What parts does the iatf framework divide the information system into?

is divided into 4 parts: 1. Protection of the local computing environment; 2. Protection of area boundaries. In order to obtain information and services from professional or public networks, many organizations are connected to these networks through their information infrastructure; 3. Protect networks and infrastructure; 4. Protect supporting infrastructure.

The operating environment of this tutorial: Windows 10 system, Dell G3 computer.

IATF Information Assurance Technical Framework is a guidance document designated by the US National Security Agency to describe information assurance. After my country introduced the IATF 3.0 version into the country in 2002, the IATF began to play an important reference and guidance role in the development of my country's information security work and the construction of the information security assurance system.

The core idea of ​​information assurance proposed by the IATF is the defense-in-depth strategy. The so-called defense-in-depth strategy is to adopt multi-layered and in-depth security measures to ensure the security of user information and information systems. In a defense-in-depth strategy, people, technology and operations are core elements. To ensure the security of information and information systems, all three are indispensable.

IATF proposed three core elements: people, technology and operations. Although the IATF focuses on discussing technical factors, it also raises the importance of the "people" element. People are management, and management also plays a very key role in the construction of information security assurance systems. It can be said that technology is the foundation of security and management is the soul of security. Therefore, safety management should be strengthened while attaching importance to the application of safety technology.

Among the three main layers of this strategy, the IATF emphasizes technology and provides a framework for multi-layered protection against threats to information systems. This approach prevents attacks that can defeat a layer or class of protection from destroying the entire information infrastructure.

IATF divides the information assurance technical level of information systems into four technical framework focus areas: local computing environment, regional boundaries, network and infrastructure, and supporting infrastructure. Within each focus area, the IATF describes its unique security requirements and corresponding optional technical measures.

1) Protect the local computing environment

Users need to protect internal system applications and servers. This includes a variety of existing and new systems in high-end environments. Emerging applications leverage security services such as identification and authentication access control, confidentiality, data integrity and non-repudiation. To meet the above requirements, the following security objectives should be achieved: Ensure that clients, servers, and applications are protected against denial of service, unauthorized data disclosure, and data modification; regardless of whether the client, server, or application is located within a certain zone or In addition, they must ensure the confidentiality and integrity of the data they handle; protect against unauthorized use of clients, servers, or applications; ensure that clients and servers adhere to security configuration guidelines and have all patches installed correctly; ensure that all Maintain client and server configuration management, track patches and system configuration change information; have sufficient prevention capabilities for internal and external trusted personnel to engage in violations and attacks on the system.

2) Protect area boundaries

In order to obtain information and services from professional or public networks, many organizations are connected to these networks through their information infrastructure. For once, these organizations must implement protection for their information infrastructure, such as protecting their local computer environments from intrusions. A successful intrusion may result in damage to availability, integrity or confidentiality. Goals that meet this requirement include: ensuring that physical and logical areas are adequately protected; using dynamic suppression services against evolving threats; and ensuring that systems and networks within the protected areas maintain acceptable availability and are not unsuitably used. to prevent local leakage; provide boundary protection for systems in the area that cannot implement protection on their own due to technical or configuration issues; provide risk management methods to selectively allow important information to flow across regional boundaries; protect systems and data in the protected area, Protect it from external systems or attacks; provide strong authentication and authenticated access control for users sending or receiving information outside the zone.

3) Protect network and infrastructure

To maintain information services and protect public, private or confidential information from inadvertent disclosure or alteration With this information, organizations must protect their networks and infrastructure. Target protection that meets this requirement: ensures that data exchanged across the entire WAN will not be leaked to any unauthorized network visitors; ensures that the WAN supports mission-critical and data-supporting tasks and prevents denial of service attacks; prevents protected information from being transmitted during the transmission process delay, miscommunication and non-delivery; protect network infrastructure control information; and ensure that protection mechanisms are not interfered with by seamless operations that exist between other authorized hubs or regional networks.

4) Protect supporting infrastructure

Supporting infrastructure is another technical layer to achieve defense in depth. It provides key management, detection, and response capabilities for defense-in-depth strategies. Required supporting infrastructure components capable of detection and response include intrusion detection systems and audit configuration systems. The objectives of meeting this requirement are as follows: Provide a cryptographic infrastructure that supports key, priority and certificate management and the ability to identify individuals using network services; enable rapid detection and response to intrusions and other breaches; and execute plans and report continuity and reconstruction requirements.

For more related knowledge, please visit the FAQ column!

The above is the detailed content of What parts does the iatf framework divide the information system into?. For more information, please follow other related articles on the PHP Chinese website!