By Roy D. Follendore III
Copyright (c) 1999 RDFollendoreIII
All Rights Reserved
Security can be considered as a kind of filter quality control process. It can be used to make sure that the impurities of noise does not get into the knowledge you need. The fundamental problem with security is a hard wired concept tha has lost touch with essential human ideals. Security has become a technological concept, not a human one. This paper is about getting in touch with basis of security and it speaks about the use of technical key security processes for the management of appropriate information that is to be knowledge.
begins with human being making decisions within the context of their
they may make some profitable communication production decision but find there is a security
issue involving a concern for risk in executing that decision.
Next they define the security problem by resolving the nature and context
of the decision they made in the first place.
eventually get around to define what is at risk, the threat and they define the
vulnerability. From this they are reach consensus
on the acceptable level of risk and exposure to risk. The potential for profit
is weighed against the potential risk of damage. These things together
represent the model by which choices are considered. The choice of feature
points within this model are important. If any of these
decisions prove to be incorrect or inappropriate, then the process of developing a
security plan will inevitably go wrong.
decision as to what to do about the security problem is made based upon the
process indicated by the implied risk. However,
sometimes a simple operational change within the organization may dramatically
reduce the security problem. An
organizational change may also completely eliminate the problem.
Other times, technical solutions provide the means to continue operations
as they are within the existing organization.
time, with a large enough organization and given enough issues to contend with
there will be enough mistakes made to be detrimental to any security scheme.
The situation becomes just too complex.
The threat to the organizational Communications System will be magnified
by those mistakes and by errors made in correcting them.
Also, consider the fact that most threats may come and go.
The window of opportunity for all abilities to threaten or defend
independently change with time. The
dynamics of the communication systems involved, including the embedded
technologies influence these changes. The
problem with organizational and security is not only the fact that the threats
and vulnerabilities exist but also that the ability to appropriately attract
attention to these changes dynamically may not exist.
But there is only one point where security is both accessible and all times and enforceable at all times. Information is written in stored in and distributed locations across networks of systems and directories. Some information moves immediately through the system. Other reformation is stored locally but is inaccessible part of the information system only if access is provided by the individual who may literally have that data within his pocket.
The encryption algorithm that is used protect information can not only
act as a means to scramble data but can also act as a filter which can isolate
and enforce the isolation of reformation within the organizational
Communications system. The control point for this filter is the cryptographic key
that is used. The problem is that
the Key has been treated as an external and irrational process as it relates to
the information on which it acts. There
simply is no handle or means to otherwise control or point to the
characteristics that would be necessary to manage information as well as
managing the key itself.
Key Management Systems by their design have the obvious intent of being secure
through an irrational scheme of calculation.
This creates a problem that whatever control exists must become an
external process. These pointers
that are necessary to manage the keys, to understand the necessary application
of the keys, and to gain access to those keys when necessary, have to be tracked
independently of the message, and independently of the management of the files
being secured. As we all know the
problem with tracking information with an external pointer system is that that
system naturally degrades and becomes more difficult to manage as the system
becomes more complex.
solution is to create a new type of Key paradigm.
This Key must have attributes and be multi dimensional in its ability to
associate with the information used as well as be effective in protecting that
information through the use of unique algorithms. By embracing that fact it will become a cornerstone of the
reasoning process related to information control, transfer, and retrieval and
will become a fundamental change in the paradigm of security for the next
Copyright (c) 2001-2007 RDFollendoreIII All Rights Reserved