Information systems security design methods: implications for information systems development
ACM Computing Surveys (CSUR)
An analysis of security incidents on the Internet 1989-1995
An analysis of security incidents on the Internet 1989-1995
| Hi-index | 0.01 |
Open distributed systems operate in a networked global space where parts are owned by -thus can be controlled by - the local system owner, but most parts are shared globally. The system boundaries are fuzzy and we can only count the system owner to control his/her assets at some point of time. The generic system parts - those shared globally - are data oriented. The specific system parts - those owned by local system owner -are information oriented. This fact should have impact on the way we view assets when setting the right security requirements. Many approaches the focus only on the generic parts, i.e. to protect the data. They thereby overlook the informational aspect of the asset. In order to find these specific requirements, it is important to analyze the risks related to information so that it can protect in a satisfactory way. This paper will describe how the problem can be solved by use of a risk analysis approach with so called X-ification. X-ifying is a way of matin together the best available factors differ depending on if you look at assets from a data or information point of view. They also change in importance from asset to asset, from industry to industry and from person to person.