Information Security Requirements in the Information Systems Planning Process Aleksandar Klaić Office of the National Security Council, Jurjevska 34, Zagreb, Croatia
[email protected]
Abstract.
Today’s information revolution significantly alters the culture of knowledge creation and distribution in the world. Societies become increasingly reliant on a spectrum of national and international information systems. Contemporary democratic concepts such as freedom of information and data privacy vastly influence today’s approach to data confidentiality. Information and information systems are turned into invaluable assets. The concept of information systems should follow the demands coming from such environment. That is why the planning of information systems should be based on fundamental information criteria – confidentiality, integrity, and availability. Information criteria should be properly applied to different data domains that express the need of today’s society and that are relevant to an organisation and its information systems. These issues are important for the government information systems, especially in the context of information society paradigm.
electronic system, within which information are processed, archived or communicated.
2. Information Space Today’s information space has been creating for the last few decades. Looking back at the process of that creation, it is possible to notice a large number of trends which led to the contemporary paradigm of the information society as we know it nowadays. Most of these trends have been dealing with different traditional contradictory demands for secrecy and publicity of some parts of the information space. Analysing those concepts of secrecy and privacy in the information space, the examined time period could be divided by decades into a few characteristic phases, as it is shown in Fig. 1.
Keywords. information, security, requirements, criteria, domains, government, classified, unclassified, systems, trust
1. Introduction Culture of knowledge creation and distribution in the world has enormously changed during recent decades. Today’s information space (Internet, but also different private networks – intranets, extranets) has been created in that way. This information space becomes fundamental for economic development of the most developed countries, and based on that it also becomes the condition for future economic progress of all the other countries in the world. While creating the information space needed by a modern society, the most developed countries are more and more relaying on a spectrum of different national and international information systems, turning them into invaluable assets of today’s world. The concept of such information systems should follow the demands coming from their whole environment. But the starting planning preconditions of an information system are tightly connected to the characteristics of the information that are to be processed, archived or communicated within the system. In that sense, for the purpose of this paper, information system is being considered as any communication, computer, or other
Figure 1. Creation of the Contemporary Information Space All the way up to the 80’s the information space had two fundamental characteristics: national segmentation, and sharp distinction between public and secret information area. This sharp distinction between public and secret information area was emphasised at that time by discretion of the public administration, and moreover of the security and military system, to decide about frontiers between the public and the secret world. During the 80’s clear signs of more transparent and sophisticated regulation of the secret information were shown in the most developed countries. In that period of time mutual classification standards for secret (classified) information have started to develop in these countries. Such trend greatly alleviated the
security and military cooperation among different countries and made possible developing of the mutual trust among different government administrations. In this way the first signs of disappearance of the sharp distinction between public and secret information world were shown. The enormous development of communications technology and the huge spread of the Internet during the 90’s, started to mitigate national segmentation of the information space, integrating all those national information spaces into a global information space. During the 90’s democratisation of the society led to the awareness of threats of the growing global communications technology. In that way the systematic regulation of the privacy concept and the protection of the personal data started as a global paradigm of developed part of the world, mainly European Union. Further democratisation of the society led to the concept known as “freedom of information”. Many of the most developed countries started to force this concept in their national legislation by the end of the 90’s. The goal was to balance, on one hand the need of the state for secrecy mechanisms, and on the other hand the need of the society for transparent and efficient administration. The meaning of the secrecy and privacy concepts during all this examined period of time were based on the same grounds – preventing the damage and the consequences in the case of unauthorised disclosure of classified or personal information. In the first case the damage would be caused to the state, and in the second case it would be caused to citizens. With the creation of global information space – the Internet, the need for much clearer and effective approach was aroused. It was primarily because of huge integration of national information spaces into the global one, but also because of more and more complex regulation of the field of secrecy and privacy.
3. Information Criteria In the described environment in the second half of the 90’s the concept of e-Government began to create. It was the first formal initiative of the public administrations in the most developed countries, towards enabling the building of the new information society. In that process the state should be active participant and partner of the business and citizens sectors. The true meaning of e-Government was the need to reorganize the public administration in order to be capable of offering modern on-line services to citizens and business sector. The paradigm of eGovernment was just another burden for complicated mutual influences of different security concepts in the global information space. The technological connections of previously unconnected three sectors of government, citizens, and business, caused growing interactions among different information domains. It led to stronger requirements of managing the information space and the systems within.
In order to reconcile the aspects of secrecy along with its proper private infrastructure and the aspects of freedom of information and collaboration in the public information space – global Internet, different security concepts were developed. These security concepts apply to information systems of government sectors enabling them the necessary level of trust considering the characteristics of information that are processed within these systems. 3.1. Security Requirements Such approach comes from the security requirements defined with the fundamental information criteria: confidentiality (C), Integrity (I), and availability (A). Confidentiality means that the access to the information is based on the need-toknow approach with the proper trust and authorization involved. Integrity deals with the assurance that the information have not been altered or destroyed in an unauthorized way. Availability means that information is accessible and usable upon an authorized demand. These criteria define information domains and consequently the demands related to the infrastructure of information systems that process such information, as shown in Fig. 2.
Figure 2. Interrelations among information criteria, domains, and systems One of the basic information domains of a state administration is classified information domain. Nowadays, it is used the damage based classification concept with four classification levels (top secret, secret, confidential, restricted). The primarily criterion for the classified information domain is confidentiality which is treated differently depending on the level of classification. While the other two criteria integrity and availability, are almost equally important for all types of information domain, in the case of confidentiality there is one more ambiguity. The confidentiality criterion describes on one hand the demands of the secrecy and on the other hand the demands of privacy, as shown in Fig. 3. In that way the confidentiality criterion is also the key criterion for unclassified information domain. Here it has the meaning of privacy (P) instead of secrecy (S). Unclassified information domain should satisfy the requirements of the official and internal information that are created within government sector.
Such approach also satisfies the concept of privacy, and the protection of personal information of the citizens inside different government bodies. As the government sector processes personal information on a daily and massive basis it is obliged as any other legal person to apply proper protection of such personal information.
Figure 3. The Confidentiality Criterion 3.2. Fiduciary Requirements Besides described security requirements and three fundamental information criteria of confidentiality, integrity, and availability, it is necessary to analyze the requirements of fiduciary. Fiduciary requirements are based on the information criteria of compliance and reliability. Compliance can be described as harmonisation with certain legal act or formal policy requirement, while reliability relates to the establishment of mutual trust in information systems used to process certain information domain. These criteria have crucial relevance in today’s (more or less) globally connected information systems. To make possible the cooperation of different government bodies on a national level, as well as the cooperation or integration on the international level, information systems need to be mutually connected. Prior to the connection of different information systems, a process of security accreditation needs to be done. Such security accreditation process implies rigorous compliance checking of the information systems with fundamental principles of related information domains that shall be processed within these systems. Periodic security accreditation process is the basis for the establishment of mutual trust in different national or international governmental information systems. It is the foundation for mutual cooperation between government bodies on the national level and the precondition of any international cooperation and integration processes. The application of security and fiduciary requirements on governmental information infrastructure that process classified and unclassified information results with the concept of private networks and information infrastructure. Governments regulate information security measures and standards that are to be applied to such private information systems. Information security measures and standards relate to different areas like people, facilities, information, information systems, and cooperation processes. In that way complete security domains are formed and the consistent rules are applied. The resulted trust is not possible to accomplish on public Internet networks, and in the
private networks trust is well regulated with the information security policy that initiate directives and guidelines for different areas of information security in the government sector (Fig. 2). According to classified and unclassified information domains, there are classified and unclassified information systems that process information from respective information domains. In both cases private infrastructure is used for realisation of such governmental networks and information systems. Mutual connections of such classified and unclassified networks are allowed only in case of full information security policy compliance. Private networks are to be realised on governmental own infrastructure, or they can be based on the hired communication capacity, isolated from the public Internet, and from the trusted source (e.g. contracted Network Operator). 3.3. Quality Requirements The quality requirements are based on information criteria of effectiveness and efficiency. Primary role of these criteria is related to public services of eGovernment. Within governmental private infrastructure, these criteria are mainly considered during the design phase or locally, within certain government bodies, or some mutual services of government bodies. In the case of e-Government public services, quality criteria are regularly applied on public part of the information infrastructure that is used to realize these services. It is realised with a help of service level agreements (SLA) between government and Internet service providers (content providers), which is a standard way of regulating mutual relations on the telecommunications market. It is important to emphasize that public telecommunications networks normally are not obliged by the governmental information security regulation. In that way mentioned SLA concept is the only regulating mechanism, at least for the part of the information infrastructure that needs to be present in public to be available for the citizens and business sector.
4. Governmental Information Systems Based on the analyses from the chapter 3, we can conclude that in the case of government sector we use three information domains: classified domain, unclassified domain, and public services domain (eGovernment). Each of these domains has its own requirements and characteristics. The same requirements and characteristics of the information domain should apply to respective information system that processes the information from that information domain (Fig. 2). It means that governmental information systems should be categorized as classified, unclassified, and public e-Government information systems.
The analysis of security, fiduciary, and quality requirements from the chapter 3 is summarized in Fig. 4 based on the view from the aspect of information systems (IS).
Figure 4. Governmental Information Systems The result of implicit trust in classified networks is the restriction of all external connections, except those completely compliant to the security policy for classified information processing. In the case of unclassified networks, there is no such implicit trust because the confidentiality criterion is privacy instead of secrecy. Secrecy requirements today are well standardized in developed countries, and especially in EU and NATO member states. Standardization of privacy requirements has just started, and there are many different approaches, even among the most developed countries. On the other hand, there are substantial experiences of unclassified information protection in government sector. That is the reason why the best practice in government sector is to base the protection of both the official non-public information, and the personal information on the same unclassified criteria.
private possibility of all three parameters (classified environment). Controlled trust supposes the usage of some external or public services but exclusively for private users (e.g. remote access, co-operation of organisations). Limited trust is used for public services based on the private backbone infrastructure (e.g. e-Government). Finally, uncontrolled trust stays for complete realisation of IT functionality based on public services and infrastructure (e.g. some public IP services, hosted Web sites). Table 2 shows the categorization of information systems in government, business, and citizens sectors, based on trust definition from Table 1. The upper part of Table 2 shows the information domains associated with relevant trust level. After that the possibility of public Internet connectivity are shown, with relevant trust level. These possibilities of public Internet connection are isolation from the Internet, manageable connection, and shared IT infrastructure with public Internet. Isolation from public Internet is obliged in case of implicit trust, or classified information systems. Recent information security policies of many countries allow manageable connection with public Internet in case of unclassified networks (controlled trust). It is mainly caused by the recent growth (beginning of 2000’s) in e-Government services that share information resources traditionally placed in controlled environment of unclassified government networks. Table 2. Information Systems Categorization Based on the Trust Criterion Inf. Domain Internet Connection Gov Sector
5. Information Systems Categorization Based on Trust
Business Sector
In Table 1 it is shown the definition of trust criterion that is used in this paper for the purpose of information systems categorization based on trust. The trust criterion is defined in four levels based on parameters: information technology (IT) infrastructure, IT services, and IT users.
Citizens
Table 1. Definition of the Trust Criterion IT Infrastructure IT Services IT Users TRUST
Implicit Trust Classified (Secret) Isolated Classified IS
Controlled Trust
Limited Trust
Uncontrolled Trust
Unclassified (Private)
Public
Manageable Connection Unclassified e-Gov IS Services
Shared Infrastructure
Corporate Networks
On-Line Business Services
Small Office Home Office Private Personal Computers
Non-used cells in Table 2 represent levels of trust that are normally not applicable to government, business, or citizen sectors. Implicit trust is normally considered only in government sector, and uncontrolled trust is normally not applicable to government information systems.
Private
Private
Private
Public
Private
Public
Public
Public
6. Final Considerations and Conclusion
Private
Private
Public
Public
Implicit
Controlled
Limited
Uncontrolled
The ubiquitous global Internet and the growth of Internet threats are the main reasons why more and more information systems today fall into categories of controlled or limited trust. These systems are all based on private trusted infrastructure with manageable Internet connections, both in government and in
The highest level of trust is defined as implicit trust, followed by controlled, limited, and the lowest level of uncontrolled trust. Implicit trust is based on
business sector. This is the area with more and more similarities between government and business information systems. Information security policies of numerous countries today are forced by the necessity of public e-Government solutions. One of the most important tendencies is the application of the so-called unclassified criteria, on the lowest classification level – restricted. It is very effective from the economic point of view because such approach makes possible to build only one network (unclassified) for almost all government bodies. The reason is that very small number of government bodies uses the upper three classification levels. Such approach could be extended with manageable Internet connection, and in that way it could serve as a private trusted network with information resources for public e-Government services. Based on the described tendencies that lead to similarity of information systems in government and business sectors, it is logical to expect certain similarities and probably a convergence of information security standards. International standards ISO/IEC 17799 and 27001, based on British standards BS 7799 Part I and II, originally initiated in government sector of the UK in Department of Trade and Industry – DTI, are the best example of future convergence in this field. In the beginning of 2006 these standards were adopted by German Bundesamt fur Sicherheit in der Informationstehnik – BSI, and harmonised with German government (national) information security standard – IT-Grundschutz. Tendencies in the field of unclassified government and corporate information systems go into direction of increasing role of risk assessment and management,
as well as into direction of formal accreditation of information systems. It will further decrease the substantial differences that still exist in the area of classified government information systems comparing to unclassified or corporate ones.
7. References [1]
[2]
[3]
[4]
[5] [6]
Aleksandar Klaić, “The Role of Academic Sector in Information Security”, CARNet, Zagreb, June 2006, (sistemac.carnet.hr) – in Croatian Miriam Serowy, “BSI Issues Certificates under ISO 27001, Based on IT-Grundschutz”, eNewsletter ENISA Quarterly, p. 16-17, March 2006, (www.enisa.eu.int) Aleksandar Klaić, “Information Security in Business and Government Sectors”, MIPRO 2005 Proceedings, Information Systems Security Conference (ISS), p. 193-198, Opatija, June 2005 Expert Committee for Information Security, “National Information Security Program of the Republic of Croatia”, Central Government Office for e-Croatia, Zagreb, March 2005, (www.e-hrvatska.hr) – in Croatian Bundesamt fur Sicherheit in der Informationstechnik, “IT Security Guidelines”, Bonn, January 2004, (www.bsi.bund.de) Aleksandar Klaić, “Information Security in the Republic of Croatia, Feasibility Study”, National Committee for Security, Zagreb, November 2002
