New Information Security Framework. Six security elements—availability, utility, integrity, authenticity, confidentiality, and possession.
New Information Security Framework
Information security, historically, has been limited by the lack of a comprehensive, complete, and analytically sound framework for analysis and improvement. The persistence of the classic triad of CIA (confidentiality, integrity, availability) is inadequate to describe what security practitioners include and implement when doing their jobs. We need a new information security framework that is complete, correct, and consistent to express, in practical language, the means for information owners to protect their information from any adversaries and vulnerabilities.
The current focus on computer systems security is attributable to the understandable tendency of computer technologists to protect what they know best—the computer and network systems rather than the application of those systems. With a technological hammer in hand, everything looks like a nail. The primary security challenge comes from people misusing or abusing information, and often—but not necessarily—using computers and networks. Yet the individuals who currently dominate the information security folk art are neither criminologists nor computer application specialists.
We presents a comprehensive new information security framework that resolves the problems of the existing models. We demonstrates the need for six security elements—availability, utility, integrity, authenticity, confidentiality, and possession—to replace incomplete CIA security (which does not even seem to include security for information that is not confidential) in the new security framework. This new framework is used to list all aspects of security at a basic level. The framework is also presented in another form, the Threats, Assets, Vulnerabilities Model, which includes detailed descriptors for each topic in the model. This model supports the new security framework, demonstrating its contribution to advance information security from its current technological stage, and as a folk art, into the basis for an engineering and business art in cyberspace.
The new security framework model incorporates six essential parts:
1. Security elements of information to be preserved are:
2. Sources of loss of these security elements of information:
Abusers and misusers
Natural physical forces
3. Acts that cause loss:
Interference with use
Use of false data
Modification or replacement
Misrepresentations or repudiation
Misuse or failure to use
4. Safeguard functions to protect information from these acts:
Sanctions and rewards
5. Methods of safeguard selection:
Use due diligence
Comply with regulations and standards
Meet special needs
6. Objectives to be achieved by information security:
Meet requirements of laws and regulations
Engage in successful commerce
Engage in ethical conduct
Minimize impact of security on performance
Advance an orderly and protected society