60 likes | 192 Vues
Information Stewardship: Systems Perspectives, Systems Solutions. David Pym University of Aberdeen. Information Stewardship. Information stewardship is one of the next two big challenges for security/assurance research Stewardship goes beyond protecting CIA
E N D
Information Stewardship: Systems Perspectives, Systems Solutions David Pym University of Aberdeen Information Security Leaders, Edinburgh, 10/02/2011
Information Stewardship • Information stewardship is one of the next two big challenges for security/assurance research • Stewardship goes beyond protecting CIA • Adding/protecting value; complying with and upholding values; obligation; trust • The other one is the convergence of physical and information security concepts in the Internet of Things (airport security as an information processor)
Information Stewardship Lifecycle Environment: threat, economic, investment Policy: people, process, technology, operations Governance Design Revise SecurityAnalytics Analysis Assurance/situational awareness (Trusted) infrastructure
Stewardship Economics • It’s all about trade-offs • For example, confidentiality and availability trade off, just like inflation and unemployment • Cost also trades off • Use utility theory to understand security trade-offs and system design • This is done for real in Security Analytics: utility theory and mathematical systems modelling yield predictive simulations in security management
Satisficing Cloud Stewardship Service level Due diligence Target zone Sharing
Summary • We’re making security management into a science • HP’s Security Analytics is the first (commercial) step • Stewardship presents huge challenges, in the Cloud, in the Internet of Things, … • Getting it right means doing the math, doing the economics, capturing behaviour, predicting design/investment consequences