Data Protection and Security

   

I

Introduction to Information Security

   

I.I

Definitions

    
   
 

Why is Security Hard?

By investigation from different points of view, we would like to provide a detailed answer to this crucial question:

  1. Most of information science is concerned with achieving desired behaviour. On the other hand, security is concerned with preventing undesired behaviour. It is much easier to specify, control and verify what something does than what it does not do. From a functionality point of view, unexpected functionality is fine but from a security point of view it becomes a problem since it opens the door to the attackers to do bad things

  2. If we compare it with other branches like safety, it is seen that we do not have a sufficient understanding of security yet. On the other hand probability is a well-established tool and appropriate formalism to deal with safety issues. For instance think of an airplane, which requires an engine to stay in the air. Given the failure rate of one engine and the maximum failure rate allowable for the airplane we can calculate how many engines (redundancy) we need. Can we make a similar calculation for security? Is redundancy an appropriate technique for security? Is probabilistic modeling possible? These are all open questions.

  3. Like any other engineering branch, requirement analysis has an utmost importance for security. However specifying security requirements is not an easy task since users with their specific security requirements have no security expertise if not they are totally security-unaware.

  4. A system is a collection of inter-related elements comprising a unified whole. Systems are distinguishable from individual machines e.g., a pulley is a machine but an elevator is a system incorporating many components including pulleys. An information system typically consists of components which are connected together in order to facilitate the flow of information.There are two properties of systems which make the job of security designers much difficult:

    1. Complexity: Systems can grow as well as join to form larger systems increasing their complexity. The most complex system man has ever built is probably the Internet. Another complex system is computer operating systems such as MS Windows having millions of line of code. As MS Windows grows bigger and bigger, there are more opportunities for more security holes to pop up, as fewer and fewer people really are capable of fixing them.

    2. Emergent : The complex behaviour or properties of a system are not a property of any single component or a subsystem, nor can they easily be predicted or deduced from behaviour in the lower level
    
   

I.I.Q

[+] Question

[-] Question

Is complexity the same thing as size? Is it true that bigger systems are more complex?

    
   
       
 
«previous session [1] [2] [3] [4] [5] [6] next session »
   
       
 
«return to chapter index proceed to next section »
  concepts »