1 / 6

Information Stewardship: Systems Perspectives, Systems Solutions

Information Stewardship: Systems Perspectives, Systems Solutions. David Pym University of Aberdeen. Information Stewardship. Information stewardship is one of the next two big challenges for security/assurance research Stewardship goes beyond protecting CIA

giolla
Télécharger la présentation

Information Stewardship: Systems Perspectives, Systems Solutions

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Information Stewardship: Systems Perspectives, Systems Solutions David Pym University of Aberdeen Information Security Leaders, Edinburgh, 10/02/2011

  2. Information Stewardship • Information stewardship is one of the next two big challenges for security/assurance research • Stewardship goes beyond protecting CIA • Adding/protecting value; complying with and upholding values; obligation; trust • The other one is the convergence of physical and information security concepts in the Internet of Things (airport security as an information processor)

  3. Information Stewardship Lifecycle Environment: threat, economic, investment Policy: people, process, technology, operations Governance Design Revise SecurityAnalytics Analysis Assurance/situational awareness (Trusted) infrastructure

  4. Stewardship Economics • It’s all about trade-offs • For example, confidentiality and availability trade off, just like inflation and unemployment • Cost also trades off • Use utility theory to understand security trade-offs and system design • This is done for real in Security Analytics: utility theory and mathematical systems modelling yield predictive simulations in security management

  5. Satisficing Cloud Stewardship Service level Due diligence Target zone Sharing

  6. Summary • We’re making security management into a science • HP’s Security Analytics is the first (commercial) step • Stewardship presents huge challenges, in the Cloud, in the Internet of Things, … • Getting it right means doing the math, doing the economics, capturing behaviour, predicting design/investment consequences

More Related