{"title":"系统理论与信息安全:一种新的教育方法的基础","authors":"Joseph R. Laracy, T. Marlowe","doi":"10.6025/ISEJ/2018/5/2/35-48","DOIUrl":null,"url":null,"abstract":"Information security education has traditionally been approached with a variety of tools. Models such as BellLaPadula and Clark-Wilson, cryptography, and formal methods seek to design systems without certain classes of vulnerabilities. Red teaming seeks to find vulnerabilities that were missed and security software often removes the vulnerabilities. To a lesser extent, probabilistic risk assessment and game theory have also been applied to assess threats. However, on their own, in isolation, these approaches have not “solved” the information security crisis. Internet security in particular is an area of great concern given the plethora of vulnerabilities that enable threats to confidentiality, integrity, availability, non-repudiation, authorization, authentication, and auditability. A new approach to information security engineering education is necessary that views the Internet as a complex, socio-technical system. A systems perspective acknowledges that security can only be achieved through a holistic model that addresses technological architecture and software processes, organizational behavior, and human factors. This paper suggests a novel method for information security education to identify and characterize current deficiencies in a network security control structure, elucidate the relationship between software/systems engineering and security risks, and inform an architectural description of a secure information system architecture.","PeriodicalId":140458,"journal":{"name":"Information Security Education Journal (ISEJ)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Systems Theory and Information Security: Foundations for a New Educational Approach\",\"authors\":\"Joseph R. Laracy, T. Marlowe\",\"doi\":\"10.6025/ISEJ/2018/5/2/35-48\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Information security education has traditionally been approached with a variety of tools. Models such as BellLaPadula and Clark-Wilson, cryptography, and formal methods seek to design systems without certain classes of vulnerabilities. Red teaming seeks to find vulnerabilities that were missed and security software often removes the vulnerabilities. To a lesser extent, probabilistic risk assessment and game theory have also been applied to assess threats. However, on their own, in isolation, these approaches have not “solved” the information security crisis. Internet security in particular is an area of great concern given the plethora of vulnerabilities that enable threats to confidentiality, integrity, availability, non-repudiation, authorization, authentication, and auditability. A new approach to information security engineering education is necessary that views the Internet as a complex, socio-technical system. A systems perspective acknowledges that security can only be achieved through a holistic model that addresses technological architecture and software processes, organizational behavior, and human factors. This paper suggests a novel method for information security education to identify and characterize current deficiencies in a network security control structure, elucidate the relationship between software/systems engineering and security risks, and inform an architectural description of a secure information system architecture.\",\"PeriodicalId\":140458,\"journal\":{\"name\":\"Information Security Education Journal (ISEJ)\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-12-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Information Security Education Journal (ISEJ)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.6025/ISEJ/2018/5/2/35-48\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Information Security Education Journal (ISEJ)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.6025/ISEJ/2018/5/2/35-48","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Systems Theory and Information Security: Foundations for a New Educational Approach
Information security education has traditionally been approached with a variety of tools. Models such as BellLaPadula and Clark-Wilson, cryptography, and formal methods seek to design systems without certain classes of vulnerabilities. Red teaming seeks to find vulnerabilities that were missed and security software often removes the vulnerabilities. To a lesser extent, probabilistic risk assessment and game theory have also been applied to assess threats. However, on their own, in isolation, these approaches have not “solved” the information security crisis. Internet security in particular is an area of great concern given the plethora of vulnerabilities that enable threats to confidentiality, integrity, availability, non-repudiation, authorization, authentication, and auditability. A new approach to information security engineering education is necessary that views the Internet as a complex, socio-technical system. A systems perspective acknowledges that security can only be achieved through a holistic model that addresses technological architecture and software processes, organizational behavior, and human factors. This paper suggests a novel method for information security education to identify and characterize current deficiencies in a network security control structure, elucidate the relationship between software/systems engineering and security risks, and inform an architectural description of a secure information system architecture.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
