LEVELS OF SECURITY

The security measures taken need to relate to the sensitivity of the system. All systems are, or can be, secured to the necessary level by application of the appropriate principles discussed. One of them, password protection, may be very simple and not managed in detail or it may be very complex and rigid in nature. An individual may be required to know several passwords to access increasingly more sensitive data. Each requirement should be addressed - even if the answer is that its use is unnecessary for the specific system involved.

Evaluation of the extent to which security measures should be applied can be done with Cost/Benefit analysis. It should never cost more to implement a countermeasure than it is worth. The process is briefly discussed here, it is only necessary for the student to understand that cost/benefit analysis will relate the value/cost of possible losses to the cost (dollar and organizational) to accomplish a specific protective action.

It should be emphasized that these are management decisions. They should not be defaulted to system developers or designers but should be thoughtful and intelligent decisions made by management based on knowledge and information.