Technical Controls Paper
Keller Graduate School of Management
January 22, 2012
Technical controls use technology as a basis for controlling the access and usage of sensitive data throughout a physical structure and over a network. Technical controls are far-reaching in scope and encompass such technologies as:
* Smart cards
* Network authentication
* Access control lists (ACLs)
* File integrity auditing software
Logical controls (also called technical controls) use software and data to monitor and control access to information and computing systems. For example: passwords, network and host based ...view middle of the document...
Any complex system is prone to inherit a false sense of security. Having a false sense of security is widespread among individuals who own and operate a personal computer within their homes. Nothing is ever really secured. It would be safe to say that something is secured within the terms of information security. The idea of purchasing a virus protection suggests that all personal information will be safeguarded and protected, which gives individuals a false sense of security. Additionally, having a false sense of security means that there is a presumed belief that there is a guaranteed protection at all times and, that there should not be concerns about the computer being compromised because the necessary steps were taken with precautions in purchasing a virus protection.
What are the consequences of not having verification practices?
Verification is one or many formal audits to determine if a test system is built according to specifications provided in a design, drawing, statement of work, or other similar guideline. Performing system verification can be relatively easy based on a well-written specification, drawing, or statement of work, and test methods can be very straightforward so that defects are easy to find, but validation can be more challenging. The consequence is very simple disclosure of proprietary corporate information. "Proprietary Information" means any information related to the purpose which is identified as proprietary information, including, but not limited to, technical information in the form of designs, concepts, requirements, specifications, software, interfaces, components, processes, and also business and financial information, or the like.
What can a firm do to bolster confidence in their Defense-in-Depth strategy?
Defense-in-depth requires that relationships between network resources and network users be a controlled, scalable, and granular system of permissions and access controls that goes beyond simply dropping firewalls between network segments. Defense-in-depth is a security architecture that calls for the network to be aware and self-protective.