Information Technology Reference
In-Depth Information
address the need for appropriate OS security policy, standards, and procedures for
IA operations.
9.11.1
Applied IA 2 : OS Mechanistic IA Configurations
he IA 2 Framework may apply to any OS aspect, including design, development,
implementation, and O&M. Depending on business requirements, the IA 2 Frame-
work assists in OS selection, installation, and configuration to support a defense-in-
depth construct, where the host OS is the last line of defense. Table 9.12 provides
an applied IA 2 summary of operating system security.
Business drivers behind OS selection include security, reliability, total cost
of ownership, manageability, and vendor support capabilities. Technical drivers
behind OS selection include use of open standards, and deployment choices (e.g.,
multiprocessor support or desktop OS). A critical decision is whether the environ-
ment will be homogeneous or heterogeneous (see chapter 8 for details of homogene-
ity versus heterogeneity).
table 9.12 Applied iA 2 Summary: operating System Security
IA 2  Topic
Description
Mechanism
OS security
Drivers
Defense-in-depth; protect entry to and use of operating
systems and the applications residing on those systems.
IA 2 view
Applicable IA 2 views: Systems and applications,
infrastructure (technical)
IA core principles
Applicable IA core principles:
Confidentiality-integrity-availability (CIA)
Authenticity-utility (AU)
Privacy-authorized use (PA)
Compliance
requirements
Legislative, policy, guidelines, government directives, or
other requirements specifically calling out or implying the
need to protect information; adding OS security is another
layer of information protection.
ELCM application
Applicable ELCM elements: Develop/acquire, implement,
test, O&M
Verification
Formal C&A, integration testing, service aggregation testing
(defense-in-depth)
Operations
Applicable IA operations cycle phases: Anticipate, defend,
monitor, respond
 
Search WWH ::




Custom Search