Emerging security requirements

Abstract

Interest in the security of information systems has increased partly because of evolving systems maturity, and partly in response to dramatic intrusions into major systems. These have included intrusions by amateur 'hackers' which, although embarrassing have caused no substantial damage. Intrusions from employees are far more damaging but have not been widely publicized. The paper describes the US government's security policy and its implications for private organizations. A security policy is basic to the concept of security and defines the manner in which an information system can access and manipulate data. Protection mechanisms which enforce security policies are discussed. Mandatory and discretionary policies which form a particular security policy are outlined. The characteristics of a formal security model are also defined, and the design of a secure operating system is discussed. The present status of information systems security is outlined. © 1985.