Year
1993
Abstract
Information Surety is the enhancement of the confidentiality, integrity, and availability of information and software systems. It is attained through sequential steps: identification of software reliability requirements and information protection needs, designing for a balanced level of risk throughout the system, and application of appropriate software and hardware technologies and procedures. The ability to apply these steps when developing systems is impaired by a general lack of understanding of surety issues by system developers, and by the fact that there are many separate areas of knowledge involved that are not currently integrated into a disciplined approach (e.g., risk assessment, information access control in computers and networks, secure messaging, trusted software development). Our best systems today are achieved by clever designers who use ad-hoc methods. In the absence of good development tools, technologies may be applied haphazardly and/or retrofitted, without yielding balanced protection. This paper will take the audience through an exploration of the elements of information surety, some common misconceptions about information surety today, and the even greater challenges on the horizon. It will end with some suggestions for research areas which will help evolve the discipline of information surety.