Skip to main content
SpringerLink
Log in
Book cover

International Conference on Information Security and Digital Forensics

ISDF 2009: Information Security and Digital Forensics pp 102–110Cite as

A Security Architecture to Protect Against Data Loss

  • Conference paper

  • 672 Accesses

Abstract

Data loss poses a significant and increasing problem for organisations. This is shown by the regular stories of data loss reported daily in the media, such as the mailing of 2 CDs containing 25 million personal records by the Revenue and Customs in the UK. There is a need to provide systematic protection to data in all its forms and locations however it is accessed. We have developed Searchlight, a three-layer security architecture containing the physical, logical and social levels, which we use to analyse data loss holistically to prevent, detect and recover from exposure. We examine deliberate and accidental data loss by employees, but the same analysis can be straightforwardly applied to external attacks. Our practical security model appears to have widespread application to other problem domains such as critical infrastructure, the insider threat and financial systems, as it allows the analysis of systems in their entirety including human and physical factors, not just as technical systems.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. McAfee, Unsecured economies: protecting vital information (2009), http://resources.mcafee.com/content/NAUnsecuredEconomiesReport

  2. Ponemon Institute. 2008 Annual Survey: Cost of a Data Breach (February 2009), www.encryptionreports.com/download/Ponemon_COB_2008_US_090201.pdf

  3. Blackwell, C.: Data Loss: the Essentials (September 2009), IT Governance at www.itgovernance.co.uk or www.27001.com

  4. Bunker, G., Fraser-King, G.: Data Leaks for Dummies. Wiley, Chichester (2009)

    Google Scholar 

  5. Neumann, P.G., Parker, D.: A Summary of Computer Misuse Techniques. In: Proceedings of the 12th National Computer Security Conference (1989)

    Google Scholar 

  6. Neumann, P.G.: Practical Architectures for Survivable Systems and Networks. SRI International (2000), www.csl.sri.com/neumann/survivability.pdf

  7. Searle, J.R.: Minds, Brains, and Programs, from The Behavioral and Brain Sciences, vol. 3. Cambridge University Press, Cambridge (1980), http://web.archive.org/web/20071210043312/http://members.aol.com/NeoNoetics/MindsBrainsPrograms.html

  8. Howard, J.D.: An analysis of security incidents on the Internet 1989-1995. Carnegie Mellon University (1997), www.cert.org/archive/pdf/JHThesis.pdf

  9. Howard, J.D., Longstaff, T.A.: A common language for computer security incidents. Sandia National Laboratories (1998), www.sandia.gov

  10. Blackwell, C.: The insider threat: Combating the enemy within (2009), IT Governance at www.itgovernance.co.uk or www.27001.com

  11. Blackwell, C.: A Security Architecture to Model Destructive Insider Attacks. In: 8th European conference on information warfare. Academic Publishing Ltd. (2009)

    Google Scholar 

  12. Howard, M.: Attack surface: mitigate security risks by minimizing the code you expose to untrusted users. MSDN Magazine (November 2004), http://msdn.microsoft.com/en-us/magazine/cc163882.aspx

  13. MSNBC. T.J. Maxx data theft worse than first reported (29 March 2007) MSNBC at: www.msnbc.msn.com/id/17853440

  14. Poynter, K.: Review of information security at HM Revenue and Customs. HMSO (2008), www.hm-treasury.gov.uk/d/poynter_review250608.pdf

  15. Blackwell, C.: A Multi-layered Security Architecture for Modelling Complex Systems. In: 4th Cybersecurity Information Intelligence Research Workshop. ACM Press, New York (2008)

    Google Scholar 

  16. Anderson, R.: Why cryptosystems fail. In: 1st ACM conference on computer and communications security. ACM Press, New York (1993)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Information Security Group, Royal Holloway, University of London, Egham, Surrey, TW20 0EX, UK

    Clive Blackwell

Authors
  1. Clive Blackwell
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Engineering and Mathematical Sciences Northampton Square, City University, EC1V 0HB, London, United Kingdom

    Dasun Weerasinghe

Rights and permissions

Reprints and permissions

Copyright information

© 2010 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering

About this paper

Cite this paper

Blackwell, C. (2010). A Security Architecture to Protect Against Data Loss. In: Weerasinghe, D. (eds) Information Security and Digital Forensics. ISDF 2009. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 41. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-11530-1_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-11530-1_12

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-11529-5

  • Online ISBN: 978-3-642-11530-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation