Norbert Pohlmann (Institut für Internet-Sicherheit):,
“Trusted IT-Infrastructures: Not only a Technical Approach”,
DuD Datenschutz und Datensicherheit – Recht und Sicherheit in Informationsverarbeitung und Kommunikation,
Trusted IT-Infrastructures: Not only a Technical Approach
Traffic regulations, street dimensions, constraints on vehicles and police checks are only some examples of the various accords and agreements at national and international level which constitute the basis for a common transport infrastructure and have resulted in the transport system that we take for granted today. Similarly, when it comes to establishing trusted communication over the Internet, secure and predictable business processes over the Internet can only be achieved if common security infrastructures can be created. The exchange of e-mails in open IT systems such as the Internet is extremely important to electronic business processes. Compared with normal postal channels and fax transmissions, e-mails can be re-used, processed electronically, saved and forwarded without having to switch media. IT systems offer the means by which individual organizations can implement large-scale rationalization, achieve high cost savings and improve flexibility and speed. As the information (development data, customer information, strategic plans etc.) that is exchanged by e-mail actually constitutes a valuable asset, appropriate IT security must be available so that companies’ assets can be adequately protected. Suitable e-mail protection operates using public key procedures that are based around a public key infrastructure. In order that this security infrastructure can be used organization-wide, open standards must be used and practical solutions must be developed. Only together can infrastructures be created!
The Need for IT Security
In recent years the value of information and along with this the need for protection of that information has grown considerably. The increasing value of information held on computer systems has become an important economic factor, if not the most important one. Examples are:
– Complete development and production documentation: many organizations possess hardware worth thousands of dollars on which information worth millions is stored.
– Financial and operating results, strategic plans: if such results or plans were to be disclosed, this could, for example, cause changes in stock valuations which in turn could precipitate significant financial loss.
– Logistics information: if computer systems or data were to cease to be available, no one would know any longer how much unsold inventory there was, what needed to be produced, which customers had ordered what, and when and to whom goods needed be delivered.
– Customer data is particularly valuable and in need of protection. Modern computer systems enable people to work efficiently and tasks to be performed in a logical manner which in many areas can effectively no longer be performed by any other means. We have become so dependent on computer systems that our economic capability will be endangered if the functional capability of computer systems cannot be guaranteed in an appropriate fashion.