A conceptual design model for integrative information system security.

摘要

One characteristic of contemporary industrial and commercial concerns is their deepening dependence on computers and information technology apparatus. Rather than being restricted to ancillary (clerical and accounting-related) activities, they are increasingly relied on to support mainline operational functions. This is most evident among those firms now undertaking transitions from traditionally disaggregated (function-unit specific) MIS-type structures to fully-integrated information system architectures (i.e., Enterprise-Wide Management Support Systems. This suggests the need for a corresponding transition from disaggregated to integrated information system security structures. It is the procedural and mechanical provisions that underlie this complementary transition that are the primary focus of this dissertation.; As things now stand, what appears to be the best guide, albeit a bit indirectly, as to what an integrated information system security structure might look like is the Cooperative Engagement Capability (CEC) under development in the U.S. Military sector. Key to the CEC approach is the shift from unit-specific (disaggregated) to more clustered (integrative) control over the deployment of defensive assets. A central higher order authority controls the decisions regarding the allocation of countermeasures available to units in a geographical area, in order to increase allocative rationality. The defensive assets of an enterprise are limited and the centralized rational allocation of them would require integrative information system security in order to assure the survival and success of the firm now dependent upon information. The military-type approach to security relies upon intelligence processing (vs. data processing) provisions. This dissertation develops a top-down conceptual design model, which integrates information security into information systems and information operations by applying military concepts from military operations and military intelligence. The conceptual integrative information system security (I2S2) model will contain three levels of decomposed design. Each level of decomposition will show more granular integrative information system security design. Information systems security designers will find the level three I2S2 model useful to incorporate information system security as an integral component of the information system design.{09}A review of current literature reveals that there is no existing overarching architecture for integrative information system security to support information operations. Nearly every day, reports of information security incidents appear in the media and practitioners' literature, clearly showing that there is a pressing need for such an integrative information system security architectural framework. The catastrophic events of September 11, 2001 clearly demonstrate the immediate need for an integrative information system security subsystem. Human involvement as the decision-makers and non-integrative information system security on September 11, 2001 delayed countermeasures, which had they been taken minutes earlier could have drastically altered history.; Prior research in event-response models as published in the literature provides a starting point for the new conceptual integrative information system security model. This dissertation built upon these earlier research efforts and introduced new concepts forming a unique model that formalizes structure for information system security. This model consists of six components, derived through a structured approach. A chapter for each component will discuss that component's design development. A model base approach allows the formulation of threat scenarios upon which different integrative facilities can process acquired information to dynamically select and implement countermeasures.