When designing an overall system security plan,
ask yourself the following questions:
How are users associated
with subjects? What is the reliability of the authentication mechanism?
What objects contain sensitive
information in this system or application? Is access to those objects
Does the authorization
database reflect the site's security policy? Who is authorized
to gain access to sensitive objects? Are adequate restrictions in
Is the audit trail recording
enough or too much information? Who will monitor it? How often will
it be examined?
What programs are functioning
as part of the reference monitor? Which users can modify the security
policy and the authorization database? Is this the desired configuration?
These considerations, as well as the underlying
reference monitor design, apply equally to a timesharing system, a
widespread network, or a single application on a system that grants
access to records in a file or database. The operating system provides
general mechanisms that users and security administrators must apply
to achieve system security. See “Managing the System and its Data” for more information on designing
and implementing a security policy.