Host Infrastructure Security Design Deliverable Template
From MIKE2.0 Methodology
||This article is currently Under Construction. It is undergoing major changes as it is in the early stages of development. Users should help contribute to this article to get it to the point where is ready for a Peer Review.
|This deliverable template is used to describe a sample of the MIKE2.0 Methodology (typically at a task level). More templates are now being added to MIKE2.0 as this has been a frequently requested aspect of the methodology. Contributors are strongly encouraged to assist in this effort.
|Deliverable templates are illustrative as opposed to fully representative. Please help add examples to this template that are representative of the proposed output.
Host Infrastructure Security Controls make sure the platform that the information systems run on is secure. Host security is implemented by restricting equipment access, controlling host password assignments and through setting permission levels on what functions users can perform. It is also implemented through the use of anti-virus, anti-spyware and anti-spam software which also impact network and application security
Example 1 - for a sample Host Infrastructure Security Design in a Bank
- Secure transmissions, trusted operating systems, advanced encryption technology and multiple firewalls will all be provided for through ABC Abank Internet banking solution; this includes management and maintenance of the encryption keys for Client employees
- A third-party firm randomly conducts an on-going audit process to test the security
- ABC CBS Security system is based on IBM As/400 Security controls; control of all access to ABC CBS determines which users can access the system and the functions those users are allowed to perform
- A user must have an IBM as/400 user profile and matching user enrollment defined in the Security Subsystem with the same user ID (defined by Description, Password control, Bank number, Global authority level (user, operator or manager), Library list definition used, Output queue Job description, and Authority level for each function in each subsystem)
- ABC CBS security access is controlled by Application Security Managers designated by the client organizations
- New accounts are submitted through electronic forms or CSR and received by the ABC Customer Services and Call-center Solution (CSCS), and passed on automatically for origination to ABC Branch Delivery
- The source of all transactions are logged in history; A complete audit trail is provided for all transactions
- XYZ Consumer Suite 5.1 uses HTTPS and SSL Version 3 to protect the financial institution and its users
- A secure server system protects the data within the XYZ database
- Encryption levels can be determined by the financial institution
- Consumer Suite does not support different levels of access for individual banking customers
- Logging, Performance Tracing, Execution Tracing and Auditing are provided for in the Logging Framework in the Logging application architecture