Kwok Keong, Lee (2009) Management of Risks Associated with De-Perimeterisation.
Full text access: Open
Our IT world today is facing de-perimeterisation, a term used by the Jericho Forum to represent the breaking down of the traditional network perimeters that protects an organisation’s internal network from external threats. This is due to highly connected inter-networks, proliferation of remote workers, outsourcing & partnership caused by changing business models and the weakening ofthe firewalls because of the numerous “holes” punched by new applications. There is without doubt that de-perimeterisation is happening and it brings many threats to organisations. One such organisation is a law enforcement agency which is the authority to fight against crime. Equipped with high-tech equipment and using latest advanced systems, the law enforcement agency has relied quite heavily on IT to assist it in its day-to-day operations. In face of budget constraints and with implementations of cost-cutting measures, the law enforcement agency is not spared the effects of de-perimeterisation and is also facing threats associated with de-perimeterisation. The understanding of these threats, analysing them and proposing countermeasures and recommendations to mitigate the risks are the focus of this study.
This is a Published version This version's date is: 16/02/2009 This item is peer reviewed
https://repository.royalholloway.ac.uk/items/b9ee9098-0e49-9e3d-0e92-47a6fa669ef0/1/
Deposited by () on 24-Jun-2010 in Royal Holloway Research Online.Last modified on 15-Dec-2010
[1] Jericho Forum, http://www.opengroup.org/jericho/about.htm
[2] Jericho Forum’s Business Case for Deperimeterisation,http://www.opengroup.org/jericho/Business_Case_for_DP_v1.0.pdf
[3] Jericho Forum’s FAQ, http://www.opengroup.org/jericho/faq-at.htm
[4] 2008 Information Security Breaches Survey by BERR,http://www.berr.gov.uk/files/file45714.pdf
[5] Jericho Forum, The What & Why of De-perimeterisation,http://www.opengroup.org/jericho/deperim.htm
[6] ScienceDirect, De-perimeterisation: Benefits and Limitations, Graham Palmer, 26November 2005.http://www.sciencedirect.com/science?_ob=ArticleURL&_udi=B6VJC-4HNF68X-3&_user=122871&_rdoc=1&_fmt=&_orig=search&_sort=d&view=c&_version=1&_urlVersion=0&_userid=122871&md5=b3806f02e2aa18da4d3d396c556220ee
[7] Network World, “Security is a world without borders”, Cummings Joanne, 27September 2004.http://www.nwfusion.com/buzz/2004/092704perimeter.html
[8] MSc Information Security Dissertation, “De-perimeterisation v Defense in Depth”,Terry Bebbington, Royal Holloway, University of London, 2006/7.
[9] Jericho Forum Commandments,http://www.opengroup.org/jericho/commandments_v1.2.pdf
[10] Network World, Tim Greene, 10 Sep 2007,http://www.networkworld.com/news/2007/091007-jericho-forum-firewalls.html
[11] Jericho Forum Newsletter, July 2007,http://www.opengroup.org/jericho/newsletters/news_0707.pdf
[12] Network World, “De-perimeterization: Jericho Forum misses the mark”, JoelSynder, 15 August 2005.http://www.networkworld.com/columnists/2005/081505faceoffno.html
[13] Computer Weekly, “Deperimeterised approach to security is not suitable foreveryone, warn analysts”, Bill Goodwin, April 2006.http://www.computerweekly.com/Articles/2006/04/28/215495/deperimeterisedapproach-to-security-is-not-suitable-for-everyone-warn.htmPage 71
[14] Law Enforcement Agency related websitesMetropolitan Police Service (UK)http://www.met.police.uk/index.shtmlNew York Police Department (US)http://www.nyc.gov/html/nypd/html/home/home.shtmlLos Angeles Police Department (US)http://www.lapdonline.org/Tokyo Metropolitan Police Department (Japan)http://www.keishicho.metro.tokyo.jp/foreign/submenu.htmSingapore Police Forcehttp://www.spf.gov.sgRoyal Malaysia Police Forcehttp://polismalaysia.brinkster.net/Royal%20Malaysian%20Police%20Force%20-%20About.aspAustralia Federal Policehttp://www.afp.gov.au/home.html
[15] Wikipedia, Koban, http://en.wikipedia.org/wiki/Koban_(police_box)
[16] Metropolitan Police Service, Directorate of Information, “Information,Communication and Technology Strategy”, 7 September 2006.http://www.met.police.uk/foi/pdfs/aims_objectives_plans/corporate/information_communications_technology_strategy.pdf
[17] Computer Weekly, “Outsourcing: Westminster Council IT infrastructure free by2015”, Rebecca Thomson, 21 July 2008.http://www.computerweekly.com/Articles/2008/07/21/231565/outsourcingwestminster-council-it-infrastructure-free-by.htm
[18] Bruce Schneier, “Beyond Fear: Thinking sensibly about security in an uncertainworld”, Copernicus Books, 2006, Chap 5, Pg 60-71.
[19] Real-time survey conducted at Jericho Forum Conference of InfoSecurity Europe,Qualy, 26 April 2007.http://www.opengroup.org/jericho/live_poll_pr.pdf
[20] “Airport Insecurity: The case of missing or lost laptops”, Ponemon Institute, 30June 2008.http://www.dell.com/downloads/global/services/dell_lost_laptop_study.pdf
[21] BBC, “Defence minister’s laptop stolen”, 4 June 2000.http://news.bbc.co.uk/1/hi/uk/776364.stm
[22] “MoD loses 600 laptops”, BBC News, 13 January 2002.http://news.bbc.co.uk/1/hi/uk/1757792.stm
[23] “The Federal Bureau Of Investigation’s Control Over Weapons And LaptopComputers Follow-Up Audit” report, February 2007, Pg iv.http://www.usdoj.gov/oig/reports/FBI/a0718/final.pdf
[24] The Guardian, “Personal details of every child in UK lost by Revenue & Customs”,Deborah Summers, 20 November 2007.http://www.guardian.co.uk/politics/2007/nov/20/economy.personalfinancenews
[25] BBC, “Nine NHS trusts lose patient data”, 23 December 2007.http://news.bbc.co.uk/1/hi/uk/7158019.stm
[26] BBC, “Millions of L-driver details lost”, 17 December 2007.http://news.bbc.co.uk/1/hi/uk_politics/7147715.stm
[27] BBC, “Company loses data on criminals”, 21 August 2008.http://news.bbc.co.uk/1/hi/uk/7575766.stm
[28] BBC, “Firm 'broke rules' over data loss”, 22 August 2008.http://news.bbc.co.uk/1/hi/uk_politics/7575989.stm
[29] The Register, “Scotland Yard careers website defaced”, John Leyden, 25 February2008.http://www.theregister.co.uk/2008/02/25/met_police_defacement/
[30] Microsoft Technet, “BitLocker Drive Encryption”.http://technet.microsoft.com/en-us/windows/aa905065.aspx
[31] Computer Weekly, “Encrypted laptop hard drives arrive from Seagate”, AntonySavvas, 13 March 2007.http://www.computerweekly.com/Articles/2007/03/13/222387/encrypted-laptophard-drives-arrive-from-seagate.htm
[32] Shlomo Touboul, “Deperimeterisation Developments - Securing the MobileWorkforce of the Future”, Yoggie Security Systems, April 2008.http://www.globalsecuritymag.com/Shlomo-Touboul-Yoggie-Security,20080402,2452
[33] BBC, “What price for 'trusted PC security'?”, 18 March 2005.http://news.bbc.co.uk/1/hi/technology/4360793.stm
[34] BBC, “Help for lost or stolen phones”, 23 November 2004.http://news.bbc.co.uk/1/hi/technology/4033461.stm
[35] Amrit T Williams & Mark Nicolett, “Improve IT Security With VulnerabilityManagement”, Gartner, 2 May 2005.http://www.gartner.com/DisplayDocument?doc_cd=127481
[36] Computer World, “Five mistakes of vulnerabilities management”, Anton Chuvakin,11 January 2006.http://www.computerworld.com/printthis/2006/0,4814,107647,00.html
[37] “Infocomm Security Masterplan and National Trust Framework”, InfocommDevelopment Authority of Singapore, 2007.http://www.ida.gov.sg/Programmes/20060925100740.aspx?getPagetype=36
[38] Wikipedia, Trusted Computing.http://en.wikipedia.org/wiki/Trusted_Computing
[39] Jericho Forum, “Position Paper: Architecture for Deperimeterisation”, ver 1.0,April 2006.http://www.opengroup.org/jericho/Architecture_v1.0.pdf
[40] Network World, “The future of network security”, David Lacey, 31 January 2008.http://www.networkworld.com/columnists/2008/013008-jericho-networksecurity.html