Zones, Junctions, and ConsistencyZones are the basic units that will be assigned value and determine risks. At the most fundamental level, information security deals with the specific value of each and every piece of information for which we are responsible. One may argue that every bit must be secured. Obviously, acquiring the resources to undertake such an endeavor is outside the reach of most security budgets. Zones are an attempt to implement the common practice of abstraction and generalization. The benefit of generalization is that we may be able to implement broad security measures without being paralyzed with the process of securing each and every bit. Some examples of generalizing a zone would be to deal with the security of a web server at large rather than every page and indeed every character in the web pages it is serving. At a higher level, we may think of a zone as an entire network or group of networks, such as the branch offices that comprise a Wide Area Network. Zones are a term we will use to describe the level of granularity we are evaluating. A zone is simply a collection of information and the generalization of its value. Junctions describe the connectivity or access between zones. Junctions are a blanket term for all of the factors going into extending trust between zones. It is a general way of describing how two different zones may access value after taking into account things such as access control, authentication, and encryption. Defining junctions between zones will help us concentrate our efforts in securing a particular zone. The reasoning is that if all junctions into a zone have relatively low risk, then the zone itself is relatively secure. Put another way, the information in a zone is as safe as all of the junctions entering that zone. Consistency is a measurement of how well a zone describes total value of the information within a zone. A zone with high or good consistency has similar information contained with relatively equal values. For example, a network containing a public web server, a public ftp server, and a DNS server has high consistency. All of the information in this network is generally public knowledge. The loss of any of the information carries relatively equal impact to the owning organization. In contrast, a network containing a public web server and a human resource me server is inconsistent. There is a sharp divide between the defacement of a web server and the leaking of personal health information of employees. The two breaches will result in drastically different losses to the organization. Consistency helps us determine how useful an evaluation of risk or junctions into a zone will be. If we evaluate the risks associated with junctions into a zone with high consistency, that risk evaluation would accurately assess the amount of risk for the information contained within that zone. If we determine that the zone is inconsistent, our risk assessment becomes more difficult. In our example of a web server and human resource server in the same network, if we consider this a single zone, an obvious junction between this zone and the rest of the world would be public access to the web server. At a high level, this risk looks relatively low. However, if the web server were to be breached, we would have to determine the risk of that web server being used as a hop toward accessing the human resource server. To accurately describe risk, we would have to evaluate junctions between the sub zones of the web server and the human resource server. In other words, the larger zone is not as useful a generalization. We should approach this zone as two separate zones of differing values. In practice, we will find that our activity of securing information will lead to reorganizing information in order to create consistent zones and minimize the junctions between these zones. This activity allows us to generalize information. By generalizing information, we are given a fighting chance to secure the information. Without this generalization, we are back at the initial prospect of securing our information bit-by-bit. These two different uses of the concepts of zones, junctions and consistency form both a descriptive and prescriptive body of theory. On the descriptive side, these concepts help us understand the value and risk associated with our information. On the prescriptive side, these concepts guide us in our organization of information and the design of our networks serving that information. Through these two uses, we can constantly improve our understanding of our assets. We can describe the value of our information, reorganize our information to make our zones more consistent, and then repeat the process. In the process of using these generalization and abstraction methods, we must always be careful to not miss details. This generalization serves as a coarse starting point for information security. In the continuous process of security, we should make efforts to revisit our zones and reevaluate the internal consistency. By iterating through this process, we eventually arrive at our bit-by-bit security. These concepts serve as a roadmap for arriving at this bit-by-bit security in a sane, controlled fashion. |
|||||||||
|
|
|||||||||
| ©2001-2003 by Itillious, Inc. All
Rights Reserved. |
||||