“Traditional” view of information security and information assurance and its key characteristics
The traditional approach distinguishes the concepts of security and safety – whereas both communities focus on preventing losses, the former deal with intentional activity and the latter focuses on the unintentional activities (Young & Leveson, 2007). There are two approaches to the analysis of the security’s operation: a tactic-based and a strategic approach. Traditional vision sticks to the tactic-based approach that implies concentrating on the ways of prevention rather than on the subject of security.
Key Functions
- identifying the weaknesses in the existing system that malefactors can take advantage of;
- foreseeing potential motives and targeting of attackers.
Core Competencies
- access control;
- risk management;
- physical security.
Strategies
- tactic-based strategy;
- strategic approach.
Aspects of the INFOSEC environment changing and influencing characteristics of the “traditional” view
The INFOSEC environment is constantly changing, which has a critical impact on the system’s efficacy requiring it to adjust to the new challenges. Thus, for example, modern systems are more complex – they consist of numerous elements. Experts also point out the increase in attacks which means that the risk assessment strategies need revising (Charitoudi & Blyth, 2013). In the meantime, from a technical perspective, INFOSEC currently possesses more developed tools and devices. Thus, for example, within a few decades, Japan has managed to improve the level of its INFOSEC significantly due to the rapid development of technologies in this country (Hsu & Marinucci, 2012).
Also, there is a growing need for implementing effective historical evaluation (Fitzgerald, 2011). In other words, it is essential to consider the previous experience an organization had in terms of security. Hence, for instance, a company should, first and foremost, identify the flaws of the old security strategy to work out a new efficient approach. The appearance of more complex systems requires the replacement of traditional casualty models implied by the traditional approach with STPA.
The increase in risks requires the implementation of socio-technical systems that were not implied by the traditional approach. The implementation of a historical approach might cause a shift from an autocratic style to a collaborative approach.
Thepossible impacts of the changes on the characteristics of the “traditional” view
The changes in the INFOSEC’s environment are likely to have a positive impact on its functioning. Thus, the implementation of a new analysis technique, STPA, can make the entire structure more flexible and productive as the relevant methods take into account all the key aspects: physical, social, logical, etc. Furthermore, the adaptation of an approach that implies historical perspectives is also apt to improve the general performance of INFOSEC.
At the current point of time, the community has managed to gather sustainable experience in terms of security that requires optimization and analysis. Also, the new socio-technical approaches that have recently appeared in the security context might assist in performing consistent risks evaluation. Therefore, it can be concluded that the general impact that the INFOSEC structure is likely to experience will have positive connotations.
Positive Outcomes
- STPA;
- socio-technical approaches;
- historical perspectives.
Importance of finding the connections in approaches
The analysis of the current set of things in the relevant area shows that there is a series of challenges that the INFOSEC will essentially meet. First of all, it is critical to reconsider the traditional approach to adjust it to the changes that have occurred since its introduction. Thus, the growth of the scopes of information that organizations have to handle requires the implementation of new strategies that would be adequate to the new demands.
Secondly, the development of technologies does not only represent the advantage and the facilitation of security management but also means that new professionals capable of working with these technologies need to be trained. Moreover, it is critical to introduce new approaches to risk evaluation as the attacks become more organized and well-planned. The sphere of criminal activity is developing simultaneously with the security communities so that the latter need to be on guard. It is, likewise, important to identify the new motive that attackers might pursue to determine the possible system’s weaknesses.
Combining the safety and security mindsets
Young and Leveson believe that the basic principles that underpin security and safety management are mainly alike, which means these communities need not be differentiated (Young & Leveson, 2007). In the meantime, it is essential to note that their rationale for the relevant argument has some weaknesses. Thus, the basic feature that differentiates the directions of the security and safety communities resides in the types of actions they try to prevent.
As long as safety is mainly aimed at preventing unintentional activity it does not give proper consideration to the problems of motives and causes. However, these problems are critical for identifying the weaknesses of the existing security structures. Unless security communities neglect these points, they will be unable to predict the possible types of losses and ensure the relevant level of protection. On the other side, Young and Leveson when they speak about the need for a complex approach that both communities should implement.
The key weakness of Young and Leverson’s argument: neglect the importance of the motive aspect that is critical for security and less significant for safety.
The key strength of their argument: they point out the need for a complex approach.
Reference List
Charitoudi, K., & Blyth, A. (2013). A Socio-Technical Approach to Cyber Risk Management and Impact Assessment. Journal of Information Security, 4(1), 33-41. Web.
Fitzgerald, T. (2011). Information Security Governance Simplified: From the Boardroom to the Keyboard. Boca Raton, Florida: CRC Press. Web.
Hsu, D.F., & Marinucci, D. (2012). Advances in Cyber Security: Technology, Operations, and Experiences. New York, New York: Fordham University Press. Web.
Young, W., & Leveson, N.G. (2007). An Integrated Approach to Safety and Security Based on Systems Theory. Communications of the ACM, 57(2), 31-35. Web.