The 8 Levels of IT Security in The Data Center

8 Levels of IT Security
in the Data Center

In a world of viruses, malware. hackers.. and other scary things that can compromise the top-secretness of top-secret data, security and privacy are big deals. None of the many and diverse methods of security can ensure data protection 100%, but layering these organizational tactics.
technologies, and processes can help close all of the gaps. A look at a data center provides us with the 8 levels of IT security which work together to form a tight-knit and (hopefully) impenetrable web of safeness.

1 - RISK MANAGEMENT FRAMEWORK

2 - A SECURITY POLICY is
a written document stating
how a company plans to
protect its physical and
information technology (IT)
assets. A security policy is
often considered a “living
document", meaning that
the document is never
finished but Is
continuously updated as
technology and employee
requirements change.

A COMPANY'S SECURITY
POLICY MAY INCLUDE:

>An acceptable use
policy ( policy that a
user must agree to
follow in order to be
provided with access
to a network)

> an explanation
of how security
measurements
will be carried
out and enforced

> . a procedure for
evaluating the
effectiveness of the
security policy to
ensure that necessary
corrections will be made.


3 - LOGGING MONITORING.
AND REPORTING


LOGGING

LOGGING

>Establishing and documenting
performance metrics

>Management
regularly monitors
performance results

LOGGING


4 - VIRTUAL
PERIMETERS

>As the systems grew and
became more powerful,
authentication was reintroduced
Into the personal computers as
the PCs themselves could be
remotely accessed.

>This development is
used by companies
and employees alike to
promote home working
environments and
past-office-hours work
via connections into
the corporate
network.

5
ENVIRONMENTAL
AND PHYSICAL
INFORMATION

> Processing resources like mainframes
and minicomputers must be housed In a
secure area that reasonably protects the
devices from unauthorized physical access,
fire, flooding, explosions, and other forms
of natural or man-made disaster.


6 - PLATFORM SECURITY

> A security mechanism sometimes
referred to as “hardening”, model used to
protect an entre platform and secures the
entire span of software or devices on that
platform, removing as many security risks
as possible and providing an increased
level of integrity to the need to
Incorporate Individual or multiple security
measures for application different
programs on the system.


7 - INFORMATION
ASSURANCE (IA) OR
DATA ASSURANCE

>Managing risks related to the use,
processing, storage and transmission of
information or data.

8 - IDENTITY AND
ACCESS PRIVILEGE
MANAGEMENT

>Authentication

> This principle requires that each subject
in a system be uniquely identified and
granted the most restrictive set of
privileges (or lowest clearance) needed
for the performance of authorized tasks.
The application of this principle limits the
damage that can result from accident,
error, or unauthorized use.

Systems may securely
identity their users.
Authentication systems
provide answers to the
questions:

>Who is the user?

>Is the user really
who he/she represents
himself to be?

. An authentication
system may be as
simple (and insecure) as
a plain-text password
challenging system

. or some physical property of
the individual like a fingerprint

. or derived data
like a smartcard

. In all cases, however,
Authentication systems depend on
some unique bit of information
known or available only to the
individual being authenticated and
the authentication system -- a
shared secret.

>Authorization

. the mechanism by which a
system determines what level of
access a particular authenticated
user should have to secured
resources controlled by the
system. A database management
system might be designed so as to
provide certain specified
Individuals with the ability to
retrieve information from a
database but not the ability to
change data stored in the database,
while giving other individuals the
ability to change data.
Authorization systems provide
answers to the questions:



Is user X
authorized to
access resource R?

Is user X authorized
to perform
operation P?

Is user X authorized
to perform
operation P on
resource R?


. Authorization systems depend on
secure authentication systems to
ensure that users are who they
claim to be and thus prevent
unauthorized users from gaining
access to secured resources.

Wikibon In a world of viruses, malware, hack- ers, and other scary things that can compromise the top-secretness of top-secret data, security and privacy are big deals. None of the many and diverse methods of security can ensure data protection 100%, but layering these organizational tactics, technologies, and processes can help close all of the gaps. A look at a data center provides us with the 8 levels of IT security which work together to form a tight-knit and (hopefully) impenetrable web of safeness. 8 Levels of IT Security in the Data Center 1 RISK MANAGEMENT FRAMEWORK 2 A SECURITY POLICY is a written document stating how a company plans to protect its physical and information technology (IT) assets. A security policy is often considered a "living document", meaning that the document is never finished, but is continuously updated as technology and employee requirements change. A COMPANY'S SECURITY POLICY MAY INCLUDE: > An acceptable use policy ( policy that a user must agree to follow in order to be provided with access to a network) >a description of how the plans to educate its compees about protecting the company's > an explanation of how security measurements will be carried out and enforced > a procedure for evaluating the effectiveness of the security policy to ensure that necessary corrections will be made. 3 LOGGING, MONITORING, AND REPORTING LOGGING LOGGING > Establishing and documenting performance metrics > Management regularly monitors performance results LOGGING 4 VIRTUAL PERIMETERS > As the systems grew and became more powerful, authentication was reintroduced into the personal computers as the PCs themselves could be remotely accessed. > This development is used by companies and employees alike to promote home working environments and past-office-hours work via connections into the coorporate network. 5 ENVIRONMENTAL AND PHYSICAL INFORMATION > Processing resources like mainframes and minicomputers must be housed in a secure area that reasonably protects the devices from unauthorized physical access, fire, flooding, explosions, and other forms of natural or man-made disaster. PLATFORM SECURITY > A security mechanism sometimes referred to as “hardening", model used to protect an entire platform and secures the entire span of software or devices on that platform, removing as many security risks as possible and providing an increased level of integrity to the need to incorporate individual or multiple security measures for application different programs on the system. INFORMATION ASSURANCE (IA) OR DATA ASSURANCE > Managing risks related to the use, processing, storage, and transmission of information or data. 8 IDENTITY AND ACCESS PRIVILEGE MANAGEMENT > This principle requires that each subject in a system be uniquely identified and granted the most restrictive set of privileges (or lowest clearance) needed for the performance of authorized tasks. The application of this principle limits the damage that can result from accident, error, or unauthorized use. > Authentication Systems may securely identify their users. Authentication systems provide answers to the questions: • Is the user really who he/she represents himself to be? • Who is the user? • An authentication system may be as simple (and insecure) as a plain-text password challenging system • or some physical property of the individual like a fingerprint • In all cases, however, Authentication systems depend on some unique bit of information known or available only to the individual being authenticated and the authentication system -- a shared secret. • or derived data like a smartcard > Authorization LEVEL 2 • the mechanism by which a system determines what level of access a particular authenticated user should have to secured resources controlled by the system. A database management system might be designed so as to provide certain specified individuals with the ability to retrieve information from a database but not the ability to change data stored in the datbase, while giving other individuals the ability to change data. Authorization systems provide answers to the questions: LEVEL 1 Is user X authorized Is user X authorized to Is user X authorized to perform operation P? to perform operation P on resource R? access resource R? • Authorization systems depend on secure authentication systems to ensure that users are who they claim to be and thus prevent unauthorized users from gaining access to secured resources. CURITY Wikibon