Before embarking on designing security procedures a risk analysis would be required; this would require answering the following questions:
o What is the nature of the data being stored in the system?
o How will the data be used?
o Who will have access to the system?
o How much money will the organization lose if the data is lost, corrupted or stolen?Risk assessment –in this scenario we have to take account that the system is central to the business strategy and that access to the Internet requires an `open interface‘ which increases the risk of malicious intrusion and that the system would be at the core of the company‘s business:
o Identifying possible areas of risk;
o Estimating the probability of their occurrence, and
o Quantifying the impact if they should occur
o Estimating the cost of removing or minimizing the risk
This would enable decisions to be taken on each risk identified. The choices open to us are: o risk avoidance;
o risk reduction;
o risk acceptance;
o risk transfer.
and the prioritization of investment in providing counter-measures or accepting the risk would be based upon an evaluation of the costs and benefits associated with each decision.
Security issues to be considered can be covered under the headings of Confidentiality; Integrity, and Availability and continuity of service.
Confidentiality is ensuring that information is made available only to those authorized to have access to it. In this case, with a travel agent, high risk is incurred because we want to give the general public easy entry to the system and to allow them to make a booking. But we need to ensure that personal data that we capture as part of the booking or marketing process is not accessed by unauthorized users. We would also not want to make it easy for our own staff to take copies of any customer details to pass on to third parties. So access to parts of our database would be limited by password or physical identifier. Measures adopted to protect personal data must conform to national Data Protection laws.
Integrity is preserving the accuracy of the data that is held and keeping it secure from unauthorized amendment. Updating holiday availability, accurate and secure transmission and filing of payment and financial data – all need to be planned for, with the creation of updating and data validation policies, limitation of functions to certain users or terminals, creation of control totals, creation of audit trails.
Availability (continuity of service)
This means ensuring that continuity of service provision to external and internal customers is maintained. This means, starting at the design stage, looking at the areas of greatest vulnerability and least resilience, i.e. those most likely to fail. Then evaluating how best to improve the resilience within the bounds of value for money. This will involve designing some redundancy into the system by duplexing vulnerable pieces of equipment but also designing in `graceful degradation‘, the ability to continue to operate, albeit with a service of reduced functionality when there is a partial breakdown. We also need to design fallback procedures, possibly manual, in the case that this does not prove possible. Finally, we need to design in the back-up and recovery procedures. The daily copying of files and the remote storage of files and programs to effect recovery in the event of a (physical) disaster. We must not forget the need to plan to periodically test the effectiveness of these procedures.
A typical management security policy would cover the following aspects: o User awareness and education;
o Administrative controls;
o Controls over system development and maintenance
o Operations controls;
o Firewall to protect against intrusion from Internet
o Physical protection of data
o Access control to the system and data;