Security criteria is not keeping pace with the Informa.tion Revolution. This paper describes an evolutionary, operational experience ba.sed a.pproach for advancing criteria to be consistent with modern information systems. Interoperable a.nd flexible systems/components a.re (and will be increa.singly) demanded by users. This is especially true for distributed systems. These demands a.re not, ent,irely consistent with today’s foundationa. models of securit,y, leading to the conclusion by many individuals tl1a.t earthquake proportion changes in the foundat,ions of information security are necessary. Funda.mental revisions are necessary. There is, however, subst,antial risk in abandoning models tha.t ha.ve been proven t,o work in many environments . The road to success is based on managing the risk associa.ted with moving toward a new vision of information syst,em securit.y. A spiral approach to resolving informa.tion system securit,y issues has been proposed and is now being pra.cticetl. It consists of incremental expansion of security t.lieories and practices (based on esisting theories) wit.11 directions of advancement det.ermined by operational experience. The experience drives t,heory in a evolutionary, ra.pid prototype verification ma.nner. This pa.per presents criteria rela.ted ba,ckground, describes the spiral concept, and presents examples.
Unfortunately, ACM prohibits us from displaying non-influential references for this paper.
To see the full reference list, please visit http://dl.acm.org/citation.cfm?id=283777.