Copyright © 2009 Open Geospatial Consortium, Inc. 19 system to the other.

6.2 Definition of Security Requirements based on ISO 10181

ISO 10181 provides a definition for security, focusing to protect the information: ―Information held by IT products or systems is a critical resource that enables organisations to succeed in their mission. Additionally, individuals have a reasonable expectation that their personal information contained in IT products or systems remain private, be available to them as needed, and not be subject to unauthorised modification. IT products or systems should perform their functions while exercising proper control of the information to ensure it is protected against hazards such as unwanted or unwarranted dissemination, alteration, or loss. The term IT security is used to cover prevention and mitigation of thes e and similar hazards.‖[2] The standard further defines security frameworks and the associated requirements, applicable to security services in Open System environments. The term ―Open System‖ is defined to include ―… areas such as Database, Distributed Applications, ODP and OSI.‖ [2] In order to protect the exchange of information between secured systems and the management of the stored data, the standard states that ―… security services may apply to the communicating entities of systems as well as to data exchanged between systems, and to data managed by systems.‖ [2] In subsequent parts of the standard, the requirements and the following security frameworks are defined: Authentication Framework: ISO 10181-2 defines all basic concepts of authentication in Open Systems: It identifies different classes of authentication mechanisms, the services for their implementation and the requirements for supporting protocols. It further identifies requirements for the management of identity information. Access Control Framework: ISO 10181-3 defines all basic concepts for access control in Open Systems and the relation to other frameworks such as the Authentication and Audit Frameworks. Non-repudiation Framework: ISO 10181-4 refines and extends the concepts of non-repudiation, given in ISO 7598-2. It further defines general non-repudiation services and the mechanisms to provide these services. Confidentiality Framework: ISO 10181-5 defines the basic concepts of confidentiality, identifies classes of confidentiality mechanisms and their maintenance. It further addresses the interactions of the confidentiality mechanisms with other services. Integrity Framework: ISO 10181-6 defines the basic concepts of integrity, identical to the Confidentiality Framework. Security Audits and Alarms Framework: ISO 10181-7 defines the basic concepts for security audit and alarms and the relationship to other security services. 20 Copyright © 2009 Open Geospatial Consortium, Inc. 7 The Threat Model, Vulnerabilities and Attacks Protecting a system against all kinds of threats is almost impossible. And, the statement ―we are secure, we have a firewall‖ is dangerous as it limits the view towards possible threats to disallow communication typically from the outside world to your internal applications. The unfortunate with this limited view is that when you provide web services, you have to open firewall port 80 and optionally 443, otherwise the outside world cannot execute your service. Therefore, the firewall is just one component in the big picture, when trying the holistic security approach. In order for this approach to meet the expectations, it needs to cover aspects such as securing the network, the computer that hosts the applications, in particular the web services available to the outside world and the applications itself. Securing the applications includes securing the presentation, business and data access logic. In addition, care needs to be taken with maintaining the operating system of the host computers, the runtime services other than the web services and the platform specific services. The firewall actually belongs to the elements that need to be secured under the network category; Router and Switches also fall under this category. Securing the host basically deals with appropriate configuration of user accounts, operating system services, directory and file access as well as file shares. Securing the applications deal with implementing countermeasures or prevention of vulnerabilities towards input validation, authentication, authorization, protection of sensitive data, cryptography, exception handling as well as auditing and logging.

7.1 Defining the Threat Model