amlodipine besylate lethal dose zyban online sales meloxicam online canada fungsi dan kegunaan dexamethasone 0,5 mg tablet theitrecruiters.com hanhvyshop.vn albuterol inhaler in the philippines allcoinreviews.org can ciprofloxacin relax you has anyone use clomid in nigeria does it really work aca-18586.de ibuprophen with teva irbesartan 150 mg duration of strep throat with antibiotics should i take coq10 with avapro is metrogyl 200 and flagyl the same equivalent du zoloft how to store proscar after cutting vitaroom.net how does missing a dose of seroquel affect bipolar flagyl sirve para diverticulitis naprosyn 500mg cost gabapentin and carbamazepine together going off lisinopril effects elusionist.com should diflucan be taken during period or after bt.sklep.pl finasteride price africanamericanimages.us could get withdrawl symptoms after stopping 5mg lexapro ncsdsample2.docbro.com singulair 20 mg per day how long do you take doxycycline for lyme disease sunshine contraindicated with prednisone cattlespring.org lioresal 40 mg vincip ciprofloxacin tablet erectile dysfunction metro detroit doctors flomax stomach cramps nortriptyline hcl 75 mg cap terbinafine hair loss periactin 4mg bangladesh prize per pice drukarniaupi.pl medicines for std without prescription in hyderabad when did you get your bfp for twins while on clomid pranzo 5 mg antidepressant amoxil bd 875 mg bula clomid 50 utrogestan metformin denk 850 geogrupa.com.pl generic lipitor and muscle pain cost for propecia at costco geogrupa.com.pl cialis 40 mg dose use of ciprotab antibiotic ciprodex ear drops coupon vitaroom.net escitalopram meaning in urdu inderal 10 medicine dopasujbuty.pl cost of antidepressents south africa cmo ago para adquirir cytotec por mercado libre bezpieczne-nawierzchnie.pl fryzjerjelcz.pl can i take diflucan with the morning after pill norvasc 7 mg cheap singulair no prescription can you take prednisone before colonoscopy how to get erectile dysfunction prescription canada deralin and erythromycin phenergan every 4 hours 40mg prednisone daily with influenza nifedipine farmacie catena azithromycin 1gm packets without perscription metronidazole uti cat bhf how long do i need to take clopidogrel clomid 200mg homme after cycle disabledinafghanistan.com antibiotics pour infection urinaire paypal cialis online chatcopii.com viagra in australia priligy 20 shapirogalvinlaw.com wellbutrin is amazing eastriverpartners.info ansbach-direkt.de que es el metoprolol pazarlamacadisi.com elusionist.com viagra 50mg 4 pack fungsi azithromycin 200 mg se. puede ingerir alcohol tomando zovirax acyclovir drugprevent.org.uk how much do you pay for cialis metronidazole 2gram tablet estradiol 2 mg sales levofloxacin and alcohol interaction feswmp.com propranolol for anxiety and hyperthyroidism adalat sony tv paxil 20 mg by glaxosmithkline can i take potassium abd tylenol with coumadin avapro drug cost azithromycin in poultry how many company egyptereizen.org michalchrzanowski.com eko-laser.org.pl lamisil jock itch cream rate in rupees buy clonidine uk cipralex et elavil cyproheptadine 10 mg cymbalta mg dosage diltiazem 480 buy viagra tablets in manchester antibiotic tablet for pimple in kolkata gerling-fvm.de buy amoxicillin uk no prescription gabapentin adverse affect with quetiapine lisinopril 10 mg tablet side effects fotografie-cursus.net will a pregnancy test work if on citalopram propecia best price uk cipro elixir wellbutrin 150 mg high brtop.net what time should i take 10 mg of elavil dose of amitriptyline for phantom rectal pain metronidazole white discharge singulair tablets dose provera serophene dosage of 800 mg amoxicillin for ear infection how long does it take to get used to mirtazapine 7.5 eude.es cheap generic viagra online lbc4help.org kalmicetine chloramphenicol clopidogrel 10 mg does bactrim treat gram negative rods egyptereizen.org buspar for stomach problems ciesielstwokukulak.com.pl kmmvin.eu diltiazem 2 ointment shelf life how long does 1 500mg azithromycin last in your system proving lipitor caused hep c dog ate 25mg of oestradiol levitra prices in malaysia 75 mg plavix reviews on lerk sildenafil 100mg english prednisone dosage 7 days ubat seroquel xr walmart pharmacy viagra 100 mg price ciprofloxacin 500mg tinidazole 600mg tablets use for apakah cyproheptadine hcl aman untuk ibu hamil propranolol er 120 mg capsule side effects how much mg of atarax taken for sleep ncsdsample2.docbro.com baclofen annual sales biolab.com.sg amoxicillin 1 gram bid can u take celecoxib and propranolol together l thyroxine 75mg feswmp.com fungsi pil propranolol hcl 40mg cflailesi.org DORREAJATETXEA.COM can i cut 20mg benicar in half to make 10mg actos 15 mg 28 tablet sekerpinarosgb.com minipress xl tachyardia weakness cold turkey paxil make you tired bijsluiter lasix azithromycin use bv harga norvasc 10mg augmentin 375 price antibiotics af tumar of cipla can u snort buspirone h 30 mg can metronidazole 500 mg clean your body from infection zyprexa zydis 15mg cowinbuy.com buy erythromycin online canada lipitor 10mg what can happen if you push lasix too fast average cost of zyprexa apartamenty-kasztelanskie.pl apo prednisone 55 mg azithromycin 250 mg pediatric dosage buy plavix australia trazodone mg epc-geophysics.com nitroglycerin call 911 after first dose nortriptyline 10 mgirbesartan and tinnitus trazodone 50 mg sleep disorders purchase flagyl suppository antibiotics for sale uk lymes flagyl suspension dosis amibas metronidazole dosage safety of zofran and macrobid for pregnancy how many circles should a woman take clomid viagra overnight shipping no prescription metoprolol buy uk side effects of galcipro tn propranolol 60 mg er side effects lexapro withdrawal itching fluconazole for tounge infection for male patient cara pakai meloxicam suppo side effects prozac 10 mg ocd tic is there class action against zyban in australia can 200 mg prometrium be cut aml.ca dataminingweb.com sertraline after 3 months not working alendronate sodium 35 lexapro vs effexor xr carvedilol 3 8nxw.com mutien.be bmmpm.com can i shoot up lexapro muallimkoyosgb.com buspar 10mg price zovirax 200mg tablets over counter buy viagra online 50mg topiramate and l.node warfarin price uk eude.es fluoxetine 10 mg reviews terbinafine hcl cream for psoriosis carlosfloresmusic.com woman viagra urdu stlsoccer.net egyptereizen.org mhc-s.com lawonline.co.il zoloft 200 mg dosage geogrupa.com.pl cipro 500mg effects of iv lasix 40mg on body systems drhildaong.com interaksi antara azathioprine dengan lisinopril misoprostol cuanto cuesta en colombia can i take clomid 100mg morning and ano vardenafil 40 mg can u get naproxen over the counter estradiol patches uk buying ywdtx.com cialis 5mg daily dose prices of cialis disulfiram 400 azithromycin 500mg for std chatcufete.com after 50mg clomid cycle extremely heavy menstrual cycle allegra odt 30 mg tablet premarin withdrawal cause palpatations mhc-s.com atarax or seroquel for vyvanse insomnia synthroid cost walmart augmentin 1g pret sensiblu cialis chew celexa for anxiety which pharmacy can i buy dapoxetine tablet in nigeria is cialis otc in canada donde consigo cytotec en paraguay weaning off plavix asiliahomehealth.com purchase etodolac u k DORREAJATETXEA.COM lawonline.co.il sildenafil citrate tablets ip cobra 150 100mg olanzapine and mirtazapine overdose caverject and viagra combination clomiphene low testosterone what will 125mg phenergan do amoxicillin 500mg and alcohol metronidazole for reptiles doxycycline mims australia what is side effect of indomethacin can i use nizoral on my itchy bird buy ciprofloxacin no prescription canada stlsoccer.net robertjszmidt.pl alternative to lexapro for weight gain research chemicals uk clomid lisinopril price canada finasteride .5 mg results esteponasurgery.com does zyprexa zydis act on aggressive behaviour 812222.com estradiol 10 mg pessaries phenergan 10mg for babies below 6 month obat amlodipinebesylate cdfeorellana.com doxycycline 100mg price philippines stiff neck levaquin 500 is amlodipine a cheap blood pressure drug chatcopii.com montelukast sod 4 mg chewable can my kid take another lawonline.co.il iranstrick-tiregroup.com buy amoxicillin for cats deserteichler.com drugprevent.org.uk price of micardis plus mumbai adalat sony tv serial latest episode does 74 ze erythromycin get you high clomiphene met drank price of antidepressants in india for teenagers delite.cn stack tamoxifeno y epistane arman-crusher.com propecia retail price is 5 days of cipro enough when does generic plavix come out esteponasurgery.com dapoxetine where in italy buy bactrim online canada ciprofloxacin la pharma 500 mg finasteride 0.5 mg twice a week cum viagra older men emberdomme.com bukitpinus.com after taper prednisone do papitations go away prednisone makes toddler sleepy clomipramine 300mg orlistat 200mg bula voltaren 500 mg gel pris estenosis aortica y metoprolol amaryl 2mg 500mg does doxycycline hyc 50mg affect birth control chen-liu.com cialis and flomax together levofloxacino 750 sirve para la tifoidea flagyl 400mg medicine escitalopram tablets 10mg manufracturer cialis mg 50 tetracycline acne uk viagra tablets price uk generic lexapro antidepressant medication will ciprofloxacin affect yasmin diahhrea augmentin 70 mg antidepressants cattlespring.org dataminingweb.com cravit levofloxacin 5 mg obat untuk apa how often can one take fluconazole with misoprostol nexium free 30 day trial can you buy lamisil cream over the counter in the uk california-employment-lawyers.com clomid vs testosterone injections lisinopril 40 mg how many do i take to get high secretlives.me how much is misoprostol in mexico strattera atomoxetine hcl 100 mg comprar misoprostol en estados unidos seadoo-maldives.com plavix side effects and inflammation of joints akademia-active.pl flagyl for bird nama generik voltaren gel flagyl for kennel cough ativan vs buspar high prednisone 10mg helps with sshl side effect of bupropion hcl 200mg cipro hcl 500mg for roundworms fluconazole 150 mg repeat after how much days side effects of avapro 150hct cialis planet drugs singapore aneyron.com stop taking thyroxine yahoo augmentin dawka dla 4 latka michelamarchiotto.com where can i purchase flomaxtra xl 400 bt.sklep.pl enterogermina augmentin tetracycline hydrochloride for dogs dosage seadoo-maldives.com thuoc khang sinh amoxicillin 500mg lbc4help.org antibiotic 650 mg leads to delay in periods eloco.pl can i take gaba until lexapro kicks in premarin sales zithromax 500mg obat untuk is it ok to take milk thistle tablets with lisinopril topamax increase metabolism fungsi obat adalat la fluconazole dosage for anal candida revista caras online can u take maxalt while taking syboxone four dollar antibiotic metronidazole voltaren 50 ohss can i masturbate while taking metronidazole 500 mg is topamax a narcotic coupons for clopidogrel bisulfate olmesartan 20 mg tablets brands how long are buspar in your system harga obat valsartan 80 mg per keping precio de allegra allergy walgreens metronidazole and pseudomonas in bowel effects of takin 300mg of depo provera clopidogrel australian prescriber can you take up to 100mg of cialis in one dosage medicine ketoconazole image akademia-active.pl doxycycline liquid dog no prescription metformin hair regrowth zofran 4 mg 6 tablet hamilelikte kullan?±m?± britain uk england antibiotics tourist prescription ncsdsample2.docbro.com buy viagra cialis online uk se puede beber alcohol con levaquin irbesartan 7466 fluconazole dosage for candida overgrowth or leaky gut generic xenical canada azithromycin 250 tab in india if u take zoloft and drink does it make memory lose upperbe.it bactrim vs doxycycline ncsdsample2.docbro.com duloxetine 30 mg tablets feswmp.com dinkim.com lamisil gel male thrush reviews cytotec abortion months is dapoxetine sold in nigeria how long does it take wellbutrin appetite suppressant eko-laser.org.pl dan 944 colchicine is inderal fc tablets used for prnc.tv metronidazole gel philippjnes how long cytotec induction clopidogrel with or without food nizoral 200 mg 10 tablet anxiety after taking ciprofixin 200 mg viagra and trozodone akademia-active.pl prnc.tv ocd was cured from zithromax cattlespring.org clonidine .2 mg patch eko-laser.org.pl heavyanalytics.com nebulizer albuterol mexico conjugated linoleic acid omega 3 or 6 sampiyonhaliyikama.com butik allegra u beogradu kegunaan obat acyclovir 5 g isotretinoin 20mg price in pakistan ruppes feifan8.net where can i find cytotec in zimbabwe naproxen 500 mg look like furosemide obat apa redcaymanmedia.com amitriptyline costs rsa africanamericanimages.us redcaymanmedia.com generic zyban online dfldctl.com side effect of generic maxalt how can i get zofran 4mg disolvable for free. cialis online ny does glucotrol contain metformin panoramainternetu.pl eastsidefoundation.pl plavix 433 plavix and metformin and indigestion lasix 40 mg tab street value california-employment-lawyers.com desyrelin faydalari generic form of maxalt mlt kmmvin.eu apartamenty-kasztelanskie.pl difference between apo teva quetiapine avmdtogo.org 2exhibitions.com adalat crono gravidanza viagra tablets uk online 2exhibitions.com is taking levofloxacin and 10 mg celexa together safe lbc4help.org whats going on with 800 600mg neurontins difference between sr bupropion and er bupropion order generic cialis online danazol 200 mg capsule get nexium cheap can i take antibiotic 12 hours after i drank alcohol how do you wean off neurontin prednisone uk buy kamagra 50 mg gel oral danazol 100 mg magkano ang ketoconazole ketoconazole shortage tablet valacyclovir price without insurance omeprazole gabapentin interaction long term prednisone use in dogs side effects manfaat olanzapine hanhvyshop.vn sampiyonhaliyikama.com cialis price for daily bezpieczne-nawierzchnie.pl

An Overview of Corporate Information Security

Combining Organisational, Physical & IT Security.

By Sen Boran

December 13, 1999.  This article presents an overview of corporate information security, not just in a computer/network context, but also considering social and physical aspects.

Checklists are provided to stimulate analogies in your own corporate environment.

We welcome your feedback on this article.


Security involves prevention, detection, response, monitoring and review measures to reduce perceived risks to acceptable levels. These measures need to be uniform and continuous in domains such as Social/Personal, Computer/Network and Physical.

This article divides up explanation of corporate information security into:

  1. Information Domains
  2. Domain Interfaces
  3. Threats
  4. Sources of threats
  5. Countermeasures
  6. Effects of applied countermeasures

Glossary
Further reading


1. Information domains

Understanding corporate security is about understanding what the key assets in the company are. Today, the key asset is often information. But information alone is not enough, knowledge of how to use valuable information is needed to provide a competitive edge. The value of information may depend on being secret and accurate.

Information can take many forms, hence methods of securing information are various. Instead of dividing information into categories based on content, consider analysing threats to information (and hence its protection) on categories based on methods of processing / storing.
Three "information domains" are defined:

security_space1.gif

 

  1. Physical: Traditionally information is "written down", stored somewhere (e.g. a box, safe, diskette, or computer).  Classical security concentrates on physical protection: buildings, server rooms, access controls etc.
  2. Social/Personal: Successful organisations realise the value of their personnel, the knowledge they hold in their heads and the capabiliy to use that knowledge to corporate advantage.
  3. Logical or Network: Information is also stored on computers and accessed via networks. Documents can be stored "somewhere on the net" that users reference through URLs, UNCs or other abstract notions. The actual location of the data is often unknown to the user, she assumes it's on a server "somewhere". The different beween Internet and Intranet may not be obvious to end users. With this abstraction comes also a certain loss of accountability and responsibility.

Domain Interfaces

Each of these domains contains interfaces to the outside world.

security_space2.gif

 

This may look overwhelming at first, lets look at the domains one by one. The Buzzwords are explained at the end of the article if they are new to you - don't worry, they're just networking technologies.
The numbers in brackets below refer to numbered interfaces above.

Threats

The domain interfaces can be subject to various types of threats, for example:

These threats can result in critical information being lost, copied, deleted, accessed or modified, or services no longer functioning (loss of confidentiality, integrity or availability).

Sources of threats

Before deciding on safeguards to counter the threats listed above, consider:

The nature of the threat. The attackers resources (financial, technical, time), degree of motivation and ease of access should all be considered. For example, most would expect  frequent attacks from the Internet, so firewalls between the Internet and Intranet are frequent. The media often remind us of the exploits of crackers, but what of the disgruntled employee, who has access to critical systems for his daily work? What of the manager who has a gambling habit and is tempted to embezzle to pay debts? Whereas attacks from Internet Crackers may be frequent and technically interesting, they are rarely as financially damaging as deliberate  misuse of systems by employees.

Information lifetime. How is information generated, stored, processed, copied, printed and destroyed?

Information aging. How does time affect the information? e.g. a new pricelist might be sensitive before publication and would published to the world subsequently. A new pricelist replaces an old one, becomes useless.

Nature: The likelihood of natural disasters.

Countermeasures

Security Measures are needed to reduce risks to an acceptable level. If we assume that a possible attacker is external to the organisation, possible measures that could be taken in each of the interfaces (listed in green in the diagram above) are;

Measures for Logical or Network Interfaces:

Technical mechanisms:

The following is a list of mechanisms relevant to specific Interfaces. Note that hardening, resource isolaton, reliability measures and monitoring/auditing are useful on all interfaces.

(0) Authentication

(1) Strong authentication of users, possibly encryption

(2) All mechanisms

(3) Authentication of users or computers, access control, possible encryption.

(4) Encryption

Measures for Social / Personal Interfaces:

Measures for Physical Interfaces:

Assurance / constant vigilance:

Countermeasures against internal attack

On the other hand, if the primary source of attack is expected to be internal (whether malicious or accidental), the focus changes, since attackers might be authorised to bypass access control mechanisms:

  1. Social / Personal:
  2. Logical or Network measures:

Effects of applied countermeasures: Improved Security Properties

Security measures will improve security properties, such as

Assurance: Confidence that security measures are correctly implemented and that a system will behave as expected.

Identification / Authentication: When users or programs communicate with each other, the two parties verify each other's identity, so that they know who they are communicating with.

Accountability/Audit Trail: The ability to know who did what, when, where. Users are responsible and accountable for their actions. Automatic audit trail monitoring and analysis to detect security breaches.

Access Control: Access to specified resources can be restricted to certain entities.

Object Reuse: Objects used by one process may not be reused or manipulated by another process such that security may be violated.

Accuracy / Integrity: Objects (information and processes)  are accurate and complete.

Secure information exchange: Information transmitted adheres to expected levels of authenticity, confidentiality, and non-repudiation.

Reliability / Availability: Information and services are available when needed.

Summary

Knowledge and information are the most important assets of many companies, they need protecton. Information can take many forms, hence methods of securing information are various.

Consider analysing threats to information based on:

Coordinated Countermeasures should help provide a continuous, uniform level of secuity that reduces risks to an acceptable level:


Glossary

 

URL What you type in a Web Browser to get to a site (Uniform Resource Locator)
UNC The way Microsoft names network file shares (Uniform naming convention)
Security is protection of Assets (information, systems and services) against disasters, mistakes and manipulation so that the likelihood and impact of security incidents is minimised.
Confidentiality Sensitive business objects (information & processes) are disclosed only to authorised persons.
Integrity The business need to control modification to objects .
Availability The need to have business objects (information and services) available when needed.
Threat is a danger which could affect the security (confidentiality, integrity, availability) of assets, leading to a potential loss or damage.
Risk is a measurement of the severity of threats.
Access control The prevention of unauthorized use of a resource, including the prevention of use of a resource in an unauthorized manner.
security policy The set of laws, rules and practices that regulate how assets including sensitive information are managed, protected and distributed within an organisation or specific IT system(s).
ATM
PSTN
ISDN
GSM
X.25
SNA
WAN
Frame relay
Networks & protocols
Asynchronous transfer mode
Normal analog phone lines: (public subscriber telephone network)
Digital phone lines: Integrated digital services network
Digital mobile radio: Global Services Mobile (from french expression)
Digital data lines (ISO standard)
IBM networking protocols (Systems Network Architecture)
Wide area network
A WAN technology used mostly by Telecoms carriers

Other glossaries:

SANS Glossary of Terms Used in Security and Intrusion Detection http://www.sans.org/resources/glossary.php


Further reading

 

Title Author
A Code of Practice for Information Security Management
BS7799, ISBN 0-580-22536-4
www.privacyexchange.org/buscodes/standard/bsi.html
dtiinfo1.dti.gov.uk/security/approach.htm www.dti.gov.uk/CII/bs7799/
British Standards organisation (BSI)
1993
IT Baseline protection manual
www.bsi.bund.de/gshb/english/menue.htm
German BSI
"European Orange Book" ITSEC Information Technology Security Evaluation Criteria
www.itsec.gov.uk/docs/introgds.htm
www.itsec.gov.uk/docs/formal.htm#ITSEC  
EC: F/GB/D/ NL
June 1991
TCSEC "Orange Book" & Common Criteria
www.radium.ncsc.mil/tpep
DoD
Computer Assurance Guidelines
www.lowpay.gov.uk/cag/contents.htm
DTI
EPHOS Security Services
www.nethotel.dk/ephos/en/booku/i3utoc.htm?
EPHOS

Sen Boran is an IT security consultant based in Switzerland and the author of the online IT Security Cookbook.