Catálogo de publicaciones - libros

ISO/IEC 17799 is a standard governing Information Security Management. Formalised in the 1990s, it has not seen the take up of accreditations that could be expected from looking at accreditation figures for other standards such as the ISO 9000 series. This paper examines why this may be the case by investigating what has driven the accreditation under the standard in 18 UK companies, representing a fifth of companies accredited at the time of the research. An initial literature review suggests that adoption could be driven by external pressures, or simply an objective of improving operational performance and competitive performance. It points to the need to investigate the influence of Regulators and Legislators, Competitors, Trading Partners and Internal Stakeholders on the decision to seek accreditation.

An inductive analysis of the reasons behind adoption of accreditation and its subsequent benefits suggests that competitive advantage is the primary driver of adoption for many of the companies we interviewed. We also find that an important driver of adoption is that the standard enabled organisations to access best practice in Information Security Management thereby facilitating external relationships and communication with internal stakeholders. Contrary to the accepted orthodoxy and what could be expected from the literature, increased regulation and the need to comply with codes of practice are not seen as significant drivers for companies in our sample.

Data is an important asset used for various organizational activities. Poor data quality could have severe implications for information systems security in organizations. In this paper, data is viewed as embodied in the concept of signs. This paper identifies dimensions of data quality by using semiotics as a theoretical basis. We argue that the nature and scope of data quality dimensions changes as we move between different semiotic levels. An understanding of these changes is essential for ensuring information systems security.

In this paper we evaluate security methods for eXtensible Markup Language (XML) and the Resource Description Framework (RDF). We argue that existing models are insufficient to provide high assurance security for future Web-based applications. We begin with a brief overview of XML access control models, where the protection objects are identified by the XML syntax. However, these approaches are limited to handle updates and structural modifications of the XML documents. We argue that XML security methods must be based on the intended meaning of XML and the semantics of the application using XML. We identify two promising research directions to extend the XML model with semantics. The first approach incorporates traditional database concepts, like key and integrity constraints, in the XML model. The second approach aims to associate XML documents with metadata supporting Web-based applications. We propose the development of security models based on these semantics-oriented approaches to achieve high assurance. Further, we investigate the security needs of Web metadata, like RDF, RDFS, and OWL. In particular, we study the security risks of unwanted inferences and data aggregation, supported by these languages.

Information systems security has become a top priority issue for most organizations worldwide IT managers try to protect their systems through a series of technical security measures. Even though these measures can be determined through risk analysis, the appropriate amount that should be invested in Information Systems security is, by and large, determined empirically. Organizations would also wish to insure their information systems against potential security incidents. In this case both parties, namely the organization and the insurance company would be interested in calculating a fair, mutually beneficial premium. In this paper a probabilistic structure, in the form of a Markov model, is used to provide some insight into these issues.

Academic journals and trade press have explored several likely routes of malware contagion against which information security practitioners need to defend. These include traditional ‘tunnels and bridges’ that bypass the firewalled corporate perimeter, such as visitor’s laptops, VPN tunnels, encrypted & zipped email attachments, unencrypted wireless, and weak authentication. A potential threat that has not been widely documented is embedded Windows ™ based systems and appliances. Corporate networks that are otherwise highly secure often have some tens of nodes that are not generally recognized as ‘computers’, however run networkable Windows ™ operating systems (OS). These devices range from smart phones to engineering microscopes, from oscilloscopes to print stations, and many others. They may have no single owner, and frequently generic or group user accounts are established on them. They have not been purchased by the IT department and may not appear on IT’s lists of machines to patch and monitor. Vendor’s practices vary widely, with results for their customers ranging from ‘no issue’ to ‘serious risk’. This paper narrates the embedded appliance infosecurity lifecycle, to provide vendors of such systems with best-in-class precautionary measures they should take on behalf of their customers’ security, and to provide purchasers of such appliances with a checklist to enable them to select secure products. LeCroy, a leader in safe and secure Windows ™ appliance engineering, provides the reference case for best-in-class practice. Research in this field is being conducted at LeCroy and elsewhere, in August 2005, by Dr. Julia Kotlarsky of Warwick Business School, and Dr. Ilan Oshri of Erasmus.

This paper discusses employee security perception perspective. Perception is important as employee behaviour can be influenced by it. The intention is not to attempt an exhaustive literature review, but to understand the perception concept that can be used to cultivate an information security culture within an organisation. The first part highlights some of the concepts of perception. The second part interprets the employee security perception in the case study. Finally, a synthesized perspective on this perception is presented.

Current mechanisms for distributed access management are limited in their capabilities to provide federated information sharing while ensuring adequate levels of resource protection. This work presents a policy-based framework designed to address these limitations for access management in federated systems. In particular, it supports: (i) decentralized administration while preserving local autonomy, (ii) fine-grained access control while avoiding rule-explosion in the policy,(iii) credential federation through the use of interoperable protocols, with support for single sign on for federated users, (iv) specification and enforcement of semantic and contextual constraints to support integrity requirements and contractual obligations, and (v) usage control in resource provisioning through effective session management. The paper highlights the significance of our policy-based approach in comparison with related mechanisms. It also presents a system architecture of our implementation prototype.

With increasing information exchange within and between organizations, it becomes increasingly unsatisfactory to depend solely on access control to meet confidentiality and other security needs. To better support the regulation of information flow, this paper presents a release control framework founded on a logical language. Release policies can be specified in a hierarchical manner, in the sense that each user, group, division and organization can specify their own policies, and these are combined by the framework in a manner that enables flexibility within the context of management oversight and regulation. In addition, the language can be used naturally to specify associated provisions (actions that must be undertaken before the release is permitted) and obligations (actions that are agreed will be taken after the release).

This paper also addresses issues arising due to the fact that a data object can be released from one entity to another in sequence, along a release path. We show how to test whether a given release specification satisfies given constraints on the release paths it authorizes. We also show how to find the best release paths from release specifications, based on weights specified by users. The factors affecting weights include the subjects through which a path passes, as well as the provisions and obligations that must be met to authorize each step in the path.

This report describes an information security risk assessment process that accommodates uncertainty and can be applied to deployed systems as well as systems under development. An example is given for a critical infrastructure but the technique is applicable to other networks. RAPSA/MC extends the Risk Analysis and Probabilistic Survivability Assessment (RAPSA) systems-level process model with a Monte-Carlo (MC) technique capturing the uncertainty in expert estimates and illustrating its resulting impact on the model’s forecast. The forecast is presented as a probability density function enabling the security analyst to more effectively communicate security risks to financial decision makers. This approach may be particularly useful for visualizing the risk of an extreme event such as an unlikely but catastrophic exploit.

As the dependence on ICT in running organisations’ core services is increasing, so is the exposure to the associated risks due to ICT use. In order to meet organisational objectives in ICT dependent organisations, risks due to ICT insecurity need to be addressed effectively and adequately. To achieve this, organisations must have effective means for the management of ICT risks. This involves assessment of the actual exposure to ICT risks relevant to their environment and implementation of relevant countermeasures based on the assessment results. On the contrary, in most organisations, ICT security (or ICT risk management) is perceived by the top management as a technical problem. As a result, measures for ICT risk mitigation that are ultimately put in place in such organisations tend to be inadequate. Furthermore, the traditional way of managing risks by transferring them to the insurance companies is not yet working, as it is difficult to estimate the financial consequences due to ICT-related risks. There is, therefore, a need to have methods or ways which can assist in interpreting ICT risks into a financial context (senior management language) thereby creating a common understanding of ICT risks among technical people and the management within ICT-dependent organisations. With a common understanding, it would be possible to realise a coordinated approach towards ICT risk mitigation.

This paper is an attempt to investigate whether ICT risk mitigation can be enhanced using a customised software tool. A software tool for converting financial terminologies (financial risk exposure) to corresponding ICT security terminologies (countermeasures) is presented. The Estimated Maximum Information Technology Loss (EMitL) tool is investigated for its suitability as an operational tool for the above-mentioned purpose. EMitL is a tool utilised in a framework (Business Requirements on Information Technology Security - BRITS) to bridge the understanding gap between senior management and the technical personnel (when it comes to ICT risk management). This work is based on an empirical study which involved interviews and observations conducted in five non-commercial organisations in Tanzania. The study was designed to establish the state of ICT security management practice in the studied organisations.

The results of the study are being used here to investigate the applicability of the EMitL tool to address the observed state. The results from this study show that it is possible to customise EMitL into a usefully operational tool for interpreting risk exposure due to ICT into corresponding countermeasures. These results underline the need to further improve EMitL for wider use.