System Security Functions:
Recommendations

An Internet-based, client/server environment typically has these kinds of recommended courses of action to mitigate serious security threats:

• Policy: Develop an information security policy that delineates the roles and responsibilities of the Project staff and participants with respect to data and applications. Include appropriate procedures to ensure local site data and software is properly managed.
• Security Levels for Applications: Where applicable, recognize that systems need to support different classifications of users, with different priviledges.
• Harden Server Against Network Attack: Several steps can be taken to harden the server against attack from the Internet.
• Train Staff Appropriately: Appropriate systems and operations training needs to be provided for staff, including backup personnel. Consulting assistance needs to be provided when necessary.
• Physically Secure the Server: The database server should be kept in a locked facility, alarmed whenever left unattended. Uninterrupted power should be provided. Data backups (including off-site storage of backup media) should be in place and functioning. Restoration from backups should be periodically tested.
• Prevent Promiscuous Access to Data: Provide full client/server data stream can be encrypted to prevent even accidental disclosure of data by promiscuous capture on the network.