Longitud

The information system security ( IF ) is the whole of average the techniques, organisational, legal and human necessary and set up to preserve, restore, and guarantee the Sécurité of information and the Information system.

Presentation

The term “Computing system” indicates here any system whose operation appeals, in a way or another, with electricity and intended to work out, process, store, convey or present data. The Information systems are based in general on computing systems for their implementation. They include/understand the data of telecommunications (analogical voice, Voix on IP…) and in certain cases, data on paper.

Such systems lend themselves to threats of the types various, likely to deteriorate or destroy information (one speaks about “Intégrité of information”), or to reveal it with thirds which should not be informed about it (one speaks about “Confidentialité of information”), or for example to carry reached to its availability (one speaks then about “Disponibilité of the system”). Since the years 1970, the rapid access with information, the speed and the effectiveness of the treatments, the divisions of data and the interactivity increased in a considerable way - but it is also the case of the breakdowns - unavailabilities, incidents, errors, negligences and ill will in particular with the opening on Internet.

Some of these threats can also, indirectly, cause important financial damage. For example, although it is relatively difficult to estimate them, of the sums about several billion US Dollars was advanced following damage caused by malevolent programs like the worm Code Red. Other substantial damage, like those related to the flight of credit card numbers, was more precisely given.

In addition to the financial aspects, breakings of computer security can cause wrong to the Private life of a person by disseminating confidential informations on it (inter alia its postal or banking coordinates), and can for this sanctioned reason being when a negligence of the shelterer is established: if, for example, this one did not apply a Correctif within reasonable delays.

Indirectly also, certain threats can harm the image even of the owner of the information system. Widespread techniques of “defacing” (a recasting of a Web site) make it possible a badly disposed person to highlight security breaches on a Web server. These people can also benefit from these vulnerabilities to disseminate false informations on its owner (one speaks then about Désinformation).

The case more spread, and without any doubt the precursors as regards safety of information, remains the security of information strategic and more particularly military. The TCSEC, reference book on the matter, is resulting from Department off Defense (DoD) of the United States. The principle of safety multiniveau finds its origins in the searchs for resolution of the problems of Sécurité of the military information. Today, several mechanisms are studied; let us quote the lures resting on the argument that to explicitly prohibit the access to a data consists in providing information on the latter… what underlies with the realistic assumption that safety at 100% is not reached.

Evaluation of the risks

To try to make safe an information system amounts trying to protect itself from the Risque S related to data processing being able to have an impact on the safety of this one, or information which it treats.

Methods evaluation

Various methods evaluation of the risks on the information system exist. Here six principal methods evaluation available on the market:

• the method Ebios (Expression of the needs and identification of the objectives for safety), developed by DCSSI;

• the method Feros (Card of rational expression of the objectives of safety of the information systems), developed by DCSSI;
• the method Méhari (harmonized Method of analysis of the risks), developed by CLUSIF;
• the method Marion (Method of analysis of data-processing risks optimized by level), developed by CLUSIF;
• the method Melisa (Method evaluation of the residual vulnerability of the information systems) developed by DGA;
• the method OCTAVE (Operationally Critical Threat, Asset, and Vulnerability Evaluation), developed by the University Carnegie Mellon (US).

The company MITER, which works for the Department of Defense of the the United States, also developed in 1998 a method evaluation of the Menace S and Vulnérabilité S applied to the aerospace Industrie, and being able to be generalized with the Infrastructure S Critique S: NIMS (NAS Infrastructure System Management, NAS meaning National Aerospace).

Even if the goal of these methods is identical, the terms and the expressions used can vary. Those used below are inspired overall by the Feros method.

Paradoxically, in the companies, the definition of indicators " safety of SI" measurable, relevant and allowing to then define objectives in time, reasonable to reach, proves to be delicate. If they are indicators of performances, one can indicate like indicators the states of installation of tools or procedures, but the indicators of results are more complex to define and appreciate, with proof those on the " alarms virales".

Sensitive informations

See also: Data security

Before trying to protect itself, it is advisable to determine which are the sensitive informations company, which can be Donnée S, or more generally of the Actif S represented by data. Each element will be able to have a different sensitivity.

The Actif S also contain and especially the Intellectual capital of the company, which constitutes a informational Patrimoine to be protected.

It is necessary to evaluate the Menace S and to determine the Vulnérabilité S for these sensitive elements.

Criteria of evaluation

The vulnerability can be evaluated according to several criteria:

• Availability : does the element need an important availability not to harm the information system?
• Integrity : does the element need an important integrity not to harm the operation of the information system?
• Confidentiality : does the element need an important confidentiality not to harm the information system?
• Imputability (or “ Proof ”): does the element need a Gestion of the important proof not to harm the organization?
• Access control : does the element need an important access control not to harm the information system?

Once the sensitive elements determined, the risks on each one of these elements can be evaluated according to the Menace S which weigh on the elements to protect. It is necessary for that to evaluate:

• the impact of each threat on each element,
• the probability of occurrence of these impacts (or the potentiality )

In the Mehari method, the product of the impact and potentiality are called “revolved”.

Threats

See also: Insecurity of the information system

The principal effective threats with which an information system can be confronted are:

• a user of the system : the enormous majority of the problems involved in the safety of an information system is the user, generally carefree;

• a malevolent nobody : a person manages to be introduced on the system, legitimately or not, and to reach then data or programs to which it is not supposed to have access;
• a malevolent program : a software intended to harm or misuse the resources of the system is installed (inadvertently or out of ill will) on the system, opening the door with intrusions or modifying the data; personal data can be collected without the knowledge of the user and be re-used at malevolent or commercial purposes;
• a sinister (flight, fire, damage of water): a bad handling or an ill will involving a loss of material and/or data.

Objectives

Once the stated risks, it is desirable to determine objectives of safety. These objectives are the expression of the intention to counter identified risks and/or to satisfy security policies organisational. An objective can relate on the target system, its environment of development or its operational environment. These objectives could then be declined according to safety, implémentables on the information system.

Means of security of a system

Global design

The safety of an information system can be compared with a chain of more or less resistant links. It is then characterized by the security level of the weakest link.

Thus, the information system security must be approached in a total context:

• the sensitizing of the users to the problems of Safety, or in certain cases “taken of Conscience” (the English say awareness );

• the Safety of information;
• the Data security, related on the questions of Interworking, and to the needs for Coherence of the data in universe distributed;
• the safety of the networks;
• the safety of the Operating systems;
• the safety of the Telecommunications;
• the safety of the applications (Overflow of plug), that passes for example by the protected Programmation;
• physical safety, is safety on the level them material infrastructures (see the “strategy of recovery”).

For some, the data security is at the base of the information system security, because all the systems use data, and the common data are often very heterogeneous (format, structure, occurrences,…).

In-depth defense

See also: in-depth Defense

Straight left an old military practice and always topicality, the principle of in-depth defense amounts making safe each subset of the system, and is opposed to the vision of a security of the system only in periphery…

Security policy

See also: data-processing Security policy

The information system security is generally confined to guarantee the rights of access with the data and resources of a system, by setting up Mécanismes of authentification and control. These mechanisms make it possible to ensure that the users of the known as resources have only the rights which theirs were granted.

The computer security must however be studied in such manner not to prevent the users developing the uses which are necessary for them, and from making so that they can use the information system in all confidence. This is why it is necessary to lay down a security policy initially, i.e.:

• to work out rules and procedures, to install technical tools in the various services of the organization (around data processing);

• to define the actions to be undertaken and the people to be contacted in the event of detection of an intrusion;
• to sensitize the users with the problems involved in the information system security.

The security policy is thus the whole of the orientations followed by an entity in term of safety. For this reason, it must be elaborate on the level of the direction of the organization concerned, because it concerns all the users of the system.

Responsible for the information system security

That being, in France, they are mainly the large companies, companies of the public sector and administrations which indicated and employ, full-time or not, of the " persons in charge of the safety of the systems of information". The tasks of the function depend on political voluntarism; the executives or technicians concerned in general have good allied data-processing experience with qualities of pedagogy, conviction, etc Little by little, the data-processing safety management is organized in fields or under-fields of the data processing departments or staffs; they are equipped with financial means and human and integrate the plan contracts or of programs of the company.

Thus, it does not return to the data-processing administrators to define the rights of access of the users but to the hierarchical persons in charge of the latter or to the RSSI (Responsable for the information system security), if this station exists within the organization. The role of the data-processing administrator is thus to make so that the computer's resources and the rights of access with those are in coherence with the security policy selected. Moreover, since it is the only one to know the system perfectly, it returns to him to make go up information concerning safety with its direction, if required of the adviser on the strategies to be implemented, like being the entrance point concerning the communication with the users of the problems and recommendations in term of safety.

Formal models of safety

In order to reach a target of evaluation with a good degree of confidence (E4 level of TCSEC at least), we formally define the concept of safety in a model whose objectives are the following:

• to express the needs for safety measures integrated in a data-processing context,

• to provide means to justify that the model is coherent,
• to provide means allowing to convince that the needs are satisfied,
• to provide methods allowing to conceive and establish the system.

There exists several model formal of safety:

• the Model of Beautiful-LaPadula (management of access per mandate, confidentiality, statics) model which was used the most to check the safety of the computing systems. The originators of this model showed a theorem called BASIC Security Theorem (BST). Of this model were derived from other models: that of Biba (management of access per mandate, integrity, statics), that of Dion (management of access per mandate, confidentiality and integrity, statics), of Jajodia and Sandhu (management of access per mandate, confidentiality, statics).

• the Model of not-deduction (management of access per mandate, confidentiality, dynamics) modelling flow of information by using concepts of logic. The models of safety based on the principle of flow of information have their utility in the control of the indirect accesses to information: they highlight the problem of the hidden channels.

• the Model HRU (discrétionnaire management of access) and its derivatives, the Model Take-Grant and the Model SPM.

Plane of continuity of activity

See also: Plane of continuity of activity

More no company can do without the computer tools, from where need for a plan of continuity of data processing, also called " recovery plan of activité". The purpose of this plan is to start again the computing activity after a catastrophe and this, in the most effective possible manner (minimal loss of data, time and of material), at a reasonable cost.

Average techniques

Many technical means can be implemented to ensure an information system security. It is advisable to choose the means necessary, sufficient, and right. Here a nonexhaustive list of average techniques being able to meet certain requirements in term for information system security:

• Control of the access to the information system;

• Monitoring of the network: Sniffer, System of detection of intrusion;
• applicative Safety: Separation of the privileges, audit of code, Retro-engineering;
• Use of ad hoc technologies: Fire wall, anti malicious software (antivirus, anti Junk email (SPAM), anti Espiogiciel (Spyware), anti Trojan);
• Cryptography: strong Authentification, Infrastructure with public keys, Stéganographie.

Appendices

See too

• Insecurity of the information system

• Security policy of the information system
• Safety of information

Publications

• Manager the safety of IF: To plan, Deploy, Control, Improve , Bennasar, Champagne, Arnould, Rivat, Dunod 2007, ISBN 9782100506866.

• OCTO Technology, collective work, Management of the Identities: A Policy for the Information system , OCTO Technology, 2007, ISBN 9782952589512.

External bonds

Random links:

Nyanza (province of Kenya) | Brancion | System of management of quality | Horseshoe golden delicious | Obeid Zakani | Longitude

© 2007-2008 speedlook.com; article text available under the terms of GFDL, from fr.wikipedia.org