might be the last thing you want to read, but not having a well documented IT infrastructure (servers and networks) can lead to surprising events like critical systems running on unsupported servers.

Documentation must not only be accurate at the time it was created it should also meet these additional criteria:

  • Available The people who need the information must be able to get at it.
  • Editable Any documentation in the IT industry is quickly out of date, so it is essential that information is able to be correctly updated as soon as a change is required. Ideally the client or end-user should be able to do this, rather than waiting on the 'approved editor'.
  • Current 'Out of date' is just a nice way of saying 'wrong'. The date on which the underlying information was updated should be shown on any reports either printed or viewed online.

A Taxonomy of Loss

The widespread commercial use of the internet has led to an increasing focus on systems security. Media driven hype and a lack of independent information can make the true level of threat to an organization difficult to determine. Adopting a structured approach to the analysis of computer system security risks and allows an organization to more effectively balance their operational requirements against the potential for loss, whether that loss involves physical equipment, information or reputation.

This article discusses the components of a computer system, the types of attack to which they are exposed, some typical defence mechanisms and some weaknesses in the standard defences. The information and concepts shown can form a starting point for the development of suitable security and operational strategies to assist organizations to obtain the maximum value from their investments in computer systems.

Beyond the Blackboard

Considerations when designing or specifying an on‑line learning environment.

For many organisations, the provision of training to staff and customer represents a significant cost. As the processing power and network bandwidth available to desktop PCs increases, the performance and features of on‑line learning systems have improved to the point where the delivery of training via a computer has become a viable option.

While on‑line learning is not an appropriate solution for all training needs, it does provide an effective training delivery mechanism in the right circumstances.

This article discusses some of the issues involved in creating an on‑line learning environment, viewed from the perspective of the different interest groups involved. The information and concepts shown here are not definitive; you should carefully consider your own specific requirements before implementing any computer system.

Open Source

You shouldn't be using open source software because it's cheaper (although it is), you should be using it because of its features and flexibility and the fact that it doesn't lock you in to restrictive license agreements.

Network Security

External Network Scanning

One of the core mechanisms for protecting networks is to install a firewall to mediate traffic between systems on the internal network, publicly accessible systems is a DMZ (from the military term demilitarised zone) and the internet.

Latest blog posts

"A positive attitude may not solve all your problems, but it will annoy enough people to make it worth the effort."
Herm Albright (1876-1944).

IP:18.227.190.93

FacebookTwitterLinkedinRSS Feed

Hosted at Panthur web hosting.

© Dropbear Consulting Pty Limited
Privacy policy