ABSTRACT
An information system can increase its security by getting out of the Internet, but that may nil its functionality. Endless research is taking place to develop effective cyber defense methodologies, but they are mostly addressed to the defense of individual information systems. The security of an information system requires a two-front defense strategy. One front is the borders to the external world, and the other front is the protection of each of the systems resources on an individual basis. Information assets in an organization are identified by name, location, owner, protector, and parameters, and their files must be managed according to a defined corporate policy. The access or transfer of digital information poses a vulnerability, exposing information to risks. However, such risks can be minimized if appropriate precautions are implemented. These precautions include encryption, firewalls, digital certificates, digital signatures, and login controls. The Resource Access Control Facility (RACF) is software that grants and administers access control parameters.
