Which of the following are the primary goals in providing security?

4.1 Technologies for Secure Dependable Systems

For the security objective, at a very basic level, the technology of cryptography utilizes a key to allow the transformation of input data into unintelligible material that cannot efficiently be deciphered to obtain the original data without using the key. Thus if the key can be kept confidential, the encrypted data are deemed to be secure from revealed or divulged to parties without access to the original key.

The available cryptography techniques may be broadly divided into secret-key cryptography and public-key cryptography. In secret-key cryptography, a secret (or key) is shared between the sender and the receiver. This shared secret is used to process the data at each end of the communication. Without possession of the secret, it should be computationally infeasible to encrypt or decrypt data. In public-key cryptography, a key for user x consists of a pair, (public(x),private(x)). For the purpose of encryption, the owner of the key uses private, whereas all others use public(x). In addition, it should be computationally infeasible to discover private (x) given only the value of public(x). With a slight modification, the above system can also be used to provide unforgeable digital signatures [12].

As part of dependability, many applications in business and communications demand confidentiality of messages that are exchanged between the systems. Confidentiality is also a key attribute of dependable systems as defined by researchers such as [5,13]. For example, business customers involved in online shopping using credit cards do not wish to divulge their credit card numbers to third parties. Similarly, content of emails needs to stay secure during transport through routers. Cryptography solves the problem of transporting such communication over public channels, that is, channels that may be monitored by a third party in order to observe what data travel over it. There is a tradeoff between level of security and the efficiency of specific encryption protocols, and desired level of dependability can determine the selection of a protocol. Thus after DES was broken, US government has stipulated the use of AES in all sensitive installations and systems.

Another dependability attribute, data integrity, guarantees the accuracy of data being stored or exchanged among systems. Verifiable accuracy of data is a requirement of many dependable systems. Data may be corrupted due to many reasons: through physical phenomenon such as radiation, heat, light, magnetic or electric induction, and vibrations; through erroneous or unexpected system interactions due to weaknesses in the protocols; or deliberately corruption of data by malicious agents. Integrity is particularly relevant in terms of financial transactions, quantitative data, textual data, and critical data such as that used for management and feedback of real-time embedded systems in transportation and industrial control. Some applications may require other dependability attributes but tolerate loss of integrity to some extent. For example, reduction of resolution or addition of noise in audio or video data will compromise integrity but may still be acceptable to a certain extent. An efficient means of measuring data integrity is through the use of cryptographic hashes. A “fingerprint” of the source data file is generated and packaged along with the source. The recipient can generate the fingerprint of the received file and tally with the enclosed fingerprint to detect if there has been any modification of the source [14]. Many vendors publish software or patches along with hashes to prevent unauthorized modification of their published files.

Authentication of the source is essential in order to avoid impersonation attacks, where a malicious intruder masquerades as a genuine principal. In today's highly connected world, it would be desirable to have two-way mutual authentication, that is, both the source and the destination authenticate each other before full communication can be established between them.

Nonrepudiation is essential to prevent a principal from denying a previous commitment with another principal. Thus in the case of a dispute, a third party, such a judge in a court of law, should be able to ascertain and affirm the identities of concerned parties in the context of a given transaction.

Secure, authenticated communication in different domains of business or government often requires all of the above attributes. For example, secure and verifiable public transactions (such voting in a national referendum) using public-key infrastructure (PKI) will require a dependable system with all of the above transaction attributes. To ensure confidentiality, each principal could vote after encrypting the vote with the voter's private key. For the purposes of verification, each particular vote could be readily verified by using the respective voter's public key. This process could be repeated as many times as necessary by different entities.

On the other hand, a large number of votes could be divided up into batches of much smaller jobs, and these jobs could be processed in parallel. In this manner, a community can potentially accelerate the vote counting process to any desirable speed. We see that we have integrity, since tampering the voting information will effective destroy it; nonrepudiation, since only the concerned voter knows the private key; and verifiability, since anyone can use the public key and verify a particular vote. As far as confidentiality is concerned, it is a policy issue. If needed, confidentiality could be incorporated by either using secret-key encryption or by not publishing public keys except to the concerned parties, such as election commissions and judges. Further elaboration may be found in standard texts such as [14].

2 Fundamental security objectives in computer networks

The Confidentiality, Integrity and Availability, abbreviated as CIA, constitute the core principles of information security. From the computer network point-of-view, they have to be analyzed for achieving and maintaining network security to provide robust and dependable network-based services.

These core security objectives are intertwined with a plethora of security issues which aim to realize these objectives:

Security-aware system design and deployment: The design of computing systems and networks should take security into consideration at their very early stages. The security issues should also be addressed during the system deployment so that systems and networks are set up with emphasis on security requirements [86].

Attack detection: Network flows and activities have to be processed for aggregate metrics and events have to be identified. Subsequently, these data have to be processed for attack or intrusion detection. This process has to be quick, reliable, repeatable and with low complexity. Moreover, it has to be applicable in different environments.

Vulnerability identification and patching: Vulnerabilities in a network have to be identified and patched in a timely manner. On the software side, the vendors and programmers have to discover or evaluate in-field data to identify the vulnerabilities and prevent exploits via published patches. The availability of an appropriate patch is not sufficient. The network or system administrators need to apply them to vulnerable network hosts and devices.

Countermeasure selection: Once an attack or intrusion is detected, there are potential countermeasures to be applied determined by the capabilities of the security infrastructure and available human resource. This is a complicated problem with a multidimensional structure.

How to enforce a countermeasure: After a countermeasure is selected, the actual enforcement is a difficult task. The heterogeneity of countermeasure enforcement points and the expected cost of countermeasures are also challenging.

Lack of security testing: Most of the vulnerabilities are nondeliberately caused by substandard system design/development practices. Additionally, when the systems are deployed and in operation, they should be tested against security threats via periodic efforts such as penetration testing. However, these actions are costly and time-consuming activities and are usually ignored.

Human factor: User behavior and awareness for security is a critical concern in ensuring the security of computer networks and information assets. Since the users are part of the system, they can be instrumental in both ways: They can mitigate the security risk of a computer network by following best security practices or they can capacitate attackers for exploitations by errors or weaknesses. Since users are assumed to be the weak link in information security, the effect of the human factor cannot be overlooked.

According to the Framework for Improving Critical Infrastructure Cybersecurity by National Institute of Standards and Technology (NIST), at the highest level, basic cybersecurity activities involve five functions: Identify, Protect, Detect, Respond, and Recover as shown in Figure 30.1 [4]. These functions can be performed in parallel, merged or organized in different configurations according to the context and environment of an ICT system. They provide a common language for management of cybersecurity risks by organizing information, enabling risk management decisions, addressing threats, and improving by learning from previous activities [4]. The functions also help show the return on investment for security-related activities in cybersecurity. For example, investments in pre-attack security analysis support protection efforts while online network analysis enables proper response and recovery actions, resulting in reduced impact to the delivery of network services.

There are also some security issues that are becoming more acute with the recent advances in Internet, devices and software. The leading ones can be listed as:

Heterogeneous environments: The networks are becoming more and more heterogeneous with the integration and deployment of different systems, devices and software.

Hyperconnectivity of users and systems: The “network” aspect of information security has reached an unprecedented level since the proliferation of Internet and smart mobile devices have enabled “anytime, anywhere” connectivity.

Circulation of software from untrusted and unknown developers: The Internet and the spread of mobile devices have enabled the widespread circulation of free software from unknown sources dramatically. The retrieval and installation of such software is usually effortless and straightforward, leading to harder-to-control computation and communication environments.

Cyberphysical systems (CPSs): According to [5], CPSs are “integrations of computation and physical processes.” Embedded computers and networks monitor and control the physical processes, usually with feedback loops where physical processes affect computations and vice versa. The security analysis of such systems requires comprehending a holistic view of computers, software, hardware, networks, and physical processes. This integrated structure brings forth the challenge of “scoping,” which is to determine the correct scope of network security analysis.

Due to these circumstances, the complexity of network security analysis and modeling for supporting fundamental security objectives has become extremely high.

The proliferation and the increasing complexity of computer networks and systems have made security an important issue for modern societies. Security of computer networks and systems is almost always discussed within information security that has three fundamental objectives, namely confidentiality, integrity, and availability. The objectives form a CIA triad that is also known as the container for both data and computer network systems security and shown in Figure 30.2. For instance, the NIST standard FIPS PUB 199 (Standards for Security Categorization of Federal Information and Information Systems) lists confidentiality, integrity, and availability as key security objectives.

FIPS-191 – Guideline for the Analysis Local Area Network Security

This FIPS standard covers the security objectives of confidentiality, integrity, availability, and nonrepudiation.

The following goals should be considered to implement effective LAN security.

•

Maintain the confidentiality of data as it is stored, processed or transmitted on a LAN;

•

Maintain the integrity of data as it is stored, processed or transmitted on a LAN;

•

Maintain the availability of data stored on a LAN, as well as the ability to process and transmit the data in a timely fashion;

•

Ensure the identity of the sender and receiver of a message;

Adequate LAN security requires the proper combination of security policies and procedures, technical controls, user training and awareness, and contingency planning. While all of these areas are critical to provide adequate protection, the focus of this document is on the technical controls that can be utilized.3

Appendix 6 The Forensic Laboratory’s Security Objectives

ISO 27001 requires the Forensic Laboratory to set security objectives (0.1, 0.2, 4.2.3, 4.2.4, 4.3.1, 5.1, 7.1, and 8.1 refer) for the ISMS. These are business-driven objectives that the ISMS are to achieve.

Security objectives are driven by legislative, regulatory, Client, and internal requirements.

The Forensic Laboratory has agreed that the security objectives below are meeting its current requirements and these are to be regularly reviewed at each Management Review meeting or on any influencing change that may affect them.

ISO 27001 requires that employees understand the Security Objectives, why they are important, and what they can do to help the Forensic Laboratory achieve them.

The following are the business driven security objectives of the ISMS in the Forensic Laboratory, agreed by Top Management:

Increase client base because of ISO 27001 Accredited Certification;

Increase Client satisfaction with improved information security requirements, independently verified;

Commit sufficient resources to information security within the Forensic Laboratory to maintain appropriate information security and retain ISO 27001 Accredited Certification;

Continuously review and improve the Forensic Laboratory’s information security implementation;

Ensure that all Forensic Laboratory employees know their security roles and responsibilities;

Ensure that all Forensic Laboratory assets, and assets held by the Forensic Laboratory on behalf of any third party, are appropriately protected against loss, disclosure, unauthorized modification, or deletion;

Ensure that the Forensic Laboratory is appropriately protected through contractual means when dealing with any third party, including measurement of services delivered against SLAs;

Ensure the physical security of the Forensic Laboratory’s offices against unauthorized access;

Ensure that the Forensic Laboratory’s IT Department securely delivers the services required by internal and external Clients;

Ensure that the Forensic Laboratory’s IT services are continuously monitored and corrective and/or preventive action is taken, if needed;

Ensure that all access to information is based on a documented business need, and that this is regularly reviewed;

Ensure that any development undertaken, or products purchased by the Forensic Laboratory, have appropriate information security in place, based on perceived risk and/or Client requirements. This includes complete testing against predefined criteria prior to purchase or implementation;

Minimize the number of security incidents that may affect delivery of the Forensic Laboratory’s services, and learn from any incident to prevent recurrence;

Ensure that in case of any incident that requires invocation of business continuity plans there is minimal impact on the delivery of the Forensic Laboratory’s services to Clients;

Meet all legislative and contractual requirements for information security.

These are derived from existing documentation within the Forensic Laboratory, implied contractual terms and good information security practice.

The Information Security Manager shall produce quarterly reports showing how these security objectives are met by use of the defined metrics, as given in Chapter 5, Appendix 22. A report, showing year on year trending shall be presented to the annual Management Review by the Information Security Manager.

Provide “reasonable security”

A single, definitive legal standard has recently emerged which requires all U.S. corporations to provide “reasonable security” for their corporate data and IT assets, regardless of industry sector. Even though laws or regulations rarely specify what specific security measures should be employed, it is critical to know the desired security objectives specified in applicable laws, regulations, and consent decrees or enforcement actions.

The set of legal requirements for any U.S. company pertaining to information security obligations are derived from both industry-based (e.g., healthcare companies, financial companies) and data-based (e.g., personal information, financial data) information security statutes and regulations. Regardless of how your company’s specific legal requirements are derived, it is important to note that nearly all applicable laws define an amazingly small, well-defined set of desired security objectives. Therefore, you are able to reasonably protect your company from legal action in the United States related to information security laws without necessarily knowing the minutia involved in every applicable law, regulation, or enforcement action.

The well-defined set of desired security objectives found in nearly all applicable U.S. laws and regulations governing information security include:

Ensure reliability/availability of information systems and data

Control access to systems and information

Ensure confidentiality, integrity, and/or authenticity of information

Prevent unauthorized access, use, disclosure or transfer, modification or alteration, processing, and accidental loss or destruction

Security measures must include physical, technical, and organizational or administrative controls

Cover data in any form (e.g., databases, e-mails, pictures, video, sound recordings, etc.)

The definitive legal standard fully recognizes what IT security professionals have known for some time: Security is a process, not a product. In law after law, regulation after regulation, enforcement action after enforcement action, the requirements repeatedly dictate a fact-specific process leading to development of a comprehensive WISP.

This “process-oriented” requirement was first established in financial industry regulations required by the GLBA, later incorporated into FISMA, HIPAA, and FERC regulations, and since adopted as “best practice” by the FTC, National Association of Insurance Commissioners, and several State Attorneys General.

The “process-oriented” WISP is very different than the traditional view of simply employing strong security measures. Merely employing strong security measures has largely been deemed insufficient to comply with applicable statutes. Security measures must be responsive to existing threats and must constantly evolve in light of changes to threats, technology, business, etc.

As part of your WISP, it is required that you implement measures that are reasonable and designed to achieve the desired security objectives as written in laws and regulations. It is also required that you employ an ongoing, repetitive process which identifies new developments and threats, assesses risk, identifies and implements appropriate security measures, and verifies implementation.

Summary

This chapter introduced some of the concepts, security objectives, legislative and regulatory requirements, and sources of guidance to agencies performing information assurance and information security management functions. This material provides historical background on current information security practices and establishes the context in which key risk management activities occur in each sector of the government. Recognizing the central role of system certification and accreditation process in government agencies—before and since FISMA’s enactment—this chapter also described the evolution of C&A processes in the civilian, defense, and intelligence sectors towards the common government-wide approach envisioned for the Risk Management Framework.

Security Objectives

In computer security, the acronym CIA describes the basic security objectives of confidentiality, integrity, and availability, which a secure system is typically designed to support. These three basic objectives are the basis for realizing a large variety of security functions and satisfying the security requirements of most applications. In some applications there is the need to support only part of them, but a secure system is applicable to concrete scenarios only if all three of them are offered by the system and can immediately be adopted when the need arises.

Confidentiality is the property that is typically associated with the use of encryption. Indeed, when the concern about security derives from the transmission on a channel of sensitive information, encryption represents the crucial technology that is able to protect the information content of the transferred information from being readable by adversaries who have access to the communication channel. In information systems, the confidentiality of information stored within the system is mostly realized using the AC services, which are responsible for monitoring every access to a protected resource. Only read accesses that are consistent with the policy will be allowed by the system. In some cases, encryption can support the realization of an AC policy for read operations, but this is reserved for information systems with outsourced resources or for representation of data at the low level (hard disks support the encryption of the information contained in them).

Integrity is arguably the most important security service in the design of business applications. Integrity guarantees that all information stored and sent along communication channels is not manipulated by unauthorized users without detection. Integrity in network traffic commonly relies on the use of hash functions, message authentication codes, encryption functions, and digital signatures. Integrity for services requires that the function of the service not be manipulated (supported by code signing) and that only authenticated users that have been authorized to invoke a given service are actually able to have their service requests processed by the system. The critical aspect for achieving integrity protection is that the access policy is configured in a way consistent with security requirements.

Availability focuses on the resistance against attacks that aim to disrupt the offer of services. As a security service, this aspect is particularly important for military applications. In the business environment, this is typically considered together with safety and reliability aspects and represents the property that the system is able to provide the services continuously, independently from the variety of threats, owing to adversaries or random events that may make the system inoperable. There may be specific business scenarios in which the security aspect is extremely relevant (such as Web application providers that are victims of flooding attacks by adversaries who want to blackmail the service owners), but in most cases the scope is the complete collection of all possible malfunctions that can block the system.

Beyond CIA, other services are often added in this classification as basic security services, but they can typically be considered as variants or combinations of the main services. Authenticity can be considered a variant of integrity, in which resources and services have to prove their origin and users have to prove the control of a specified identity. Accountability is also a variant of integrity, in which the goal is to guarantee that actions on the system are always recorded without loss and associated with the verified identity of the user. In this way, nonrepudiability can also be guaranteed, because users cannot deny that they were responsible for the actions they executed on the system.

What are the primary goals of security?

What are the 4 basic security goals?

What are the 3 primary goals in computer security?