|
|
Initiation responsibility: IT Security Management
Implementation responsibility: IT Security Management
Nowadays companies and agencies are increasingly dependent on their information technology infrastructure. This is why it is necessary to have security services which go beyond mere encryption, and why they have to be integrated into the system as a whole.
Given the diversity of cryptographic problem situations and variety of influencing factors, there are also many different approaches to solutions and possible means of implementation. It cannot be assumed that there is one solution which is capable of dealing with all security problems in computer networks and/or communication systems. On the contrary, what is important is harmonised interaction between appropriately selected components in order to achieve the necessary degree of security. It is therefore necessary to develop a cryptographic concept that is integrated into the agency's or company's IT security concept.
The choice of suitable cryptographic components must be based on this concept. A critical element in the whole crypto concept is key management. Concepts and approaches to solutions can only be successfully devised and put into practice precisely where they are needed when it is clear which specific security functionalities and security services are required. Beyond this there are also a number of system-related questions and aspects which do not specifically belong in the field of security technology. This includes performance requirements, for example, or requirements relating to system links, interoperability and conformity with standards.
Figure: Perspectives and aspects in the selection of cryptographic procedures and components
In networked IT infrastructures it is no longer sufficient to guarantee the security of an individual domain. Instead, the security of all terminal equipment and transmission systems forming part of the network must be dovetailed to act in concert. Such harmonisation proves to be especially difficult particularly in those cases where the equipment is not networked within one organisational unit (such as a LAN environment) but rather where there is a combination of IT installations with different areas of responsibility and fields of application.
The use but also the functionality and technological design of an IT security system is determined by numerous influencing factors, such as localisation, the level of security, and the frequency and scope of application, which represent important terms of reference and decision-making conditions for IT security management. Furthermore the technical means of implementing and designing an IT security system are also widely varied: for example integrated in an application on a workstation, in a firewall or as a special component for network components such as switches or routers. It is only possible to achieve an affordable price level for a crypto product if it can be used for a broad cross section of purposes. A standardised system link and uniform operating conditions play an important role in this, for example. One last point relates to the interaction of the security services on various protocol layers. The security services on the higher protocol layers (according to the OSI reference model) generally only provide sufficient protection if the lower layers also provide protection (see S 4.90 ).
It is also important to define a cryptography policy specific to the organisation. The following points must be clarified from the standpoint of the management:
The crypto concept must also include a description of the technical and organisational use of the cryptographic products, i.e. the following points, for example:
On this basis and in accordance with the basic systems engineering conditions regarding
suitable implementation options can be analysed and a conception drawn up and technical design finalised for specific fields of use, such as a PC workstation, within a LAN or in connection with a PBX system. A holistic approach of this nature is essential in order to assemble the fundamental data and conditions needed to take decisions about cryptographic products if their application and use is both appropriate from a security point of view and is economically justifiable. It should be pointed out, however, that the subdivision described above is by no means obligatory or of fundamental significance, but is at best helpful. The only key factor is that the scope of the questions must consistently reflect the starting scenario after the situation has been clarified as comprehensively as possible. In practice, of course, there are reciprocal effects and dependencies between certain questions and answers, but in general these contribute to completing the overall picture.
The various influencing variables affecting the use of cryptographic procedures must be established and must be documented in a comprehensible form (see S 2.163 Determining the factors influencing cryptographic procedures and products). Subsequently, a suitable course of action must be developed and documented for their use. Finally, implementation must be arranged by the agency or company management.
The results should be recorded within the crypto concept in a form which can be updated and expanded as required. An example of a crypto concept is shown in the following table of contents:
Crypto concept: Table of contents
Individual aspects of this concept are described in more detail in safeguards S 2.162 Determining the need to use cryptographic procedures and products, S 2.163 Determining the factors influencing cryptographic procedures and products, S 2.166 Provisions governing the use of crypto modules etc.
Drawing up a crypto concept is not simply a once-only task, it is a dynamic process. Regular adaptation of the crypto concept to current circumstances is therefore essential.
Additional controls:
| © Copyright
by Bundesamt für Sicherheit in der Informationstechnik |
July 1999 |