1.6. LOGICAL SECURITY CONTROLS
Computing systems must also be adequately protected against unauthorized access and accidental or intentional destruction or alteration of the system software programs, application programs, and data. Protecting against these threats is accomplished through the deployment of logical security controls. Logical security controls are those that restrict the access capabilities of users of the system and prevent unauthorized users from accessing the system. Logical security controls may exist within the operating system, the database management system, the application program, or all three.
The number and types of logical security controls available vary with each operating system, database management system, application, and in many types of telecommunication devices. Some are designed with an extensive array of logical security control options and parameters that are available to the system security administrator. These include user IDs, passwords with minimum length requirements and a required number of digits and characters, suspension of user IDs after successive failed sign-on attempts, directory and file access restrictions, timeof- day and day-of-week restrictions, and specific terminal usage restrictions. Other operating systems and applications are designed with very few control options. For these systems, logical security controls often seem to be added as an afterthought, resulting in control settings that are weaker than what is reasonably ...
Get Auditing Information Systems, Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
