Abstract
The purpose of the security assessment plan (SAR) is to communicate the results of security assessments of the information technology (IT) infrastructure to include its: people, processes, policies and information systems (NIST, 2010). The SAR is one of the primary documents included in the system authorization package, along with the system security plan (SSP) and plan of actions and milestones (POA&Ms). These records are used to provide the authorizing official (AO) with necessary feedback on the security state and posture of the system to make a risk-based decision if the system should operate or continue operations. The SAR provides the overall state of security of the IT infrastructure detailing the infrastructure’s ability to meet the security objectives: Confidentiality, Integrity, and Availability (CIA) when protecting the data that is transmitted, stored, or processed by and through it. Although the SAR is s document that captures a snapshot in time of the security state of the information system; to support continuous monitoring activities, the SAR is updated whenever subsequent security assessments are performed. To help document revision, the SAR should be annotated with updated versions each time it is changed, and these changes should be interpreted within the SAR itself. According to NIST (2014), the critical elements of an assessment report is outlined in Appendix G (pp G-2); however, for this SAR the following features will be included: Operating System (OS) Overview, OS Vulnerabilities, Assessment Methodologies, Risk, and Recommendations.
OS Overview
Operating System (OS)
Operating system (OS) is a software which manages and supports a computer’s essential functions. The functions can range from scheduling tasks, executing systems command orders, controlling authentication process and anything which the computer does (A.Ismail, Aboelseoud M & B. Senousy, 2014). In an informal language, an OS is like a human’s brain which can control everything which happens in the body. Mostly, if a person’s brain is incapacitated, or not functioning properly, such a person is not only considered normal but also cannot execute several functions. The same is true for an OS, it must be excellent to ensure all the computer’s software and hardware works a well-coordinated manner. It is thus a powerful and extensive program that control the computer’s hardware and software activities.
There are a lot of operating systems, but some of the most common, which we also use regularly on out gadgets include windows, Android, Chrome, MacOS, Linux among several others. Some of the devices which run on those operating systems include smartphones, watches, and personal computers among several other electronics we use on a daily basis. Servers, like those hosting online videos, or websites which we utilize on a regular basis, run on some more complex operating systems. For instance, Google, Facebook, Bing, Yahoo websites depend on powerful operating systems which can concurrently execute millions of request, and request everything correctly as asked. Some of such robust operating systems, which can supper such powerful executions include Windows Server, Linux, and FreeBSD.
Just like Google and other large websites, other organizations which manage complex information systems infrastructures need some powerful operating systems to control their information flow. These come to ensure that there is smooth information flow, do authentication, share information on the command, and execute all other critical functions regarding data.
User’s Role in OS.
Those who use the operating system have different responsibilities and privileges. That is to mean even though there are some users; each doesn’t have the same duties and privileges. Usually, there is an operating system administrator who can also be termed as a superuser. This user not only has all the rights but also has some special which can be used to conduct ay responsibility within the system. The special privileges of the superuser can also be called root privileges. Some of the privileges include configuring and doing systems settings as per the requirements of the organization.
There is also a system administrator who has the responsibilities to crate accounts, assign permissions, and create new databases among other duties. The systems administrator has his or her roles limited in some way, but still retains majority that enables the system to continue running smoothly, correct minor issues and so forth.