Information Systems Security

1931 Words4 Pages

Hardware, software and the data that resides in and among computer systems must be protected against security threats that exploit vulnerabilities. Organizations must therefore impose appropriate controls to monitor for, deter and prevent security breaches. Three areas have been considered, in a typical sense, as the basic critical security requirements for data protection: confidentiality is used to assure privacy; principles of integrity assure systems are changed in accordance with authorized practices; and, availability is applied to maintain proper system functions to sustain service delivery (Dhillon, 2007, p. 19).

These security requirements are represented in Figure 1, Classic Critical Security Requirements. This figure depicts the cross-domain solutions of informal controls, also known as human relationships, and formal and technical controls, which provide for organizational and physical information security controls, respectively. Two additional security requirements have recently been added that are of particular importance to networked environments because attacks now extend far beyond traditional firewall perimeters. These are authentication, which is used to assure a message actually comes from the source it claims to have originated; and, nonrepudiation, which can be applied to prevent an entity from denying performance of a particular action related to handling data, thereby assuring validity of content and origin. Figure 2, Core Data Security Set, depicts the interrelationship of the five core requirements of information security.

The remainder of this paper will focus on nonrepudiation, which may also be explained as a security protocol that allows an individual or organization to prove, for instance, t...

... middle of paper ...

...thenticated. The back end receives the transaction request, validates the signature information, and once successfully validated, the transaction may continue.

In closing, it must be understood there are certain variables that must be considered when applying a Challenge Response OTP Token and Digital Signature as nonrepudiation methods. These include costs, technical support, speed, latency time and others. A comparison of these important variables is provided in Figure 9.

Works Cited

Dhillon, G. (2007). Principles of Information Security Systems. John Wiley & Sons, Inc.

DHS. (2008). US CERT. Retrieved September 14, 2011, from United States Certification: http://www.us-cert.gov/control_systems/pdf/SCADA_Procurement_DHS_Final_to_Issue_08-19-08.pdf

Professional Development Center. (2010). Retrieved September 7 from http://pdc-riphah.edu.pk/site/?page_id=69

Open Document