Secure information systems must work reliably despite random errors, disturbances and malicious attacks. Incorporating security mechanisms is not just hard to design andimplement, but can also backfire by decreasing the efficiency sometimes to the point of making the system unusable. This is why some programmers used to look at securitymechanisms as an unfortunate nuisance, they require more work, do not add new functionality, and, for good measure, slow down the application, and decrease usability. Thesituation is similar when adding security at the hardware, network, or organizational level: increased security makes the system clumsier and less fun to use, just think of thecurrent airport security checks and contrast them to the happy, (and now so distant) pre September 11, 2001 memories of buying your ticket after boarding the plane. Nonetheless,systems must work and they must be secure; thus, there is a fine balance to maintain between the level of insurance on one side and the efficiency and usability of the system onthe other. One can argue that there are three key attributes of information systems:1. Processing capacity – speed,2. Convenience – user friendly, and3. Secure – reliable operation.
1/8/2018Module 12/32The process of securing these systems is finding an acceptable balance of these attributes. There is an unique relationship between these three attributes, namely:If you increase security, then processing capacity and convenience are reduced;If you increase processing capacity, then convenience and cost increase while security is unchanged;If you increase convenience, then processing capacity and security are reducedWhy is Security NecessaryEvolving ThreatU.S. international activities may result in cyber attacks against American and allied information infrastructures with significant economic, political or symbolic value. Politicallymotivated cyber attacks are increasing in volume, sophistication, and coordination. Cyber crime has become so organized that (malicious) software produced for criminal activitiesis available for sale and some of these crime products are even offered along with 7 by 24 hour online support and periodic updates and patches. Whether politically or criminallymotivated, cyber attackers are attracted to high value targets such as:Banking and financial institutions;Communication systems;Electrical generation and distribution infrastructures;Water and sewer systems and resources;Oil and gas production and distribution infrastructures; andGovernment entities at the federal, state and local levels.The systems and infrastructures that a society depend on are not just at risk of attacks from individuals and groups external to our society; malicious insiders are a growing threatto our critical national infrastructures. These observations are fully discussed in