The increased applications of business, computer and communications system (BCCS) by IT industries has increased the risk of theft of proprietary information. The real time operating system control and audit is a primary method of preventing system resources (Processor, Memory and Encryption Key) (Schneier., 1996). The system control is probably the most important aspect of communications security and becoming increasingly important as basic building block for computer security (Stalling, 2006). The preventing control is inversely proportional to the risk and mean while control is directly proportional to the quality of standard(S). The preventive control provides accountability for individuals who are accessing sensitive information on application, system software, server and network. This accountability is accomplished through access control mechanisms that require identification, authentication, authorization, non-repudiation, availability, reliability and integrity through the audit function. We have to develop the method and mechanism for risk assessment on operating system based on available product, technology, business and resources (Weber, 2002).
1.1. Real Time Operating System [10, 14, 15]
The operating system of a computer (Server) being highly secure depends on a number of su-systems (tools and utilities) that working efficient and reliable manner in around the clock to avoid conflict resolution among the resources. The modern operating system provides access to a number of resources and sub-system, which are available to system software running on the system and to external devices like communication networks (LAN-LAN-WAN-WAN-LAN). The real time operating system is the most important and high available system software (program) that run on the heart of the computer (kernel). The every general-purpose computer must have an operating system to run other multiple application and business programs (William, 2009; Tanenbaum, 2010).
In the large scale operating system the multitasking, multiuser, time sharing operating system where multiple programs can be running at the same time, the operating system determines which applications should run in what order and how much time should be allowed for each application before giving another application a turn. It manages the sharing of internal memory among multiple applications. It handles input and output to and from attached hardware devices, such as hard disks, printers, and dial-up ports. On computers that can provide parallel processing, an operating system can manage how to divide the program (parallel program) so that it runs on more than one processor at a time (Kai, 2008; William, 2009; Tanenbaum, 2010).
The operating system control is a step by step process of securely configuring a system to protect it against unauthorized access, mean while taking steps to make the system more reliable. Generally, anything that is done in the name of system, the preventive control ensures the system is secure, reliable, scalable and high available for high IT culture. The operating system control is the process to address security weaknesses in operation systems by implementing the latest OS patches, hot fixes and updates and following procedures and policies to reduce attacks and system down time mean while decreases the throughput of the system. The preventive control of the operating systems is the first step towards safeguarding systems from intrusion. The workstations, applications, network and servers typically arrive from the vendor, installed with a multitude of development tools and utilities, which although beneficial to the user, but also provide potential back-door access to the systems time (Kai, 2008; William, 2009; Tanenbaum, 2010).
The operating system performs these services for applications (See Figure 1).