IT Insecurity

A Multi-disciplinary Inquiry

Stewart Kowalski

Publisher: DSV, 1994, 313 pages

ISBN: 91-7153-207-2

Keywords: IT Security, Information Security

Last modified: May 22, 2021, 6:53 p.m.

The problem of securing information processed, stored and communicated by information technology (IT) systems, is examined using a variety of approaches, including General Systems Theory, sociology, criminology, computer science, and information systems theory.

The General Systems Theory approach is used to develop a model of socio-technical security systems for protecting information handled by IT. This model is then used to focus the analysis of the problem into the four areas of ethics, politics and law, operations and management, and technology.

Ethical attitudes associated with IT and IT abuse behaviour among university students in Sweden and Canada are studied voth longitudinally and comparatively. The longitudinal study indicates that between 1986 and 1991 there were some significant changes in ethical attitudes along with an increase in IT abuse behaviour.

The political and legal study of the problem focuses on the development of national IT systems security evaluation criteria. North American and European criteria are used to analyse 47 crime cases reported to the Swedish police between 1987-1989. It is found that these criteria correspond to a large extent to the IT crime cases.

In the operational and managerial part of the thesis the problem of distributing and maintaining IT system security manuals are discussed and a conceptual model of a hypertext IT security manual is presented.

A client server model for managing audit and accountability information in health care information systems is proposed in the technical part. The model builds on the European Manufacture's Association's security framework. A technical walk through of the model along with a list of protocol service primitives are outlined.

The thesis concludes with a synthesis of the ethical, political and legal, operational and managerial, and technical IT security constraints into a conceptual model of IT security referred to as the Security By Consensus (SBC) model.

    1. Introduction and Summary
  • Part 1: Ethical Inquiry
    1. Computer Ethics and Computer Abuse: A Study of Swedish and Canadian University Data Processing Students
    2. Computer Ethics and Computer Abuse: A Longitudinal Study of Swedish University Students
  • Part 2: Political & Legal Inquiry
    1. The ABC's and E's of National Computer Security Policies
    2. A Critique of the Orange Book
    3. Do Computer Security Models Model Computer Crime: A Study of Swedish Computer Cases
  • Part 3: Managerial-Operational Inquiry
    1. The Manual is the Message
  • Part 4: Technical Inquiry
    1. Historical Labels in Open Distributed IT Systems: An ITSEC(ECMA Specification
    2. An Accountability Server for Health Care Information Systems
  • Part 5: Synthesis
    1. The SBC Model: Modeling the Systyem for Consensus
    2. A SBC Modeling of USA's National Computer Security Policy
    3. A SBC Analysis of an US National Computer Security Conference
    4. Reporting IT Crimes: The SBC Model as a Conceptual Framework

Reviews

IT Insecurity

Reviewed by Roland Buresund

Mediocre **** (4 out of 10)

Last modified: May 21, 2007, 3:09 a.m.

There are some gems in here, but you can safely avoid this.

Comments

There are currently no comments

New Comment

required

required (not published)

optional

required

captcha

required