Fig 3
Source publication
In the paper we propose the conceptual modeling
of information systems within the framework of contemporary
information security policies. The paper presents the basic
characteristics and requirements of contemporary information
security policies with regard to the similarities of approach
among different sectors of society and with regard to the
d...
Contexts in source publication
Context 1
... policy of an organizational entity, and all the elements that influence on that entity and its policy. The system comprises of different segments of the information security policies that we call subsystems. IV. T AXONOMY D EVELOPMENT The hierarchical taxonomy of the information security policy domain is elaborated according to [4], and it is based on the contemporary requirements and restrictions in the handling of different information categories that are necessary both in the government and in the private sector. The taxonomy is treated as the classification schema used for structuring the knowledge in this domain. The elaboration of the taxonomy is done based on the analysis of logical relations among different terms, as well as based on the best practices available in government sector, international organizations, and within some international and national standardization processes. The taxonomy is elaborated with a view to allow future extensions, especially in the executive part of the model shown in Fig. 2. In this paper we present the part of the taxonomy that is related with information systems. The taxonomy is a good base for the definition of common terminology in this multidisciplinary area of information security policy. The requirements imposed on the selection of terms within the domain of interest are used according to [26]: 1) Mutually exclusive categories that do not overlap; 2) Exhaustive categories including all possibilities; 3) Unambiguous and clear categories; 4) Repeatability; 5) Logical and intuitive acceptability; 6) Usefulness for the field of interest. The structure of the taxonomy is elaborated following these requirements and it is divided into subsystems shown in Fig. 2 (right-hand side). This paper is limited to the overview of the research results within the part of taxonomy that deals with the information system conceptualization. Hierarchical taxonomy is transformed into tabular view of the concepts and subconcepts in order to facilitate the elaboration of taxonomy terms into model concepts. Model concepts have to be recognized both as the categorization and as the mutual relationships of the domain terms. In this way the first part of the recognition of the basic relations among the domain terms is done. These are the groups of the relations of the type such as “is - a” (generalization), “consists - of” (composition), and “contains” (aggregation). One of the problems in the conceptualization of a model is the use of appropriate tools [25]. Considering the complex and very heterogeneous domain of information security policy we propose the use of standard graphical notation of Unified Modelling Language (UML) [27]. Similar approach is recommended in [28], but with the difference in using modified UML elements. UML comply with the ontology requirements in the sense of class definition and relation notation. UML graphical notation facilitates visualization and understanding of the model and the modelling approach used in this paper. V. C ONCEPTUAL M ODELING OF I NFORMATION S YSTEMS The model in Fig. 2 consists of a number of subsystems derived from the hierarchical taxonomy of information security policy domain. The modeling goal is further elaboration of relations among the taxonomy terms in order to develop modular ontology as the model, actually meta-model for the development of different information security policy models. The selection of the model concepts depends on the requirements of the global environment (national and international) in the specific case. The instances of the selected concepts will depend on the implementation requirements in the local environment and they will form the local policy of certain legal entity. In the global environment we primarily manipulate with the information and we primarily differentiate the concept of information type and the level of secrecy of information. In the local environment we primarily manipulate with the information security criteria and the goals of information security. Based on them the security mechanisms and the security controls are selected in order to achieve these goals and criteria. In Fig. 2 this part of information definition and information security criteria is marked as interface between the global (external) and the local (internal) environment. Persons and information systems also depend on the same key criteria (integrity and availability). Additionally, persons have to satisfy the requirements for accessing an information system (confidentiality), and both the persons and the information systems have to satisfy the physical security requirements. The same apply when certain types of information are handled by a person or information system. The conceptual definition of information systems in Fig. 3 represents the link among the layers of the model in Fig. 2 from the point of view of information system security. The concept of information system security role contains four concepts according to Fig. 3. The core elements of the information system trust concepts are elements such as (relation “ is-a ”) : information system owner (link to the organizational entity), confidentiality level (link to the information definition), requirements for the users (link to the definition of persons), institutional security roles (link to the organizational framework), concepts of identification, authentication, and authorization (link the persons and information system through the information security criteria), and security awareness, education and training . The concept of security modes of operation of closed systems is modeled according to the traditional division [14] into: dedicated, system high, compartmented, and multilevel. The concept of security modes of operation of open systems is proposed using the analogy, based on the explanations in section III.A of the paper, and according to the elaboration in [29]. This concept introduces criteria that links together selected factors for open systems: infrastructure, services, and users. Table I shows four levels of trust for open systems, based on the introduced factors that can be internally based (ownership) or externally based (contracts or public availability). Global environment of information systems is modeled according to Fig. 4. The approach used in model consists of the relation of traditional information security policy elements with contemporary global environment elements [20] [30]. We propose the use of cyberspace dimensions : social dimension (wider approach to Internet security in general, normally coordinated by National CERT Authority), economic dimension (commercial use of national telecommunication resources, normally coordinated by National Regulatory Authority), security dimension (e.g. cybercrime, cyber terrorism, organized crime in cyberspace, critical infrastructure protection, normally coordinated by Ministries of Justice or Internal Affairs, Security Services, National Security Authority - NSA, etc.), and defense dimension (part of defense policy, cyber dimension of warfare, normally coordinated by Ministry of Defense). Key problem in the cyberspace are cyber threats . The information security policy has to assure preventive and protective procedures, but also the procedures in the case of security breaches – reaction and investigation, with possible disciplinary measures or prosecution. From the policy point of view the cyber threats are divided into subconcepts of computer user threats (social engineering, phishing, spamming, hoaxes...), information system threats and advanced persistent threats (APT) as a combination of previous two types. Information system threats use further incident taxonomy according to [26] which differentiate events (action, target), attacks (tool, vulnerability, event, unauthorized result), and incidents (attacker, attack, objective). This concept is related to other concepts in the regulation compliance subsystem of the model. The part of the elaboration of the concept of information system security principles is shown in Fig. 5. These concepts are part of the security mechanism subsystem (executive part of the model from Fig. 2). The part that is shown in Fig. 5 is the concept of evaluation and approval of information systems . It can be seen from Fig. 5 that these concepts from the lower executive part of the model are closely connected with the subsystems in the upper part of the model that define the domain of the policy. One of the subsystems connected with the concepts on Fig. 5 is the information security oversight subsystem from the upper part of the model (policy domain in Fig. 2). Part of the elaboration of that oversight subsystem is shown in Fig. 6. Besides shown examples of modeling results, in the upper part of the model we have elaborated some other parts of the model such as regulation requirements including security breaches, information system interoperability [6], and organizational framework with the hierarchy of different authorities. The executive part of the model is elaborated following the described approach to baseline security measures, combined with the security controls based on the risk management. VI. C ONCLUSION The goal of the paper is to present the part of our research in the field of modeling contemporary information security policies that is related to the conceptual modeling of information systems. The approach that is proposed in this research and this paper is based on the formalized and structured approach to the field of information security policy. The main reason for this approach is the increasing complexity of the policy domain. Further research is planned to focus on the elaboration of the complete conceptual model of contemporary information security policies, following the approach illustrated in this ...
Context 2
... layers that will be analyzed in this paper from the point of view of information systems conceptualization. The environment comprises of all the elements that are controlled through the information security policy of an organizational entity, and all the elements that influence on that entity and its policy. The system comprises of different segments of the information security policies that we call subsystems. IV. T AXONOMY D EVELOPMENT The hierarchical taxonomy of the information security policy domain is elaborated according to [4], and it is based on the contemporary requirements and restrictions in the handling of different information categories that are necessary both in the government and in the private sector. The taxonomy is treated as the classification schema used for structuring the knowledge in this domain. The elaboration of the taxonomy is done based on the analysis of logical relations among different terms, as well as based on the best practices available in government sector, international organizations, and within some international and national standardization processes. The taxonomy is elaborated with a view to allow future extensions, especially in the executive part of the model shown in Fig. 2. In this paper we present the part of the taxonomy that is related with information systems. The taxonomy is a good base for the definition of common terminology in this multidisciplinary area of information security policy. The requirements imposed on the selection of terms within the domain of interest are used according to [26]: 1) Mutually exclusive categories that do not overlap; 2) Exhaustive categories including all possibilities; 3) Unambiguous and clear categories; 4) Repeatability; 5) Logical and intuitive acceptability; 6) Usefulness for the field of interest. The structure of the taxonomy is elaborated following these requirements and it is divided into subsystems shown in Fig. 2 (right-hand side). This paper is limited to the overview of the research results within the part of taxonomy that deals with the information system conceptualization. Hierarchical taxonomy is transformed into tabular view of the concepts and subconcepts in order to facilitate the elaboration of taxonomy terms into model concepts. Model concepts have to be recognized both as the categorization and as the mutual relationships of the domain terms. In this way the first part of the recognition of the basic relations among the domain terms is done. These are the groups of the relations of the type such as “is - a” (generalization), “consists - of” (composition), and “contains” (aggregation). One of the problems in the conceptualization of a model is the use of appropriate tools [25]. Considering the complex and very heterogeneous domain of information security policy we propose the use of standard graphical notation of Unified Modelling Language (UML) [27]. Similar approach is recommended in [28], but with the difference in using modified UML elements. UML comply with the ontology requirements in the sense of class definition and relation notation. UML graphical notation facilitates visualization and understanding of the model and the modelling approach used in this paper. V. C ONCEPTUAL M ODELING OF I NFORMATION S YSTEMS The model in Fig. 2 consists of a number of subsystems derived from the hierarchical taxonomy of information security policy domain. The modeling goal is further elaboration of relations among the taxonomy terms in order to develop modular ontology as the model, actually meta-model for the development of different information security policy models. The selection of the model concepts depends on the requirements of the global environment (national and international) in the specific case. The instances of the selected concepts will depend on the implementation requirements in the local environment and they will form the local policy of certain legal entity. In the global environment we primarily manipulate with the information and we primarily differentiate the concept of information type and the level of secrecy of information. In the local environment we primarily manipulate with the information security criteria and the goals of information security. Based on them the security mechanisms and the security controls are selected in order to achieve these goals and criteria. In Fig. 2 this part of information definition and information security criteria is marked as interface between the global (external) and the local (internal) environment. Persons and information systems also depend on the same key criteria (integrity and availability). Additionally, persons have to satisfy the requirements for accessing an information system (confidentiality), and both the persons and the information systems have to satisfy the physical security requirements. The same apply when certain types of information are handled by a person or information system. The conceptual definition of information systems in Fig. 3 represents the link among the layers of the model in Fig. 2 from the point of view of information system security. The concept of information system security role contains four concepts according to Fig. 3. The core elements of the information system trust concepts are elements such as (relation “ is-a ”) : information system owner (link to the organizational entity), confidentiality level (link to the information definition), requirements for the users (link to the definition of persons), institutional security roles (link to the organizational framework), concepts of identification, authentication, and authorization (link the persons and information system through the information security criteria), and security awareness, education and training . The concept of security modes of operation of closed systems is modeled according to the traditional division [14] into: dedicated, system high, compartmented, and multilevel. The concept of security modes of operation of open systems is proposed using the analogy, based on the explanations in section III.A of the paper, and according to the elaboration in [29]. This concept introduces criteria that links together selected factors for open systems: infrastructure, services, and users. Table I shows four levels of trust for open systems, based on the introduced factors that can be internally based (ownership) or externally based (contracts or public availability). Global environment of information systems is modeled according to Fig. 4. The approach used in model consists of the relation of traditional information security policy elements with contemporary global environment elements [20] [30]. We propose the use of cyberspace dimensions : social dimension (wider approach to Internet security in general, normally coordinated by National CERT Authority), economic dimension (commercial use of national telecommunication resources, normally coordinated by National Regulatory Authority), security dimension (e.g. cybercrime, cyber terrorism, organized crime in cyberspace, critical infrastructure protection, normally coordinated by Ministries of Justice or Internal Affairs, Security Services, National Security Authority - NSA, etc.), and defense dimension (part of defense policy, cyber dimension of warfare, normally coordinated by Ministry of Defense). Key problem in the cyberspace are cyber threats . The information security policy has to assure preventive and protective procedures, but also the procedures in the case of security breaches – reaction and investigation, with possible disciplinary measures or prosecution. From the policy point of view the cyber threats are divided into subconcepts of computer user threats (social engineering, phishing, spamming, hoaxes...), information system threats and advanced persistent threats (APT) as a combination of previous two types. Information system threats use further incident taxonomy according to [26] which differentiate events (action, target), attacks (tool, vulnerability, event, unauthorized result), and incidents (attacker, attack, objective). This concept is related to other concepts in the regulation compliance subsystem of the model. The part of the elaboration of the concept of information system security principles is shown in Fig. 5. These concepts are part of the security mechanism subsystem (executive part of the model from Fig. 2). The part that is shown in Fig. 5 is the concept of evaluation and approval of information systems . It can be seen from Fig. 5 that these concepts from the lower executive part of the model are closely connected with the subsystems in the upper part of the model that define the domain of the policy. One of the subsystems connected with the concepts on Fig. 5 is the information security oversight subsystem from the upper part of the model (policy domain in Fig. 2). Part of the elaboration of that oversight subsystem is shown in Fig. 6. Besides shown examples of modeling results, in the upper part of the model we have elaborated some other parts of the model such as regulation requirements including security breaches, information system interoperability [6], and organizational framework with the hierarchy of different authorities. The executive part of the model is elaborated following the described approach to baseline security measures, combined with the security controls based on the risk management. VI. C ONCLUSION The goal of the paper is to present the part of our research in the field of modeling contemporary information security policies that is related to the conceptual modeling of information systems. The approach that is proposed in this research and this paper is based on the formalized and structured approach to the field of information security policy. The main reason for this approach is the increasing complexity of the policy domain. Further research is planned to focus on the elaboration of the complete conceptual model of contemporary information ...
Similar publications
There is free flow of information in the cyberspace and as a result, nations are obviously wary of the integrity of its data as part of both public safety and national security concerns. There are ways that the associated risk could be mitigated and mostly has to do with a proper development and implementation of Cyber security policies and strateg...
Citations
... This model recognizes three key factors of information security policies: people, process and technology. The research goal is to encompass the influence of the contemporary environment on the information systems and other information security policy factors to construct a complete conceptual model (Klaic and Golub, 2013). This type of overall security ontology is still in the early development state but possibly usable as a knowledge base for the model presented in this paper. ...
In the area of information technology an amount of security issues persists through time. Ongoing activities on security solutions aim to integrate existing security guidelines, best practices, security standards and existing solutions, but they often lack a knowledge base or do not involve all security issues, particularly human influence.
In this paper, we presented a model that can be the basis for a novel information systems security evaluation solution. This solution should be able to cover a wide range of all possible information security issues. Our model is based on an OWL ontology for knowledge base, uses an enhanced Evidential Reasoning algorithm for mathematical calculations and possesses a simple reflex intelligent agent's algorithm as a decision supporting element.
Properties for this model supervene from properties of its constructing elements. Knowledge base being built on OWL ontology is a major element of the model. It can provide high flexibility and applicability to different information systems and business organizations; upgradeability to be up to date regarding current security issues and new threats; and high versatility, taking into evaluation all possible aspects regarding security issues, e.g., network security, software and hardware issues, human influence, security policies and disaster recovery plans. Enhanced Evidential Reasoning algorithm is based on the Dumpster–Shafer theory and is well suited for calculations with expert's subjective judgements combining qualitative with quantitative evaluation grades. We designed an algorithm for back coupling based on a simple reflex intelligent agent for results presentation and decision support.
In our work, we explained how to connect and use each of the model's constructive elements to obtain information security evaluation results. In addition, we conducted a case study with the proposed model on a small business organization. To test our model, we also used the standard qualitative risk assessment method on the same business organization in order to compare both qualitative results.
Preliminary testing results have shown that the presented model could achieve its goal if it would be developed into an integrated software tool with a well-defined and up-to-date ontological knowledge base.
Objective. A characteristic feature of the current stage of development of the sphere of informatization of internal affairs bodies (OVD) is a significant increase in the volume and variety of types of service information of limited distribution, stored, processed and transmitted in automated systems (AS). This gives rise to the emergence of a large number and expansion of the range of threats to information security, primarily threats associated with unauthorized access (UAS) to the information resource of the ATS AS, and necessitates the improvement of existing methods to combat this type of crime in order to ensure the information security of objects of informatization of ATS. To obtain information that allows assessing the degree of threats, it is necessary to conduct a quantitative risk assessment.
Method. The method for assessing the risks of implementing threats of unauthorized access to the information resource of the ATS AS and obtaining data in a quantitative representation is based on the use of mathematical modeling methods. The advantage of a quantitative assessment compared to a qualitative assessment is the ability to compare risks with the final result, which can be represented in monetary terms, and further use in assessing the likelihood of information threats and calculating the damage caused.
Result. A methodical approach to the quantitative assessment of the risks of the implementation of UA threats to the information resource of the ATS AS is proposed, which makes it possible to assess the level of security of service information.
Conclusion. The proposed methodological approach to quantitative assessment of the risks of the implementation of UA threats to the information resource of the ATS AS provides a visual representation in monetary terms of the objects of assessment (damage, costs). These calculations can be used to justify the requirements for the level of security of ATS ASs during their development and operation.
Aim Important contemporary trends in the theory and functional practice of secure automated systems at informatisation facilities of internal affairs bodies include an increase in the number of threats realised through remote unauthorised access (network attacks) on confidential in-formation resources, as well as the increasing complexity of implementing mechanisms aimed at providing protection from such attacks. In order to increase the effectiveness of existing and prospective automated security systems at the informatisation facilities of internal affairs bodies, it is necessary to identify and analyse typical network attacks aimed at components and software comprising these systems.
Method. The method for solving this problem consists in a comprehensive analysis of the process of implementing network attacks on automated systems when they are used in secure mode in the informatisation facilities of internal affairs bodies.
Results. Based on the analysis of information held in the security threat database developed by the Russian Federal Service for Technical and Export Control (FSTEC), modern features and operations of secure automated systems on the informatisation facilities of bodies of internal affairs and the results of a survey of experts in the field of information protection of allocated in accordance with the classification typology, eight types of dan-gerous attacks on automated systems of the internal affairs bodies are described taking into account their sources, objects, effects and possible consequences of implementation.
Conclusion. The presented results are of use in further studies to conduct a quantitative assessment of the danger of typical attacks and for developing a private model of actual attacks for a specific automated system, taking into account their functional features in secure mode operations at the informatisation facility of the internal affairs body.
Objectives Traditional methods for solving the problem of protecting the information resource of electronic document management systems based on protective basic functions (identification, authentication and verification of users, etc.) of available tools and information security subsystems have a significant drawback - inefficiency when an attacker masters the password of regular users. In order to eliminate it, it is necessary to develop new methods related to managing the weakly vulnerable process of delimiting user access not only to confidential information, but also to the software of the electronic document management system.
Method One way to solve this problem is to use the modified “soft administration” method, which consists in automatically generating lists of allowed source files in the authorization matrix by reducing the lists and comparing file integrity functions with a reference list for an existing software package. This allows you to automate the process of developing access control rules and provide management of the weakly vulnerable process of access control to software tools of the electronic document management system.
Result A verbal model is developed for automated control of a weakly vulnerable process of differentiating access to software tools of an electronic document management system, and a system of performance indicators for the functioning of a promising subsystem for protecting confidential information characterizing it as a control object is proposed.
Conclusion The presented verbal model provides for the possibility of distributed control, in which the security administrator directly controls the specified process using a remote software tool. The formation (change) of the authority establishment matrix for managing a weakly vulnerable process of access control using a promising subsystem for protecting confidential information and the development of a system of indicators to comprehensively evaluate the effectiveness of its functioning is one of the most important tasks of protecting information from unauthorized access, guaranteeing the implementation of a security policy throughout the entire operation period secure electronic document management system.
Objectives . At present, conducting a computational experiment on a system for protecting information from unauthorized access operated in an automated system is a time consuming process. The greatest difficulty in this area of research is the determination of probabilistic-temporal characteristics and the formation of reports during the operation of the information protection system. In order to analyze, obtain and study the probabilistic-time characteristics of this system, it is necessary to develop a mathematical model of its operation using an imitational modeling tool.
Method. One of the methods for solving this problem is a computational experiment, which is based on the construction of a simulation model. The CPN Tools environment was chosen as a software simulation product, the main advantages of which are: a high level of visualization, the ability to generate various reports on the system operation, fast modifiability of models for solving a different class of problems, as well as integration with other software means for the formation of graphical dependencies.
Result. A simulation model of the system for protecting information from unauthorized access in the “CPN Tools” software environment was developed. protected performance.
Conclusion. The presented im-model model of protecting information from unauthorized access in the software environment “CPN Tools” can be used as a tool in assessing the security of special bodies for the attestation of informatization objects and structural divisions of authorized departments. It can also be used in the design of such systems in order to prevent logical errors, determine their temporal characteristics and compare with the existing ones in accordance with the technical specifications for the system being developed to protect information from unauthorized access.
