Professional Documents
Culture Documents
Security
Aim
• Confidentiality
• Integrity
• Availability
Basic Principles of
Information Security
Confidentiality
• Criminals
• Investigative Journalism
• Computer hackers
Information Risk Management
• Administrative
• Logical
• Physical
Administrative Controls
• Primary:
– Exclude those who may be involved in
Terrorism, Espionage, Subversion or
Unauthorised disclosure.
• Secondary:
– Ensure that only those who ‘Need to
Know’ are allowed access.
Methods of
Personnel Security
• Background checks.
• Verifiable work history.
• Personal references.
• Security vetting.
Vetting Categories
• Basic checks.
• Intermediate checks. E.g. Security Check (SC)
• High level vetting. E.g. Developed Vetting (DV)
• Crypto authorisation.
• All of the above are effected by
change in circumstances.
Principle of least privilege
(Need to Know)
• The threat.
• The value.
• The sensitivity of the information.
Secure Areas
• Shredding
• Burning
• Pulping
• Tearing in to
small pieces
Cryptographic Computer
Security