Abstract
The importance of personal data and managing them is increasing worldwide. However first, one must be able to distinguish between data, information, and knowledge, before one turns to protecting them. Furthermore, it must be considered that, in open systems, security is a relative term and can be characterized only with the term risk. This suggests that security is not a state in open and dynamic systems but can only be maintained on a pre-defined level (conservation status) with a security management system. Data privacy therefore requires security management systems to ensure sustainable protection at a previously defined level. Pure guidelines and policies are just not sufficient for the protection of data in open systems, as is typical in companies.
TopIntroduction: Thinking In Systems
This contribution can be classified thematically to the field of Security Engineering. This assignment is based on both computer science and engineering alike. For this assignment, Ross Anderson provided an apt definition in his eponymous book.
Security Engineering is about building systems to remain dependable in the face of malice, error, or mischance. As a discipline, it focuses on the tools, processes, and method needed to design, implement, and test complete systems, and to adapt existing systems as their environment evolves (Anderson, 2008).
From the view of R. Anderson (2008), four interacting components are addressed, which are illustrated in Figure 1. Firstly, a policy is postulated that describes what can be achieved. On the other hand, so-called mechanisms are required in response to this that is necessary to enforce the policy. This could, for example, be cryptographic protocols, access configuration and access arrangements, tamper-resistant hardware, etc.
Figure 1. Security engineering framework based on policies
The third component is the assurance in these mechanisms, according to Anderson (2008), or the security, which is provided, by these mechanisms and the last component is addressed by the incentives. He considers the incentives from two perspectives. Firstly, from the perspective of the persons who want to protect themselves and secondly the group of people who try to circumvent these mechanisms in an unauthorized manner.
It is an interactive system, as illustrated by the cross-references (arrows) between the components.
A significant disadvantage of policies becomes apparent if they alone are used to secure the value chain of a company. This disadvantage is that the policies do not provide feedback about their effects. Especially in an open system such as a company, this lack of response has proved to be a disadvantage.
To assess the overall security of a company, it is invaluable to obtain feedback on security status, for only then can an adequate response be generated if necessary. As a suitable method for complete protection of a company, standardized management systems based on systems theory have become the established practice. Based on the desire for complete security, for example in terms of the value chain, a universal framework for a risk-oriented management system can be outlined.
The framework is illustrated in Figure 2 based on the concept of systems theory. It is dominated by adjustments in response to perturbations (deviations) and shows policies and procedures as the dependent variables of the control loop. A disturbance will, in most cases, affect the value chain of the company. This point of view is aligned with overall enterprise security rather than with individual components.
Figure 2.
Security engineering system framework
Key Terms in this Chapter
Systems Theory: Control circuits for technical systems in the context of systems theory. The concept of the signal, which can be time-continuous or non-time-continuous, and the concept of the system are fundamental in system theory. A signal is a rough representation of a piece of information.
Policies: A policy is an axiomatic description, according to Bishop’s view, of how a secure state can be achieved from an unsecured state.
Tradeoff: In this article, the effectiveness and the efficiency are proposed as substitute-sizes. It is defined a suitable, measurable KPI for every size. But the effectiveness and the economic efficiency are contradicting and constitute a trade-off. This trade-off can be interpreted as a knapsack problem. However, as a solution of this combinatorial optimization problem we propose a special branch and bounding algorithm.
Control Systems: Linear control loops, as well as socio-technical control loops both follow the general requirements and specifications of control systems. In open systems, it is more conducive to act contrary to a control system and risk-oriented management system to effectively and efficiently achieve a planned level of security.
Target Function: We derive a target function to define the requirements for a second-order management system based on the properties of effectiveness and efficiency.
Management Systems: Management systems follow the classical idea of the disturbance and system theory, which is an integral part of the engineering sciences. Disturbances, or better, a risk of a disturbance in terms of IT/Inf. security refers to any possible interference of the value chain of a company and the goal is to compensate for this possible disturbance through a preventive action.