ABSTRACT
Information plays a critical role in global economics as well as our security, safety, and quality of life. There is a growing disparity between the value of information and our capability to manage and protect it. Technical and policy research is needed to address this disparity. Fundamentally, we can not answer the following question, "how much security is enough?" We lack the capability to quantify the value of information, particularly information that has been processed and aggregated. We also face many difficulties when attempting to measure information security, characterize threats, understand vulnerabilities, or even formulate and sustain any specific security posture. As a result, we can not measure our risk and therefore can not manage it. Our efforts to address this problem can be divided into two categories, legal/policy and technical. Owners of physical assets, such as cash or gold, have the legal and technical means to augment fortification protections with armed guards and lethal force. From a legal perspective, protection of information is limited to fortification, in part because we lack sufficient attribution. From a technical perspective, we have built complex mountains of computer code on top of hardware architectures that will attempt to execute any arbitrary instructions. These systems cannot be effectively analyzed for vulnerabilities so as to ensure trustworthy and secure operation. Research is needed to address the systematic protection of information including information valuation, security metrics, strong attribution, trustworthy computing, sustainable security processes, and legal devices that will support comprehensive protection and risk management.
Recommendations
A Systematic Review of IoT Security: Research Potential, Challenges, and Future Directions
The Internet of Things (IoT) encompasses a network of physical objects embedded with sensors, software, and data processing technologies that can establish connections and exchange data with other devices and systems via the Internet. IoT devices are ...
Future directions for behavioral information security research
Information Security (InfoSec) research is far reaching and includes many approaches to deal with protecting and mitigating threats to the information assets and technical resources available within computer based systems. Although a predominant ...
Information Security Theory for the Future Internet
FICLOUD '15: Proceedings of the 2015 3rd International Conference on Future Internet of Things and CloudThe Future Internet and the Internet of Things (IoT) and clouds as its integral parts need a specialized theory for their information protection from different threats and intruders. The history and main results of research aimed at creating a ...
Comments