Information Security - A Primer

8/11/2019 Information Security - A Primer

1/76


2/76

Information Security What it Means to Us

2

Scope

Information Security Overview Cyber Security Safe Practices Network Security A Primer Cryptography & PKI A Primer


3/76


4/76


4

Information SecurityClassical Definitions

Availability (of service/ data) Network Security Confidentiality (of data) Ciphers (Block & Stream)

Integrity (of data) Hash Functions Authenticity (Identification of Entity, Message & Key )

Digital Signature, PKI Non-Repudiation (of Entity) Digital Signature, PKI

Controls (to infrastructure & data) Physical, Administrative, Logical

The Problem is not Technology, but Acceptability, Awareness & Implementation (Change Management)


5/76


5

Information AssuranceClassical Definitions

Information Security (Technical) Information Assurance (Managerial)

Legal (fraud, accounting, forensics, ) Organisational (HR risk & profiling) Education & Certification Risk Assessment & Audit

Business Continuity Archiving & Disaster Recovery


6/76


6

Information SecurityTechnical Implications

APPLICATION

PRESENTATION

SESSION

TRANSPORT

NETWORK

DATA LINK

PHYSICAL Bits

Data LinkHeader DATAPHSHTHNHDLH

NetworkHeader DATAPHSHTHNH

TransportHeader

DATAPHSHTH

SessionHeader

DATAPHSH

PresentationHeader PH DATA

DATA

Open Systems I nterconnect Model (1974)

Transmits the dataon the medium

Adds MAC address

Adds networkaddress

Controls Data Flow(ACK & Re-transmit)

Establishes aconnection

Presents data in anacceptable form

Communicationbetween

Applications

BEU

Firewall/ IDS/

IPS/IPSec

VPN/SSL

AppCrypto/

Anti Virus

Standard Protocols


7/76


7

Information Security

International Organisation for Standardisation (ISO) ISO-15443 (IT Security Techniques Framework for Info Assurance) ISO-17799 (IT Security Techniques Info Sec Management Practice)

ISO-20000 (IT Service Management) ISO-27001 (IT Security Techniques Info Sec Management Systems)

FIPS (from NIST) Internet Standards

IETF (Internet Engineering Task Force) IAB (Internet Architecture Board)

Information Security Forum Standard of Good Practice SEI (Carnegie Mellon University) Governing for Enterprise

Security (GES)

Standards


8/76


8

What Can (And Does!) Go Wrong

Organisations must remember not to expend all their energies on repelling the 'wilyhacker' , at the expense of ignoring all those people who every day log on to yoursystems. All evidence suggests that the insider remains the real threat

ROBERT TEMPLE (HEAD OF IT SECURITY, BRITISH TELECOM)


9/76


9

Information Security Imperatives

Cryptology Computationally secure algorithms Role, Survivability, Secrecy,

Availability, Interoperability

Cryptanalysis Key Design & Management Standards, Common Criteria

Identification, Authentication & Access Control

Network protection Firewalls & Intrusion Detection/ Prevention Network Vulnerability & Penetration Testing Tools LAN security & configuration monitoring systems


10/76


10


Technology Hardware Network Components, Storage etc Software Operating Systems, System Software & Firmware Embedded systems Protocols, APIs Open Source Software Digital Rights Management

Viruses, Spyware & Malware Information Infrastructure

Public Key Infrastructure (PKI) Disaster Management


11/76


11


Vulnerability & Susceptibility (Side Channel Attacks) Human Engineering Power Analysis Electrical Probing Electromagnetic Probing

Interoperability & Standards Legal Issues The Big Brother syndrome


12/76


12


Physical Security Cyber Security Network Security Cryptography & Public Key Infrastructure

Areas of Concern


13/76


13

Cyber SecuritySafe Practices


14/76


14

Information Security Awareness

Importance of Cyber Security

Computer Ethics Safe Practices

Mobile Security

Data Security Physical Security

Scope


15/76


15

Needs to be addressed at all levels Individual (all ages) Organisations Government Nation

Various facets Cyber Security (Internet) Mobile Security Data Security Physical Security


f h


16/76


16

Users (Individuals) Identity Theft Sensitive Data

Organisations Financial Information Sensitive & Critical Data Denial of Service

What needs to be tackled Administrative Practices Software vulnerabilities Information Assurance & Security

Cyber Security

I f i S i Wh i M U


17/76


17

Set of moral principles Acceptable behaviour of computer users Usage of computers Copyright & IPR (legal right of owner)

Ethical Rules Do not harm others Do not steal information or access information

without permission Respect Copyright laws Respect privacy of individuals and organisations Complain about illegal activities

Computer Ethics

I f i S i Wh i M U


18/76


18

Operating System Security Password Policies

Internet Browser Security E-Mail Security Viruses & Spyware Identity Theft

Downloading Guidelines

Safe Practices

I f ti S it Wh t it M t U


19/76


19

What is an Operating System? Complex Vulnerable

For Individual Users Screen saver password (+ CMOS & OS password) File Sharing Firewall

Delete software & OS features not used Disable Guest Account Update latest patches (esp. Linux) Backup (regularly get paranoid!) Win Utils USE LINUX

Safe PracticesOperating System Security


20/76



21/76


21

Importance of a password Identity Authorization

Good Passwords (difficult to guess) Minimum 8 characters (letters, numbers &

symbols) Non-dictionary

Not linked to personal information Easy to remember (should not be written down) Not used earlier

Safe PracticesPassword Policies



22/76


22

DOs & DONTs Ensure you use a STRONG password. Take care that no one can see you enter the

password. Never tell any one (not even the system

administrator). Never write a password down. Remember it.

Change the password regularly. Store passwords on the computer encrypted.

Th!5iS@g0odP4s5wD (This is a goodpassword)

Jamres123 is a bad password

Safe PracticesPassword Policies



23/76


23

Browsers (Internet Explorer or Mozilla Firefox)are the primary interface with the internet.

Block Pop-ups Trusted & Untrusted Web Sites Privacy settings

Cookies (files that store user related information usedby web sites to load faster)

Files History

Content Java Script Control (active controls)

Safe PracticesInternet Browser Security



24/76


24

Update OS and Browser (latest patches/ version) Anti Virus & Anti Spyware

Display file extensions Only trusted sites No personal information to be given (https://) Firewall ON always Disconnect/ switch off modem when not in use.

Safe PracticesInternet Browser Security Guidelines



25/76


25

Phishing Tricks you into clicking on a link that redirects you to a

malicious site or injects malware

Do not click on link that comes in an e-mail. Go directly to thesite by typing the address

Hoaxes Spreading of rumours or falsehoods Information on internet is NOT all TRUE or CORRECT

Trojans Malicious code that is hidden along with other files Collects passwords, keyboard strokes, Credit Card info and

sends it out on the net

Safe PracticesInternet Browser Security Guidelines



26/76


26

All mail is scanned. (NSA Echelon) All mail is backed up (even after you delete it!)

There is NO Privacy unless encrypted and even then

Mail goes through a number of servers at each ofwhich there is a possibility of hacking

Spam (unsolicited mail from strangers who haveobtained e-mail id surreptitiously )

Divulging e-mail id in malls (surveys, discounts)

Safe PracticesE-Mail Security Threats



27/76


27

Encrypt using PGP Filter out Spam. DELETE Do not open mail from strangers. DELETE Scan all attachments for virus Do not send messages with attachments that contain

executable code. Use Rich Text Format instead of thestandard .DOC format.

Avoid sending personal information/ filling forms. Do not click on links in the e-mail. Do not open e-mail that offer FREE gifts or money No Chain Mails

Safe PracticesE-Mail Security Guidelines



28/76


28

Virus (started with DOS) Captures an interrupt & Terminate but Stay Resident (TSR) Self Replicating Malicious - Causes Damage

Keep Anti Virus up-to-date Anti-Virus Configuration

Macro protection enabled Disable option for code to execute directly on Mail Clients

Scan All files coming in Your computer everyday

Use Genuine Anti-Virus AVG, QH, Bit-Def, NAV, Kasp,McAfee etc

Safe Practices Viruses



29/76


29

Spyware Captures an interrupt & Terminate but Stay Resident (TSR) Self Replicating

Malicious Observes behaviour, Takes control (changes search engine, new tool bars) Re-directs and sends out data Number of Pop-ups

Reduces surfing speed Anti-Spyware

Works in real-time Prevents spyware from being installed (scans IP packets)

Safe PracticesSpyware



30/76

y

30

Precautions Do NOT click anywhere inside pop-up windows (these could

contain spyware that will infect the system) Block Pop-ups

Downloads from untrusted sites could contain Spyware Do NOT follow the links that offer free anti-Spyware

Use Genuine Anti-Spyware (normally bundled with Anti- Virus packages) AVG, QH, Bit-Def, NAV, Kasp, McAfeeetc

Safe PracticesSpyware



31/76

y

31

Stealing of Personal information Credit Card Numbers, PINs, Passwords

Preventive Measures Shred trash (Dumpster Diving) Use Virtual Keyboard for entering passwords Do not allow anyone to see you entering PIN/ password Never give personal information on phone/ e-mail Cancel credit cards not in use for a long time Ensure secure site (https://) from known provider Monitor accounts Photographs on cards with signature Never leave cards out of your sight

Safe PracticesIdentity Theft



32/76

y

32

Do not get software from P2P sites/ e-mailattachments

Only freeware or software for which you arelicensed/ registered

Only trusted web sites Check validity of thecertificate and issuer of certificate for a site fromwhich software is downloaded

Always scan downloads before installation Read license agreement carefully Cracks are dangerous

Safe PracticesDownloading Guidelines



33/76

y

33

Legal Problems (MMS, SMS) Trackable Accountable

Malicious programs (Trojans, Spyware, Worms,) Steal personal information Inflate bills (toll-free numbers offers) Get access to mobile/ laptop

IMEI

I nternational Mobile Equipment I dentifier 15 (or 17) digit number Unique for each and every mobile device Dial * # 0 6 # for IMEA number Can be used to disable phone if lost

Mobile Device Security



34/76

34

Securing Mobile Devices (Phones, Laptops etc.) Same as E-Mail precautions + Backup Bluetooth major vulnerability ( Video )

Use PIN, Security Settings, Infrared Settings, CallBarring & Restriction services

Do NOT store personal data on mobile (Credit Carddetails, passwords etc)

Mobile Device Security



35/76

35

Confidentiality Encryption Authenticity & Integrity PKI/ Digital signature Access

Authenticated SSL (https://) Public Key Encryption (Secure Shell instead of telnet) VPN

Backup REGULARLY (Complete & Incremental) Electronically shred files (not undelete -able)

Single Pass DoD 5520.22-M Guttmann

Data Security



36/76

36

Criticality, Location & Budget Specific Locks BIOS Security

Passwords (boot and set up) Access to battery

Side Channel attacks Power analysis

Electrical & Electromagnetic Probing Human Engineering Static Power Supply & Environment

Physical Security



37/76

37

Network Security A Primer



38/76

38

Need for Network Security

The philosophy of exchange of information over thenetwork that can be attacked (Vulnerability) hardware and software especially vulnerable

extent of the vulnerability is not always readily apparent The security only as strong as the weakest link Safeguards available for workstations, especially PCs are

significantly weaker than was the case with classicmainframes

Distributed computer systems Cannot be protected by organisational measures alone Technical mechanisms are also necessary



39/76

39

What are we trying to Protect?

Data Secrecy

Integrity Availability

Resources Hard-disk space Processor Memory Bandwidth

Reputation Identities Theft

Websites Defacement Data Loss Loss of Trust



40/76

40

Security Threat Perception

Intrusion Gaining unauthorised access by guessingpasswords, social engineering, planting malicious code,exploiting vulnerabilities to gain root access, etc

Denial of Service Impossible to avoid DOS attacks.Relatively easier to carry out.

Information Theft Get data without having to directlyuse the computer. Generally use internet services that aredesigned to give information. Active: Port Scanning, Exploit OS vulnerabilities, Session Hijacking Passive: Sniffing data, passwords in network traffic



41/76

41

Approaches to Security

Reactive Worry about problems that are apparent

currently. Concentrate on Fire-fighting

Proactive Plan for protection from attacks that are

theoretically possible



42/76

42

Why be Proactive?

Limits on what is difficult changes rapidly incomputing

Problems rarely come in isolation. One attack thatstoo difficult may help someone find an easier one Eventually, attackers always turn to more difficult

attacks Attacks move instantly from never attempted to

widely used



43/76

43

Security Models

Security through Obscurity Assume that no oneknows about the existence of the system. The

model does not work for long. Host Security Enforce security on each hostmachine separately. Does not scale up to a largenumber of machines.

Network Security Control network access tovarious hosts and services



44/76

44

Network Security Approaches

Firewalls Intrusion Detection Systems Strong Authentication Methods Encryption of sensitive data



45/76

45

Computer Security Principles

No single security model can solve all problems No security model can take care of management

problems Security must be built into the network design No Network is completely secure and no model

provides complete protection Though security may not prevent every single

incident, it can keep an incident from damaging orshutting down operations



46/76

46

What is a Firewall?

System or group of systems that enforces an accesscontrol policy between two networks

Blocks unauthorised or malicious data traffic Permits authorised and truthful data traffic Limits the amount of damage when used within an

organization

Enforces security policies and practices Characterized by a Default Permit or a Default Deny Policy Is most often installed at a point where a protected internal

network connects to an un-trusted external network



47/76

47

INTERNAL

NETWORK

FIREWALL EXTERNALNETWORK

Classical Firewall Positioning

What is a Firewall?



48/76

48

What a Firewall can do

Can prevent certain users or machines from accessing certainServers / Services (Enforces a security policy)

Can prevent unauthenticated interactive logins Can prevent network-borne attacks Can limit the exposure of an internal network Can provide a choke point and thus is a focus for security

decisions Can monitor & record communication between the internal

and external network Can encrypt data traffic between two firewalls (IPSEC)



49/76

49

What a Firewall cannot do

A Firewall is an excellent security solution but not acomplete one. Certain threats are outside the controlof the firewall.

Cannot protect against attacks that do not go through thefirewall Cannot protect against malicious insiders Cannot work without a consistent Network Security Policy

Cannot protect against configuration errors and it cannot setitself up correctly Cannot protect if administrators are vulnerable to Social

Engineering Cannot protect against completely new threats



50/76

50

Cryptography & PKI A Primer



51/76

51

IntroductionThe Art of Cryptology

CRYPTOLOGY

STEGANOGRAPHY(Hiding)

TRANSPOSITION(changing positionkeeping data same)

SUBSTITUTION(replacing keepingposition same)

CODE(replacing words)

CIPHER(combination ofsubstitution &transposition ofletters)

CRYPTOGRAPHY(Scrambling)

The study of mathematicaltechniques for scramblingdata confidentiality,integrity, authentication, ...

CRYPTANALYSIS(Cracking) The study ofmathematical techniquesfor defeatingcryptographic techniques

Key



52/76

52

IntroductionCryptographic Schemes

SYMMETRIC KEY SYSTEMS

STREAMCIPHERS

LFSR

ADDITIVEGENERATORS

ALGo M

TelephonyLinkEncrypt

Secure Fax

BLOCKCIPHERS

DES/3DES

IDEA

TWOFISH

RIJNDAEL(AES)

Messaging

Archiving

DiskEncrypt

ASYMMETRIC (PUBLIC)KEY SYSTEMS

RSA

MERKLE-HELLMANKNAPSACK

EL GAMAL

RABIN

Authentication

DigitalCertification

Non- Repudiation

UNKEYED SYSTEMS

SHA, MD2, MD4, MD5(Hash Functions)

RNGs, PRNGs

Integrity

Key Generation



53/76

53

Non-Repudiation & Key Exchange

(Key Management & Distribution)

Confidentiality

Symmetric (Private) KeySystems

Asymmetric (Public) Key Systems

Hybrid Systems

Integrity & Authentication (Hashing & Digital Signatures)

IntroductionCryptographic Services



54/76

54

Basic Concepts

Symmetric-key CryptographyBlock CiphersStream Ciphers

Public-key Cryptography Confidentiality Authentication

Integrity & Authentication Hash Functions Digital Signatures

Non-Repudiation & Key Distribution/ Exchange



55/76

55

Encryption Algorithm

Decryption Algorithm

KeySource

Cryptanalyst

X

K

Secure channel

Y X Plain Text

X: Plain TextY: Cipher TextK: Encryption/

Decryption Key

Sender A Receiver B

The Decryption Algorithmis the inverse of the


Cipher Text Plain Text

Private Key

Algorithm

Plain Text Approxi mation

Pri vate Key Approximation

Cipher Text

Private Key K

Symmetric-Key CryptographyBasic Model



56/76

56

Shared secret key between sender & receiver

Authenticity implicit

Security depends upon secrecy of key

Good performance for bulk encryption of data

Used for High Security, Mission Critical Applications

Two types of Conventional Ciphers

Block CiphersStream Ciphers

Symmetric-Key CryptographyFeatures



57/76

57

Substitution and Transposition individually DO NOTprovide high security

Combining the basic transformations yields strongciphers

A suitable combination (composition) of S and T is calleda round

Having multiple rounds enhances security

Therefore most block ciphers are Product Ciphers usingmultiple rounds

Symmetric-Key CryptographyBlock Ciphers



58/76

58

They encrypt individual characters (usually binary digits)

Generally faster than block-ciphers in hardware

Most appropriate in applications where buffering is aproblem, eg., In telecommunications

Few fully specified algorithms in open literature thoughenormous theoretical knowledge exists

Have significant advantages and therefore, their use islikely to grow

Symmetric-Key CryptographyStream Ciphers



59/76

59



Key pairSource

X Y X

KR b

Sender A Receiver B

Public Key

Ring KU b

KU b

Public-Key CryptographyConfidentiality

Plain Text Cipher Text

P r ivate Keyof B

CryptanalystAlgorithm

Plai n Text

Private Key of B (to decrypt messages to B)

Cipher Text

P u blic Keyof B

P u blic Keyof B

Plain Text



60/76

60



Key pairSource

X

KU a

Y X

KR a

Sender A Receiver B

Public Key

Ring

KU a

Public-Key Cryptography Authentication

Plain Text Cipher Text

P r ivate Keyof A

P u blic Keyof A

P u blic Keyof A

Plain Text

CryptanalystAlgorithm

Plai n Text

Pri vate Key of A ( to spoof identi ty of A)

Cipher Text



61/76

61

Mathematically related key pair

Private key - known only to user;kept secret

Public key - made available publicly Encryption/Decryption very slow (time-consuming)

Used for

Confidentiality (only for small data sizes)

Authentication (Digital Signature)

Non-Repudiation(Key Management & Distribution)

Key Exchange

Public-Key CryptographyFeatures



62/76

62

Myth - 1: Public-key Encryption is more secure fromcryptanalysis than is conventional encryption . In actual fact , thesecurity of any encryption scheme depends on the length of the key &the computational work involved in breaking a cipherMyth - 2: Public-key Encryption has made conventionalencryption obsolete . In actual fact even today Private keyCryptography is used for encryption and Public-key Cryptography isrestricted to key management & signature applications

Myth - 3: Key distribution is trivial when using Public-keyEncryption, compared to the rather cumbersome handshakinginvolved with key distribution centres for conventionalencryption. In actual fact , the procedures involved for Public-keyCryptography are no simpler nor any more efficient than those requiredfor conventional encryption

Public-Key CryptographyMyths



63/76

63

PlainText h(f)

MessageDigest

Fixed sizeHash Function

To be Transmittedwith the message

Integrity & AuthenticationHash Functions

x h(x)

One-way functionInput is a message of any lengthOutput is fixed

Cannot be generated from another messageIs different from the result of any other message

Not reversible - Impossible to recover message from hashUniquely identifies message and verifies integrityCommonly used hash algorithms

Secure Hash Algorithm (SHA)Message Digest algorithm (MD2, MD4, MD5)

Length is typically 128 or 160 bits



64/76

64

Enables verification of sender, date & time of signature

Trusted Time & Date Stamping

Authenticates information content at time of signatureDepends on content of information (Hash)

Should be unique to sender (Private Key)

Verifiable by third party for arbitrationEasy to produce, recognise, verify & store

Computationally infeasible to forge

Integrity & AuthenticationDigital Signatures



65/76

65

EP

KRa

||

K

KUa

Compare

DC M

K

Signature tied to cryptogram

M EC H

H

EKRa [H(E K[M])]

EK[M]

DP

Sender A Receiver B

Private Key Algorithm

Hash Function Algorithm

Public Key Algorithm

EC

H

EP

MessageDigest

MessageDigest

Public Key of A

DigitalSignature

CryptogramCryptogram

SignedCryptogram Cryptogram

DigitalSignature

P r ivate Key of A

MessageDigest

Message Message

SecretKey

SecretKey

Integrity & AuthenticationDigital Signature Implementation - 1



66/76

66

EP

||

M

M

Signature tied to plain text

KR a

H

EC DC HM

KK

Compare

DP

KUa E K[M||E KRa [H(M)]]

E KRa [H(M)]

Sender A Receiver B

MMessage

Message

DigitalSignatureMessage

Digest

SignedMessage Cryptogram

DigitalSignature

MessageDigest

MessageDigest

Message

Public Key of A

P r ivate Key of A

SecretKey

SecretKey

SignedMessage

Integrity & AuthenticationDigital Signature Implementation - 2

Private Key Algorithm

Hash Function Algorithm

Public Key Algorithm

EC

H

EP


67/76

67

Non Repudiation & KeyExchange




68/76

68

A B

KUa KUa

KUaKUa

KU bKU b

KU b

KU b

Public Announcement of Keys

Uncontrolled Public Key Distribution



69/76

69

Public KeyDirectory

A B

KUa KU b

Public Key PublicationPublicly Available (Access Controlled) Directory


P bli K A h i


70/76

70

Public KeyAuthority

InitiatorA

ResponderB

(1) Request || Time 1 (4) Request || Time 2

(6)E KUa [N a || N b]

(7)E [N b]

(2)E kRauth [KU b || Request || Time 1]

(5)E kRauth [KUa || Request || Time 2]

KU b

(3)E [ID A || N a]KU b

Public Key AuthorityCentral Authority Maintaining Dynamic Directory of

Centrally Generated KeysSteps 1 to 7 have to be carr ied out forevery tr ansaction. Th is i s tedious and i sovercome using certi f ication.

Issue of Public Key of A

Issue of Public Key of B

Request for

Public Keyof A

Request for Public Keyof B

Authenticated Exchangeof Public Keys



71/76

71

Exchange of Public Key Certificates

CertificateAuthority

A B

(2)C B

(1)C A

KUa KU b

C A=E KRauth [Time 1 ID A KUa]||||

C B=E KRauth [Time 2 || ID B KU b ]||

E KRauth

ID A :Identifier of A

: Private Keyof Authority

Public Key Certificates

Registration

Registration

Issue ofCertificate to A

Issue ofCertificate to B

Exchange of Certificates

A Cer tif icate can be used forany number of tr ansactions forthe per iod of i ts validity

Time 1 & Time 2 refer to the

Period ofValidity



72/76

72

Public-Private Key Pair Generated Individually by User Uncontrolled (Public Announcement) of Public Keys Public Key Publication in a Publicly available (access controlled)

directoryCannot achieve Non RepudiationNo central control & TrustEasy & Cheap to implement

Public-Private Key Pair Generated Centrally Public Key Authority Certificate Authority (could be generated individually by user)

Non Repudiation achievedCentral Control & Trust Complex & Expensive Infrastructure

Non Repudiation Achieved bySuitable Key Distribution


Introduction


73/76

73

Non-Repudiation & Key Exchange


Confidentiality

Symmetric (Private) KeySystems

Asymmetric (Public) Key Systems

Hybrid Systems

Integrity & Authentication (Hashing & Digital Signatures)

IntroductionCryptographic Services



74/76

74

Issues 1

Cryptology Computationally secure algorithms Role, Survivability, Secrecy,

Availability Cryptanalysis (Linguistics, Maths, Int. etc) & Algorithm Analysis Key Design Key Management & Administration (Distribution) Public Key Infrastructure (PKI)

Technology Hardware obsolescence Software key storage Protocols Open Source Software authenticity, need to analyse



75/76

75

Issues 2

Vulnerability & Susceptibility (Side Channel Attacks) System (Hardware & Software) Vulnerabilities Social Engineering

Interoperability & Standards Data Transfer between networks with different security classification

Policy (Integrated, Institutionalised) Expertise (Long Term gains)

Maths, Physics, Computing, Language

Design, Development, Production, Life Cycle Support Gradation/ Certification & Audit Accountability & Trust Key Escrow Insurance Utilisation of Indigenous Academia & Industry Control, Funding, Authority


l h h


76/76

Some Final Thoughts

The IT infrastructure is a complex technological system. All suchcomplex systems exhibit interactive complexity (sub -systems interactin unexpected ways) and tight coupling (sub -systems have rapidimpact on each other). These characteristics make the system accident-prone. Such systems have serious accidents as a consequence of theinherent complexities irrespective of the intent or skill of the designersor operators. The best systems operated by the best men will fail andfail regularly .

Normal Accidents: Living with High -Risk Technologies by Charles Perrow

How much should we computerise?How much should we trust such systems?Have we catered for Normal Accidents? What are WE doing about Information Security

Information Security - A Primer

Documents