Information security aspects - Considerations and priorities

Authors:

  • Amund Gudmundson Hunstad

Publish date: 2016-12-21

Report number: FOI-R--4341--SE

Pages: 29

Written in: Swedish

Keywords:

  • Information security
  • information security characteristics
  • confidentiality
  • integrity
  • availability
  • security functions

Abstract

The information security characteristic confidentiality has a prominent position within the Swedish Armed Forces, while integrity and availability do not have a similar position. The need of taking into consideration integrity and availability is frequently stated, but the prominent position of confidentiality remains. This report identifies comprehensive and underlying priorities to enable describing the way in which other information security characteristics than confidentiality are handled within the Swedish Armed Forces. Thereby possible considerations to obtain the best possible balance between the information security characteristics may be indicated. The evolution of terminology within the information security domain is presented. Two potential cases are described and illustrate how confidentiality, integrity and availability to a significant degree are considered as independent aspects with separate ways of being handled, which supposedly constitutes a critical and serious problem. Comprehensive needs regarding different perspectives related to information security characteristics within the Swedish Armed Forces are presented, as well as how the different characteristics influence important policy documents. The study concludes that aggregating different comprehensive needs related to management as well as operative level within the Swedish Armed Forces, have the potential of achieving a better balance between confidentiality, integrity and availability. Aspects of integrity and availability ought to distinctly influence policy documents of the Swedish Armed Forces. Studies of security and risk analysis, which illustrate the benefits of different information systems and services and identifies associated risks, facilitates achieving the needed considerations to reach a best possible balance between the information security characteristics.