Welcome » IT Booklets » Information Security » Security Controls Implementation » Access Control » Operating System Access
Financial institutions should secure access to the operating systems of all system components by
Financial institutions must control access to system software within the various network clients and servers as well as stand-alone systems. System software includes the operating system and system utilities. The computer operating system manages all of the other applications running on the computer. Common operating systems include IBM zOS, OS/400, AIX, LINUX, various versions of Microsoft Windows, and Sun Solaris. Security administrators and IT auditors need to understand the common vulnerabilities and appropriate mitigation strategies for their operating systems. Application programs and data files interface through the operating system. System utilities are programs that perform repetitive functions such as creating, deleting, changing, or copying files. System utilities also could include numerous types of system management software that can supplement operating system functionality by supporting common system tasks such as security, system monitoring, or transaction processing.
System software can provide high-level access to data and data processing. Unauthorized access could result in significant financial and operational losses. Financial institutions should restrict privileged access to sensitive operating systems. While many operating systems have integrated access control software, third-party security software also is available. In the case of many mainframe systems, these programs are essential to ensure effective access control and can often integrate the security management of both the operating system and the applications. Network security software can allow institutions to improve the effectiveness of the administration and security policy compliance for a large number of servers often spanning multiple operating system environments. The critical aspects for access control software, whether included in the operating system or additional security software, are that management has the capability to
Additional operating system access controls include the following actions: