Some things can be planned. Since computers have not changed too much in the way they are constructed since many years, certainly since about the mid eighties – as far as logical representations are concerned -, the same approach has still proven to be valid – regardless of the task being solved, the hardware or operating system or application software being used . The Orange Book of the Dept of Defense, an analysis of almost 20 years of age, provides an excellent text of what there is to know about computer system evaluation criteria as to functionality and safety.
While people are frequently comparing operating systems and other options like which software to use, the underlying problems are strikingly similar across platforms.
Security has more than one meaning, and despite ‘The Orange Book’ being maybe very technical, it is recommended reading for anyone who wants to learn about planned usage of computers. Security can also mean reliability, even though security in computing is often understood as ‘protection from unwanted use’.
If you invest in computer technology, you may be interested in The Orange Book as well. Independent thinking very often helps to assess technology questions from a more analytical view.
Function
Functioning systems are the only ones important to even care about. So before you do anything else, make sure the systems, the computers, the software and the people involved are able to deliver what you think they should deliver. Do not worry about monitoring or locking access if the systems are not even functional. The means necessary to keep any computer system functioning are in some way to proper analysis of tasks and matching of solutions (people, hardware, software). One aspect of this is backups of hardware and software. If you have not solved this issue, you may want to give this a high priority. Depending on your individual situation, local backups or remote backups, tape, CD or harddisks, server space or networked workstations may be the way to go. Having mirrored workstations would allow you to afford the crash of one system with the option of being able to keep working after a switch to a twin system that was kept up to date.
Monitoring and observing
There is no point in trying to lock your computer up with a sophisticated system if you do not know what is going on to begin with. Monitoring system performance, usage activity, access right violations, logging and journaling are therefore much more important than just getting hidden folder options for the whole file structure. Investigating the setting in which any function may, or may not be, implemented and maybe protected, should also not be restricted to the physical computer itself. It should comprise your unit, department or enterprise, depending on what level of setup you are trying to analyse. After all, computers are only able to provide a benefit it they are a part of a ‘whole’ which you can not neglect when evaluating performance, functionality and security.
Access protection
Depending on your previous observations, not having some software on a computer, or deciding to develop in a piece-meal-fashion without leaving loose ends lying around, may be a much better and more effective solution than putting all of your code, all of the ideas and all outlines on the computer to begin with. Depending on your analysis, offering ‘free’ information on an accessible machine may be the better defense strategy than locking the machine up at all. And depending on your situation, a full access restricted setup with fully functional planning or programing tools may be cheaper and more affordable than any other method. In order to come up with a good plan, you need some results from monitoring your setup first.
The Orange Book on the Internet
