A threat-based definition of IA and IA-enabled products.
This paper proposes a definition of 'IA and IA-enabled products' based on threat, as opposed to 'security services' (i.e., 'confidentiality, authentication, integrity, access control or non-repudiation of data'), as provided by Department of Defense (DoD) Instruction 8500.2, 'Information Assurance (IA) Implementation.' The DoDI 8500.2 definition is too broad, making it difficult to distinguish products that need higher protection from those that do not. As a consequence the products that need higher protection do not receive it, increasing risk. The threat-based definition proposed in this paper solves those problems by focusing attention on threats, thereby moving beyond compliance to risk management. (DoDI 8500.2 provides the definitions and controls that form the basis for IA across the DoD.) Familiarity with 8500.2 is assumed.
- Research Organization:
- Sandia National Laboratories (SNL), Albuquerque, NM, and Livermore, CA (United States)
- Sponsoring Organization:
- USDOE
- DOE Contract Number:
- AC04-94AL85000
- OSTI ID:
- 1027081
- Report Number(s):
- SAND2010-6623C; TRN: US201121%%289
- Resource Relation:
- Conference: Proposed for presentation at the IEEE International Carnahan Conference on Security Technology (ICCST) held October 5-8, 2010 in San Jose, CA.
- Country of Publication:
- United States
- Language:
- English
Similar Records
An Analysis of Department of Defense Instruction 8500.2 'Information Assurance (IA) Implementation.'
A Cybersecurity Threat Profile for a Connected Lighting System