FITS OM: What is Security Administration?
Security Administration is the function for maintaining a safe computing environment in a school.
The primary goals of Security Administration are the following.
- Data confidentiality
No one should be able to view data without authorisation.
- Data integrity
All authorised users should feel confident that the data presented to them is accurate and not improperly modified.
- Data availability
Authorised users should be able to access the data they need, when they need it.
- Asset security
The school's physical network assets should be protected and made available for use by authorised users only.
Security is an important part of the school network: an information system with a weak security foundation will eventually experience a security breach that will result in the loss of confidentiality, integrity and availability of the data.
To achieve this, Security Administration considers five main areas of activity.
- Identification
This deals with user names and how users identify themselves to the school network.
- Authentication
This deals with passwords. Authentication is how users prove to the system that they are who they claim to be.
- Access control
This deals with access and the privileges granted to users so that they may perform certain functions on the school's network.
- Confidentiality
This deals with encryption. Confidentiality mechanisms ensure that only authorised people can see data stored on or travelling across the network.
- Integrity
Integrity mechanisms ensure that data is not garbled, lost or changed when stored or travelling across the network.
In addition, Security Administration takes into account the physical security of the network. This involves issues such as access to the server room, security of individual computers and security policies for accessing the internet.