Information Security. Structure. Common sense security. Content. Corporate security. Security, why

Transcription

1 Information Security Teemupekka Virtanen Helsinki University of Technology Telecommunication Software and Multimedia Laboratory Structure 1. Information security What, why, content Theory, models, terms, targets 2. Information security technology How Reliability, cryptography, key management, firewall, VPN, Real life Not me Practical issues Content Security, corporation security, information security Terms Security in an organization Classification Information security models Non technical methods Common sense security Security is a state where nothing bad or evil happens Security is a feeling where one doesn t have to be afraid Corporate security Security is a function, which reduces losses caused by accidents, frauds, thefts, acts-of-god and so on Security is optimization where prevention costs must be lower than possible losses Security, why Prevent breakdowns in production Protect valuable assets Compliance laws Meet the customer requirements Keep personnel happy Protect own reputation

2 Information security A part of corporate security where the protected asset is either information or information system A part of corporate security where any asset is protected by information security technology Threat Uhka Something harmful that may happen Possibility to happen is the numerical value of a threat Examples Fire Death of key person Malfunction of hard disk Cracker breaking in IRS comes to inspect the files Risk - Riski The expectancy of a threat Two components Threat (probability) Damage (amount) Risk = threat * damage Vulnerability - Haavoittuvuus Weakness in the information system makes it possible for a threat to occur Increase probability of a threat Increase damage Examples Weak passwords Weak encryption No unbreakable power supply Backdoor in the system From Threat to Risk Confidentiality-Luottamuksellisuus Threat Vulnerability Loss Eliminate risk Risk Minimize risk Accept risk Secrecy of information Who is allowed to know something Bell-LaPadula model A real property of information Classification must be the same every place the same information is processed

3 Availability Käytettävyys (Saatavuus) Availability of service (information) What is the maximum time delay getting service Sometimes probability of not losing information Some close areas availability reliability usability A property of system The same information may have different classification in different systems Integrity - Eheys The meaning of integrity has changed during time Originally integrity in transactions There must been no partial transactions Now much broader definition Data was correct in the beginning All changes have be legal, accountable and correct Data is still correct Accountability is usually required to maintain integrity Corporate Security Asset Management Recognize the important assets Classification Values of information Gathering information requires work Losing information means losing work (availability) Losing integrity of information makes it worthless If somebody gets the information free he doesn t have to do the work (confidentiality) Information is a part of a business process Skills in manufacturing News in yellow press Customer information Values of information 2 Information is a part of product Innovation gives technical advance Information is a part of strategy The strategy must be public (availability, integrity) The background must be secret

4 People Production Skilled workers Information Databank Reputation Value itself Reputation Good manufacturer No malfunctions No faulty products Good neigbour Environmental protection Safe traffic Good employer Safety in work Classification Confidentiality Top-down Numerical values have to be connected to the real world information security policy Top management set the standards for the organization Management on each level set the standards for their subordinates Security Management Set the goals Define the security level Define the acceptance of risk Define protection principles Security Policy High level statement Defines the baseline security Defines the acceptable risk Defines protection principles Basic document

5 Security Profile Trustworthy company Production on time No information losses No bad will For customers with higher requirements Documentation Audits / certificates Security Principles Trust Trust own employees? Trust customers? Trust other companies? Trust civil servants? Protection methods Automation / people Preventing / detecting The enemy Baseline Security The minimal required security level The procedures to protect others Usually more is required Production Customers Legislation Risk management 1 Finding risks Threat analyses Measurements afterward Preventing procedures Analyzing risks Decision of the methods Monitoring Security incident Security in Modern Organization Security requirements are part of management The lower level in hierarchy must meet the requirements of higher level The higher level must accept the cost of security Management in each level has to make decisions in security Outsourcing Security requirements part of the service Defined in contracs Evaluation, certification Costs are part of the service Service provider has to be able to include the costs in the prize

6 Security Costs Part of normal operational costs Have to take into accounting when calculate the investents pricing products pricing services The Bell-LaPadula model Multilevel security model Several levels of confidentiality E.g. open, confidental, secret, top secret People have clearance for certain level A user may see information which is same or lower level than his clearance Information may not flow downward no read up, no write down Chinese Wall Clark-Wilson Model Practical model for companies who have to handle information from other companies which may be competitors Objects contain only information of one company All the objects of a company belong a company group The companies that are competitors forms a conflict class If a user has ever had an access to one company in the conflict class he will never be able to see information of another company in the same class Accountability model to maintain integrity Transactions must be well-formed There are constrained data items There are several steps (transformation procedures) in a transaction and these must be in certain order For each step there must be autenticated and authorized user Access triplets <user,procedure,{data 1,..., data k } The Other Protection Methods Meet the protection requirements Use several methods together Find a suitable combination for a need Keep the wall solid and high Physical Security Security domains Prevent outsiders from intruding Fences, walls Authenticate the insiders Keys, access control Alarms Intrusion detection Prevent intrusion Guards

7 Passive Protection Personnel Security Accepts insiders Background checking Prevents accidents Education Preserves motivation Personnel management Personnel lifecycle Hiring, working, firing Operational Security Job management Enough people Possibility to work in secure way Safety procedures Safe working conditions Sharing of duties Key persons Conclusion In business life security is risk management where threats are found and possible losses reduced until prevention costs rise too high The level of accepted risk is a business decision made by top management A classification is essential part of security. If the value of an asset in unkown, it can t be protected There are several protection methods, which can be combined to achieve a appropriate protection