Abstract
This paper surveys existing enterprise technologies that control access to confidential digital data, and analyzes the impact of system and staff unavailability on the obtained security. The researched technologies allow restrictions to be placed on copying, editing, viewing and printing from within various software applications, provide auditing options and prevent outsider access through encryption. We discuss USB access control solutions, digital rights management software, disk encryption techniques and operating system solutions, respectively. An interesting aspect of the various technologies is their reliance on the cooperation of various people and system components, thus making it vulnerable to unavailability of these people and components. Two opposite effects (security risk and productivity loss) determine the effectiveness of information security technologies, and we analyze the impact of unavailability of resources on both these metrics.
Supported in part by: UK Department of Trade and Industry, grant nr. P0007E (‘Trust Economics’), UK EPSRC platform grant EP/D037743/1 (‘Networked Computing in Inter-Organisation Settings’), EU network of excellence 026764 (‘ReSIST: Resilience for Survivability in IST’) and EU coordination action 216295 (‘AMBER: Assessing, Measuring, and Benchmarking Resilience’).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Avoco Secure Limited, Secure2Trust (as viewed 09/05/07), www.avocosecure.com/html_pages/products/secure2trust.html
Centennial Software, Gone in Sixty Seconds: The Executive Guide to Internal Data Theft (2006) (as viewed 29/07/07), www.centennial-software.com/resources/whitepapers/?product=2
Centennial Software, DeviceWall Product Info (as viewed 09/05/07), www.devicewall.com/pro/
Charlesworth, A.: Data theft by employees ‘commonplace’ (as viewed 29/07/07), www.vnunet.com/vnunet/news/2165309/theft-employees-commonplace
Check Point Software Technologies Inc., Pointsec Protector (as viewed 10/05/07), www.checkpoint.com/products/datasecurity/protector/index.html
Clark, G., Courtney, T., Daly, D., Deavours, D., Derisavi, S., Doyle, J.M., Sanders, W.H., Webster, P.: The Möbius Modeling Tool. In: Proceedings of the 9th International Workshop on Petri Nets and Performance Models, Aachen, Germany, September 11-14, 2001, pp. 241–250 (2001)
Dekart, Private Disk (as viewed 20/06/07), www.dekart.com/products/encryption/private_disk/
GFI Software, GFI EndPoint Security (as viewed 09/05/07), http://www.gfi.com/endpointsecurity/
Infowatch, Internal IT Threats in Europe 2006 (as viewed 29/07/07), www.infowatch.com/threats?chapter=162971949&id=207784668
Layton Technology, DeviceShield (as viewed 20/06/07), www.laytontechnology.com/pages/deviceshield.asp
McAfee Inc., McAfee Data Loss Prevention (as viewed 20/06/07), www.mcafee.com/us/enterprise/products/data_loss_prevention/data_loss_prevention.html
Microsoft Corporation, Windows Rights Management Services (as viewed 20/06/07), www.microsoft.com/windowsserver2003/technologies/rightsmgmt/default.mspx
Microsoft Corporation, Windows Server 2003 Active Directory (as viewed 02/06/07), www.microsoft.com/windowsserver2003/technologies/directory/activedirectory/default.mspx
Microsoft Corporation, Windows Vista Home Page (as viewed 18/07/07), www.microsoft.com/windows/products/windowsvista/default.mspx
Microsoft Corporation, About Information Rights Management (as viewed 20/06/07), office.microsoft.com/en-us/help/HP062208591033.aspx
Microsoft Corporation, Step-By-Step Guide to Controlling Device Installation and Usage with Group Policy (as viewed 20/06/07), www.microsoft.com/technet/windowsvista/library/9fe5bf05-a4a9-44e2-a0c3-b4b4eaaa37f3.mspx
Microsoft Corporation, Windows Vista Security Guide Chapter 3: Protect Sensitive Data (as viewed 20/06/07), http://www.microsoft.com/technet/windowsvista/security/protect_sensitive_data.mspx
Oracle Corporation, Oracle Information Rights Management (as viewed 09/05/07), www.oracle.com/products/middleware/content-management/information-rights-management.html
Parkin, S.E., van Moorsel, A.: A Trust-economic Perspective on Information Security Technologies, Technical Report CS-TR:1056, School of Computing Science, Newcastle University (October 2007)
Reflex Magnetics, Reflex Magnetics Disknet Pro (as viewed 09/05/07), www.reflex-magnetics.co.uk/products/disknetpro/
Russinovich, M.: Windows Administration: Inside the Windows Vista Kernel: Part 3 (as viewed 18/07/07), www.microsoft.com/technet/technetmag/issues/2007/04/VistaKernel/default.aspx
Safend Ltd., Safend Protector (as viewed 10/05/07), www.safend.com/65-en/Safend%20Protector.aspx
SafeNet Inc., SafeNet ProtectPack (as viewed 09/05/07), www.safenet-inc.com/products/data_at_rest_protection/ProtectPack.asp
SecureWave, SecureWave Sanctuary Device Control (as viewed 09/05/07), www.securewave.com/usb_security.jsp
Smartline Inc., DeviceLock (as viewed 09/05/07), www.protect-me.com/dl/
TrueCrypt Foundation, TrueCrypt (as viewed 20/06/07), www.truecrypt.org/
Wattanajantra, A.: Data Thefts and Losses in the UK-Timeline (as viewed January 25, 2008), www.itpro.co.uk/news/158184/data-thefts-and-losses-in-the-uk-timeline.html
Workshare Inc., Workshare Protect (as viewed 09/05/07), www.workshare.com/products/wsprotect/default.aspx
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Parkin, S.E., Yassin Kassab, R., van Moorsel, A. (2008). The Impact of Unavailability on the Effectiveness of Enterprise Information Security Technologies. In: Nanya, T., Maruyama, F., Pataricza, A., Malek, M. (eds) Service Availability. ISAS 2008. Lecture Notes in Computer Science, vol 5017. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-68129-8_6
Download citation
DOI: https://doi.org/10.1007/978-3-540-68129-8_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-68128-1
Online ISBN: 978-3-540-68129-8
eBook Packages: Computer ScienceComputer Science (R0)