|
Access Control
Access Controls deals with the internal security policy of your application.
For example, enabling the sales department the ability to see only sales
data is an access control. Access controls can be misconfigured and need to
be checked and verified.
Application Integrity
Application integrity is the state or quality of being unbroken or genuine.
If the integrity of the application is breached, the security features of the
application may fall into question. Installing a Trojan horse on the system can break
the integrity of an application. A system can maintain integrity by ensuring that audit
logs cannot be erased by an attacker or that an attacker cannot circumvent the auditing.
Identification/Password Control
Mechanisms and Controls for processes such as password creation and account
expiration. For example, an account which has not been used in six months
should be deactivated. Another example is that passwords should at least be
eight characters long with at least one number in it.
Operating System (OS) Integrity
Ensures that the OS has not been altered by an unauthorized user. For
example, changing a OS file to record login information would be an example
of changing an OS's integrity.
|
