2808ICT/7623ICT Information and Security Management

Server Security Describe the management and security configuration of key servers for the organization.  Detail the server’s security requirements, identifying: • what information it contains, and how sensitive that information is • what applications it runs, how they manipulate the information stored, and how critical their availability is • who has access to the system, and what type of access they have • who has administrative access to the system, and how this is controlled • what change management procedures are used to manage its configuration  You can also detail its basic operating system and patching process to provide a suitable level of security on this server. You can research ways of hardening the O/S, as well as key applications used, to suit the server’s security requirements.  Software Security Describe whether the organization uses critical software which is exposed to possible external attacks, such as software running on an externally visible web server to handle responses to forms or other dynamic data handling.