Business communications question

User Generated

fpbgg058

Business Finance

Description

Looking for a brief summary on the following article. About 125 or so words


document(3)Article.pdf

Unformatted Attachment Preview

Security Framework for Information Systems José Martins1, Henrique dos Santos2 and Paulo Nunes3 1 Academia Militar - Cinamil, Lisboa, Portugal 2 University of Minho - Department of Information Systems, Guimarães, Portugal 3 Academia Militar - Cinamil, Lisboa, Portugal jose.carloslm@gmail.com hsantos@dsi.uminho.pt pfvnunesam@gmail.com Abstract: Nowadays, information is one of the most important resources in an organization, supporting most of the business processes. So, organizations must try to guarantee at all times information’s fundamental properties: confidentiality, integrity, and availability. Information Systems are a determining factor for the organization’s capability, consisting of a tool that stimulates its productivity, indispensable in the decision making process at the various levels of management. The current network society supported primarily through Internet, presents new threats to information networks that support organizational Information Systems, independently of their dimension, nature, organization and technological resources. This scenario requires the utilization of a Security Framework in order to guarantee the information security, and also to integrate a set of different organizational views: a scientific community (conceptual model); decider’s perception (behavioural model); and a technological model, as support for business processes. An established security policy and operational identification and evaluation methodology of risk must be distinguished in order to protect an organization from threats towards its information systems or information resources which it is responsible for. In this paper we propose a Security Framework for organizational Information Systems, to guarantee the security of the major information actives and to serve as a possible model of security information management, to supporting the decision making process on information security and management. We search to minimize the possible actions of Information Warfare / Competitive Intelligence, outlining in this framework the various standards of good information security practises. We have as an objective to guarantee the protection of Information Systems from the various methods of attack in use and types of weapons utilized. Keywords: Information systems, information warfare, information security management and analysis and evaluation of risk 1. Introduction Organizations as “complex entities” integrated within a networking society mostly operate based on formal or ad-hoc processes, supported by information flows which are handled by people and supported in a technological infrastructure connected to the Internet. Consequently, in view of Information Warfare / Competitive Intelligence, there is the need for effective information security, based on a risk analysis of the systems utilized in the organizations, in order to identify the threats these are subjected to. The identification and evaluation of risks should correspond to a dynamic process, to be performed periodically so as to keep the multiple indicator of any possible Security Framework updated. This should reflect the organization’s external and internal changes, keeping information security always as a main goal, but having the care of not drastically interfering with the main objectives of the business. There exist diverse international standards for good practices in information security, some containing a strict methodology for identifying and assessing risks, presenting the organization’s decision-makers with a macroscopic vision of information security. However, the great majority is based on models of generic threats, of technological questions and therefore minimally integrated with the organization’s reality. The main question we intend to answer in this article is the following: Is it possible to build an Information Security Framework for an organization based on the concepts and principles that ensures the security of the Information Systems (IS) and their information, faced with the actions of the Information Warfare / Competitive Intelligence? To answer this question we explore the possibility of approaching Information Security with four security dimensions shown in Figure 1: Organizational, Physical, Personal, and Technological. . 164 José Martins et al Figure 1: Information security dimensions The security of the Organizational, Physical, Personal, and Technological dimensions aims at blocking the major methods used for attacking the organization. A correct analysis of the organizational IS structure and dynamics is fundamental to ensure the Security Framework’s efficient planning and implementation. The indicated dimensions (organizational, physical, personal and technological), will result from the deciders’ perceptions of the probability of attacks to the computers’ networks (technological dimension), particularly vulnerable to denial of service and malware. Due to the possibility of physical destruction (physic level) as its own name indicates, consists in the physical destruction, through electronic or physical means from the target and by the management of perceptions (personal dimension) or rather actions that have as an objective influencing specific audiences, in which combinations of other capabilities in an orderly form (physiological, propaganda, deception operations), control the adversary’s will. From the various levels of international norms, codes of good practice, certifications for information security we could encounter from approaches that are more focused in technologies or in business personal. Fundamentally dualism: NATO security directives, norm ISO/IEC 27001: 2005, the National Institute of Standards and Technology of the United States of America Recommendations (NIST SP 800 – 26, 800 – 42), norms ISO/IEC 13335 – 4 and 13335 – 5, OCTAVE methodology (Alberts and Donofre, 2001). However, in accordance to the specificity of the actions of the threats and in the Information War, the construction of a framework of Information Security was chosen. Its construction is made throughout the article. In the second section we analysed the general environment and the task which the organizations actually are interested in. In third and fourth, we present a possible approach to the threats and methods of attack conceptually framed in the concepts of War Information and in the possible levels of action. In Section 5 the components and indicators are identified in our opinion for information security. The conclusions and future possibilities are presented in Section 6. 165 José Martins et al 2. Organizations, surrounding systems and information systems For an effective information security it is necessary to analyze the systems interacting with the organization and the multiple agents and their relations (see Figure 2), in order to identify the threats it is under and put them into perspective. Figure 2: The organization and the surrounding environment, source: (1998, p.19) Following the organization’s external analysis, it is necessary to integrate the internal, which mainly includes identifying the principle vulnerabilities to the IS components. In this context it is fundamental to analyze the organization’s recognized levels (Strategic, Management and Operational) and activities, identifying the existing information on each organizational level and the supporting human and technological resources. This activity generates an initial draft of the information flows running through the organizations, identifying the fundamental processes where information is essential to achieve the business goals. An extensive analysis of the IS supporting the management levels above, according to the components shown in Figure 3, will provide an in-depth description of the vulnerabilities they are subjected to and the measures implemented or planned to confront them. This vulnerability analysis forcibly has to include the technological, physical, human (decisions are built in terms of individual reasoning), and organizational (operating processes) dimensions. This stage essentially consists of describing the organization’s internal structure and dynamics. 166 José Martins et al Figure 3: Information system based on computers (Source: Turban et al. (2003, p.19) The information Security Framework should consider the organizational IS components. These fundamentally use computers (hardware and software) and communication technologies (networks), supported by procedures and the people working with the system itself or using its outlet (Turban et al., 2003). 3. Information warfare As we can see in Figure 4, based on one of the possible models for Information Operations (IO) which we will follow in this article, these are the targets likely to be explored in possible attacks to cause direct or indirect effects on the physical, information and cognitive levels. We should therefore seek to cancel or minimize its effects by implementing a proper set of controls (e.g. policies, procedures and technology). Figure 4: Information operations operating model: (Source) Adapted from Waltz (1998, p.149) The actions or possible attack methods the IS may be under are framed within the IO, and consist of a set of activities and capacities used to affect the opponent’s information and IS (FM 100-06, 1996). Within the context of Information Warfare, these actions are developed to obtain information superiority, which consists of achieving an operating advantage from the ability to gather, process and disseminate a steady flow of information while exploring or denying the opponent with that same ability (FM 3-13, 2003). 167 José Martins et al The enforcement of an information security model essentially mainly requires the positive identification of threats and vulnerabilities, and the simulation of the attacks to which the information resource is subjected to, in order to determine the impact of a possible attack. Actually, an attack consists of a set of actions that, by exploring one or more IS vulnerabilities, violate its own security properties, causing some sort of impact on the resources. Therefore, with known attacks, it is possible to act on the explored vulnerabilities by blocking the threats they generate. The previously shown analysis lead us to stress the importance of building a concept model for information security that represents the dimensions, components and indicators to bear in mind when setting in motion an integrated organizational IS security system, simultaneously providing decisionmakers with an Information Security Management Model. 4. Classification of threats, attack methods and weapons In view of the prior theoretical considerations, only given a comprehensive list of the threats and ways to materialize them into system attacks is it possible to develop an IS Security Framework. This threat list is achieved through a set of iterations that supply a global vision of the organization’s possible external and internal threats. In the first iteration, and due to the need to separate the threat classification from the type of organization (Civil & Military), its size, public or private nature and IT resources, we choose to present a strategic vision that easily contextualizes the evolution of a strategic attack, with all its possible developments on the operational and tactical level. We consider, however, that a tactical threat may – through an attack method – explore an infrastructure’s vulnerabilities and cause a strategic impact. Conforming to the US guidelines (FM 3 – 13, 2003), which we shall consider in this article for supporting the Security Framework, the treats operating in the information environment are classified according to their capacities in the following manner: ƒ First Level – Amateurs, isolated or in small groups, using common hacking tools and techniques, in an unsophisticated and non significantly supported manner. ƒ Second Level – Individuals or small groups supported by corporate entities, terrorists, or other transnational groups, using common hacking tools in a somewhat sophisticated manner. Their activities include espionage, data collection, network tracking and scanning, and data theft. ƒ Third Level – Individuals or small groups supported by state institutions (civilian or military) and significant resources, using sophisticated tools. Their activities are identical to the third level’s. ƒ Fourth Level – Information Operations enforced by States, especially through Computer Network Attacks, using the most advanced tools and deception techniques in coordination with military operations. In a second iteration for threat analysis, we focus on organizational management, which is supplied with dozens of models to reduce complexity and uncertainties, and solve organizational problems. We use two models, considered by managers worldwide as the most useful in daily tasks, which may be used to run the organization’s strategic analysis from the threat identification and analysis standpoint: the SWOT analysis method (Strengths, Weaknesses, Opportunities and Threats) and PORTER’s five forces model. Porter’s five forces competitive analysis model puts the emphasis on the external competitive forces associated with our organization. Therefore, the indicators to keep an eye on are: the existing competitors, new participants, buyers, suppliers, and possible substitutes from the information conflictuality’s point of view (the competition is guaranteed). The SWOT analysis method allows us to combine an analysis of the external environment with the internal component. The third iteration lets us classify some of the internal threats to the IS components themselves by using the taxonomy presented by Pfleerger and Pfleerger (2006), consisting of: ƒ By discontinuing the service, reaching availability through destruction, damage, or contamination; refusing or delaying, in accessing and displacing, or obscuring. 168 José Martins et al ƒ By changing, reaching integrity by means of false data input or generation; replacing, removing, separating, or reordering; representing or encoding and repudiating. ƒ By intercepting, reaching confidentiality by means of illicit copy, observation, monitoring, or deduction; control transfer or custody, and broadcasting (particularly through legitimate users by negligence or fraud). Natural catastrophes are also included in the threats, as they assume a set of natural risks over a given component or components in organizational IS that may have an impact on their business processes and physical structure. As for the attack methods 1 used by the threats to attack the Military Command and Control infrastructures and systems (i.e. the IS), we use FM 3 – 13 (2003) classification, maintaining a conceptual coherence with the types of threats we classify in the following manner: forcing unauthorized access, malicious software engineering, electronic deception, electronic attack, computer network attacks, physical destruction and perception management. For the attack methods more focused on technology, such as malicious software engineering and computer network attacks, we add the classification suggested by Kurose and Ross (2008), which consists of the following taxonomy: using Malware (e.g. Virus, worms and trojans); Denial of service (DoS); Packet Sniffer; Masquerade (e.g. IP spoofing) and man-in-the-middle. In view of the attack methods described above, we may consider the usage of physical destruction weapons, syntax weapons (e.g. virus), aimed at attacking an information system’s operating logic, and semantics weapons, which seek to manipulate, modify or destroy decision-making support models, thus affecting the perception and representation of reality by the users (Nunes, 1999). 5. Information systems security framework A conceptual model for information security requires the identification, management and control of the several security dimension’s components and indicators, facilitating the decision-makers perception of the IS security’s reality. We consider a top-down approach to reference each dimension’s major components. Actually, we intend to identify the organization’s critical and vital functions from the IS security’s perspective, the critical side being to ensure the organization’s business continuity. Simultaneously, we carry out a bottom-top approach, in which we set out to group the main information security indicators by administration functionalities and technical similarities. 5.1 Information security organizational dimension The purpose of this dimension is to run an analysis of the organization, its management, and IS and information security control. A management structure must be established to initiate and control the application of the information security within the organization. The organization’s correct overview is fundamental to ensure the Security Framework’s proper planning and application. Table 1 identifies what we believe to be its main components and indicators, major concerns being to identify the real and potential threats to the organization and the critical assets to protect. Table 1: Information Security Organizational Dimension COMPONENTS 1. Quality Management System 2. Information Systems PROBABLE INDICATORS Mission, policy and vision Business requirements Business processes Process managers Operating areas and activities IT service management Operating managers 1 Attack methods materialize (accomplish) the action or set of actions used by a threat (they have the potential) to explore one or more vulnerabilities in a given asset of the organizational IS. 169 José Martins et al COMPONENTS 3. Interfaces 4.Laws and Regulations 5. Management Systems 6. Strategic Analysis 7. Security Infrastructure 8. Others PROBABLE INDICATORS Specialists IS analysis and design failures Value chain Subsystems Information exchanges National and international Legal IT requirements Client requirements Ethical structure Capacity planning Project management Change management Knowledge management Communication management Project managers SWOT analysis Porter’s five forces analysis Threat identification and analysis Security committee (plan and approve) Management committee (coordinate the application) Process / asset executives (execute) … We view the Strategic Analysis component as the dimension’s main driver due to the importance of a proper threat identification and analysis to the entire application methodology. This threat identification will provide strictly detailed scenarios of possible attacks to explore vulnerabilities of the critical assets identified in organizational IS. 5.2 Information security planning dimension This dimension integrates planning and managing all information security controls (indicators), considering every support resource and implemented measure to ensure its security in the different dimensions presented in the Framework. Table 2 identifies what we believe to be its main security components and indicators. Tabe 2: Information Security Planning Dimension COMPONENTS 1.Risk Identification and Assessment 2.Security Policy 3.Security Policies, Standards and Procedures 4. Global Security Plan PROBABLE INDICATORS Reference methodology Report (classified) Asset inventory (includes the information) Document Published and reported Signed revisions Human resource policy Security standards Information classification and management Procedures for using passwords Procedures for using equipments Procedures for using storage devices Procedures for accessing the Web Procedures for using e-mail Continuity management policy Integrated access control policy Information communication / broadcast policy Backup policy Log retention policy Clear desk / clear screen policy Mobile computing policy Software use policy Acquisitions policy Goals Current status Strategy Action plan Benefits The team’s functional structure 170 José Martins et al COMPONENTS PROBABLE INDICATORS Budget and necessary resources Technical terminology Internal and external reports Intrusion testing (e.g. simulating attacks) Vulnerability detection and auto correction Incident reports Dissuasive measures (difficulting attacks) Detection measures (tracking down attacks) Diversion measures (eluding attacks) Entities to monitor and contact (e.g. CERT) Disaster recovery plan Identified and analyzed risk scenarios Disaster recovery architecture Alternative site Recovery team Plan rehearsals Relation with IT management Specific training Plan maintenance and revision Responsible entity Procedures for obtaining evidence Reports Criminal and disciplinary consequences … 5.Security Auditing 6.Attack Monitoring, Detection and Response 7.Business Continuity 8.Offences and Forensic Analysis 9. Others The planning dimension fundamentally has ISO / IEC 27001 (2005) as a reference for the international standard for good practices in information security in 10 key areas. We consider the Security Policies, Standards and Procedures component the dimension’s main driver, reflecting the information security risk identification and assessment previously conducted by the organization. 5.3 Information security physical dimension Its main goal is to ensure the IS physical protection in general, and the protection of all its components (e.g. hardware, software, documents and magnetic devices) in particular, where we essentially consider the components and indicators pointed out in Table 3. Table 3: Information Security Physical Dimension COMPONENTS PROBABLE INDICATORS (LEVEL OF EXPOSURE) Internal emergency plan 1. Internal Emergency 2.Critical Infrastructure 3.Facilities 4.Equipments 5.Critical Areas Fire detecting and fighting Flood detecting and fighting Gas leak detecting Protecting dangerous sites Main power supply Telecommunications Plans of the organization Access types (e.g. controlled) Area typology Physical structure Equipment catalogue Storage device catalogue Equipment identification Contact persons Access type Physical disposition and protection Network access sites Maintenance service record Location Classification Structure Illumination and visual indicators Storage and cleaning Uninterrupted power source (UPS) 171 José Martins et al COMPONENTS PROBABLE INDICATORS (LEVEL OF EXPOSURE) 6.Access Physical Control 7. Disposal / Reuse 8.Listening, Observation and Electromagnetic Radiation Protection 9.Service and Maintenance 10. Others Backup generators Surveillance systems Cables Air conditioning systems Access control Fire detecting and fighting Monitoring Emergency procedures Local grounding Flood detection and draining Physical security perimeter Video surveillance systems Alarm systems Access points Control and record systems Equipments and documents Acoustic insulation Tempest specifications Internal and external Reports Maintenance contracts … We consider the Internal Emergency component this dimension’s main driver because, after identifying and analyzing the threats, we can see in this component the main physical vulnerabilities that may be explored in the organization. 5.4 Information security personal dimension The personal security dimension seeks to reduce the risk of intentional or negligent human error over the IS components, particularly avoiding Social Engineering attacks that are set to explore one of security’s weakest links – the human element. We are fundamentally considering the security components and indicators pointed out in Table 4. Tabe 4: Information Security Personal Dimension COMPONENTS 1.Recruiting and Releasing 2.Task Performance 3.Training 4.Social Engineering 5. Others PROBABLE INDICATORS (LEVEL OF EXPOSURE) Security philosophy Code of ethics Confidentiality agreement Background check Releasing procedures Quitting procedures Accreditation Job and employee profile Outsourcing Personnel record Internal and external Training seminars Reference methodology Good practices … In conclusion, we consider the Task Performance component as this dimension’s main driver. This dimension should essentially prevent Social Engineering attacks, avoiding user manipulation in a way that persuades them to perform certain actions with the intent of changing information security’s main properties. 5.5 Information security technological dimension The purpose of this dimension is to ensure the correct data and information processing, transmission and storage, indispensable to guarantee information security. As a conceptual model for an easier perception by the decision-maker, we divide this dimension into three: an application (processing) 172 José Martins et al dimension, a logic (identification and storage) dimension, and finally, a network (transmission) dimension. Each dimension is particularly oriented towards the aforementioned purposes, without prejudice of isolating dimensions. 5.5.1 Information Security Application Dimension In this dimension, we essentially explore the security components and indicators pointed out in Table 5, matching the concern with the organization’s installed software acquisition or development, implementing, maintenance, and correct use, paying particular attention to the separation between development, testing and production environments so as to prevent security risks. In this dimension, we consider the Control and Maintenance component as the main driver; crucial to acknowledge that most organizations are absolutely dependent of the Information Communication Technology infrastructure, and of the quantity, quality and availability of information such infrastructure supplies and supports, hence the possible adoption of the (MacFarlane and Rudd, 2003). it is and the ITIL Table 5: Information Security Application Dimension COMPONENTS 1.Usage 2.Control and Maintenance 3. Acquisition and Development 4. Others PROBABLE INDICATORS (LEVEL OF EXPOSURE) Software catalogue Distribution by IS levels Responsible users Licensing Settings Reviews Versions Incidents and problems Application outsourcing Source code analysis Software development process Software quality features Quality requirements and software testing … 5.5.2 Information Security Logic Dimension This dimension holds as indispensable to entrust users with authorized access to information and its correct storage and security. We consider Identification and Authentication as the main driver, which validates the entrusted agent and, consequently, one of the main logic access control operations. Tabe 6: Information Security Logic Dimension COMPONENTS 1.Identification Authentication PROBABLE INDICATORS (LEVEL OF EXPOSURE) and Validation (e.g. operating system) 2.Access Logic Control Information access control matrix 3.Storage Systems Document and workflow management systems Databases File Server Mail Server Web Server Application Server Business applications Information media and standard format Entrust data reading devices Redundancy systems Encrypted information and data Clients, servers, assets, and security technologies 4. Log Management Real time retention and copy 5. Others Content analysis NTP protocol … 173 José Martins et al 5.5.3 Information Security Network Dimension Regarding the network as a set of autonomous and interconnected computers, the main concerns are the communication security and the network management supporting the operating systems of the technologies implemented in the IS. We view the implemented Security Technologies as this dimension’s main driver, since they perform their internal security and the Internet’s as well. This is the main technological interface with the organizational IS but, simultaneously, the main means for Cyber warfare. Table 7: Information Security Network Dimension COMPONENTS 1.Servers 2.Clients 3.Internet 4. Security Technologies 5.Network management 6. Assets 7. Telecommunications 8. NAS or SAN 9. Others PROBABLE INDICATORS (LEVEL OF EXPOSURE) Administrators Implementing services Settings Network authentication Operating systems Administrators Settings Mobile clients Network authentication Operating systems System utilities usage Access and management types TCP/IP protocol Intranets and Extranets Firewalls Intrusion Detection Systems (or IPS) Antivirus VPN Encrypting and authentication File integrity checkers Honey pots Network type (LAN, MAN, WAN) Administrators Network topology (e.g. Ethernet) Network monitoring and management Network access control Network separation Implementing services Administrators Settings Forwarding protocols Inter-communicators Telephones Cellular phones Fax Network attached storage Storage area network … We can gather that IS security has to be seen as a process that allows the integration of all its dimensions due to the multiple interdependencies between component and indicators. Which lead us to adopt the UML to facilitate communication with the organizations (e.g. audited), providing for a strict description of the Security Framework’s analysis, design, implementing and management stages. It is represented by the Class Diagram in Figure 5, the main idea being to identify the most relevant aspects that take part in the IS under analysis, and therefore, visualize it as a whole through its classes and relations. We use the class diagram to describe the information structure used in the system, seeking to describe its status (attributes) and behavior (methods). It represents an abstraction over a set of objects that share the same structure and behavior since, in reality, an object is a particular case within a class, also known as a class instance. 174 José Martins et al The featured class diagram intends to provide a static perspective to support the information security requirements of the IS under analysis. Through the components and indicators shown for the security dimensions, the Framework implicitly lists the technical or non technical controls – existing or planned – in the organizational IS to reduce or eliminate the probability of one or more vulnerabilities being explored by a threat. Figure 5: Information Security Framework In this article we present the dimensions, components and indicators that ensure the information security of an organizational IS facing the featured possible Information Warfare actions. We stress that the connection between dimensions is established through the centralized planning of the implemented controls after analyzing the organizational processes. 175 José Martins et al 6. Conclusions and future work The presented Security Framework has information security facing Information Warfare / Competitive Intelligence as a main goal. It provides the integration and interconnection of the featured dimensions, thus ensuring that the presented component indicators are efficiently implemented. The threat of a Strategic Information Warfare totally eliminates the distinction between military and civil systems (Nunes, 1999), whereby the article proposes a methodology for identifying and analyzing threats that would represent the Strategic, Management, and Operational Level. The advantages we believe to achieve with the featured Framework and its application methodology against others under review (ISO 27001, 2005; OCTAVE, 2001) to ensure Information Security Management in the IS are the following: ƒ The threat identification and analysis methodology is global due to the integration of possible military actions, whereby we consider that attack methods are no more than actions developed by certain threats (e.g. in a strategic level, the States), using physical, syntax or semantical weapons in order to explore particular vulnerabilities and thus cause an impact in the organization. ƒ The possibility to integrate several management and security methodologies used by the organizations, avoiding analytic repetitions and providing a more suitable vision to the decisionmaker’s perception for the security of the business. ƒ Facilitates the operations of organizational IS security due to the interconnection of the multiple dimensions, and to the fact that, in its early stage, it is not focused on identifying and assessing each asset’s individual risk, but on ensuring, on a later stage, a more refined analysis for each of the organization’s critical process and assets concerning its mission. As a window for possible studies, we consider the possibility of validating the indicators featured in the security dimensions components, considering that without measurable indicators to support an information security management methodology it is not possible to ensure a proper information security level, and that any investment in security can always be questioned (Santos, 2006). In conclusion, we see information security as a management process, not a technological process (ISO 27001, 2005), where there should be a balance between Organizational, Physical, Personal, and Technological security. References Alberts, Christopher J. and Dorfofee, Audrey J. (2001). OCTAVE SM – Method Implementation Guide Version 2.0, Carnegie Mellon, Software Engineering Institute, Pittsburgh, USA. FM 100 - 06 (1996). Information Operations, Headquarters, Department of the Army, Washington, USA. FM 3-13 (2003). Information Operations: Doctrine, Tactics, Techniques, and Procedures, Headquarters, Department of the Army, Washington, USA. ISO / IEC: 27001(2005). Information technology – Security techniques – Information Security Management Systems - Requirements. JP 3 – 13 (2006). Information Operations, USA. th Kurose, James F. and ROSS, Keith W. (2008). Computer Networking, Person Education - Addison Wesley, 4 Edition, Boston, USA. Macfarlane, Ivor and Rudd, Colin (2003). Gestão de Serviços de TI, The IT Service Management Forum, UK. Martins, José Carlos L. (2008). Framework de Segurança para um Sistema de Informação, Tese de Mestrado, Escola de Engenharia, Universidade do Minho. Nunes, Paulo Viegas (1999). “Impacto das Novas Tecnologias no Meio Militar: A Guerra de Informação”, in Vários, Revista Militar, p. 1721-1745, Lisboa. th Pfleeger, C. P. and Pfleeger, S. L (2007). Security in Computing, 4 Edition, Prentice Hall. Santos, Henrique D. (2006). ISO / IEC – A norma das normas em Segurança da Informação, Publicação da Associação Portuguesa para a Qualidade, pp 11-1, Ano XXXV, Nº1, ISSN 0870-6743, Lisboa. Turban et al. (2003). Administração de Tecnologia de Informação, Editora Campus, Rio de Janeiro. Varajao, João Eduardo Q. (1998). A Arquitectura da Gestão de Sistemas de Informação, FCA – Editora de Informática, Lisboa. Walz, Edward (1998). Information Warfare: Principles and Operations, Artech House, USA. 176 Copyright of Proceedings of the European Conference on Informations Warfare & Security is the property of Academic Conferences, Ltd. and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use.
Purchase answer to see full attachment
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer


Anonymous
Just the thing I needed, saved me a lot of time.

Studypool
4.7
Trustpilot
4.5
Sitejabber
4.4

Similar Content

Related Tags