Abstract
IT-security policy can be understood as a union of targets and actions to realize the essential security principles “confidence”, “availability” and “integrity” of information processing in the best systematic and balanced way as possible. For the further practical realization of this security policy, evaluation and certification proceedings have to be requested.
This inquiry was presented in winter 1994. On the one hand it illustrates a high general consciousness for problems of information security among Austrian information processing organisations. On the other hand, due to the lack of a national security policy, there is a deficiency of practical translation and orientation to exactly defined security goals.
The intention of this paper is to present arguments for the necessity of a national security policy. This makes sense regarding the increasing number of policy-neutral certification methods like [ITSEC], as well as in view of the efforts to realize security requirements in a more technical than a legal or administrative way. This is also of importance considering the international orientation of the development of information systems.
This particular national position should not diverge from international positions, goals and standards, but it should offer a possibility for Austria to participate in this international discussion as an equal partner. This will be of interest for individuals as well as for commerce. It means advantages in competition for Austrian producers of information systems and it also means advantages for Austrian consumers of information products in the fields of law enforcement, service and product liability and guarantee of quality.
Chapter PDF
Similar content being viewed by others
Keywords
References
Amt für amtliche Veröffentlichungen der EG [ed.] (1991) Kriterien für die Bewertung der Sicherheit von Systemen der Informationstechnik. Luxembourg. [ITSEC]
Amt für amtliche Veröffentlichungen der EG [ed.] (1994) Information Technology Security Evaluation Manual, Provisional Harmonized Methodology. Luxembourg. [ITSEM]
Beschluß des Rates vom 31. März 1992 auf dem Gebiet der Sicherheit von Informationssystemen (92/242/EWG; ABI. L123/19, 08.05.92). Bruessels. [EUSEC]
BSI Bundesamt für Sicherheit in der Informationstechnik [ed.] (1992) IT-Sicherheitshandbuch, Handbuch für die sicherer Anwendung der Ir formationstechnik, Bonn. [ITSHB]
Bundeskanzleramt (1993) Datenschutzbericht der Datenschutzkommission. Bundeskanzleramt, Wien. [DSK93]
Common Criteria Editorial Board (1994) Common Criteria Unclassified Version V0.2, Information Technology Security Evaluation Common Criteria. CD-ROM, Bruessels. [CC94]
DG XIII: Telekommunications, Information Market and Exploitation of Research [ed.] (1994) Green Paper on the Security of Information Systems. Bruessels. [GREEN94]
Dohr, W., Weiss, E. M. et.al. (1988) Datenschutzgesetz, in der ab 1. März 1988 geltenden Fassung (actual issue: hap://www.ad.orat/text/gesetze.htm). Manz, Wien. [öDSG]
Europäisches Parlament (1995) Gemeinsamer Standpunkt des Rates vom xxxxx im Hinblick auf den Erlaß der Richtlinie 95/xxx/EG des Europäischen Parlaments und des Rates zum Schutz natürlicher Personen bei der Verarbeitung personenbezogener Daten und zum freien Datenverkehr, Bruessels. [EUDSR]
Kommission der Europäischen Gemeinschaft (1994) Geänderter Vorschlag für eine Richtlinie des Europäischen Parlaments und des Rates zum Schutz personenbezogener Daten und der Privatsphäre in digitalen Telekommunikationsnetzen, insbesondere im diensteintegrierenden digitalen Telekommunikation und digitalen Mobilfunknetzen (gemäß Artikel 189 A, Absatz 2 des EG-Vertrages von der Kommission vorgelegt), KOM(94) 128 endg.-COD 288. Bruessels. [ISDN]
Simone Fischer-Hübner (1994) Ein formales Datenschutzmodell:, in Sicherheit in Informationssystemen, Proceedings der Fachtagung SIS ‘84 Universität Zürich-Irchel, Institut für Informatik 10.-11. März 1994 (ed. Prof. Dr. Kurt Bauknecht, Dr. Stephanie Teufel). Zürich. [SIS-FI]
U.S. Department of Commerce National Technical Information Service (1985) Department of Defense trusted Computer System Evaluation Criteria (Orange Book). DoD, Washington DC. [TCSEC]
Vranitzky, F. (1994) Weichenstellung für ein digitales Österreich, Rede von Bundeskanzler Dr. Franz Vranitzky bei den Alpbacher Technologiegespraechen. Alpbach. [VRAN]
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1995 IFIP International Federation for Information Processing
About this chapter
Cite this chapter
Zeger, H.G. (1995). A strategic approach to a national security policy. In: Posch, R. (eds) Communications and Multimedia Security. IFIP Advances in Information and Communication Technology. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-34943-5_9
Download citation
DOI: https://doi.org/10.1007/978-0-387-34943-5_9
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-5041-2908-4
Online ISBN: 978-0-387-34943-5
eBook Packages: Springer Book Archive