Objektbaserad säkerhet. Behov och möjligheter

Authors:

  • Amund Gudmundson Hunstad
  • Tommy Gustafsson
  • Henrik Karlzén
  • Fredrik Mörnestedt
  • Lars Westerdahl

Publish date: 2012-11-20

Report number: FOI-R--3484--SE

Pages: 41

Written in: Swedish

Keywords:

  • Information security
  • Object-based security
  • IT-security model

Abstract

Flexibility is one of the most important characteristics of a modern organization. Members of an organization conduct their work on-site as well as off-site, collaborations between organizations may start with little time for preparations and end just as quickly. This results in a need for high availability of information, both regarding access and available platforms. As a consequence, traditional IT-security models with a focus on protecting the inside from the outside of a network have a difficult time supporting the needs of a modern organization. This inhibits the business goals of the organization and may lead to shortcuts with uncontrolled risks. This report describes the prerequisites for object-based security (OBS) which aims at protecting an information object, rather than the infrastructure that the information object resides on. This is expected to provide a high level of availability and flexibility while maintaining the proper level of protection. An excerpt of the information needs of the Swedish Armed Forces was gathered through a series of interviews and showed large variations regarding the need for information and information management. The needs of a combat command and control system differ substantially from the needs of office systems. Furthermore, it was concluded that the Swedish Armed Forces need flexible information systems with a high degree of availability. In parallel with the interviews, a literature study, regarding active research initiatives for realizing OBS, was conducted. The results from the literature study and the interviews were combined to describe the needs and possibilities of OBS.

Share page on social media