Title :
A threat-based definition of IA and IA-enabled products
Author :
Campbell, Philip ; Schaefer, Mark ; Shakamuri, Mayuri
Author_Institution :
Sandia Nat. Labs., Albuquerque, NM, USA
Abstract :
This paper proposes a definition of “IA and IA-enabled products” based on threat, as opposed to “security services” (i.e., “confidentiality, authentication, integrity, access control or non-repudiation of data”), as provided by Department of Defense (DoD) Instruction 8500.2, “Information Assurance (IA) Implementation.” The DoDI 8500.2 definition is too broad, making it difficult to distinguish products that need higher protection from those that do not. As a consequence the products that need higher protection do not receive it, increasing risk. The threat-based definition proposed in this paper solves those problems by focusing attention on threats, thereby moving beyond compliance to risk management. (DoDI 8500.2 provides the definitions and controls that form the basis for IA across the DoD.) Familiarity with 8500.2 is assumed.
Keywords :
risk management; security of data; Department of Defense; DoDI 8500.2; IA-enabled products; information assurance implementation; risk management; threat based definition; Access control; Authentication; Fires; Information systems; Laboratories; US Department of Defense; DoDI 8500.2; IA and IA-enabled products; threat; threat-based model;
Conference_Titel :
Security Technology (ICCST), 2010 IEEE International Carnahan Conference on
Conference_Location :
San Jose, CA
Print_ISBN :
978-1-4244-7403-5
DOI :
10.1109/CCST.2010.5678675
