So we apply:
But still we face critical security issues.
Privileged Users
Vanishing Perimeters
Infrastructure-centric Controls are not enough
A1 Verified protection; significant use of formal methods; trusted distribution; code, FTLS correspondence.
B3 Security domains; full reference validation mechanism; increases trusted path requirements, constrains code development; more DTLS requirements; documentation.
B2 Structured protection; formal security policy model; MAC for all objects, labeling; trusted path; least privilege; covert channel analysis, configuration management.
B1 Labeled security protection; informal security policy model; MAC for some objects; labeling; more stringent security testing.
C2 Controlled access protection; object reuse, auditing, more stringent security testing.
C1 Discretionary protection; minimal functional, assurance requirements; I&A controls; DAC.
D Did not meet requirements of any other class.
Purpose
ISO 17799-1 identifies:
Objective
Policy should cover
Objective
Subjects covered
Objective
Subjects covered
Objective
Objective
Subjects covered
Objective
Subjects covered:
Objective
Subjects covered
Objective
Subjects covered
Objective
Subjects covered
Objective
Subjects covered
1. Course Introduction: Security basic concepts
2. Access Control models: Authentication and authorization mechanisms
6. Role Based Access Control standard (v3)
7. XACML: extensible Access Control Markup Language
8. Authentication Protocols in distributed system
10. Java Authentication and Authorization Service (JAAS)
11. Network security
12. Network security, security protocols: PGP, SSL