Change search
ReferencesLink to record
Permanent link

Direct link
A Framework for Adaptive Information Security Systems: A Holistic Investigation
KTH, School of Information and Communication Technology (ICT), Communication Systems, CoS.
2011 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

This research proposes a framework for adaptive information security systems that considers both the technical and social aspects of information systems security. Initial development of information systems security focused on computer technology and communication protocols. Researchers and designers did not consider culture, traditions, ethics, and other social issues of the people using the systems when designing and developing information security systems. They also seemed to ignore environments where these systems run and concentrated only on securing parts of the information systems. Furthermore, they did not pay adequate attention to the enemies of information systemsand the need for adaption to a changing enviroment. The consequences of this lack of attentions to a number of important factors have given us the information security systems that we have today, which appear to be systemically insecure.

 

To approach this systemic insecurity problem the research was divided into mini studies that were based on the Systemic-Holistic paradigm, Immune System concepts, and Socio-Technical System theory. Applying the holistic research process the author started first by exploring adaptation systems. After exploring these systems, the focus of the research was to understand the systems and features required for making information security systems learn to adapt to the changing environments. Designing and testing the adaptive framework were the next steps. The acquired knowledge from this research was structured into domains in accordance to ontological principles and relationship between domains was studied. These domains were then integrated with the security value-based chain concept, which include deterrence, prevention, detection, response, and recovery functions to create a framework for adaptive information security systems.

 

The results of the mini studies were reported in a number of papers, which were published in proceedings of international conferences and a journal. For this work, 12 of the thesis papers are included. A framework for adaptive information security system was created. Trials to apply and validate the framework were performed using three methods. The first method was a panel validation, which showed that the framework could be used for providing adaptive security measures and structuring  security work. The second method mapped the framework to the security standards, which showed that the framework was aligned with the major information systems security standards. The third and last validation method was to map the framework with reported ICT crimes cases. The results indicated that most crimes appear to occur because the security systems in place lacked deterrence security measures and had weak prevention, detection, and response security measures. The adaptive information security systems framework was also applied to a number of areas including a secure e-learning, social networks, and telemedicine systems.

 

It is concluded in this thesis that this adaptive information security system framework can be applied to minimize a number of  systemic insecurity problems and warrants more applied research and practical implementations.

Place, publisher, year, edition, pages
Stockholm: KTH Royal Institute of Technology , 2011. , xxviii, 328 p.
Series
Trita-ICT-COS, ISSN 1653-6347 ; 1106
Keyword [en]
Security, framework for adaptive security systems, socio-technical
National Category
Information Science
Identifiers
URN: urn:nbn:se:kth:diva-33805ISBN: 978-91-7501-017-5OAI: oai:DiVA.org:kth-33805DiVA: diva2:417888
Public defence
2011-06-15, Sal C, Isafjosgatan 39, Kista, 13:00 (English)
Opponent
Supervisors
Note
Q 20110608Available from: 2011-06-08 Created: 2011-05-18 Last updated: 2011-06-08Bibliographically approved

Open Access in DiVA

fulltext(4222 kB)1570 downloads
File information
File name FULLTEXT01.pdfFile size 4222 kBChecksum SHA-512
f14b6f7ce5bd7eaf297cbc860987ed7b73194c660907a522d266746835b872e5a7324f6a99084b8e3d9b357d7cb3fbfacdcee183e9dabe688e9fb376cb56a5d6
Type fulltextMimetype application/pdf

Search in DiVA

By author/editor
Mwakalinga, Jeffy
By organisation
Communication Systems, CoS
Information Science

Search outside of DiVA

GoogleGoogle Scholar
Total: 1570 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 1147 hits
ReferencesLink to record
Permanent link

Direct link