Policy for Accessing a System

¶ … policy for accessing a system you can use a closed or open approach. Decide which policy you would select for a system that has access to confidential data (such as student records, not online). Explain why your policy will be effective and how it will minimize an attacker's access to the records.

Policy is defined within the concept of information assurance as a written rule and principle used to guide the process of decision making (Blyth & Kovacich,2006.p.103).Policies are an important element of information assurance a field whose basic tenets are confidentially, integrity and availability (DoD,1999). In developing a policy for accessing a system, one can use a closed or open approach. The best system for designing system that has access to confidential data (such as student records, not online) is the closed access approach.

How the policy will be effective The closed access policy is therefore the best solution to this scenario since it is the one that deliver the much needed service of dedicating all of the system resources to just a specific number of users who must be pre-registered to access the s system. How it will minimize an attacker's access to the records.

This type of information access policy therefore effectively restricts the access to confidential data to just a handful of subscribers who must be pre-registered (Khanafer, Saa, Baser & Debbah,2012).The policy therefore minimizes a given attacker's access to the confidential information by the application of access control mechanisms such as usernames and passwords, key cards, public and private keys (encryption and decryption algorithms) as well as any other suitable access control mechanisms. 3. Explain Steganography and two circumstances where Steganography would be appropriate.

Johnson (1995) defined steganography as the art of effectively concealing information within carriers that are innocuous. The concept of steganography is closely related to that of cryptography. This is due to the fact that both techniques can be employed in the protection of information. The two can converge in usage but their objectives are completely different. This is because cryptography is used in the "scrambling" of messages so that in cases of interception of the communication, the message may not make any sense.

Steganography on the other hand is used in "camouflaging " the message in order to effectively hid its existence altogether.

Markus Kahn however defined steganography as the art as well as science of effectively communicating in a manner that hides the very existence of the communication.AS opposed to cryptography which can allow for the detection of the communication, steganography's aim is to hide the message or communication inside other forms of harmless messages in a manner that does not give the enemy a chance of detecting its presence as a second message. Both cryptography and steganography are excellent techniques of protecting information from the unwanted or unintended parties.

The sad fact is that both can be broken easily. It is therefore advisable for both to be used concurrently in the addition of multiple layers of security (Dunbar,2002).The data formats that are popularly used in steganography are;.doc, .gif, bmp,.jpeg,.txt, .mp3, and .wav. Circumstance where the use of steganography may be appropriate; The circumstances where the use of steganography may be appropriate are; In open system environments involving the covert channels as well as in digital watermarking.

Covert channels Covert channels within the protocol of TCP/IP entails the masking of the actual identification information within the TCP/IP headers in order to hide the actual identity of a single or multiple systems. This is very important in the securing of communication taking place over the open systems like the internet. This is done by embedding hidden information in data packets that are being conveyed over the TCP/IP link.

The information is embedded in audio, video or even in pictures that are being sent over the link. Digital watermarking Digital watermarking involves the use of steganographic techniques to effectively embed information into various documents. This is important for copywriting reasons by corporations. Digital watermarking is then used in embedding a company's copyright into the property of a company. This is then used in prosecuting pirates as well as digital thieves. The copyright or trademark information is embedded in the copyrighted image, audio or video files. 4.

Name at least two different Information Assurance (IA) standards, each from a different standards organization. Summarize the standards and explain why they are important. ETF RFC 2246. This Information Assurance (IA) standard is used in securing web servers and is part of the TLS Protocol Version 1.0. The TLS Protocol is employed in the encapsulation of other higher level protocols.

An example of such protocols which is encapsulated is the TLS Handshake Protocol that is used in allowing the server as well as client to perform authentication of each other as well as to negotiate a special encryption algorithm as well as the use of cryptographic keys prior to transmission or receiving of data by the application protocol (Santesson, Nystrom & Polk, 2004). ITU-T Recommendation X.509 (2000)/ISO/IEC 9594-8:2001. This is an Information Assurance (IA) standard used in defense messaging systems.

It is used in the information technology as well as in the issuing of public and attribute certificates (ISO/IE,2002). The importance of the ITU-T Recommendation X.509 (2000)/ISO/IEC 9594-8:2001 standard. According to ITU (2009) the -ITU Recommendation X.509 (2000)/ISO/IEC 9594-8:2001 standard is used to define the framework for using public-key certificate. The framework includes the specifications of the data objects that are employed in the representation of the certificates that are issued.