New Information Security Framework. Six security elements—availability, utility, integrity, authenticity, confidentiality, and possession.

August 5th, 2009 | by kutenk |

New Information Security Framework
Information security, historically, has been limited by the lack of a comprehensive, complete, and analytically sound framework for analysis and improvement. The persistence of the classic triad of CIA (confidentiality, integrity, availability) is inadequate to describe what security practitioners include and implement when doing their jobs. We need a new information security framework that is complete, correct, and consistent to express, in practical language, the means for information owners to protect their information from any adversaries and vulnerabilities.

The current focus on computer systems security is attributable to the understandable tendency of computer technologists to protect what they know best—the computer and network systems rather than the application of those systems. With a technological hammer in hand, everything looks like a nail. The primary security challenge comes from people misusing or abusing information, and often—but not necessarily—using computers and networks. Yet the individuals who currently dominate the information security folk art are neither criminologists nor computer application specialists.




We presents a comprehensive new information security framework that resolves the problems of the existing models. We demonstrates the need for six security elements—availability, utility, integrity, authenticity, confidentiality, and possession—to replace incomplete CIA security (which does not even seem to include security for information that is not confidential) in the new security framework. This new framework is used to list all aspects of security at a basic level. The framework is also presented in another form, the Threats, Assets, Vulnerabilities Model, which includes detailed descriptors for each topic in the model. This model supports the new security framework, demonstrating its contribution to advance information security from its current technological stage, and as a folk art, into the basis for an engineering and business art in cyberspace.

The new security framework model incorporates six essential parts:

1.    Security elements of information to be preserved are:
    Availability
    Utility
    Integrity
    Authenticity
    Confidentiality
    Possession




2.    Sources of loss of these security elements of information:
    Abusers and misusers
    Accidental occurrences
    Natural physical forces

3.    Acts that cause loss:
    Destruction
    Interference with use
    Use of false data
    Modification or replacement
    Misrepresentations or repudiation
    Misuse or failure to use
    Location
    Disclosure
    Observation
    Copying
    Taking
    Endangerment

4.    Safeguard functions to protect information from these acts:
    Audit
    Avoidance
    Deterrence
    Detection
    Prevention
    Mitigation
    Transference
    Investigation
    Sanctions and rewards
    Recovery




5.    Methods of safeguard selection:
    Use due diligence
    Comply with regulations and standards
    Enable business
    Meet special needs

6.    Objectives to be achieved by information security:
    Avoid negligence
    Meet requirements of laws and regulations
    Engage in successful commerce
    Engage in ethical conduct
    Protect privacy
    Minimize impact of security on performance
    Advance an orderly and protected society

Did you like this? Share it:

Related posts:

  1. Assessing Information Security: Strategies, Tactics, Logic And Framework | by Andrew Vladimirov, Konstantin Gavrilenko and Andriej Michajlowski | 2010 | ISBN: 9781849280365. Information Security Auditing Strategies And Tactics. Security Policies And Compliance.
  2. Computer and Information Security Handbook | by John R. Vacca (ed) | 2009 | ISBN: 9780123743541. System and Network Security. TEN STEPS TO BUILDING A SECURE ORGANIZATION. Unix and Linux Security. Internet Security. Information Technology Security Management. Security Management Systems. Computer Forensics
  3. Handbook of Research on Information Security and Assurance | by Jatinder N. D. Gupta and Sushil K. Sharma (eds) | 2009 | ISBN: 9781599048550. E-Commerce Security Risks and Countermeasures. Information Security Management Research. Effective Security Policies and Procedures.
  4. The Executive MBA in Information Security | by John J. Trinckes, Jr. | 2010 | ISBN: 9781439810071. Information Security Management. IT Audit and Compliance. Effective Information Security Program. Administrative Controls. Technical Controls. Application Controls. Perimeter Controls
  5. Application Security in the ISO27001 Environment | by Vinod Vasudevan et al. | ISBN: 9781905356355. International Information Security Standards. Secure Application Development Lifecycle. Information Security Management System.
  6. Always-On Enterprise Information Systems for Business Continuance: Technologies for Reliable and Scalable Operations | by Nijaz Bajgoric (ed) | 2010 | ISBN: 9781605667232. IT Governance and IT Risk Management Principles. SOLUTIONS TO CONTINUOUS DATABASE AVAILABILITY. INFORMATION LIFECYCLE MANAGEMENT (ILM). Information Supply Chains.
  7. Managing Information Security | by John R. Vacca (ed) | 2010 | ISBN: 9781597495332. How to Protect Mission-Critical Systems. Security Management Systems. Information Technology Security Management. Intrusion Prevention and Detection Systems. Computer Forensics.
  8. Schneier on Security | by Bruce Schneier | ISBN: 9780470395356. Information Security Books. The Architecture of Security. The Risks of Cyberterrorism. Identity-Theft Disclosure Laws. The Security of RFID Passports. Cybercrime and Cyberwar. Software Vulnerabilities
  9. The Integrity Dividend: Leading by the Power of Your Word | by Tony Simons | ISBN: 9780470185667. Personal Development Books. Behavioral Integrity Drivers. Personal Discipline Principles. Promissory Integrity Versus Values Integrity. How to Create a Culture of Accountability.
  10. Information Security Management Handbook, Sixth Edition, Volume 4 | by Harold F. Tipton and Micki Krause (eds) | 2010 | ISBN: 9781439819029. IT Security Management Ebook. Global Information Systems Transformation (GIST). Network Attacks and Countermeasures. ISO 27001 Certification. Business Continuity Planning
  11. Cyber Security and Global Information Assurance: Threat Analysis and Response Solutions | by Kenneth J. Knapp (ed) | 2009 | ISBN: 9781605663265. Insider Threat Prevention, Detection and Mitigation. Information Security Management Standards. Approach to Managing Identity Fraud. Emergency Response Planning
  12. Information Security Management Handbook, Sixth Edition, Volume 3 | by Harold F. Tipton and Micki Krause (eds) | 2009 | ISBN: 9781420090925. Identity Management Systems. Mobile Data Security. Web Application Firewalls. Botnets.
  13. Collaborative Computer Security and Trust Management | 2010 | ISBN: 9781605664149. Data Protection in Collaborative Business Applications. Unified Trust Management Framework. Wireless Sensor Network Security.
  14. The IT Regulatory and Standards Compliance Handbook: How to Survive Information Systems Audit and Assessments | by Craig S. Wright | ISBN: 9781597492669. IT Compliance Guideline. Information Systems Audit Program. Developing IT Security Policy. Vulnerability Assessment Tools. Information Systems Legislation
  15. Mobile Application Security | by Himanshu Dwivedi, Chris Clark and David Thiel | 2010 | ISBN: 9780071633567. Tips for Secure Mobile Application Development. Android Security. Windows Mobile Security. SymbianOS Security. SMS Security. Mobile Security Penetration Testing Tools
  16. Computer Security Handbook, Fifth Edition | by Seymour Bosworth, M.E. Kabay and Eric Whyne (eds) | 2009 | ISBN: 9780471716525. Computer Books. IT EBooks. Information System Security Books.
  17. Corporate Environmental Management Information Systems: Advancements and Trends | by Frank Teuteberg and Jorge Marx Gómez (eds) | 2010 | ISBN: 9781615209811. Green Information Technology. Industrial Environmental Management. Framework for the Implementation of Eco-Efficient Business Systems. Sustainable Supply Chain Management
  18. Understanding Signal Integrity | by Stephen C. Thierauf | 2011 | ISBN: 9781596939813. Signal Processing Ebook. Printed Circuit Board Construction. Common Signal Integrity Problems.
  19. Securing Intellectual Property: Protecting Trade Secrets and Other Information Assets | by Information Security | 2009 | ISBN: 9780750679954. How to Sell Your Intellectual Property Protection Program. Top Ten Ways to Shut Down Hackers. Checklist for Reporting a Theft of Trade Secrets Offense.
  20. 12 Security Services that are Critical for Successful E-Commerce Security. Comprehensive Safeguards Assessment for your E-Commerce and Web Server.
  21. CFO Leadership Strategies: Industry Leaders on Financial Integrity, Compliance, and Best Practices | by Aspatore Books Staff | ISBN: 9781596222649. Successful Strategies and Characteristics of a CFO. Ensuring Financial Integrity and Compliance Success.
  22. Security Engineering: A Guide to Building Dependable Distributed Systems, Second Edition | by Ross J. Anderson | ISBN: 9780470068526. Electronic and Information Warfare. Network Attack and Defense.
  23. Advanced Signal Integrity for High-Speed Digital Designs | by Stephen H. Hall and Howard L. Heck | 2009 | ISBN: 9780470192351. Digital Engineers Resources. Electronics Design. Signal Integrity Design. CROSSTALK MINIMIZATION Techniques.
  24. Strategic Information Management: Challenges and Strategies in Managing Information Systems, Third Edition | by Robert D. Galliers and Dorothy E. Leidner (eds) | ISBN: 9780750656191. Strategic Information Systems. Information Systems Planning Process. Information Systems–Business Strategy Alignment
  25. Homeland Security Preparedness and Information Systems: Strategies for Managing Public Policy | by Christopher G. Reddick | 2010 | ISBN: 9781605668345. Citizen-Centric E-Government. EMERGENCY MANAGEMENT WEBSITE CONTENT ANALYSIS. THREAT PROTECTION MECHANISMS.
  26. IT Law: An ISEB Foundation | by Jon Fell (ed) et al. | ISBN: 9781902505800. CONTRACT LAW ESSENTIALS. Intellectual Property Protection. Employment Law. BS 7799/IS0 17799 Information Security. PRIVACY AND ELECTRONIC COMMUNICATIONS REGULATIONS
  27. Computer Certifications Study Guide. ExamWise for CompTIA 2009 Security+ Certification Exams SY0-201 and BR0-001 | by David Failor | 2009 | ISBN: 9781590952139. Computing Infrastructure Security. Communication and Wireless Security. IT Vulnerabilities, Threats, and Attacks.
  28. Under Control: Governance Across the Enterprise | by Jacob Lamm et al. | 2009 | ISBN: 9781430215929. Governance of Risk and Compliance. IT Compliance Controls. Information Government Framework. Controls Monitoring and Reporting.
  29. Utilizing Information Technology Systems Across Disciplines: Advancements in the Application of Computer Science | by Evon M. O. Abu-Taieh, Asim A. El-Sheikh and Jeihan Abu-Tayeh | 2009 | ISBN: 9781605666167. Information Technology Research. Information Resources Management
  30. Managing Security Overseas: Protecting Employees and Assets in Volatile Regions | by Scott Alan Ast | 2010 | ISBN: 9781439804674. Security Management in Companies with Global and High-Risk Operations. Emergency Management Plan. Crisis Management Do’s and Don’ts. Security Awareness Training.
  31. Structural Elements for Architects and Builders: Design of Columns, Beams, and Tension Elements in Wood, Steel, and Reinforced Concrete | by Jonathan Ochshorn | 2010 | ISBN: 9781856177719. STRENGTH OF BUILDING MATERIALS.
  32. New Search Engine with free Utility Tools
  33. IT Governance: Implementing Frameworks and Standards for the Corporate Governance of IT | by Alan Calder | 2009 | ISBN: 9781905356904. IT Regulatory Compliance. ITIL/COBIT/ISO27002 Joint Framework. ISO/IEC 38500. Calder-Moir Framework.
  34. Securing the Smart Grid: Next Generation Power Grid Security | by Tony Flick and Justin Morehouse | 2011 | ISBN: 9781597495707. Power Engineering Ebook. TOP 12 TECHNICAL PRACTICES TO SECURE THE SMART GRID. SMART GRID SOCIAL NETWORKING SECURITY CHECKLIST. OPEN SOURCE SECURITY TESTING METHODOLOGY MANUAL (OSSTMM).
  35. The Buying Brain: Secrets of Selling to the Subconscious Mind | by A. K. Pradeep | 2010 | ISBN: 9780470601778. Neuromarketing Technology. Market Research Challenges and Opportunities. Brand Essence Framework. Total Consumer Experience Framework
  36. Innovations in Supply Chain Management for Information Systems: Novel Approaches | by John Wang (ed) | 2010 | ISBN: 9781605669748. Implementing RFID for Supply Chains. Development of Web-Enabled Supply Chain. Framework for Integrated Logistics Service Provider. Manufacturer-E-Retailer Supply Chain
  37. Handbook of Research on Building Information Modeling and Construction Informatics: Concepts and Technologies | by Jason Underwood and Umit Isikdag (eds) | 2010 | ISBN: 9781605669281. INFORMATION MODELING TOOLS. Geospatial Information Systems.
  38. MacBook Pro Portable Genius | by Brad Miser | 2009 | ISBN: 9780470291702. Troubleshooting an Internet Connection. Synchronizing Contact Information with an iPhone. Configuring Bluetooth on a MacBook Pro. Protecting MacBook Pro with General Security. Using Boot Camp to Run Windows
  39. Water and Wastewater Engineering. Water Supply Systems Security | by Larry W. Mays (ed) | 2004 | ISBN: 9780071425315. DRINKING WATER SECURITY AND SAFETY. WATER SYSTEM EMERGENCY RESPONSE PLAN. SECURITY HARDWARE AND SURVEILLANCE SYSTEMS FOR WATER SUPPLY SYSTEMS
  40. Overall Equipment Effectiveness: A Powerful Production/Maintenance Tool for Increased Profits | by Robert C. Hansen | ISBN: 9780831131388. Equipment Shutdown Strategies. Reliability Availability Maintainability/System Performance

Tags:

You must be logged in to post a comment.