Saturday, December 26, 2009

Importance of Availability in computer security

Computer security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification or destruction. The most important goal of the computer security is protecting the confidentiality, integrity and availability of information. The availability of the information when it is needed, is a main objective of any computer system which is functioning properly. The computing systems are used to store and process the information and the security controls are used to protect that information from various kinds of misuse. To ensure the availability of the information, which in turn allow information systems to serve its purpose is lead to the concept of the fair use.

Fair use is a legal principle that provides certain limitations on the exclusive rights of secured data and information. To give all users optimum service, irrespective of network demand and the limitations of the system, the Fair Usage policy has come in to action. Fair Usage solution gives service providers and network operators the ability to dynamically manage system resources by enforcing fair usage policies and up-selling additional usage to subscribers or users who reach their thresholds. The solution allows network operators to control network congestion with opportunities to increase ARPU by up-selling services to heavy users. The Fair Usage solution, ensure profitability of the data services by enforcing limits on subscriber usage volume, while allowing subscribers to purchase or use additional volume when limits are reached and to have a fast, reliable and a superior quality service.

While allowing the users to access the networks or the computer systems, it is necessary to maintain the information and resources in secured way. So the users of the computer systems must respect the rights of other users, respect the integrity of the systems and related physical resources and observe all relevant laws, regulations and contractual obligations. Since electronic information is volatile and easily reproduced, users must exercise care in acknowledging and respecting the work of others through strict adherence to software licensing agreements and copyright laws. Users may not make unauthorized copies post, distribute or modify material protected under copyright law without the express written permission of the copyright owner. To achieve all of the above security and availability aspects, there should be well defined guidelines or policies which ensure the fair usage of the system.

Fair usage policy is a set of rules applied by the owner or manager of a network, website or large computer system that restrict the ways in which the network, site or system may be used. It is also known as Acceptable Usage Policy. The fair usage policy must be written in very clear and precise way in order to understand by all the users of the system. It should cover all the important points about the users such as who are the authorized users of the system, what are the legal ways to access the system, what are allowed and not allowed to users to do with the system. Also it should refer users to the more comprehensive security policy where relevant. Another important area of the fair usage policy is the clear definition of what sanctions will be applied if some user breaks the rules in the policy. Compliance of the users and their actions against the system with this policy can be measured by the regular audits of the system.

References:
[1] Computer Security : Art and Science By Matt Bishop

http://books.google.lk/books?id=pfdBiJNfWdMC&dq=Computer+security:+art+and+science++By+Matt+Bishop&printsec=frontcover&source=bl&ots=zYept8x6nF&sig=o8ASx_ADYsRls59ScBbWdX2O7Gw&hl=en&ei=i3jCSp2nEpaUnwOB94WuBg&sa=X&oi=book_result&ct=result&resnum=3


[2] SAMPLE FAIR USE STATEMENT

http://www.cogsim.com/idea/fair_use/fair_use_short.htm


1 comment:

  1. Securing computers in a company network and mobile security systems should definitely be a priority for businesses of all types and sizes, so that any any network must not be used in wrong way.

    ReplyDelete