Levels of Security Requirements

If both a Table of Contents and Search form are not displayed in separate frames along with this one, you may wish to redisplay this book in a frameset, beginning with the first page.

HP OpenVMS Guide to System Security

Security Overview

Understanding System Security

Types of Computer Security Problems

Building a Secure System Environment

Levels of SecurityRequirements

Each site has unique security requirements. Some sites requireonly limited measures because they are able to tolerate some formsof unauthorized access with little adverse effect. At the otherextreme are those sites that cannot tolerate even the slightestprobing, such as strategic military defense centers. In betweenare many commercial sites, such as banks.

While there are many considerations in determining your securityneeds, the questions in Event Tolerance as a Measure of Security Requirements can get you started. Your answers can help determine thelevels of your security needs. Also refer to Site Security Policies for a more specific example of site securityrequirements.

Table 1 Event Tolerance as a Measure of Security Requirements
Question: Could you tolerate thefollowing event?
Level of Security RequirementsBased on Toleration Responses

Low
Medium
High

A user knowingthe images being executed on your system
Y
Y
N

A user knowingthe names of another user's files
Y
Y
N

A user accessingthe file of another user in the group
Y
Y
N

An outsiderknowing the name of the system just dialed into
Y
Y
N

A user copyingfiles of other users
Y
N
N

A user readinganother user's electronic mail
Y
N
N

A user writingdata into another user's file
Y
N
N

A user deletinganother user's file
Y
N
N

A user beingable to read sections of a disk that might contain various old files
Y
N
N

A user consuming machine timeand resources to perform unrelated or unauthorized work, possiblyeven playing games
Y
N
N

**Table 1** **Event Tolerance as a Measure of Security Requirements**
Question: Could you tolerate thefollowing event?	Level of Security RequirementsBased on Toleration Responses
	Low	Medium	High
A user knowingthe images being executed on your system	Y	Y	N
A user knowingthe names of another user's files	Y	Y	N
A user accessingthe file of another user in the group	Y	Y	N
An outsiderknowing the name of the system just dialed into	Y	Y	N
A user copyingfiles of other users	Y	N	N
A user readinganother user's electronic mail	Y	N	N
A user writingdata into another user's file	Y	N	N
A user deletinganother user's file	Y	N	N
A user beingable to read sections of a disk that might contain various old files	Y	N	N
A user consuming machine timeand resources to perform unrelated or unauthorized work, possiblyeven playing games	Y	N	N

If you can tolerate most of the events listed, your securityrequirements are quite low. If your answers are mixed, your requirementsare in the medium to high range. Generally, those sites that aremost intolerant to the listed events have very high levels of securityrequirements.

When you review your site's security needs, do not confusea weakness in site operations or recovery procedures as a securityproblem. Ensure that your operations policies are effective andconsistent before evaluating your system security requirements.

Types of Computer Security Problems

Building a Secure System Environment