INFORMATION ASSUARANCE & SECURITY CONCEPTS ( Part 02 )

Layering security defenses in an application can reduce the chance of a successful attack. Incorporating redundant security mechanisms requires an attacker to circumvent each mechanism to gain access to a digital asset. For example, a software system with authentication checks may prevent an attacker that has subverted a firewall. Defending an application with multiple layers can prevent a single point of failure that compromises the security of the application

Not only that they implement many physical security principles to protect the information system and the physical equipment’s from theft and forge.

That’s why the typical bank more secure than the typical convenience store is? Because there are many redundant security measures protecting the bank, and the more measures there are, the more secure the place is.

Physical security of the bank data base

• Use CCTV cameras for watch the customer behavior.
• Security Guards and guns.
• Bulletproof walls and glasses.
• Keeping server rooms locked.
• Keeping computers locked to a wall or table.
• Keeping a combination of locks and alarms when emergency.
• Computer hardware is protected from fire damage by smoke detectors and sprinkler systems just like any other equipment.
• Prevent the loss of data by storing backup tapes in remote locations.
• Uninterruptible power supplies are a low cost investment that can save very costly equipment damage, for that Use generator and UPS.

Data integrity

• Periodically backing up data is the most important step in preventing data loss. Backups can be on removable disks, tapes, paper printouts or other computer systems.

• Virus protection is a necessity for the bank database. Therefor install Virus guards and Internet Security guards. All the computers are run on legit operating systems with virus guards.

• RAID systems are also being to ensure the integrity of data. 
•  

“RAID, acronym for Redundant Array of Independent Disks (originally Redundant Array of Inexpensive Disks), is a technology that provides increased storage functions and reliability through redundancy. This is achieved by combining multiple disk drive components into a logical unit, where data are distributed across the drives in one of several ways called "RAID levels". - Wikipedia 

Data security

•  Accounts on both multi-user machines and personal computers protected by passwords.
• Systems holding data belonging to multiple users set an owner for each file and permissions defining who is allowed to read or write to it there for Implement Authorization levels.
•  Since most security attacks are now initiated from a remote location via the network, many organizations now separate their internal networks from the internet with a firewall. Data encryption provides a second layer of security. 

“In cryptography, encryption is the process of transforming information (referred to as plaintext) using an algorithm (called cipher) to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information (in cryptography, referred to as cipher text)”. - Wikipedia 

•        There must always be someone able to fix a computer system by using a second password protected account called "system", "administrator", "root" or "super user" which bypasses the file permission system. 

• Email is particularly insecure, use some sort of email encryption system, such as PGP.

“Pretty Good Privacy (PGP) is a data encryption and decryption computer program that provides cryptographic privacy and authentication for data communication. PGP is often used for signing, encrypting and decrypting texts, E-mails, files, directories and whole disk partitions to increase the security of e-mail communications”

• Periodically audit trails are a means for the system administrators to find out if security has been breached and how much damage was done.