Levels of Security Requirements

If both a Table of Contents and Search form are not displayed in separate frames along with this one, you may wish to redisplay this book in a frameset, beginning with the first page.

HP OpenVMS Guide to System Security

Security Overview

Understanding System Security

Types of Computer Security Problems

Building a Secure System Environment

Levels of Security Requirements

Each site has unique security requirements. Some sites require only limited measures because they are able to tolerate some forms of unauthorized access with little adverse effect. At the other extreme are those sites that cannot tolerate even the slightest probing, such as strategic military defense centers. In between are many commercial sites, such as banks.

While there are many considerations in determining your security needs, the questions in Event Tolerance as a Measure of Security Requirements can get you started. Your answers can help determine the levels of your security needs. Also refer to Site Security Policies for a more specific example of site security requirements.

Table 1 Event Tolerance as a Measure of Security Requirements
Question: Could you tolerate the following event?
Level of Security Requirements Based on Toleration Responses

Low
Medium
High

A user knowing the images being executed on your system
Y
Y
N

A user knowing the names of another user's files
Y
Y
N

A user accessing the file of another user in the group
Y
Y
N

An outsider knowing the name of the system just dialed into
Y
Y
N

A user copying files of other users
Y
N
N

A user reading another user's electronic mail
Y
N
N

A user writing data into another user's file
Y
N
N

A user deleting another user's file
Y
N
N

A user being able to read sections of a disk that might contain various old files
Y
N
N

A user consuming machine time and resources to perform unrelated or unauthorized work, possibly even playing games
Y
N
N

**Table 1** **Event Tolerance as a Measure of Security Requirements**
Question: Could you tolerate the following event?	Level of Security Requirements Based on Toleration Responses
	Low	Medium	High
A user knowing the images being executed on your system	Y	Y	N
A user knowing the names of another user's files	Y	Y	N
A user accessing the file of another user in the group	Y	Y	N
An outsider knowing the name of the system just dialed into	Y	Y	N
A user copying files of other users	Y	N	N
A user reading another user's electronic mail	Y	N	N
A user writing data into another user's file	Y	N	N
A user deleting another user's file	Y	N	N
A user being able to read sections of a disk that might contain various old files	Y	N	N
A user consuming machine time and resources to perform unrelated or unauthorized work, possibly even playing games	Y	N	N

If you can tolerate most of the events listed, your security requirements are quite low. If your answers are mixed, your requirements are in the medium to high range. Generally, those sites that are most intolerant to the listed events have very high levels of security requirements.

When you review your site's security needs, do not confuse a weakness in site operations or recovery procedures as a security problem. Ensure that your operations policies are effective and consistent before evaluating your system security requirements.

Types of Computer Security Problems

Building a Secure System Environment