long term side effects of accutane on pregnancy clozaril standard nursing care plan prednisone side effects bloating stomach buspirone 15 mg high new asda price for viagra uk baclofen 10 mg fibromyalgia zyprexa uses anxiety openbangladesh.org generic levitra unicure levofloxacino 500 mg y alcohol over counter antibiotics in poland price levitra hong kong swasthiktv.com cheap amoxil erectile dysfunction pills in india what happens if a male takes the female viagra pill springracinginsights.com cure acne and amoxicillin together valacyclovir 1 gm tablet side effects does zovirax work for anything besides herpes flagyl long lasting side effects cordarone comprimate 200 mg pret carlosfloresmusic.com cost of cialis 5mg at cvs pharmacies mirtazapine 30 mg withdrawal tetracycline hepatitis azithromycin 250 mg en espanol alprazolam mucinex dm how does flomax for kidney stones in females work se puede tomar misoprostol dos veces en cuatro meses chennaiexpress.us does propecia affect blood pressure bp parameters for lisinopril studioaec.it cost of metoprolol tartrate without insurance feifan8.net anafranil o aremis is 100 mg of levothyroxine a high dose importing nolvadex into australia can you eat cheese whilst on warfarin price of tamoxifen in the philippines effexor interactions with nbuspirone batterymedix.com augmentin 1g pret farmaciile dona cflailesi.org cytotec tiempo de caducidad ansbach-direkt.de viagra active ingredients how to make viagra para que es naproxen 550 mg prescription drug 700n lexapro brand price hydrochlorothiazide tinnitus losartan misoprostol 200 mg used ukmi doxazosin asiliahomehealth.com horseblog.com chatcopii.com phenergan for dog with kidney problems ramrescuerigging.com appolo pharmacy in delhi erection pills voltaren cepici 12.5 mg taking benadryl with cymbalta cymbalta abnormal sperm dickhopper.com voltaren slow release bemylight.org lexapro 10 mg drug interactions nexium 7 day free trial coupon why does gabapentin cause viral infections chatcufete.com deltasone online association-secours-sante.cm cheap no prescription viagra gelernt.net generic lexapro cost without insurance taking extra levothyroxine side effects iphone5sreview.nl golfnewmexico.com 5 mg of celexa propecia 84 cpr side effects of having a tattoo while on antibiotics 8nxw.com myexactamundo.com metronidazole 500 mg and bleeding can i take clomid first thing in the morning wellbutrin 100mg sr once a day dogmail.com ic tamsulosin hcl 0.4mg cost ncsdsample2.docbro.com jmwxkj.com keflex effect on warfarin australia montelukast headaches twice a day how to wean off 5 mg lexapro effective coumadin 30 mg doxycycline 100mg after tooth extraction infection shapirogalvinlaw.com kegunaan obat dexamethasone dan irgapan nolvadex cost in india rs dataminingweb.com blackisbusiness.info generic proscar costco 8nxw.com azithromycin tab 500 mg work on acne fungsi obat meloxicamm 555fs.com directmobility.co.uk benefits of inderal 10mg h1music.com disabledinafghanistan.com how long does it take for antivirals to leave system kegunaan obat zovirax injeksi fotografie-cursus.net golfnewmexico.com how should i take antibiotics amoxicillin 500 gr montelukast chewable 4mg jak dziala augmentin and bupropion can you take sinupret while on amoxicillin panoramainternetu.pl batterymedix.com hinde a to z mobics dickhopper.com valacyclovir 1gram cheaper uk viagra no prescription difference between hyzaar vs exforge elusionist.com elusionist.com doxepin erowid meloxicam dosage 30 mg walan.com como tomar cytotec 200 mg dogmail.com legalmuse.com cheap viagra us clomipramine 100mg side effects diovan 25 mg clomid basket kit ziromac azithromycin 250 mg in urdu nizoral stock wowhomes.biz 300 mg doxycycline monohydrate mutien.be buy thyroxine online australia marcosdiaz.net what works just as good as viagra deserteichler.com buspar and ibuprofen interaction clomiphene citrate price australia bisenconsulting.com how long will diflucan affect birth control ez online pharmacy buy cialis usa price for plavix for cats prozac 80 mg depression what is dose of septra for cellulitis can you buy viagra in mexico walmart dataminingweb.com celexa how good is it in the list of antidepressants irishmilersclub.com proventil generic available poco sangrado despues del misoprostol generic for septra used for staph infection thyroxine 300 mg lingwest.nl mortgagejaw.com golfnewmexico.com can affect azithromycin 250 mg pregnancy swelling from avapro emotions and bupropion is losartan 100mg equivilant to lisinopril 20mg lasix side effects to report dapoxetine 50mg tablets in india pdf tamsulosin 0.4mg chewabale can viagra side effects trichomonas treatment flagyl dose on empty stomach golfnewmexico.com propranolol does it cure stuttering brown discharge after taking diflucan tab can bupropion 24 xl tab 150 mg be cut zmjinrong.com valtrex for poison ivy gabapentin calcium singulair interactions with mucinex MDMworkingDogs.com can doxycycline be used for tonsillitis ciprofloxacin life shelf 6 weeks offpaxil gabapentin effects on testosterone tomaszjedrzejewski.com acheter misoprostol sans ordonnance en rdc taking doxycycline before bed mutien.be yalovadaarsa.com clomid at walmart fungsi obat clozapine 100mg misoprostol. venta en tucuman how do you take prednisone 5mg dspk is it safe to take zofran and pepto bismol cytotec bahasa indonesia atorvastatin clopidogrel indications heavy period clomid duphaston proscar uk boots es2rp.org golfnewmexico.com springracinginsights.com xn--b1afpdqbb8d.xn--p1ai chatcopii.com mytime99.com regenepure or nizoral ketoconazole buy levitra mumbai thyroxine t4 normal range do the side effects of cipro go away que es remeron is amoxicillin 500 mg twice a day good for root canal haltner.com buy nexium tablets difference aqua doxycycline 100 vs dogs doxycycline buy bulk naproxen sodium sinequan 10 mg panik topamax top 25 can you get high itchy nipples while on clomid male esteponasurgery.com zovirax purchase canada how to overcome cymbalta withdrawal symptoms prozac 20 mg twice a day pazarlamacadisi.com redcaymanmedia.com norvasc 5mg twice daily compared to 10mg once daily neurontin 100 mg street price ondansetron orally is it safe to take while pregnant cyproheptadine and erythromycine interaction result playbookmanagement.com como puedo abortar con cytotec si tengo 6 semanas which bacteria does erythromycin ointment kills gambe-leonardo.eu hanhvyshop.vn amoxil 200 mg pregnancy test after clomid how soon can clomid be useful piracanga.com.br lamisil generic equivalent over the counter can i drink beer while taking diflucan order cipro xn--hakannal-b6a.com levaquin and alcohol side effects ftir spectrum of lisinopril hctz side effects prednisone epilepsy cialis dosage 40 mg graffiti-taxonomy.com is lasartan a gernic for micardis foodloversheaven.com businesscreditpro.com what side effects does acyclovir have sswebdesigning.com cheap viagra nz chennaiexpress.us how do i wean my dog off 20 mg of prednisone gardenplanters.com lamisil at cream in india sertraline 200 mg how much kills terbinafine and amorolfine in ringworm is azithromycin 500 enough to treat acne aneyron.com em2nt.net nortriptyline 10mg in holland valtrex generic dosage spacecityparent.com side effects for zovirax zyprexa 10mg price fluvoxamine maleate australia cattlespring.org viagra price spain MASTERRAFTING.COM baclofen 4097 tv meloxicam 7.5mg side effects apakah piroxicam obat untuk atrithis canadian viagra soft metronidazole 500 mg in early pregnacy secretlives.me buscomi.com generic cialis indonesia renrenshaw.com brand nane ofdiltiazem 2 cream ncsdsample2.docbro.com captopril normon 25 mg prospecto desogestrel 25 mcg ethinyl estradiol 40 mcg viagra shop in kenya cialis online 600 mg celebrex paypal propecia dataminingweb.com can doxycycline cause impotence in men where is the safest place to buy clomid online acyclovir 400 mg tablet price can getting off paxil help dry eye cheapest brand name viagra purchase cyproheptadine zyprexa generic cost isotretinoin 20 mg day replacing lisinopril with olive leaf extract is it safe to use a thermogenic with bupropion hcl xl can i take gas x with zofran will amoxicillin 100 mg treat gonorrhea 2.5mg of prednisone for dogs earache antibiotics symptoms when stopping lexapro after 4 years dfldctl.com amoxilline dose cost kenya batterymedix.com linezolid worldwide sales can u drink alcohol on prednisone 100 mg amoxicillin price philippines mercury drug blackisbusiness.info all-html.net allcoinreviews.org can you buy ivermectin over the counter creamost.com.py levitra 20mg suppliers policyforlife.com lifesaverpoolfencesofnevada.com can you sniff singulair soft viagra trazodone 50 mg price xenical cost in australia generic lisinopril hydrochlorothiazide pill tadalafil 20mg buy online depo provera valor en costa rica california-employment-lawyers.com estradiol to buy doxycycline monohydrate for sale amoxicillin dose for kennel cough doxycycline side effects hot flashes para q sirve las pastillas provera haltner.com eastriverpartners.info buspirone 5mg tab teva side effects satu dos azithromycin 1000mg what is another name for acyclovir in nigeria buy premarin online uk coumadin with or without food metformin odour celebrex mdl lopressor oral dosage lasix administration patient education clomid 100mg hcg shot chances of getting pregnant antibiotics for 6 year olds acyclovir price in philippines starpropertymanagement.us directmobility.co.uk what is side effects of clomid teva atorvastatin uk nexium 40 mg capsule side effects buying viagra title object object tamoxifen side effects sweating prednisone and increased fertility women carlosfloresmusic.com costo priligy dapoxetina golfnewmexico.com taking prednisone 40 mg a dapor 4 month side effects difference between crestor and atorvastatin calcium other names for zyvox metoprolol 50 mg anxiety does flagyl cause dark stool in dogs avmdtogo.org propranolol side effects in men elusionist.com cefixime and azithromycin buy online india potentiate neurontin para q sirve cipro hc otic sus bayer phar do azithromycin need prescritions in manila doxycycline hyclate for cat bite MASTERRAFTING.COM stromectol obat apa arimidex einnahmedauer prednisone dosage allergic reactions chen-liu.com anyone had success with generic antidepressants es una diaria de cytotec o 4 ic levofloxacin diflucan tablet as treatment for cradle cap sertraline 50 mg price in uk why does wellbutrin make cigarettes taste bad ile-au-tresor.net when-we-were-kings.com clomid 50mg success rate niopera.com ondansetron levofloxacin taking duromine with cymbalta em2nt.net accidentally took two thyroxine dizzy now mutien.be taking cialis daily for testosterone purity solutions sildenafil citrate review prozac buy online canada orlistat drugs sold in nigeria black box warning list cytotec patient assistance for metoprolol succ clomid and norethisterone instructions para saan yung olanzapine MASTERRAFTING.COM canine prednisone 20 mg twice a day side effects simplebonsai.info vancouver azithromycin adderall and strattera costs kudzu and zoloft septra ds composition creamost.com.py how much are 5 mg cialis worth street value chen-liu.com horseblog.com montelukast sodium drug bank valacyclovir hcl during pregnancy ciprofloxacin makes my pee smell drhildaong.com azithromycin uses can you take with allieve bupropion 300 xl recall 80 mg prednisone for 10 days for allergic dermatitis americanfamilyenergy.com what is the street value for baclofen 20 mg expert date for phzer cytotec 200 mcg misoprostol prednisone side effects irregular heartbeat amoxicillin dispersible tabletsmedomox difference between heparin and warfarin for mini stroke stlsoccer.net africanamericanimages.us dinkim.com furosemide and b complex lbc4help.org orlistat usp 35 iranstrick-tiregroup.com amoxilline sandoz hangi hastaliklar icin bovikalc.co.uk can i buy amoxicillin for dog at pet shop uk skale.it valtrex 1000 mg side effects metronidazole side effects for pets proscar cost cvs sekerpinarosgb.com gandhipucollege.com dostinexcabergoline nicin kullanilir ramrescuerigging.com marcosdiaz.net lady viagra in india unesco-iicas.org fehmierduran.com graffiti-taxonomy.com whats difference between viagra and blue zeus ivermectin dosage for dogs for heartworm prevention cephalexin vs ciprofloxacin cheap soft tab viagra baclofen toxicity dogs 10mg propecia 5mg canada purchase viagra from uk phenergan dosage for adults can pigs take prednisone can i take amitriptyline and adderall for ic voltaren para que serve augmentin przedawkowanie 8nxw.com zetron azithromycin 250mg thyroxine prescription cost buy viagra online pharmacy metformina 500 order amoxicillin online canada glucophage without pcos msd 97 decadron what are the hypothyroxine levels is lamisil similar to acyclovir ointment cytotec arequipa contacto foodloversheaven.com openbangladesh.org wyeth canada premarin cream cost how is pharmacia cytotec used to terminate pregnancy panoramainternetu.pl where can i get diflucan in kenya dose of zofran for 3 year old drugprevent.org.uk can dogs have zofran valacyclovir hydrochloride amino acid prednisone 10mg pack levitra 100 mg propecia shedding success story tizanidine with paroxetine combo africanamericanimages.us wrse-modelling.org.uk what is the street value of mobic or meloxicam propranolol for ptsd 60 minutes mhc-s.com etodolac 200 mg side effects metronidazole prescribing information pdf jagdfalkenhof.de can you take amitriptyline and sertraline tabs together cytotec on 14 weeks pregnant 40mg cialis side effects amlodipine with benicar ciproxin 500 side effects is it safe to have piercings on clopidogrel switching zyprexa and depakote newhollandcommunications.de benicar 50mg metformin side effects thyroid wellbutrin with lexapro jitters

An Overview of Corporate Information Security

Combining Organisational, Physical & IT Security.

By Seán Boran

December 13, 1999.  This article presents an overview of corporate information security, not just in a computer/network context, but also considering social and physical aspects.

Checklists are provided to stimulate analogies in your own corporate environment.

We welcome your feedback on this article.


Security involves prevention, detection, response, monitoring and review measures to reduce perceived risks to acceptable levels. These measures need to be uniform and continuous in domains such as Social/Personal, Computer/Network and Physical.

This article divides up explanation of corporate information security into:

  1. Information Domains
  2. Domain Interfaces
  3. Threats
  4. Sources of threats
  5. Countermeasures
  6. Effects of applied countermeasures

Glossary
Further reading


1. Information domains

Understanding corporate security is about understanding what the key assets in the company are. Today, the key asset is often information. But information alone is not enough, knowledge of how to use valuable information is needed to provide a competitive edge. The value of information may depend on being secret and accurate.

Information can take many forms, hence methods of securing information are various. Instead of dividing information into categories based on content, consider analysing threats to information (and hence its protection) on categories based on methods of processing / storing.
Three "information domains" are defined:

security_space1.gif

 

  1. Physical: Traditionally information is "written down", stored somewhere (e.g. a box, safe, diskette, or computer).  Classical security concentrates on physical protection: buildings, server rooms, access controls etc.
  2. Social/Personal: Successful organisations realise the value of their personnel, the knowledge they hold in their heads and the capabiliy to use that knowledge to corporate advantage.
  3. Logical or Network: Information is also stored on computers and accessed via networks. Documents can be stored "somewhere on the net" that users reference through URLs, UNCs or other abstract notions. The actual location of the data is often unknown to the user, she assumes it's on a server "somewhere". The different beween Internet and Intranet may not be obvious to end users. With this abstraction comes also a certain loss of accountability and responsibility.

Domain Interfaces

Each of these domains contains interfaces to the outside world.

security_space2.gif

 

This may look overwhelming at first, lets look at the domains one by one. The Buzzwords are explained at the end of the article if they are new to you - don't worry, they're just networking technologies.
The numbers in brackets below refer to numbered interfaces above.

Threats

The domain interfaces can be subject to various types of threats, for example:

These threats can result in critical information being lost, copied, deleted, accessed or modified, or services no longer functioning (loss of confidentiality, integrity or availability).

Sources of threats

Before deciding on safeguards to counter the threats listed above, consider:

The nature of the threat. The attackers resources (financial, technical, time), degree of motivation and ease of access should all be considered. For example, most would expect  frequent attacks from the Internet, so firewalls between the Internet and Intranet are frequent. The media often remind us of the exploits of crackers, but what of the disgruntled employee, who has access to critical systems for his daily work? What of the manager who has a gambling habit and is tempted to embezzle to pay debts? Whereas attacks from Internet Crackers may be frequent and technically interesting, they are rarely as financially damaging as deliberate  misuse of systems by employees.

Information lifetime. How is information generated, stored, processed, copied, printed and destroyed?

Information aging. How does time affect the information? e.g. a new pricelist might be sensitive before publication and would published to the world subsequently. A new pricelist replaces an old one, becomes useless.

Nature: The likelihood of natural disasters.

Countermeasures

Security Measures are needed to reduce risks to an acceptable level. If we assume that a possible attacker is external to the organisation, possible measures that could be taken in each of the interfaces (listed in green in the diagram above) are;

Measures for Logical or Network Interfaces:

Technical mechanisms:

The following is a list of mechanisms relevant to specific Interfaces. Note that hardening, resource isolaton, reliability measures and monitoring/auditing are useful on all interfaces.

(0) Authentication

(1) Strong authentication of users, possibly encryption

(2) All mechanisms

(3) Authentication of users or computers, access control, possible encryption.

(4) Encryption

Measures for Social / Personal Interfaces:

Measures for Physical Interfaces:

Assurance / constant vigilance:

Countermeasures against internal attack

On the other hand, if the primary source of attack is expected to be internal (whether malicious or accidental), the focus changes, since attackers might be authorised to bypass access control mechanisms:

  1. Social / Personal:
  2. Logical or Network measures:

Effects of applied countermeasures: Improved Security Properties

Security measures will improve security properties, such as

Assurance: Confidence that security measures are correctly implemented and that a system will behave as expected.

Identification / Authentication: When users or programs communicate with each other, the two parties verify each other's identity, so that they know who they are communicating with.

Accountability/Audit Trail: The ability to know who did what, when, where. Users are responsible and accountable for their actions. Automatic audit trail monitoring and analysis to detect security breaches.

Access Control: Access to specified resources can be restricted to certain entities.

Object Reuse: Objects used by one process may not be reused or manipulated by another process such that security may be violated.

Accuracy / Integrity: Objects (information and processes)  are accurate and complete.

Secure information exchange: Information transmitted adheres to expected levels of authenticity, confidentiality, and non-repudiation.

Reliability / Availability: Information and services are available when needed.

Summary

Knowledge and information are the most important assets of many companies, they need protecton. Information can take many forms, hence methods of securing information are various.

Consider analysing threats to information based on:

Coordinated Countermeasures should help provide a continuous, uniform level of secuity that reduces risks to an acceptable level:


Glossary

 

URL What you type in a Web Browser to get to a site (Uniform Resource Locator)
UNC The way Microsoft names network file shares (Uniform naming convention)
Security is protection of Assets (information, systems and services) against disasters, mistakes and manipulation so that the likelihood and impact of security incidents is minimised.
Confidentiality Sensitive business objects (information & processes) are disclosed only to authorised persons.
Integrity The business need to control modification to objects .
Availability The need to have business objects (information and services) available when needed.
Threat is a danger which could affect the security (confidentiality, integrity, availability) of assets, leading to a potential loss or damage.
Risk is a measurement of the severity of threats.
Access control The prevention of unauthorized use of a resource, including the prevention of use of a resource in an unauthorized manner.
security policy The set of laws, rules and practices that regulate how assets including sensitive information are managed, protected and distributed within an organisation or specific IT system(s).
ATM
PSTN
ISDN
GSM
X.25
SNA
WAN
Frame relay
Networks & protocols
Asynchronous transfer mode
Normal analog phone lines: (public subscriber telephone network)
Digital phone lines: Integrated digital services network
Digital mobile radio: Global Services Mobile (from french expression)
Digital data lines (ISO standard)
IBM networking protocols (Systems Network Architecture)
Wide area network
A WAN technology used mostly by Telecoms carriers

Other glossaries:

SANS Glossary of Terms Used in Security and Intrusion Detection http://www.sans.org/resources/glossary.php


Further reading

 

Title Author
A Code of Practice for Information Security Management
BS7799, ISBN 0-580-22536-4
www.privacyexchange.org/buscodes/standard/bsi.html
dtiinfo1.dti.gov.uk/security/approach.htm www.dti.gov.uk/CII/bs7799/
British Standards organisation (BSI)
1993
IT Baseline protection manual
www.bsi.bund.de/gshb/english/menue.htm
German BSI
"European Orange Book" ITSEC Information Technology Security Evaluation Criteria
www.itsec.gov.uk/docs/introgds.htm
www.itsec.gov.uk/docs/formal.htm#ITSEC  
EC: F/GB/D/ NL
June 1991
TCSEC "Orange Book" & Common Criteria
www.radium.ncsc.mil/tpep
DoD
Computer Assurance Guidelines
www.lowpay.gov.uk/cag/contents.htm
DTI
EPHOS Security Services
www.nethotel.dk/ephos/en/booku/i3utoc.htm?
EPHOS

Seán Boran is an IT security consultant based in Switzerland and the author of the online IT Security Cookbook.