{"id":49,"date":"2013-03-31T23:32:44","date_gmt":"2013-03-31T23:32:44","guid":{"rendered":"https:\/\/www.softwareab.net\/wordpress\/?p=49"},"modified":"2013-04-09T11:29:34","modified_gmt":"2013-04-09T11:29:34","slug":"organizational-security-concerns-analysis-and-recommendations","status":"publish","type":"post","link":"https:\/\/www.softwareab.net\/wordpress\/organizational-security-concerns-analysis-and-recommendations\/","title":{"rendered":"Whitepaper 01-04: Organizational Security Concerns: Analysis and Recommendations"},"content":{"rendered":"<p><a href=\"https:\/\/www.softwareab.net\/wordpress\/wp-content\/uploads\/2013\/03\/Organizational-Security-Concerns.pdf\">Click here to download &#8220;Organizational Security Concerns&#8221; now!<\/a><\/p>\n<p>Computer security breakdowns in the news remind us how companies are vulnerable to many types of failures \u00e2\u20ac\u201c logical, physical, and administrative. In this paper, we review a number of these news stories to see how they could affect our own organization&#8217;s security posture. To some, security simply means guarding the computers. While the importance of physical computer security cannot be overstated, security far \u00e2\u20ac\u0153transcends technology.\u00e2\u20ac\u009d<a title=\"\" href=\"file:\/\/\/C:\/Users\/andy.bruce\/Documents\/Unprotected\/school\/Norwich\/Course01\/Research%20Paper%2004\/Organizational%20Security%20Concerns.doc#_edn1\">[i]<\/a><\/p>\n<p><!--more-->In this paper, we posit that specific security breaches are best stated as failures in the organization&#8217;s high-level Security Policy (or lack thereof). As eminent security analyst Mich Kabay points out, the security policy \u00e2\u20ac\u0153govern[s] how an institution&#8217;s information is to be protected against breaches of security.\u00e2\u20ac\u009d<a title=\"\" href=\"file:\/\/\/C:\/Users\/andy.bruce\/Documents\/Unprotected\/school\/Norwich\/Course01\/Research%20Paper%2004\/Organizational%20Security%20Concerns.doc#_edn2\">[ii]<\/a> A properly implemented security policy provides both the formal effort to demonstrate due diligence to our customers (example: use of Bell-LaPadula<a title=\"\" href=\"file:\/\/\/C:\/Users\/andy.bruce\/Documents\/Unprotected\/school\/Norwich\/Course01\/Research%20Paper%2004\/Organizational%20Security%20Concerns.doc#_edn3\">[iii]<\/a> as a security model) as well as creating the security-aware employee mindset for preventing security problems in the first place. A security policy allows us to deliver on the basic security tenets of <i>confidentiality<\/i>, <i>integrity<\/i>, and <i>availability<\/i> (otherwise known as the CIA Triad<a title=\"\" href=\"file:\/\/\/C:\/Users\/andy.bruce\/Documents\/Unprotected\/school\/Norwich\/Course01\/Research%20Paper%2004\/Organizational%20Security%20Concerns.doc#_edn4\">[iv]<\/a>).<\/p>\n<div><br clear=\"all\" \/><\/p>\n<hr align=\"left\" size=\"1\" width=\"33%\" \/>\n<div>\n<p><a title=\"\" href=\"file:\/\/\/C:\/Users\/andy.bruce\/Documents\/Unprotected\/school\/Norwich\/Course01\/Research%20Paper%2004\/Organizational%20Security%20Concerns.doc#_ednref1\">[i]<\/a>\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0 \u00e2\u20ac\u0153Security Transcends Technology\u00e2\u20ac\u009d is a registered trademark of the International Security Certification Consortium (ISC<sup>2<\/sup>), <a href=\"https:\/\/www.isc2.org\/\">https:\/\/www.isc2.org\/<\/a>. This organization provides the highly desirable Certified Information System Security Professional (CISSP) certification, the gold standard for certification in the field of Information Assurance.<\/p>\n<\/div>\n<div>\n<p><a title=\"\" href=\"file:\/\/\/C:\/Users\/andy.bruce\/Documents\/Unprotected\/school\/Norwich\/Course01\/Research%20Paper%2004\/Organizational%20Security%20Concerns.doc#_ednref2\">[ii]<\/a>\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0 Seymour Bosworth, M.E. Kabay, Eric Whyne, eds.<i>, <\/i>\u00e2\u20ac\u0153Chapter 44.2.1: Security Policy Guidelines,\u00e2\u20ac\u009d <i>Computer Security Handbook: Volume 1<\/i>, 4th ed. (Hoboken, NJ: John Wiley &amp; Sons, Inc., 2009), pg. 1148. Dr. Kabay&#8217;s definition points out that without a foundational security policy, it is impossible for an organization to show a meaningful due diligence effort.<\/p>\n<\/div>\n<div>\n<p><a title=\"\" href=\"file:\/\/\/C:\/Users\/andy.bruce\/Documents\/Unprotected\/school\/Norwich\/Course01\/Research%20Paper%2004\/Organizational%20Security%20Concerns.doc#_ednref3\">[iii]<\/a>\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0 D. Elliott Bell and Leonard J. LaPadula, \u00e2\u20ac\u0153Secure Computer Systems: Mathematical Foundations,\u00e2\u20ac\u009d <i>MITRE Technical Report 2547, Volume I<\/i> (March 1, 1973). Available online at <a href=\"http:\/\/www.albany.edu\/acc\/courses\/ia\/classics\/belllapadula1.pdf\">http:\/\/www.albany.edu\/acc\/courses\/ia\/classics\/belllapadula1.pdf<\/a> (accessed: July 31, 2010). Bell \u00e2\u20ac\u201c LaPadula (BLP) defines a mathematical data security model that guarantees data confidentiality in all system states (when properly implemented). The BLP is the most widely recognized model in existence.<\/p>\n<\/div>\n<div>\n<p><a title=\"\" href=\"file:\/\/\/C:\/Users\/andy.bruce\/Documents\/Unprotected\/school\/Norwich\/Course01\/Research%20Paper%2004\/Organizational%20Security%20Concerns.doc#_ednref4\">[iv]<\/a>\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0 Charles P. Pfleeger and Shari Lawrence Pfleeger, <i>Security in Computing<\/i>, 3<sup>rd <\/sup>\u00c2\u00a0ed. (Upper Saddle River, NJ: Prentice Hall, 2003), pg. 10. Dr. Pfleeger is widely credited with the first mention of the term CIA Triad in his first edition of this book (same publisher, dated 1989).<\/p>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Click here to download &#8220;Organizational Security Concerns&#8221; now! Computer security breakdowns in the news remind us how companies are vulnerable to many types of failures \u00e2\u20ac\u201c logical, physical, and administrative. In this paper, we review a number of these news &hellip;<\/p>\n<p class=\"read-more\"> <a class=\"more-link\" href=\"https:\/\/www.softwareab.net\/wordpress\/organizational-security-concerns-analysis-and-recommendations\/\"> <span class=\"screen-reader-text\">Whitepaper 01-04: Organizational Security Concerns: Analysis and Recommendations<\/span> Read More &raquo;<\/a><\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.2 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Whitepaper 01-04: Organizational Security Concerns: Analysis and Recommendations - softwareab<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.softwareab.net\/wordpress\/organizational-security-concerns-analysis-and-recommendations\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Whitepaper 01-04: Organizational Security Concerns: Analysis and Recommendations - softwareab\" \/>\n<meta property=\"og:description\" content=\"Click here to download &#8220;Organizational Security Concerns&#8221; now! Computer security breakdowns in the news remind us how companies are vulnerable to many types of failures \u00e2\u20ac\u201c logical, physical, and administrative. In this paper, we review a number of these news &hellip; Whitepaper 01-04: Organizational Security Concerns: Analysis and Recommendations Read More &raquo;\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.softwareab.net\/wordpress\/organizational-security-concerns-analysis-and-recommendations\/\" \/>\n<meta property=\"og:site_name\" content=\"softwareab\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cloudraticsolutions\/\" \/>\n<meta property=\"article:author\" content=\"https:\/\/www.facebook.com\/cloudraticsolutions\/\" \/>\n<meta property=\"article:published_time\" content=\"2013-03-31T23:32:44+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2013-04-09T11:29:34+00:00\" \/>\n<meta name=\"author\" content=\"Andrew Bruce\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@realcloudratics\" \/>\n<meta name=\"twitter:site\" content=\"@realcloudratics\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Andrew Bruce\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.softwareab.net\/wordpress\/organizational-security-concerns-analysis-and-recommendations\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.softwareab.net\/wordpress\/organizational-security-concerns-analysis-and-recommendations\/\"},\"author\":{\"name\":\"Andrew Bruce\",\"@id\":\"https:\/\/www.softwareab.net\/wordpress\/#\/schema\/person\/1337443eaeb75104e0410b508e67f600\"},\"headline\":\"Whitepaper 01-04: Organizational Security Concerns: Analysis and Recommendations\",\"datePublished\":\"2013-03-31T23:32:44+00:00\",\"dateModified\":\"2013-04-09T11:29:34+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.softwareab.net\/wordpress\/organizational-security-concerns-analysis-and-recommendations\/\"},\"wordCount\":399,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.softwareab.net\/wordpress\/#\/schema\/person\/1337443eaeb75104e0410b508e67f600\"},\"articleSection\":[\"Teknophobia\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.softwareab.net\/wordpress\/organizational-security-concerns-analysis-and-recommendations\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.softwareab.net\/wordpress\/organizational-security-concerns-analysis-and-recommendations\/\",\"url\":\"https:\/\/www.softwareab.net\/wordpress\/organizational-security-concerns-analysis-and-recommendations\/\",\"name\":\"Whitepaper 01-04: Organizational Security Concerns: Analysis and Recommendations - softwareab\",\"isPartOf\":{\"@id\":\"https:\/\/www.softwareab.net\/wordpress\/#website\"},\"datePublished\":\"2013-03-31T23:32:44+00:00\",\"dateModified\":\"2013-04-09T11:29:34+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.softwareab.net\/wordpress\/organizational-security-concerns-analysis-and-recommendations\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.softwareab.net\/wordpress\/organizational-security-concerns-analysis-and-recommendations\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.softwareab.net\/wordpress\/organizational-security-concerns-analysis-and-recommendations\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.softwareab.net\/wordpress\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Whitepaper 01-04: Organizational Security Concerns: Analysis and Recommendations\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.softwareab.net\/wordpress\/#website\",\"url\":\"https:\/\/www.softwareab.net\/wordpress\/\",\"name\":\"softwareab\",\"description\":\"Technocratica, Technopolitik, Technophobia\",\"publisher\":{\"@id\":\"https:\/\/www.softwareab.net\/wordpress\/#\/schema\/person\/1337443eaeb75104e0410b508e67f600\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.softwareab.net\/wordpress\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\/\/www.softwareab.net\/wordpress\/#\/schema\/person\/1337443eaeb75104e0410b508e67f600\",\"name\":\"Andrew Bruce\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.softwareab.net\/wordpress\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/www.softwareab.net\/wordpress\/wp-content\/uploads\/2024\/03\/andy-cartoon.jpg\",\"contentUrl\":\"https:\/\/www.softwareab.net\/wordpress\/wp-content\/uploads\/2024\/03\/andy-cartoon.jpg\",\"width\":400,\"height\":330,\"caption\":\"Andrew Bruce\"},\"logo\":{\"@id\":\"https:\/\/www.softwareab.net\/wordpress\/#\/schema\/person\/image\/\"},\"description\":\"Team-oriented systems mentor with deep knowledge of numerous software methodologies, technologies, languages, and operating systems. Excited about turning emerging technology into working production-ready systems. Focused on moving software teams to a higher level of world-class application development. Specialties:Software analysis and development...Product management through the entire lifecycle...Discrete product integration specialist!\",\"sameAs\":[\"http:\/\/cloudraticsolutions.net\/\",\"https:\/\/www.facebook.com\/cloudraticsolutions\/\",\"https:\/\/twitter.com\/realcloudratics\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Whitepaper 01-04: Organizational Security Concerns: Analysis and Recommendations - softwareab","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.softwareab.net\/wordpress\/organizational-security-concerns-analysis-and-recommendations\/","og_locale":"en_US","og_type":"article","og_title":"Whitepaper 01-04: Organizational Security Concerns: Analysis and Recommendations - softwareab","og_description":"Click here to download &#8220;Organizational Security Concerns&#8221; now! Computer security breakdowns in the news remind us how companies are vulnerable to many types of failures \u00e2\u20ac\u201c logical, physical, and administrative. In this paper, we review a number of these news &hellip; Whitepaper 01-04: Organizational Security Concerns: Analysis and Recommendations Read More &raquo;","og_url":"https:\/\/www.softwareab.net\/wordpress\/organizational-security-concerns-analysis-and-recommendations\/","og_site_name":"softwareab","article_publisher":"https:\/\/www.facebook.com\/cloudraticsolutions\/","article_author":"https:\/\/www.facebook.com\/cloudraticsolutions\/","article_published_time":"2013-03-31T23:32:44+00:00","article_modified_time":"2013-04-09T11:29:34+00:00","author":"Andrew Bruce","twitter_card":"summary_large_image","twitter_creator":"@realcloudratics","twitter_site":"@realcloudratics","twitter_misc":{"Written by":"Andrew Bruce","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.softwareab.net\/wordpress\/organizational-security-concerns-analysis-and-recommendations\/#article","isPartOf":{"@id":"https:\/\/www.softwareab.net\/wordpress\/organizational-security-concerns-analysis-and-recommendations\/"},"author":{"name":"Andrew Bruce","@id":"https:\/\/www.softwareab.net\/wordpress\/#\/schema\/person\/1337443eaeb75104e0410b508e67f600"},"headline":"Whitepaper 01-04: Organizational Security Concerns: Analysis and Recommendations","datePublished":"2013-03-31T23:32:44+00:00","dateModified":"2013-04-09T11:29:34+00:00","mainEntityOfPage":{"@id":"https:\/\/www.softwareab.net\/wordpress\/organizational-security-concerns-analysis-and-recommendations\/"},"wordCount":399,"commentCount":0,"publisher":{"@id":"https:\/\/www.softwareab.net\/wordpress\/#\/schema\/person\/1337443eaeb75104e0410b508e67f600"},"articleSection":["Teknophobia"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.softwareab.net\/wordpress\/organizational-security-concerns-analysis-and-recommendations\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.softwareab.net\/wordpress\/organizational-security-concerns-analysis-and-recommendations\/","url":"https:\/\/www.softwareab.net\/wordpress\/organizational-security-concerns-analysis-and-recommendations\/","name":"Whitepaper 01-04: Organizational Security Concerns: Analysis and Recommendations - softwareab","isPartOf":{"@id":"https:\/\/www.softwareab.net\/wordpress\/#website"},"datePublished":"2013-03-31T23:32:44+00:00","dateModified":"2013-04-09T11:29:34+00:00","breadcrumb":{"@id":"https:\/\/www.softwareab.net\/wordpress\/organizational-security-concerns-analysis-and-recommendations\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.softwareab.net\/wordpress\/organizational-security-concerns-analysis-and-recommendations\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.softwareab.net\/wordpress\/organizational-security-concerns-analysis-and-recommendations\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.softwareab.net\/wordpress\/"},{"@type":"ListItem","position":2,"name":"Whitepaper 01-04: Organizational Security Concerns: Analysis and Recommendations"}]},{"@type":"WebSite","@id":"https:\/\/www.softwareab.net\/wordpress\/#website","url":"https:\/\/www.softwareab.net\/wordpress\/","name":"softwareab","description":"Technocratica, Technopolitik, Technophobia","publisher":{"@id":"https:\/\/www.softwareab.net\/wordpress\/#\/schema\/person\/1337443eaeb75104e0410b508e67f600"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.softwareab.net\/wordpress\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/www.softwareab.net\/wordpress\/#\/schema\/person\/1337443eaeb75104e0410b508e67f600","name":"Andrew Bruce","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.softwareab.net\/wordpress\/#\/schema\/person\/image\/","url":"https:\/\/www.softwareab.net\/wordpress\/wp-content\/uploads\/2024\/03\/andy-cartoon.jpg","contentUrl":"https:\/\/www.softwareab.net\/wordpress\/wp-content\/uploads\/2024\/03\/andy-cartoon.jpg","width":400,"height":330,"caption":"Andrew Bruce"},"logo":{"@id":"https:\/\/www.softwareab.net\/wordpress\/#\/schema\/person\/image\/"},"description":"Team-oriented systems mentor with deep knowledge of numerous software methodologies, technologies, languages, and operating systems. Excited about turning emerging technology into working production-ready systems. Focused on moving software teams to a higher level of world-class application development. Specialties:Software analysis and development...Product management through the entire lifecycle...Discrete product integration specialist!","sameAs":["http:\/\/cloudraticsolutions.net\/","https:\/\/www.facebook.com\/cloudraticsolutions\/","https:\/\/twitter.com\/realcloudratics"]}]}},"_links":{"self":[{"href":"https:\/\/www.softwareab.net\/wordpress\/wp-json\/wp\/v2\/posts\/49"}],"collection":[{"href":"https:\/\/www.softwareab.net\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.softwareab.net\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.softwareab.net\/wordpress\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.softwareab.net\/wordpress\/wp-json\/wp\/v2\/comments?post=49"}],"version-history":[{"count":3,"href":"https:\/\/www.softwareab.net\/wordpress\/wp-json\/wp\/v2\/posts\/49\/revisions"}],"predecessor-version":[{"id":85,"href":"https:\/\/www.softwareab.net\/wordpress\/wp-json\/wp\/v2\/posts\/49\/revisions\/85"}],"wp:attachment":[{"href":"https:\/\/www.softwareab.net\/wordpress\/wp-json\/wp\/v2\/media?parent=49"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.softwareab.net\/wordpress\/wp-json\/wp\/v2\/categories?post=49"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.softwareab.net\/wordpress\/wp-json\/wp\/v2\/tags?post=49"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}