Software security
It is of utmost importance to ensure that there is sufficient security in place for your software and that all changes made are recorded by the Systems Administrator.
The following factors and tools would be considered:
- Systems and application software security
- Anti-virus software and Firewall software – these should always be active and regularly updated. There are dozens of new viruses created every day to cripple systems.
- Controlled access to software and databases – this would be monitored by the System Administrator who would be able to give certain access to software to certain users.
- Data encryption and decryption – encryption is the process of taking all the data that one computer is sending to another and encoding it into a form that only the other computer will be able to decode. Authentication is the process of verifying that information is coming from a trusted source. The Microsoft Office 2007 has this functionality. When a document is encrypted, it is changed into a list of numbers which cannot be deciphered until a code is inserted by the correct receiver.
- Digital signatures – A digital signature is basically a way to ensure that an electronic document (e-mail, spread sheet, text file, etc.) is authentic. Authentic means that you know who created the document and you know that it has not been altered in any way since that person created it.
- Software change-control procedures – when changes are made to the software e.g. upgrades, users added / deleted on a system, the Systems Administrator would be responsible for keeping a log of the changes that are made.
- System and data access control through electronic signatures, user IDs and passwords, biometric controls. (We’ve all seen movies in which a character has a retinal scan to prove his or her identity before walking into a top-secret installation. That’s an example of a biometric system. In general, biometrics is a collection of measures of human physiology and behaviour. A biometric system could scan a person’s fingerprint or analyse the way he or she types on a keyboard. The purpose of most biometric systems is to authenticate a person’s claimed identity.)
- Alternate local area network services to reduce system fault tolerance (mirroring and duplexing).
Lock and key to a local computer!