Security Assurance Evaluation and IT Systems’ Context of Use Security Criticality

Security Assurance Evaluation and IT Systems’ Context of Use Security Criticality

Moussa Ouedraogo (Public Research Center Henri Tudor, Luxembourg), Haralambos Mouratidis (University of East London, England), Eric Dubois (Public Research Center Henri Tudor, Luxembourg) and Djamel Khadraoui (Public Research Center Henri Tudor, Luxembourg)
Copyright: © 2011 |Pages: 23
DOI: 10.4018/jhcr.2011100104
OnDemand PDF Download:
$30.00
List Price: $37.50

Abstract

Today’s IT systems are ubiquitous and take the form of small portable devices, to the convenience of the users. However, the reliance on this technology is increasing faster than the ability to deal with the simultaneously increasing threats to information security. This paper proposes metrics and a methodology for the evaluation of operational systems security assurance that take into account the measurement of security correctness of a safeguarding measure and the analysis of the security criticality of the context in which the system is operating (i.e., where is the system used and/or what for?). In that perspective, the paper also proposes a novel classification scheme for elucidating the security criticality level of an IT system. The advantage of this approach lies in the fact that the assurance level fluctuation based on the correctness of deployed security measures and the criticality of the context of use of the IT system or device, could provide guidance to users without security background on what activities they may or may not perform under certain circumstances. This work is illustrated with an application based on the case study of a Domain Name Server (DNS).
Article Preview

Introduction

Evolution is an inherent characteristic of IT systems. IT systems’ models are made to evolve depending on the context, either because of new business or users requirements or owing to changes in the system operating environment (new threats for instance). However, as it is well known, different contexts may harbor different risks and eventually call for different security requirements.

The list of recent, high profile security breaches is daunting; headlines have exposed major leaks among the largest organizations, resulting in loss of customer trust, potential fines and lawsuits (Le Grand, 2005). Vulnerable systems pose a serious risk to successful business operations, so managing that risk is therefore a necessary board-level and executive-level concern. Executives must ensure appropriate steps are being taken to audit and address IT flaws that may leave critical systems open to attack (Le Grand, 2005). As revealed by a study conducted by Wool (2004) on firewall configurations, a common but sometimes overlooked source of IT risks for large distributed and open IS is improper deployment of security measures after a Risk Assessment has been completed. The term security measure within the paper refers security controls. In fact, risk countermeasures may be properly elucidated at Risk Assessment but their actual deployment may be less impressive or unidentified hazards in the system environment may render them less effective. How good, for instance, is a fortified door if the owner, inadvertently, leaves it unlocked? Or considering a more technical example, how relevant is a firewall for a critical system linked to the Internet if it is configured to allow any incoming connections? Therefore, monitoring and reporting on the security status or posture of IT systems can be carried out to determine compliance with security requirements (Jansen, 2009) and to get assurance as to their ability to adequately protect system assets. This remains one of the fundamental tasks of security assurance, which is here defined as the ground for confidence on deployed security measures to meet their objectives. To that extent, our understanding of security assurance is in line with the Common Criteria’s definition of assurance (Common Criteria Sponsoring Organizations, 2006). Unfortunately most of what has been written so far about security assurance is definitional. Published literatures either aim at providing guidelines for identifying metrics example (Vaughn et al., 2002; Seddigh et al., 2004; Savola, 2007), without providing indications on how to combine them into quantitative or qualitative indicators that are important for a meaningful understanding of the security posture of an IT component; target end products (example of the Common criteria Common Criteria Sponsoring Organizations, 2006) or the software development stage (example of assurance cases Strunk & Knight, 2006; UMLSec, Jürjens, 2005; Secure Tropos, Mouratidis & Giorgini, 2007).

Complete Article List

Search this Journal:
Reset
Open Access Articles: Forthcoming
Volume 8: 4 Issues (2017): 2 Released, 2 Forthcoming
Volume 7: 4 Issues (2016)
Volume 6: 4 Issues (2015)
Volume 5: 4 Issues (2014)
Volume 4: 4 Issues (2013)
Volume 3: 4 Issues (2012)
Volume 2: 4 Issues (2011)
Volume 1: 4 Issues (2010)
View Complete Journal Contents Listing