• Tidak ada hasil yang ditemukan

Building a Global Information Assurance Program

N/A
N/A
Info
Unduh - Bebas
Nguyễn Gia Hào

Academic year: 2023

Membagikan "Building a Global Information Assurance Program"

Copied!
422
0
0

Memuat.... (Lihat teks lengkap sekarang)

Unduh sekarang ( 422 Halaman )

Teks penuh

The permission of CRC Press LLC does not extend to copying for general distribution, for promotion, for the creation of new works or for resale. 2003 by CRC Press LLC Auerbach is an imprint of CRC Press LLC No claim to original U.S.

Introduction

In Chapter 5, we present a system engineering methodology that begins with organizing, selecting a team, and organizing Appendix 2. Volume. We cover deployment and testing in Chapter 8, followed by lifecycle operations and maintenance in Chapter 9, and some specific implementation ideas in Chapter 10.

Introduction to

Information Assurance

This includes ensuring the restoration of information systems by incorporating protection, detection and response capabilities” [NDU, 2002]. From these definitions, we can derive aspects of information provision services based on availability, integrity, authentication, confidentiality and non-repudiation.

Integrity

Authentication

A digital certificate can be used to establish online identities and define relationships or privileges within a particular business, group or community, just as a driver's license or passport can be used for identification in face-to-face transactions. User ID and password authentication is considered weak authentication because passwords are usually legible and can be easily compromised.

Confidentiality

Encryption of the data to be transported can be done at several levels: at the application itself, at the application programming interface (API) or at the network layer. Encrypted mail support can, for example, be provided via Domino's support of S/MIME (secure multipurpose internet mail extensions).

Nonrepudiation

The application interface uses SSL to take responsibility for ensuring the encryption of application data.䡲 Network-based encryption: The use and growth of the Internet seems limitless.

Summary

䡲 Additionally, information assurance is that the IDS posts the event to a feedback file (not just a temporary console log) for later review. One can easily see how building a global information assurance program is possible, given that the highest orders of the building blocks are essentially the same.

Basic Concepts

To better understand the environment in which we operate, let's first take a closer look at the information itself. Thus we come to a basic discussion of information, information properties, and the properties of the information systems on which they reside.

Attributes

Once we have arrived at the relevant data set and organized it into something meaningful, we still need to ensure that the information is available to the people who need it in a timely manner with a reasonable expectation of security (integrity, confidentiality, authenticity, etc .). As we saw in the previous chapter, IA is more than just information security (InfoSec) and it cannot be achieved without interoperability between information and information systems.

Information Attributes

Pure Information Attributes

Given the sheer volume of data and the speed and bandwidth at which we can transmit it, limiting the scope to only that information directly relevant to the matter at hand can significantly reduce our information handling problems and clarify what might be too detailed and an ambiguous image.

Attributes Partially Influenced by the System

Availability can also be defined as the ability to support user needs anywhere, anytime and in any work environment. The OODA loop is how a company can achieve organizational intelligence through agility, where agility is defined as the ability to thrive in an environment of constant change [Farrell, 2002].

Attributes Directly Influenced by the System

Trust, then, is based on a measure of the "goodness" of other attributes of the information. Wealth, on the other hand, was determined by three aspects of the information itself: (1) bandwidth (the amount of information), (2) the degree to which the information is tailored, and (3) interaction (the second degree of communication). .

System Attributes

Survivability is a measure of a system's ability to function under less-than-optimal, degrading circumstances. It is important to balance the costs with the benefits of the system.

The Bottom Line, Revisited

Ideally, the risk taker would like to be assured that risks have been minimized or mitigated to the best extent possible. Security can make a significant contribution to the decision of the risk taker and the security of the organization, and help to focus resources in those places that will have the greatest benefit to the organization.

Commercial Capabilities

Similarly, when consumer organizations choose a safeguard to mitigate risks, a certain amount of security can be attributed to the processes a supplier organization has in place to provide those safeguards. Process assurance, the degree of confidence gained through the analysis of process evidence that safety needs are met, is a powerful mechanism to contribute to total safety in a different way than assessment safety and certification and accreditation.

Security

To reiterate, with respect to computer-based information systems, the security of the information contained on the computer is probably best achieved by unplugging the unit, locking it in a strong safe, and placing a guard behind several layers of high technology. surveillance and intrusion detection equipment. Information protected in this way is very secure, but completely useless; therefore the issue becomes information security and not, strictly speaking, security.

Network Views

The bottom line usually boils down to how much the information is worth, and thus how much we are willing to commit to protecting it. However, if we are careful to identify, define and measure the vulnerabilities in our systems, we can usually manage the risk to an acceptable degree.

Information Concepts

But when we combine the information we have gathered with additional information from our environment, we can conclude that Maria is not doing well in this class (Exhibit 11). At this point, we have exhausted all the "mechanical" steps we can take to improve the facts at our disposal.

Reasoning

After responding with their initial orientation, the American pilot's level of training then enabled him as a decision maker to act more quickly and proceed to the next combat maneuver.䡲 Law: With the next combat maneuver decided upon, American pilots then quickly "enter" aircraft control instructions, resulting in faster initiation of a desired maneuver.

Types of Logic

It is heuristic in the sense that it provides a plausible conclusion consistent with available information, but one that may in fact be wrong. Human diagnostic reasoning differs from the deductive inference methods used in most existing decision support systems in that it is an abductive logic, which is considered to be a nonmonotonic logic.

Risk, Threat, and

Vulnerability Assessments

The Czech-made Skorpion VZ61 submachine gun is perhaps the most popular terrorist weapon in the world. However, through third-party sources (books, newspapers, Internet, etc.), the authors found material that shows that the damage and destruction of computer resources had historical precedence.

Why Perform an Assessment?

December 3, 1978: At 6:00 a.m., the computer center at the Italian Ministry of Transport (Motorizzazione Civile) in Rome was bombed and burned. Herein lies the potential for information destruction from this disruptive technology - the virus threat [Rawles, 1990b].

The New Reality of Risk Management

Risk Management Policy for Tomorrow

Using the risk management process provides a rational, cost-effective framework as the underlying basis for security decision-making. Assessments should address threats to the information in as much detail as possible based on the needs of the client.

Risk Assessment

For all these reasons, it is recommended that you begin the development of the security program with a risk analysis. It is suggested that those responsible for information security consult this list to take advantage of the extensive font of knowledge they represent.

Overview of

Systems Engineering

A Systems Engineering Case Study

Case Study Background

The Mission

䡲 Assist the Chief of Naval Operations (OPNAV) in defining requirements. 䡲 Perform analysis and critical experiments to evaluate architecture.

The Goal

䡲 Describe the organization's physical structure at the overall platform and major systems level.䡲 Describe current performance and capability of the force (organization) 䡲 Compare expected performance to TLWR and identify deficiencies and.

An Approach Toward a Solution

Because the information contained in the warfighting architecture is therefore relatively incorruptible, the process could benefit immensely from a structured systems engineering approach captured in a set of generic requirements for future use. The process must ensure continuous prediction and demonstration of the expected or actual achievement of the system's primary technical goals and must be responsive to change.

CASE Tools: A Means of Managing Architectural Information

Microcomputer and workstation-based CASE tools appear to be a way to automate the process while meeting many of the specific requirements. So the trick seems to be to find a user-friendly tool that will work on existing equipment and meet the technical requirements of the process.

The Current Process

Another important point is the life expectancy of the data after it has been entered into the tool. At the time of the original study, such production 9 Basic Elements of Tactical Units were included in the support mission areas (SMAs) [Wiersma, 1987].

Maritime Strategy

Maritime strategy originates at the level of the Joint Chiefs of Staff (JCS) with connections to the political arena where national policies and objectives are formulated. Defining requirements for the RDA process involves assigning priorities and war values, which transcend platform and mission area boundaries.

The Threat

National Policy and Objectives, along with the Commanders-in-Chief's War Plans (CINC), form a solid foundation for Naval Strategy. In any case, it is so deeply involved in the secrecy of the intelligence world that further discussion here is both inappropriate and futile.

Top-Level Warfare Requirements

Architecture: A System Description

Since each WMA task force has its own preferred source of information, the composition of the combat force itself also varies from architecture to architecture, depending on where the information originates and for what purpose. The WSA&E methodology requires each team to develop its own small part of the architecture in virtual isolation and then combine the products as suggested in Presentation 11.

Assessment: How Well Does it Fulfill Requirements?

Each piece of this puzzle is assembled and maintained by individual agencies for their own use in whatever format appealed to the original artist. Even if a piece of information is known to exist, it can be difficult to locate the known office and obtain a current copy.

Shortfalls and Overlaps: Identifying Strengths and Weaknesses

In addition, some information is available from more than one source, many of which disagree on relevant details. Unfortunately, the end result of the previously mentioned inconsistencies is a large group of independent architecture "chapters" or "sections" that do not lend themselves easily to consolidation without a significant amount of modification.

The Proposed Process

Architecture Development

䡲 Current Architecture: At any given time, there are multiple approved, funded, "viable" pieces of equipment in various stages of the development and procurement cycle. Accurate, logical segmentation at the outset is probably the single most important element of system design.

Architectural Principles

䡲 Layering: Combat system functions must be assigned hierarchically in the chain of command to support primary and alternate missions in both coordinated and autonomous modes of operation. 䡲 Compatibility: Changes or additions to the combat systems must be constructively operational with the existing system.

Mission Requirements Analysis

After individual war mission area TLWRs are completed, these documents are combined to form the total force TLWR. TLWRs of the primary warfighting mission area can be combined into a TLWR battle force similar to the architecture combination shown in Exhibit 11.

Functional Analysis

Operational Functions

System Functions

䡲 Communication processing and distribution: Those functions necessary to prepare data for transmission across platforms and to effect the distribution of transmitted messages.

Requirements Allocation

Assessment of the Current Architecture

Identification of Shortfalls and Overlaps

Development of Architectural Options

Assessment of Options

Proposed New (Notional) Architecture

System Synthesis

The Need for Maintaining Up-To-Date Documentation

Because this approach has never been fully followed for large-scale information systems as described here, there will certainly be distortions and anomalies in the former and most likely in every application. A more thorough investigation of the architecture description requirements must be completed before an appropriate toolset can be selected;

Information Assurance Task Force

During this phase, the IATF will need to identify threats to information management and consider all existing information assurance policies and procedures. The IATF will need to focus on identifying, understanding, managing and optimizing information provision risks.

Requirements Analysis

The IATF needs to understand how the information assurance subsystem is part of and supports the overall system. In this activity, the IATF will have to build the system architecture and define the design solution for the information provision system.

Evaluation and Decision

However, there are a number of additional functions that the IATF will have to fulfill in the implementation and testing of the Information Assurance System.䡲 Updates to the System Information Assurance Threat Assessment, as projected, for the operational existence of the system.

Documentation

The system designed by the system engineers must be translated into an information assurance system by the IATF.䡲 Training: What level of instruction is required for users to be qualified to operate and maintain the information assurance system.

Concluding Remarks

If the information security system cannot adequately meet these documented requirements, the success of the mission may be jeopardized. 11 Automated tools Testing of the various systems to verify information security design and validate information protection requirements.

Requirements

2167A required a very large and structured set of documents describing the system, modules or system components and the requirements of each. We have been personally involved in gathering requirements and producing such documentation on a number of large-scale global systems on many occasions.

Beginnings

Unfortunately, following staff turnover, major reorganizations, and changes of focus, the requirements gathering process, which in this case was tied to the warfare systems architecture and engineering (WSA&E) effort mentioned in Chapter 2, took a back seat to other priorities. taken. and the process, data and tools received less and less attention. To understand the concepts that have developed, it is first necessary to understand the basic principles of the OO paradigm.

The Object-Oriented Paradigm

This work centered around object-oriented (OO) technology and object-oriented database management systems (OODBMS).䡲 Using an object-oriented database from a conventional computing language is difficult because of the semantic gap.

Design

Conceptual Architecture Design Principles

Reuse of existing applications, systems and infrastructure should be considered before investing in new solutions. Interfaces between separate application systems must be message-based; this applies to both internal and external systems.

Operational Design Considerations

䡲 Conceptual design: Appropriate policies must be identified, published and kept up to date and at the same time monitored for compliance. 䡲 Conceptual design: The organization must establish an agreed business redesign process and new technology must be applied in conjunction with the business process review.

Business Continuity Design Considerations

䡲 Conceptual design: The organization will need to establish criteria for vendor selection and performance measurement. The organization will also need to establish criteria to identify weak vendors and weak technology solutions.

Implementation and Testing

The objectives of this IATP are to help the IA team understand why an IATP is needed; to specify management's scope of involvement; to detail the contents of the IATP, and to describe how a computer security "Tiger Team" would proceed with the analysis, testing and evaluation of the IAC's protections already in place. Before preparing an IATP, the IA administrator must conduct a risk assessment of the IAC to weigh the threats and weaknesses of the center.

Requirement for an IATP

This risk assessment should include an analysis of existing and planned protection schemes for dealing with threats to a sensitive processing environment. Implementation of the IATP would include analyzing the possibility of sensitive data being inadvertently or intentionally obtained by the IAC (in clear text form) and other such major computer security breaches.

Management’s Role

The primary reason is that everyone within the IAC, including ADP operations, must understand the importance of the IATP and be mandated to cooperate fully. 䡲 Direct that all affected elements of the organization cooperate with the execution of the IATP, including computer room contractors.

Disruption of Service Caused by IATP Implementation

Overall responsibility for preparing, testing, evaluating, and maintaining the IATP rests with the IA Administrator. Once this is done, the IATP can begin in a logical and systematic manner, identifying the critical elements to be included in the IATP and their interrelationships.

Critical Elements of the IATP

䡲 Test Documentation: A document describing the test plan, test procedures, and test results must be submitted. Audits and security tests and assessments should be performed continuously at the computer site.

Preliminary Planning: Test Requirements

IATP team members will require extensive access to the system to test and evaluate all safeguards. It is assumed that some safeguards related to personnel will be tested and evaluated, including contractors involved in the processing and handling of sensitive data in the computer system.

Test Team

It is further assumed that the IA Administrator and appropriate security personnel will devote the required time to observing and assisting in the implementation of the IATP. Tiger Team” is to draw management's attention to the whole spectrum of knowledge gained from the implementation of the IATP.

Preparatory Actions: Test Methodology

The security mechanisms of the ADP system must be tested and found to be functioning as specified in the system documentation. Perimeter drawings and specifications must be available and used to plan any changes to the facilities.

Referensi

Unduh sekarang ( PDF - 422 Halaman - 2.85 MB )

Garis besar

Attributes Directly Influenced by the System System Attributes Information Concepts Architecture Development Requirements Analysis The Object-Oriented Paradigm Operational Design Considerations Business Continuity Design Considerations Preparatory Actions: Test Methodology

Dokumen terkait

MARKETING THE SMALL LIBRARY

Important issues to discuss at a retreat might include: - The needs of the facility - The need for a building or redecorating program - Possibilities for more effective board function