click to expand

In their September 4, 2007, DMReview [Update: now called Information Management] has a nice overviewarticle regarding information security.

The article discusses a traditional layered security framework (data, application, host, network, and perimeter) and how the new challenges of the Internet create new challenges.

… when we talk about security, we may want to look at the entire security space from outside in, using the diagram in Figure 1[above]. An important point that needs to be emphasized here is that neither of the disciplines taken separately – network, perimeter, platform, application, data and user security – could offer a complete security assurance.

The events of recent history and the heightened awareness of the real dangers that can be exploited by various terrorist organizations and unscrupulous opportunists have taught us that in order to be and feel secure, we need to achieve “end-to-end security” – an environment that does not intentionally or by omission expose security holes, and that can provide the business benefits of security – privacy, confidentiality, integrity and trust (see Figure 2 [below]).

Only a strong understanding of potential security vulnerabilities and an effective combination of various security technologies and disciplines can ensure that this goal can be achieved.

click to expand

The article finishes with a discussion of the traditional security requirements: authentication, authorization, confidentiality, integrity, verification and nonrepudiation, auditing and accountability, availability, and security management.

However, as businesses and government organizations continue to expand their Internet channels, new security requirements have emerged that introduce additional complexity into an already complex set of security concerns.

The article gives a nice, short overview on the topic.

Comments