Fëllanza Avdimetaj Assignment 1
1. What is Information Assurance?
IA known as Information Assurance is interrelated and play major role in the protection and defense of information system and the information that the system process, store and transmit. This includes confidence that the information systems will be protected and will function as they need to, when they need to, and providing restoration of information system by incorporating detection and reaction and by ensuring:
Information Assurance can be considered at three levels: physical, information infrastructure and perceptual.
2. What is the relationship between the ISO/IEC aspects of software quality and Information Assurance?
These standards specify software product quality characteristics and sub characteristics and their metrics. It is divided into four parts: quality model, external metrics, internal metrics, and quality in use metrics. Using the ISO 9126 (or any other quality model) brings clarity of definition purpose and operating capability. Grounds for justified confidence that a claim has been or will be archived. Below is a picture that shows the whole structure and the explanation for each of them.
3. Raggad’s conceptual resources
According to Raggad all the conceptual resources are distinctive from each other and those resources are not substantial in computing environment but add eloquent value. These resources represent the data that are transmitted through people or computers to produce information and make decisions.
There are four forms of conceptual resources:
Noise: Noise is considered any raw fact with an unknown code system. This is mostly used in cryptographic manner to share important information which has to be decrypted in order to be read.
Data: Are raw facts that are not noise but becomes data after applying the code system which means that raw facts with a known code system are considered data.
Information: Known as processed data that generate both awareness and curiosity. An information cannot be portioned raw facts unless other fragment is implied.
Knowledge: Facts that are accepted, fundamental and appropriate about a particular sphere.
4. DoD aspects of information needing protection?
According to the Department of Defense there are some aspects of information needing protection:
Availability: proper, safe access to data and information services for legitimate users
Integrity: protection against unauthorized alteration or destruction of information; Confidentiality: assurance that information is not disclosed to unauthorized persons; Authentication: security measures to establish the validity of a transmission, message, or originator.
Non-repudiation: assurance that the sender is provided with proof of a data delivery and recipient is provided with proof of the sender’s identity, so that neither can later deny having processed the data.
5. Herrmann’s security engineering domains
As stated by Debra Herrmann Information Assurance should be viewed as spanning four security engineering domains: physical security personnel security IT security operational security
Physical security consist to the protection of hardware, software, networks and data against physical actions or threats that would cause serious loss of assets. Such threats include fire, theft, natural disasters, terrorism, etc.
Personnel security is a system of policies and procedures which seek to mitigate the risk of workers (insiders) exploiting their legitimate access to an organization’s assets for unauthorized purposes.
IT security is the inherent technical features and functions that collectively contribute to an IT infrastructure achieving and sustaining confidentiality, integrity, availability, accountability, authenticity, and reliability.
Operational security consist on the involvement of standard operational security actions that determine the nature and frequency of the interaction between users, systems, and system resources, the purpose of which is to 1) .achieve and sustain a known secure system state at all times, and 2) prevent accidental or intentional theft, release, destruction, alteration, misuse, or sabotage of system resources.
Maconachy, W. Victor, et al. “A model for information assurance: An integrated approach.” Proceedings of the 2001 IEEE Workshop on Information Assurance and Security. Vol. 310. United States Military Academy, West Point. IEEE, 2001.
Vaughn, Rayford B., Ronda Henning, and Ambareen Siraj. “Information assurance measures and metrics-state of practice and proposed taxonomy.” System Sciences, 2003. Proceedings of the 36th Annual Hawaii International Conference on. IEEE, 2003.
“ISO/IEC 9126”, Software Engineering – Product Quality – Part 1: Quality Model ISO, 2001.
Krutz, Ronald L., and Russell Dean Vines. Cloud security: A comprehensive guide to secure cloud computing. Wiley Publishing, 2010.
Bhatti, Shahid Nazir. “Why quality?: ISO 9126 software quality metrics (Functionality) support by UML suite.” ACM SIGSOFT Software Engineering Notes 30.2 (2005): 1-5.
Libicki, Martin C. What is information warfare?. NATIONAL DEFENSE UNIV WASHINGTON DC INST FOR NATIONAL STRATEGIC STUDIES, 1995..Herrmann, Peter, and Gaby Herrmann. “Security requirement analysis of business processes.” Electronic Commerce Research 6.3-4 (2006): 305-335.