Lockheed Martin UK - Integrated Systems & Solutions

System Security and Information Assurance

Key words and phrases: system security, information assurance, communications and information systems, CIS

Appropriate security measures

The rapidly expanding power and complexity of communications and information systems (CIS) allows information to be processed, analysed and disseminated more quickly than ever before. But unless adequate protective measures are taken, this capability can also be turned against both the system and the information that it handles. Any system that stores or processes sensitive information needs to have appropriate security measures designed in from the outset.

The security of a CIS also depends on the environment in which it is operated and on any systems to which it is connected. All of these factors must be addressed using a methodology such as that of ISO17799 – Information Security Management. UK Government systems are subject to a formal accreditation procedure which embraces their design, implementation and operation.

The term Information Assurance has been adopted to describe the requirement for security in a CIS. The three key elements of Information Assurance - applicable to both the system and its data - are:

  • Confidentiality – the control of access to authorised users with a need-to-know.
  • Integrity – freedom from unauthorised modification.
  • Availability – continuity of access and function as and when required.

Electronic transactions also rely on two further elements:

  • Authentication – confirmed identification of the person or agency making a transaction.
  • Non-repudiation – inability of a person or agency to deny making a transaction.

Lockheed Martin UK - Integrated Systems & Solutions has long experience in supporting the accreditation of a wide range of CIS, based on a sound understanding of their requirements for Information Assurance:

  • Evaluation of the threat to security.
  • Adoption of a pragmatic approach to risk management.
  • Specification of appropriate security measures: physical, personnel, procedural or technical.
  • Production of Security Policy Documentation (SPD).

Further information is available from:

Email:
Tel: +44 (0)1252 732555