Mon Sep 29 18:51:58 PDT 2014

Overarching: Location: Where are content and work located?


Options:

Option 1: Content and work are co-located at secure facilities.
Option 2: Content and work are co-located at insecure facilities.
Option 3: Content is located at secure facilities and work is not.
Option 4: Content and work are at distant secure facilities.
Option 5: Work is located at secure facilities and content is not.
Option 6: Neither security nor work is located at secure facilities.
Option A: Infrastructure not secured
Option B: Infrastructure physically secured
Option C: Infrastructure logically secured (encrypted tunnels)

Content and work co-located at secured facilities.

Content and work together and secured

Content and work co-located at non-secured facilities.

Content and work together and not secured

Content at secured facilities, workers not.

Content secured Infrastructure not secured Infrastructure logically secured Infrastructure physically secured Workers not secured

Content at secured facilities, workers at a distant secured facility.

Content secured Infrastructure not secured Infrastructure logically secured Infrastructure physically secured Workers secured

Content not secured, workers at secured facility.

Content not secured Infrastructure not secured Infrastructure logically secured Infrastructure physically secured Workers secured

Content not secured, workers not secured.

Content not secured Infrastructure not secured Infrastructure logically secured Infrastructure physically secured Workers not secured

Decision:

IF Standards, regulations, or policy mandates locations,
THEN Follow the standards, regulations, or policy mandates.
ALSO Where no conflict exists, choose from the alternatives per below:
Habitable Risk System-Critical Workers System Non-Critical Workers
No High
Workers at a distant secured facility:
System not secured Infrastructure Logically Secured Workers secured
Yes High
Co-locate everything
System, infrastructure, and workers co-located at secured facilities
Workers at a distant secured facility
IF Physical infrastructure protection is feasible THEN
System secured Infrastructure Physically Secured AND Logically secured Workers secured

OTHERWISE
Workers at a distant secured facility
System secured Infrastructure Logically Secured Workers secured
No Medium
Workers at a distant secured facility.
System not secured Infrastructure Logically secured Workers secured
Yes Medium
Everything co-located at secured facilities.
System, infrastructure, and workers co-located at secured facilities
IF workers can be at a distant secured facility THEN
System secured Infrastructure logically secured Workers secured
ELSE
System, infrastructure, and workers co-located at secured facilities
No Low
Workers at a distant facility.
System not secured Infrastructure logically secured Workers not secured
Yes Low
Workers at a distant facility.
System not secured Infrastructure logically secured Workers not secured
OR
System, infrastructure, and workers co-located.
System and work together and not secured
Locations of systems and their workers

System name Habitable Risk Worker function Locations
..High..
..High..
..High..
..High..
..High..
..High..
..Medium..
..Medium..
..Medium..
..Medium..
..Medium..
..Medium..
..Low..
..Low..
..Low..
..Low..
..Low..
..Low..
Systems identified and their specifics
Fill in the table as appropriate. Workers include "System-Critical", "Observers", or "Changers". Habitability is "Yes" or "No".

Basis:

Different enterprises locate content and work differently, and this has a wide ranging effect on how information protection is to be done.

Non-habitable locations require no local secured facility (from an information security standpoint), since there is no relevant threat, other than nature. In this case, the facility protection afforded to the system due to nature is is not substantially different from that required from an information protection perspective.

Habitable location Facility security should meet the standards of the risk levels involved, thus secured facilities are required at the High and Medium risk levels.

Infrastructure Not Secured is, by default, insecure outside of a facility. Thus if loss of infrastructure services has serious negative consequences, workers must be co-located with the system so that such failures don't realize those consequences. Of course this cannot apply when the workers cannot survive...

Infrastructure Physically Secured implies physical means are used to secure infrastructure. This is very expensive outside of a facility and is thus rarely used in that case.

Infrastructure Logically Secured implies some combination of cryptographic protection that affords integrity and/or confidentiality, some degree of path diversification for availability, logging for accountability, and/or some form of use control. Depending on particulars, some combination of these may be used.

Similarly, as risk goes up and time till harm goes down, except for remote facilities with only local consequences not producing serious harm to people or the environment, control becomes more critical, and workers must be located close enough to meet response times to mitigate High consequences and should be so located to mitigate Medium consequences.

For many environments, high risk with short time frames and complex decision-making processes implies the need for local control and the co-location of some content, controls, and the people who operate them. However, for other content, controls, and people, co-location may not be required. Some lights out facilities (e.g., automated warehouses and car parks) may fail safe and await human assistance, while others (e.g., chemical processing facilities) may produce hazards if not addressed in a more timely fashion with human intervention.

For non-critical workers, co-location introduces added risk. There is no reason for them to be co-located with the system except when it brings enough advantage to compensate for the added risks of more people closer to system. Thus, except for low risk situations, non-critical workers should not be co-located with the system. And in Medium and High risk situations, all workers should be in secured facilities when interacting with system.

Copyright(c) Fred Cohen, 1988-2012 - All Rights Reserved