The General Accounting Office has identified 18 technologies
available to agencies to improve information security.
It also listed categories of controls that can be used to
restrict the ability of unknown or unauthorized users to view
or use information, hosts, or networks.
System integrity ensures that a system and its data are not
illicitly modified or corrupted by malicious code. Cryptography
is the process of transforming ordinary data into code form
so that the information is accessible only to those who are
authorized to have access. Auditing and monitoring help
administrators perform investigations during and after a
cyber attack. Configuration management and assurance help
administrators view and change the security settings on their
hosts and networks, verify the correctness of security
settings, and maintain operations in a secure fashion under
conditions of duress.
The technologies available to address the above include smart
tokens that establish user identity through an integrated
circuit chip in a portable device such as a smart card or a
time synchronized token. Security event correlation tools
monitor and document actions on network devices and analyze
the actions to determine if an attack is ongoing or has
occurred.
