TABLE 4.2 Summary of Security Tools and Practices Observed During Site Visits

 

Site

Security Feature

A

B

C

D

E

F

Authentication

 

 

 

 

 

 

Individual user IDs and passwords

 

 

Token-based authentication (e.g., token plus password)

 

 

 

 

 

 

Change passwords often

 

 

 

 

 

 

No unencrypted passwords

 

 

 

 

 

 

Uniform user IDs across organization

 

 

 

 

Incentives to reduce key sharing

 

 

Access Control

 

 

 

 

 

 

Need to know, right to know

 

 

 

 

 

Access control list technology and management

 

 

 

 

 

 

Role-based access profiles

 

 

 

 

 

Access overrides for emergencies

 

 

 

 

 

 

Audit Trails

 

 

 

 

 

 

Audit trails and self-audit

 

 

 

 

 

Software-based audit analysis

 

 

 

 

 

 

Physical Security

 

 

 

 

 

 

Terminal security

 

 

 

 

 

 

Security perimeter, network layout

 

 

 

 

Network physical security

 

 

 

 

 

Server physical security

 

Secure destruction of obsolete data or equipment

 

 

 

 

 

 

Control of Links

 

 

 

 

 

 

Firewall

 

 

Dial-in protections

 

 

 

 

 



The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement