- Email: [email protected]
Information security assurance lifecycle research
THE JOURNAL OF CHINA UNIVERSITIES OF POSTS AND TELECOMMUNICATIONS Volume 14, Issue 4, December 2007
XI€ Cheng-shan, XUJIA Gu-yue, WANG Li
Information security assurance lifecycle research CLC number TP393.08
Document A
Abstract This article proposes that problems of information security are mainly caused by the ineffective integration of people, operation, and technology, and not merely by the poor use of technology. Based on the information lifecycle, a model of the information security assurance lifecycle is presented. The crucial parts of the model are further discussed, with the information risk value and protect level, and the solution in each step of the lifecycle is presented with an ensured information risk level, in term of the integration of people, operation, and technology. Keywords lifecycle.
information security, information risk, information
1 Introductlon As information technology has become pervasive, underpinning, and supporting almost every aspect of the organization, by manipulating and storing the information on which the organization depends for its survival, it also leaves one baffled as to how to deal with the symbiotic problems, such as virus and computer crime [ l ] . With more and more transaction data in diversified industries being stored, one important characteristic of such data is the high confidentiality. The national decision document on macroeconomics, the core code of the Software Company or the secret recipe of a medicine company is an important information asset to the organization. Without sound protection of this confidential data, the loss of it would be devastating, especially, when industry espionage occurs. In this article, the problem of information security assurance and providing a model based on this information lifecycle to protect information security, is discussed. The first step in the model is to evaluate the information security risk, and then enable each segment of risk value into different risk levels. In the following part, each step of the lifecycle’s different solutions is discussed, considering different risk levels.
Received date. 2007-01-18 XIE Cheng-ahan (: :) Srate Key Laboratory of lnformatlon Security, Beijing 1ooO38. China XUJIA Gu-yue. WANG Li School of Economy and Management, Beihang University. BeljiIIg 100083, China E-mail: x c ~ w 1 @ 1 2 6cam
Article ID
2
1005-8885 (2007) 04-0077-05
Background
Theft of information is a problem faced globally. According to the computer security institute/federal bureau investigation (CSIFBI) report about computer crime and security from 1999 to 2003, in USA, the loss of important information in companies and government institutions ranks first, with excess in the result being from virus and hacker attacks. Among these, the most serious security problem is on account of the collusion between the people inside and outside. In the same period, the national information security assess center (NISA) in China had reported that the main security problem was related to inside crime, and was not caused by virus or hackers. The Ministry of Public Security in China had reported that 70% of disclosure crime was from insiders and 80% of the organizations with high computer application lack a good security management system and a technique to safeguard it. In the computer crime and security survey report of the CSIFBI, the loss from stolen information was in third place and that from laptops or mobile equipment was in sixth place. The loss of the responders, according to the survey had increased from $19 562 in 2005 to $30 057 in 2006. The increase was about 53%, and this did not involve the unauthority access, skimming, and abusing of information. Although implementations have been made, security technology adoption is still at its infancy in China. Therefore, it is very important for Beijing, China, a country devoted to using information technology, to consider information systems security seriously, for current and future development. The information security management-specification for information security management system (BS7799) [ 21 was created in 1995, and revised in 1999, by the british standards institution (BSI), as a standard to guide the development and implementation of an information security management system. There are two parts to the standards, of which part one is the information security management code of practice (BS7799-1:1999), and part two is the information security management system (ISMS, BS7799-2: 1999). BS7799-I : 1999 is used as a source of guidance for the selection and implementation of the BS7799-2:1999. The standard in BS7799-1 facilitates the trade-off between companies. The companies involved in e-business are benefitted from this standard, with
78
The Journal of CHUPT
the credit of information sharing. The use of BS7799-2: 1999 has established the requirement for the foundation and implementation of the documental information security system and the demand for a certification option in information security treats. Part two is now recognized under the international organization for standardization (ISO) as, IS0 17999 In]. It is true that most of the information security solutions are implemented from the technology angle. However, the technology method cannot solve the foundation problems o r the complex ones, as it has a weakness of its own. It is true that security solutions, such as, the firewall, examination of infect, and antivirus solutions can find some intrusion attack and stop it. Nevertheless there are so many new means of attacks accompanying technology development. Similarly, the subjective factors such as the person and collaboration between the technique and operation in the information security assurance are ignored by researchers. As China has initiated information security just for a short period of time, there are no well-established systems, and therefore it lacks the collaboration between system and technology. It would be impossible to solve the security problem without sorting out all the resources and technologies. Meanwhile, the law and rules of information security in China is distemperedness. The lack of experts in information security, investment in information security, and a low level of information consciousness are all problems for the deployment of information security.
8 Tho lntonnatbn secudty assurance IHbydo model John McCumber 141 described a comprehensive model of information system security in the 14th national computer security
Fig. 2
2007
conference (Fig. I). The model explains the use of different technologies to support information security and the assurance of basic information characteristics in each period of the information lifecycle. W. Victor Maconachy extended McCumber’s model with the information lifecycle factors in 2001 [ 5 ] .
Fig. 1 McCumber’s information security model
On the basis of McCumber’s information security assurance model, the authors have proposed a security assurance model related to the information lifecycle. They have extended the three basic characteristics in Mc Cumber’s model to five. These are confidentiality, integrity, availability, controllability, and undenability. The lifecycle of information is divided into creation, operation, transition, storage, and deletion. The value of information changes with time. There is no doubt that there are security problems in information, and value and information security protection are important to every organization. After considering the complex information security assurance problem, the new model focuses on the problem of how to prevent important information being lost from the organization (Fig. 2 ) .
The information security assurance lifecycle model
No. 4
XIE Cheng-shan, et al.: Information security assurance lifecycle research
4 The risk of the lnformatlon asset On the basis of the model, the importance of the influence of the asset to the commercial value and administration is more important than the surface value of the asset. The loss of such an asset usually causes latent commercial and administration problems directly or indirectly, such as. interruption of business, loss of funds and market sharing, and harm to the company‘s appearance. given that. it is important to build a standard to assess the asset risk. to ensure consistency and veracity in the process. 4.1 The value of information
In the model. each of the characters of information security is given a different value to different standard levels (Table 1). Table 1
The i n t o r m a t i o n characters level
Num
CoNF
I
’& ope” Low
2
3
Confidential
saw
TOP
Middle
High
Very high
INIF.
Open Ignorable
AVAl
Ignorable
Low
Middle
High
COhT
Ignorable
Low
Middle
High
CNDE
Ignorable
Imv
Middle
High
4 secret
2;
:rl
lrri
The information asset value can be calculated as follows:
I , =log, f ( x ) where information value is I , , confidentiality i s C , , integrity i s INT, availability i s A \ , , controllability i s CNT.undeniability is
UDEand
f ( x ) = 2 C, i 2 lv, i 2 A,, i 2 C,,. i 2 U,,, 5 4.2 The risk value of information Risk of information is a function of the probability of a given threat-source’s exercising a particular potential vulnerability, and the resulting impact of that adverse event on the organization. Treat might be related to events or circumstances that can damage the IT system, such as, computer viruses, information theft. data mortification or unauthorized disclosure of
information. There are three types of threats: Natural Floods, earthquakes. tornados, and so on. Human Unintentional (incorrect data entry or accidental deletion of data) and intentional (denial of service attack, installing malicious software) Environmental Power failures, hazardous material spill, ans so on. The threat is calculated based on the probability that a certain threat will happen and the level of impact should the treat successfully happen. The likelihood (Lt) ranges from 1 to 100% in five levels: Infrequency (0-1 %), impossible (<20%), possible (20-SO%), very possible (50-9070), and confirmed (>90%). The level of impact of the threat (Lolt) ranges in five levels: ignorable, low, middle, high, and very high 161. Vulnerability i s a flaw or weakness in system security procedures, design, implementation or internal controls that can be exploited by a threat, and result in misuse or abuse of information. Vulnerability can be identified by reviewing the vulnerability source and performing security assessments. Vulnerability also determines the probability that the attacker i s successful in picking up the information asset. Vulnerability is inherent, and will not intrigue the damage itself without a threat. This model provides two primary factors that drive vulnerability; threat capability (TC) and control strength (CS). Threat capability is the probable level of force that a threat is capable of applying against an information asset. Control strength is the strength of a control as compared to a baseline measure of force. Both the threat capability to vulnerability and the control strength range in five levels: ignorable. low, middle, high, and very high. The risk value of the information security can be calculated using the following formula [ 7 ] : R,= I, L, L,, T, C, where R, is risk value; L, is liklihood; L,, is level of impact of the thread; T, is threat capability and C, is control strength. From the formula, the risk level, in terms of quantity, can be divided into four different segments. In each segment the proposed solution to the information security is different with the risk impact (Table 2).
Table 2 The risk value segment Value
Sign
Meanine
128-256
C
Cntical nsk
64-I27
H
High nak
4-63
M
Medium nsk
0-3
L
Low nTk
Proaosal Need to deal w i t h immediately: Avoid? Transfer’! Reduce’? The senior management should pay attention 10. Avoid? Transfer” Reduce? Aniculate the reTponse: Avoid? Transfer? Reduce” Using the common way to solve: Avoid’?Transfer” Reduce’’
Remark: The detailed information about the asset is required.
79
The Journal of CHUPT
80
4.3 The level of the information security protectlon
Finally to evaluate the risk in the information security, different protection levels are given to the information, according to different risk solutions. With the solution and tactics, the information security would be saved more logically and the investment in the solution would be efficient as well IS]. There is a matrix table to calculate the protect levels for information protection (Table 3). Table 3 The risk protection level Value
0
0 I
0
2 3
0
4
0
0 0
5 The lntonnatlon wlth rlsk level.
1 0
I I 1 I
Risk 2 0 I 2 2
3 0 2 2
4
3
4
7
4
4
0 2 3
assurance Ilfecycle
To maintain information security in different steps of the information lifecycle, each step needs different solutions to protect the information. As for keeping the confidentiality, integrity, controllability, availability, and undeniability in each step, the solution should perform well to prevent information security accidents, such as, crossing-infection, theft, and so on. In the whole lifecycle, all the actions on the information should be recorded for reviewing purposes [ 9 ] .
5.1 Creatlon In the first step, the protect level of information is obtained by calculating the risk level of information. The protect level can indicate the requirement to the location of information publication, the presenters of the information publication, the time of publication, and the limited scope of usage. The information flow direction should be refined with the protect level as well. Any over-position action should be forbidden. Moreover, the user’s right to the information should be confirmed at the very beginning, such as, how many times each user can use the information. The data signature and data encrypt should be enabled to protect the confidentiality and undeniability. The restriction of the data integrity should be decided at the very beginning, to ensure that the data would not be rewritten in the whole lifecycle. To identify every bit of new information it should be better traced using the following steps. 5.2 Operation
In the operation process, identification of user information
2007
and authority would ensure confidentiality and undeniability of the information. Only the user with authority should use the information, to test the integrity of the information and to ensure that the information is the original one. Once the users access the data through the check point, an effective way to encipher and decode the information to the users is also important, for information availability. Similarly, protection when users explore the information is important, such as, the deletion policy when the information is used out of line. After decoding, the protection should disable some wrong operations out of the protection level, such as, the rewriting, saving as, printing, copying, and so on. 5.3
Exchange
In the exchange process, the information should be encrypted when it is being exchanged and decoded when the users receive the information confidentially. A integration test should be present, both at the beginning of the encrypting and at the end of the decoding, to ensure the integrity of the information. 5.4
Storage
In the storage process, all the stored data should be encrypted and only the accredited program or users should visit the data. The saving time is limited. Once it expires, the information should be deleted automatically. The important information should be in a backup, given that the information would be destroyed and not be reverted to. There should be an effective method and program to meet the disaster of information being destroyed, to ensure the availability of information. 5.5
Deletion
In the deletion process, the way to delete information should be irreversible. The mechanism of the deletion should be well established both in automatic and manmade modes. As for the problem where the information should be deleted, the location and the person involved should have good control, to ensure that the information can be deleted safely. 5.6 Three factors In the model
There are three important factors involved in the whole process of the lifecycle of the model: people, technology, and operation. Information security cannot be carried out only with technology. The impact of a person is more important for information security. A number of information crimes are because of people’s operations. The integration of the three factors would benefit in preventing theft and cross infection of
No. 4
XIE Cheng-shan, et al.: Information security assurance lifecycle research
information and enable organizations to manage information security efficiently.
6 Typlcal deployment The product applies to the mainstream three-layer management structure design of command/services/agencies (C/S/A), which includes three parts, the management console, server side, and client side. The management console can manage and configure the server locally/remotely. The server is mainly responsible for collecting the event logs and providing the security policy to the client’s side. The client’s side provides the operational interface of the whole information process, and ensures the execution of the security policy.
7 Concludons and future work As there is growing importance for information in the economy, life, and development of society, information security is surely the key problem in the informational process. The information security assurance lifecycle model and the solution in each step of the lifecycle in this article would deeply benefit from the development of information economy, and form a reference to the better using of information technology. In future, the study about the lifecycle model would be extended in two parts. The investigation about the three factors in the information security, especially, the people, needs more statistical data to support the mechanism. Both the information flow in the lifecycle and the information chain management in the security affairs are the next steps of research in the model. These would be accomplished with empirical research and case study.
81
model. Proceedings 14th National Computer Security Conference, Oct 1-4, 1991, Washington, DC, USA. New York, NY, USA: ACM, 1991: 124-129 5 . Maconachy W V, Schou C D, Ragsdale D, et al. A model for information security assurance: An integrated appmach. Proaxdings of the 2001 IEEE Workshop on Information Security Assurance and Security,Jun 5-6,2001, West Point, NY, USA. 2001: 306-310 6. Li Ling-juan, Shen Ling-tong. An improved multilevel fuzzy performance comprehensive evaluation algorithm for security The Journal of China Universities of Posts and Telecommunications, 2006, 13(4):48-53 7. Tang Guang-hua, Tian Tian, Hao Bin. A study on the incremental value-relevance of fundamental information. The Transaction of Zhongshan University: Social Science Edition, 2006, 46 (2): 105-109 (in Chinese) 8. Chen Bing, Wang Li-song. Research on architecture of network security. Computer Engineering and Application, 2002, 38 (7): 138-140 (in Chinese) 9. Su Xiang, Zheng Jian-ming, Wu Pei. Research on information life cycle management. Information Science, 2006.24 (5): 691-696 (in Chinee)
Biographies: XIE Cheng-shan, from Ministry of Information Industry, senior engineer, Post Doctor of State Key Laboratory of Information Security, interested in the research on information security.
XUJIA Gu-yue, School of Economic and Management, Beihang University, master, interested in the research on information system, knowledge management.
References I. Wang L, Liu L, You W J. Knowledge portal construction and resources integration for hydropower corporation. Proceedings of 1st IFIP International Conference on Research and Practical Issues of Enterprise Information Systems, Apr, 2006, Vienna, Austria, 2006: 53 1-540 2. BS7799. Information security management specification for information security management systems. 1999 3. ISOflCE17799. Information technology-code of practice for information security management. 2000 4. McCumber J. Information systems security: a comprehensive
WANG Li, School of Economic and Management, Beihang University, Ph. D. post doctor, interested in the research on DSS, knowledge management.
XI€ Cheng-shan, XUJIA Gu-yue, WANG Li
Information security assurance lifecycle research CLC number TP393.08
Document A
Abstract This article proposes that problems of information security are mainly caused by the ineffective integration of people, operation, and technology, and not merely by the poor use of technology. Based on the information lifecycle, a model of the information security assurance lifecycle is presented. The crucial parts of the model are further discussed, with the information risk value and protect level, and the solution in each step of the lifecycle is presented with an ensured information risk level, in term of the integration of people, operation, and technology. Keywords lifecycle.
information security, information risk, information
1 Introductlon As information technology has become pervasive, underpinning, and supporting almost every aspect of the organization, by manipulating and storing the information on which the organization depends for its survival, it also leaves one baffled as to how to deal with the symbiotic problems, such as virus and computer crime [ l ] . With more and more transaction data in diversified industries being stored, one important characteristic of such data is the high confidentiality. The national decision document on macroeconomics, the core code of the Software Company or the secret recipe of a medicine company is an important information asset to the organization. Without sound protection of this confidential data, the loss of it would be devastating, especially, when industry espionage occurs. In this article, the problem of information security assurance and providing a model based on this information lifecycle to protect information security, is discussed. The first step in the model is to evaluate the information security risk, and then enable each segment of risk value into different risk levels. In the following part, each step of the lifecycle’s different solutions is discussed, considering different risk levels.
Received date. 2007-01-18 XIE Cheng-ahan (: :) Srate Key Laboratory of lnformatlon Security, Beijing 1ooO38. China XUJIA Gu-yue. WANG Li School of Economy and Management, Beihang University. BeljiIIg 100083, China E-mail: x c ~ w 1 @ 1 2 6cam
Article ID
2
1005-8885 (2007) 04-0077-05
Background
Theft of information is a problem faced globally. According to the computer security institute/federal bureau investigation (CSIFBI) report about computer crime and security from 1999 to 2003, in USA, the loss of important information in companies and government institutions ranks first, with excess in the result being from virus and hacker attacks. Among these, the most serious security problem is on account of the collusion between the people inside and outside. In the same period, the national information security assess center (NISA) in China had reported that the main security problem was related to inside crime, and was not caused by virus or hackers. The Ministry of Public Security in China had reported that 70% of disclosure crime was from insiders and 80% of the organizations with high computer application lack a good security management system and a technique to safeguard it. In the computer crime and security survey report of the CSIFBI, the loss from stolen information was in third place and that from laptops or mobile equipment was in sixth place. The loss of the responders, according to the survey had increased from $19 562 in 2005 to $30 057 in 2006. The increase was about 53%, and this did not involve the unauthority access, skimming, and abusing of information. Although implementations have been made, security technology adoption is still at its infancy in China. Therefore, it is very important for Beijing, China, a country devoted to using information technology, to consider information systems security seriously, for current and future development. The information security management-specification for information security management system (BS7799) [ 21 was created in 1995, and revised in 1999, by the british standards institution (BSI), as a standard to guide the development and implementation of an information security management system. There are two parts to the standards, of which part one is the information security management code of practice (BS7799-1:1999), and part two is the information security management system (ISMS, BS7799-2: 1999). BS7799-I : 1999 is used as a source of guidance for the selection and implementation of the BS7799-2:1999. The standard in BS7799-1 facilitates the trade-off between companies. The companies involved in e-business are benefitted from this standard, with
78
The Journal of CHUPT
the credit of information sharing. The use of BS7799-2: 1999 has established the requirement for the foundation and implementation of the documental information security system and the demand for a certification option in information security treats. Part two is now recognized under the international organization for standardization (ISO) as, IS0 17999 In]. It is true that most of the information security solutions are implemented from the technology angle. However, the technology method cannot solve the foundation problems o r the complex ones, as it has a weakness of its own. It is true that security solutions, such as, the firewall, examination of infect, and antivirus solutions can find some intrusion attack and stop it. Nevertheless there are so many new means of attacks accompanying technology development. Similarly, the subjective factors such as the person and collaboration between the technique and operation in the information security assurance are ignored by researchers. As China has initiated information security just for a short period of time, there are no well-established systems, and therefore it lacks the collaboration between system and technology. It would be impossible to solve the security problem without sorting out all the resources and technologies. Meanwhile, the law and rules of information security in China is distemperedness. The lack of experts in information security, investment in information security, and a low level of information consciousness are all problems for the deployment of information security.
8 Tho lntonnatbn secudty assurance IHbydo model John McCumber 141 described a comprehensive model of information system security in the 14th national computer security
Fig. 2
2007
conference (Fig. I). The model explains the use of different technologies to support information security and the assurance of basic information characteristics in each period of the information lifecycle. W. Victor Maconachy extended McCumber’s model with the information lifecycle factors in 2001 [ 5 ] .
Fig. 1 McCumber’s information security model
On the basis of McCumber’s information security assurance model, the authors have proposed a security assurance model related to the information lifecycle. They have extended the three basic characteristics in Mc Cumber’s model to five. These are confidentiality, integrity, availability, controllability, and undenability. The lifecycle of information is divided into creation, operation, transition, storage, and deletion. The value of information changes with time. There is no doubt that there are security problems in information, and value and information security protection are important to every organization. After considering the complex information security assurance problem, the new model focuses on the problem of how to prevent important information being lost from the organization (Fig. 2 ) .
The information security assurance lifecycle model
No. 4
XIE Cheng-shan, et al.: Information security assurance lifecycle research
4 The risk of the lnformatlon asset On the basis of the model, the importance of the influence of the asset to the commercial value and administration is more important than the surface value of the asset. The loss of such an asset usually causes latent commercial and administration problems directly or indirectly, such as. interruption of business, loss of funds and market sharing, and harm to the company‘s appearance. given that. it is important to build a standard to assess the asset risk. to ensure consistency and veracity in the process. 4.1 The value of information
In the model. each of the characters of information security is given a different value to different standard levels (Table 1). Table 1
The i n t o r m a t i o n characters level
Num
CoNF
I
’& ope” Low
2
3
Confidential
saw
TOP
Middle
High
Very high
INIF.
Open Ignorable
AVAl
Ignorable
Low
Middle
High
COhT
Ignorable
Low
Middle
High
CNDE
Ignorable
Imv
Middle
High
4 secret
2;
:rl
lrri
The information asset value can be calculated as follows:
I , =log, f ( x ) where information value is I , , confidentiality i s C , , integrity i s INT, availability i s A \ , , controllability i s CNT.undeniability is
UDEand
f ( x ) = 2 C, i 2 lv, i 2 A,, i 2 C,,. i 2 U,,, 5 4.2 The risk value of information Risk of information is a function of the probability of a given threat-source’s exercising a particular potential vulnerability, and the resulting impact of that adverse event on the organization. Treat might be related to events or circumstances that can damage the IT system, such as, computer viruses, information theft. data mortification or unauthorized disclosure of
information. There are three types of threats: Natural Floods, earthquakes. tornados, and so on. Human Unintentional (incorrect data entry or accidental deletion of data) and intentional (denial of service attack, installing malicious software) Environmental Power failures, hazardous material spill, ans so on. The threat is calculated based on the probability that a certain threat will happen and the level of impact should the treat successfully happen. The likelihood (Lt) ranges from 1 to 100% in five levels: Infrequency (0-1 %), impossible (<20%), possible (20-SO%), very possible (50-9070), and confirmed (>90%). The level of impact of the threat (Lolt) ranges in five levels: ignorable, low, middle, high, and very high 161. Vulnerability i s a flaw or weakness in system security procedures, design, implementation or internal controls that can be exploited by a threat, and result in misuse or abuse of information. Vulnerability can be identified by reviewing the vulnerability source and performing security assessments. Vulnerability also determines the probability that the attacker i s successful in picking up the information asset. Vulnerability is inherent, and will not intrigue the damage itself without a threat. This model provides two primary factors that drive vulnerability; threat capability (TC) and control strength (CS). Threat capability is the probable level of force that a threat is capable of applying against an information asset. Control strength is the strength of a control as compared to a baseline measure of force. Both the threat capability to vulnerability and the control strength range in five levels: ignorable. low, middle, high, and very high. The risk value of the information security can be calculated using the following formula [ 7 ] : R,= I, L, L,, T, C, where R, is risk value; L, is liklihood; L,, is level of impact of the thread; T, is threat capability and C, is control strength. From the formula, the risk level, in terms of quantity, can be divided into four different segments. In each segment the proposed solution to the information security is different with the risk impact (Table 2).
Table 2 The risk value segment Value
Sign
Meanine
128-256
C
Cntical nsk
64-I27
H
High nak
4-63
M
Medium nsk
0-3
L
Low nTk
Proaosal Need to deal w i t h immediately: Avoid? Transfer’! Reduce’? The senior management should pay attention 10. Avoid? Transfer” Reduce? Aniculate the reTponse: Avoid? Transfer? Reduce” Using the common way to solve: Avoid’?Transfer” Reduce’’
Remark: The detailed information about the asset is required.
79
The Journal of CHUPT
80
4.3 The level of the information security protectlon
Finally to evaluate the risk in the information security, different protection levels are given to the information, according to different risk solutions. With the solution and tactics, the information security would be saved more logically and the investment in the solution would be efficient as well IS]. There is a matrix table to calculate the protect levels for information protection (Table 3). Table 3 The risk protection level Value
0
0 I
0
2 3
0
4
0
0 0
5 The lntonnatlon wlth rlsk level.
1 0
I I 1 I
Risk 2 0 I 2 2
3 0 2 2
4
3
4
7
4
4
0 2 3
assurance Ilfecycle
To maintain information security in different steps of the information lifecycle, each step needs different solutions to protect the information. As for keeping the confidentiality, integrity, controllability, availability, and undeniability in each step, the solution should perform well to prevent information security accidents, such as, crossing-infection, theft, and so on. In the whole lifecycle, all the actions on the information should be recorded for reviewing purposes [ 9 ] .
5.1 Creatlon In the first step, the protect level of information is obtained by calculating the risk level of information. The protect level can indicate the requirement to the location of information publication, the presenters of the information publication, the time of publication, and the limited scope of usage. The information flow direction should be refined with the protect level as well. Any over-position action should be forbidden. Moreover, the user’s right to the information should be confirmed at the very beginning, such as, how many times each user can use the information. The data signature and data encrypt should be enabled to protect the confidentiality and undeniability. The restriction of the data integrity should be decided at the very beginning, to ensure that the data would not be rewritten in the whole lifecycle. To identify every bit of new information it should be better traced using the following steps. 5.2 Operation
In the operation process, identification of user information
2007
and authority would ensure confidentiality and undeniability of the information. Only the user with authority should use the information, to test the integrity of the information and to ensure that the information is the original one. Once the users access the data through the check point, an effective way to encipher and decode the information to the users is also important, for information availability. Similarly, protection when users explore the information is important, such as, the deletion policy when the information is used out of line. After decoding, the protection should disable some wrong operations out of the protection level, such as, the rewriting, saving as, printing, copying, and so on. 5.3
Exchange
In the exchange process, the information should be encrypted when it is being exchanged and decoded when the users receive the information confidentially. A integration test should be present, both at the beginning of the encrypting and at the end of the decoding, to ensure the integrity of the information. 5.4
Storage
In the storage process, all the stored data should be encrypted and only the accredited program or users should visit the data. The saving time is limited. Once it expires, the information should be deleted automatically. The important information should be in a backup, given that the information would be destroyed and not be reverted to. There should be an effective method and program to meet the disaster of information being destroyed, to ensure the availability of information. 5.5
Deletion
In the deletion process, the way to delete information should be irreversible. The mechanism of the deletion should be well established both in automatic and manmade modes. As for the problem where the information should be deleted, the location and the person involved should have good control, to ensure that the information can be deleted safely. 5.6 Three factors In the model
There are three important factors involved in the whole process of the lifecycle of the model: people, technology, and operation. Information security cannot be carried out only with technology. The impact of a person is more important for information security. A number of information crimes are because of people’s operations. The integration of the three factors would benefit in preventing theft and cross infection of
No. 4
XIE Cheng-shan, et al.: Information security assurance lifecycle research
information and enable organizations to manage information security efficiently.
6 Typlcal deployment The product applies to the mainstream three-layer management structure design of command/services/agencies (C/S/A), which includes three parts, the management console, server side, and client side. The management console can manage and configure the server locally/remotely. The server is mainly responsible for collecting the event logs and providing the security policy to the client’s side. The client’s side provides the operational interface of the whole information process, and ensures the execution of the security policy.
7 Concludons and future work As there is growing importance for information in the economy, life, and development of society, information security is surely the key problem in the informational process. The information security assurance lifecycle model and the solution in each step of the lifecycle in this article would deeply benefit from the development of information economy, and form a reference to the better using of information technology. In future, the study about the lifecycle model would be extended in two parts. The investigation about the three factors in the information security, especially, the people, needs more statistical data to support the mechanism. Both the information flow in the lifecycle and the information chain management in the security affairs are the next steps of research in the model. These would be accomplished with empirical research and case study.
81
model. Proceedings 14th National Computer Security Conference, Oct 1-4, 1991, Washington, DC, USA. New York, NY, USA: ACM, 1991: 124-129 5 . Maconachy W V, Schou C D, Ragsdale D, et al. A model for information security assurance: An integrated appmach. Proaxdings of the 2001 IEEE Workshop on Information Security Assurance and Security,Jun 5-6,2001, West Point, NY, USA. 2001: 306-310 6. Li Ling-juan, Shen Ling-tong. An improved multilevel fuzzy performance comprehensive evaluation algorithm for security The Journal of China Universities of Posts and Telecommunications, 2006, 13(4):48-53 7. Tang Guang-hua, Tian Tian, Hao Bin. A study on the incremental value-relevance of fundamental information. The Transaction of Zhongshan University: Social Science Edition, 2006, 46 (2): 105-109 (in Chinese) 8. Chen Bing, Wang Li-song. Research on architecture of network security. Computer Engineering and Application, 2002, 38 (7): 138-140 (in Chinese) 9. Su Xiang, Zheng Jian-ming, Wu Pei. Research on information life cycle management. Information Science, 2006.24 (5): 691-696 (in Chinee)
Biographies: XIE Cheng-shan, from Ministry of Information Industry, senior engineer, Post Doctor of State Key Laboratory of Information Security, interested in the research on information security.
XUJIA Gu-yue, School of Economic and Management, Beihang University, master, interested in the research on information system, knowledge management.
References I. Wang L, Liu L, You W J. Knowledge portal construction and resources integration for hydropower corporation. Proceedings of 1st IFIP International Conference on Research and Practical Issues of Enterprise Information Systems, Apr, 2006, Vienna, Austria, 2006: 53 1-540 2. BS7799. Information security management specification for information security management systems. 1999 3. ISOflCE17799. Information technology-code of practice for information security management. 2000 4. McCumber J. Information systems security: a comprehensive
WANG Li, School of Economic and Management, Beihang University, Ph. D. post doctor, interested in the research on DSS, knowledge management.