0P3N Blog

Critical legislation and suggested guidelines for privacy include: The Cable Communications Policy Act – provides for judicious use of PII by cable operators internally but places restrictions on disclosures to third parties. The Children’s Online Privacy Protection Act (COPPA) – provides protection to children under the age of 13. Customer Proprietary Network Information Rules – these pertain to telephone ...

Media Resource Protection: Media resource protection can be classified as media security controls that are used to monitor and block threats that compromise confidentiality, integrity and authenticity, and media viability controls, which are implemented to preserve the proper working condition of the media. Media Security Controls: Media security controls are designed to prevent the violation or loss of sensitive information ...

Media Viability Controls: The viability of the data media can be preserved with numerous physical controls. The objective of these controls is to protect the media from damage during handling, short and long-term usage and transportation. Appropriate labeling of media is important in a system recovery process. Labels can be used to identify the type of media and any special ...

Desktop systems contain various forms of data, some more sensitive than others. Therefore, safeguard measures to secure that data are required. Some users may have limited security awareness that the underlying architecture has to compensate for. Client systems can be gateways to critical information systems on a network. Communications hardware can also harbor vulnerable points of access into a distributed ...

A security policy is a critical component of the design and implementation of information systems. This document outlines the set of rules, practices, and procedures that specify how the system should manage, safeguard, and circulate sensitive information. Thus its objective is to educate and guide the design, development, implementation, testing and maintenance of the information system. The three most important ...

To enhance security, mechanisms should be established and implemented to control processes and applications. These mechanisms could include process isolation, protection rings, and trusted computer base (TCB). Process Isolation: Process isolation, executed by the operating system, maintains a high level of system trust by enforcing memory boundaries. Without process isolation, processes would overlap on each other’s memory space, compromising data ...

Information security models are methods used to authenticate security policies as they are intended to provide a precise set of rules that a computer can follow to implement the fundamental security concepts, processes, and procedures contained in a security policy. These models can be abstract or intuitive. State Machine Model The state machine model refers to a system that is ...

The Orange Book is one of the National Security Agency’s Rainbow Series of books on evaluating “Trusted Computer Systems”. This is the main book in the Rainbow Series and defines the Trusted Computer System Evaluation Criteria (TCSEC). The TCSEC outlines hierarchical degrees of security with the letter D being the least secure through A for the most secure. The Orange ...

A data warehouse is an electronic vault of data from multiple different databases that is available to users for making queries. These warehouses have been merged, integrated, and formulated so they can be used as a measurement in trend analysis and business matters. It offers a strategic view. To produce a data warehouse, data is retrieved from an operational database, ...

Data mining is the process of analyzing data to identify and interpret patterns and relationships about the data. The end-result of data mining is metadata, or data about data. The patterns gleaned from the data can help organizations get a clearer perspective on their competitors and understand behavior and patterns of their customers to carry out strategic marketing. Information acquired ...