Skip to main content
SpringerLink
Log in

The Impact of Unavailability on the Effectiveness of Enterprise Information Security Technologies

  • Conference paper
Service Availability (ISAS 2008)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 5017))

Included in the following conference series:

Abstract

This paper surveys existing enterprise technologies that control access to confidential digital data, and analyzes the impact of system and staff unavailability on the obtained security. The researched technologies allow restrictions to be placed on copying, editing, viewing and printing from within various software applications, provide auditing options and prevent outsider access through encryption. We discuss USB access control solutions, digital rights management software, disk encryption techniques and operating system solutions, respectively. An interesting aspect of the various technologies is their reliance on the cooperation of various people and system components, thus making it vulnerable to unavailability of these people and components. Two opposite effects (security risk and productivity loss) determine the effectiveness of information security technologies, and we analyze the impact of unavailability of resources on both these metrics.

Supported in part by: UK Department of Trade and Industry, grant nr. P0007E (‘Trust Economics’), UK EPSRC platform grant EP/D037743/1 (‘Networked Computing in Inter-Organisation Settings’), EU network of excellence 026764 (‘ReSIST: Resilience for Survivability in IST’) and EU coordination action 216295 (‘AMBER: Assessing, Measuring, and Benchmarking Resilience’).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Avoco Secure Limited, Secure2Trust (as viewed 09/05/07), www.avocosecure.com/html_pages/products/secure2trust.html

  2. Centennial Software, Gone in Sixty Seconds: The Executive Guide to Internal Data Theft (2006) (as viewed 29/07/07), www.centennial-software.com/resources/whitepapers/?product=2

  3. Centennial Software, DeviceWall Product Info (as viewed 09/05/07), www.devicewall.com/pro/

  4. Charlesworth, A.: Data theft by employees ‘commonplace’ (as viewed 29/07/07), www.vnunet.com/vnunet/news/2165309/theft-employees-commonplace

  5. Check Point Software Technologies Inc., Pointsec Protector (as viewed 10/05/07), www.checkpoint.com/products/datasecurity/protector/index.html

  6. Clark, G., Courtney, T., Daly, D., Deavours, D., Derisavi, S., Doyle, J.M., Sanders, W.H., Webster, P.: The Möbius Modeling Tool. In: Proceedings of the 9th International Workshop on Petri Nets and Performance Models, Aachen, Germany, September 11-14, 2001, pp. 241–250 (2001)

    Google Scholar 

  7. Dekart, Private Disk (as viewed 20/06/07), www.dekart.com/products/encryption/private_disk/

  8. GFI Software, GFI EndPoint Security (as viewed 09/05/07), http://www.gfi.com/endpointsecurity/

  9. Infowatch, Internal IT Threats in Europe 2006 (as viewed 29/07/07), www.infowatch.com/threats?chapter=162971949&id=207784668

  10. Layton Technology, DeviceShield (as viewed 20/06/07), www.laytontechnology.com/pages/deviceshield.asp

  11. McAfee Inc., McAfee Data Loss Prevention (as viewed 20/06/07), www.mcafee.com/us/enterprise/products/data_loss_prevention/data_loss_prevention.html

  12. Microsoft Corporation, Windows Rights Management Services (as viewed 20/06/07), www.microsoft.com/windowsserver2003/technologies/rightsmgmt/default.mspx

  13. Microsoft Corporation, Windows Server 2003 Active Directory (as viewed 02/06/07), www.microsoft.com/windowsserver2003/technologies/directory/activedirectory/default.mspx

  14. Microsoft Corporation, Windows Vista Home Page (as viewed 18/07/07), www.microsoft.com/windows/products/windowsvista/default.mspx

  15. Microsoft Corporation, About Information Rights Management (as viewed 20/06/07), office.microsoft.com/en-us/help/HP062208591033.aspx

  16. Microsoft Corporation, Step-By-Step Guide to Controlling Device Installation and Usage with Group Policy (as viewed 20/06/07), www.microsoft.com/technet/windowsvista/library/9fe5bf05-a4a9-44e2-a0c3-b4b4eaaa37f3.mspx

  17. Microsoft Corporation, Windows Vista Security Guide Chapter 3: Protect Sensitive Data (as viewed 20/06/07), http://www.microsoft.com/technet/windowsvista/security/protect_sensitive_data.mspx

  18. Oracle Corporation, Oracle Information Rights Management (as viewed 09/05/07), www.oracle.com/products/middleware/content-management/information-rights-management.html

  19. Parkin, S.E., van Moorsel, A.: A Trust-economic Perspective on Information Security Technologies, Technical Report CS-TR:1056, School of Computing Science, Newcastle University (October 2007)

    Google Scholar 

  20. Reflex Magnetics, Reflex Magnetics Disknet Pro (as viewed 09/05/07), www.reflex-magnetics.co.uk/products/disknetpro/

  21. Russinovich, M.: Windows Administration: Inside the Windows Vista Kernel: Part 3 (as viewed 18/07/07), www.microsoft.com/technet/technetmag/issues/2007/04/VistaKernel/default.aspx

  22. Safend Ltd., Safend Protector (as viewed 10/05/07), www.safend.com/65-en/Safend%20Protector.aspx

  23. SafeNet Inc., SafeNet ProtectPack (as viewed 09/05/07), www.safenet-inc.com/products/data_at_rest_protection/ProtectPack.asp

  24. SecureWave, SecureWave Sanctuary Device Control (as viewed 09/05/07), www.securewave.com/usb_security.jsp

  25. Smartline Inc., DeviceLock (as viewed 09/05/07), www.protect-me.com/dl/

  26. TrueCrypt Foundation, TrueCrypt (as viewed 20/06/07), www.truecrypt.org/

  27. Wattanajantra, A.: Data Thefts and Losses in the UK-Timeline (as viewed January 25, 2008), www.itpro.co.uk/news/158184/data-thefts-and-losses-in-the-uk-timeline.html

  28. Workshare Inc., Workshare Protect (as viewed 09/05/07), www.workshare.com/products/wsprotect/default.aspx

Download references

Author information

Authors and Affiliations

  1. School of Computing, Newcastle University, Claremont Tower, NE1 7RU, Newcastle upon Tyne

    Simon Edward Parkin, Rouaa Yassin Kassab & Aad van Moorsel

Authors
  1. Simon Edward Parkin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Rouaa Yassin Kassab
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Aad van Moorsel
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Takashi Nanya Fumihiro Maruyama András Pataricza Miroslaw Malek

Rights and permissions

Reprints and permissions

Copyright information

© 2008 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Parkin, S.E., Yassin Kassab, R., van Moorsel, A. (2008). The Impact of Unavailability on the Effectiveness of Enterprise Information Security Technologies. In: Nanya, T., Maruyama, F., Pataricza, A., Malek, M. (eds) Service Availability. ISAS 2008. Lecture Notes in Computer Science, vol 5017. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-68129-8_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-68129-8_6

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-68128-1

  • Online ISBN: 978-3-540-68129-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation