![]()
April 1, 2004
This week's feature:Security for Educational Systems and Networks:
A Concept of SecurityBy Dr. Bob O'Dell, Chief Technologist, T.H.E. Journal - [EMAIL PROTECTED] Networking and the Internet have greatly expanded access to myriads of data. With that greater access comes the increased need for security — both in terms of ensuring access to those authorized for sensitive data and integrity to ensure someone does not gain access and change the data. As we examine the many aspects of security, it's a good idea to understand the constraints that are inherent in security. For example, easy access and security are diametrically opposed, there is no such thing as total security, and allowing any access increases your security risk. So the question one has to deal with when developing and implementing a security plan is just how much risk is acceptable. The answer becomes complicated since it doesn't take long to realize that risk is dependent on the information being accessed. For instance, a simple Web page of say the school calendar does not carry the weight of risk of student test records. Another dimension of security is the control inherent in the access given. Here the level of security gets higher as you move from the workstation and applications on the workstation to the network and applications on the network, including the Internet. In all cases, access to the operating system level carries the greatest threat, which becomes even greater when it is a server. What this is leading to is the understanding that a security plan is most effectively viewed as an onion, with each layer representing an additional level of security. Each of the layers represents more sensitive information or greater control, which requires higher security and, by implication, less accessibility. It is also wise to consider that multiple “onions” are necessary: one for each class of data to be protected. In addition, it goes without saying that each layer adds to the burden of managing the system. In this series of articles, we will explore building security plans and look for tools to implement them. But given the complexity, is it really possible to achieve any level of genuine security without a dedicated individual or department... To read the rest of the article click here
Tell a friend or colleague about T.H.E. Focus! Click here to subscribe, change your existing newsletter format or unsubscribe. Copyright © 2004 ETC Group LLC. All rights reserved. | 