o A specific security policy for information technology evolves from a corporations' general security policiy which manifests the risk appreciation of the company's.
A Framework to support decisions on appropriate security measures
Kurt Bauknecht, University of Zurich Christine Strauss, University of Vienna
Terminology (1) o
A secure system is one that is shown to satisfy the required security propefties with the desired assurance. These propefties may refer to confidentiality, integrity, availability or any combination of these three categories
o
Security requirements are functional or performance propefties placed on a system in order to assure a desired level of security
o
Confidentiality is the state of a system when data are protected from unauthorized disclosu re
o
f
ntegrity is the state of a system when
data has only been transformed in an intended way o
Availability is the state of a system where services and the functions of the system will not be denied to legitimate users but performed within an acceptable period of time
Terminology (2)
o
A security architecture describes generic security services and security mechanisms as well as the necessary functions of security management within a ceftain system architecture
o
A framework is a generic solution for specific security requirements (e.9. authentication, integrity, access control). lt ensures consistency in the security enhancements by providing a modular composition
o
A security model applies th._q various concepts developed in the framework to specific parts of an architecture and details how and when mechanisms and framework elements are combined
o
Techniques finally provide building blocks and appropriate tools for a specific implementation
Terminology (3) o A specific security policy for information technology evolves from a corporations' general security policiy which manifests the risk appreciation of the company's decision makers
o The specific security policy is based on results from an applied risk analysis and is a statement indicating the goals of the intended security effort. lt determines a set of rules that constrain the decision process for security management
o The quality of the decision process for security management depends essentially on the quality of the requirements
o A security measure can be a device, an organizalional step, a rule, a software, a procedure or any acitivity that supports security. The security measure includes all acitivites which help to integrate the chosen measure into the specific environment
o Security services are based on implemented security mechanisms and provide support to protect assets
o A security mechanism is an algorithm for realizing a specified functionality
lnterrelation between elements of a sec I r I ty related decision model constraints (specific security poltcy)
servrces
requirements
(
authe non rep access
mechanisms
Development of a tramework for selecti I g appropriate security servrces o Security relevant activities in the organ tzalional h ie rarchy
o Framework for preparation and coordination of high quality security decisions
o lntegration of the framework into security system management
Organtzational co I ext for security relevant activities Level
Activity
lnformation required
top management
- define a corporations'
objectives of the organization, general management goals, culture, strategies, laws, requlations etc. corporations' general security policy architectures, models, framworks etc. general security policy, standards, statistics, check-lists etc. specific security policy, standards, evaluation techniques etc. product descritions, documentation etc. documentations, assumptions and results of risk analsysis etc.
general security policy staff/line depaftment
operative
- define a specific security policy - perform risk analysis - select measures - implement measures - verify measures - apply security measures
user instructions
General security policy o Fixed by top management gives long term and company wide binding standards
o Ensure transparency and long term val¡dity o Show methods, standards are based on rather than just giving the "values"
o Policy should contain
r Parameters used as basis for risk assessment r Parameters used as basis for
r r r r
classification of risks Methodology for cost evaluation of security measures Criteria for selection of favourable security measures Financing policy Rules for delegation Delimitation of competence
o
threatened objects threat
What could be damaged? Where could something be damaged?
What could happen? How could it happen? -¡
A tramework for selecting appropriate secu rity services corporations' general security policy ENVI.
rofìment
+
risk analysis
specific security policy constraints
methodes and tools
requirements
ocess nagement servrces
mechanisms
lntegrated security syste I I Corporations' general security policy environment
risk analysis
+
ific secur
oli constraints
methodes and tools n process mana ement
uirements
serv ices
FnnuewoRK
mechan m
Security Management System
Security
Secunrrv SysrEM MnTncEMENT
Data Base
ecu
lnfo
Security Expert System anagement
nB
Security management in open communication sytems
o
Security policy
o
Services
o
Mechanisms
o
Security management
o The specific security policy, a set of laws, rules, and practices that regulate how the organization manages, protects, and distributes sensitive information has then to define appropriate rules which allow to gu arantee the requested security level of the communication system.
Services and mechanisms suppofting security management in open communication networks o
E)
E It2 l-a
z ¡l C)
Ê
o
f¡l
E L
E
.E
o
CL
o 5
o
G
c
c .9 Ø (E
C)
.=
l¡l
i5
Peer Entity Authentication
Y
Y
Data Origin Authentication
Y
Y
SERVICE
Ê
cn
Access Gontrol Service
.= L
o
ctt
c)
o
at,
E
Ø
o o o
G (g
ô
c G E o x t¡l c o o o
cct) ît tt(ú
o L
c
c
o
Ê,
(t
c,
.N
.c f
o L
= o
zo
o
o.
F-
Ê,
L
(!
Y
Y
Y
Y
Y
Selective Field Confidentiality
Y
Traff ic Flow Confidentiality
Y
Connection lntegrity with Recovery
Y
Y
Gonnection lntegrity without Recovery
Y
Y
Selective Field Connection lntegrity
Y
Y
Connectionless lntegrity
Y
Y
Selective Field Gonnectionless lntegrity
Y
Y
Non Repudiation, Delivery
(ú
Y
Connection Conf identiality Connectionless Confident¡al¡ty
Non Repudiation, Origin
o
c) El
Y
Y Y
Y
Y Y Y Y
Y
Areas of security management in a open communication system
Local Securi Managemen
Securitv Service Mana$ement
Securitv Mechanism Mañagement
Open System management r Security management o
Security frameworks
The purpose of the security frameworks is to provide comprehensive and consistent descriptions of specific functional areas of security such as authentication and access control o Security models The purpose of security models is to apply the security concepts detailed in the security frameworks to specific areas of open systems architecture o Security techniques/mechanisms Secu rity techn¡ques/mechan isms define a specific way of achieving a pafticular goal. Typical examples are:
Authentication techniques lntegrity techniques
EDI
x.400
x.500
Messaging
Directory
Open Systems Security Distributed Application Architecture
o J
CD
o
o o o
arch
security service/ mechanism definition and placement
lnteractive Processing
File Transfer
Open Systems
Security Framework Distributed Application Framework
õ '-9 cÈË
Open Systems Security Model
Distributed Processing and Database Applications
:> ''=ah o ,F U' o(I) O= ,
'=q
ii'.u)
Distributed Application Model
.o
c
.(! Ø 'o 0) o-
o
O
(t)
'P-C
, L(õ oE 'ot L.-
o
Ø
=() fo) .-(do , oE
