Cover Image


View/Hide Left Panel

sent information resources, which have value when—and only when—they are complete, authentic, accessible, and current.

For a report to be an electronic document, it must include a number of attributes attesting to its compliance with special requirements of high-tech end products deemed by society to have legal weight. It must adhere to technical and technological requirements for document creation and transmission, points that must also be documented by various generally recognized means.

Again, information systems produce electronic documents, a process that involves elements such as

  • computers

  • data (other electronic documents)

  • network (telecommunications) resources

  • information technologies

One important information security-related event that has occurred in the last decade is the appearance and development of the concept of device security. The main ideas of device security include the following:2

  • recognition of the multiplicative protection paradigm and, as a result, equal attention to implementation of control procedures at all stages of information systems operations (the protection of the entire system is no greater than the protection of its weakest link)

  • “materialist” resolution of the fundamental question of information security: “What first—hardware or software?”

  • consistent rejection of software-oriented control methods as obviously unreliable (attempts to use software to monitor the correctness of other software is equivalent to attempting to resolve the unsolvable question of self-applicability—“Munchausen Syndrome”) and the shifting of the most critical control procedures to the device level (Archimedes’ principle), in accordance with which “support points” must be created to carry out device-based control procedures

  • maximum possible separation of condition-stable (software) and condition-variable (data) elements of control operations (divide-and-conquer principle)

The need to protect information technologies has only recently been recognized. Up to now, the public has defined an electronic document as a file signed with an electronic signature. This is incorrect. Here are two illustrations—a coded message and a piece of currency. Neither has a signature or a seal, but they are documents nonetheless. Why do we accept them as documents? Only because (and this is enough) we trust the technologies by which they were produced. If the commander of a military unit receives a coded message with orders from his command from the hands of the code officer, he has every reason to accept the text he has received as a document (order). And if he finds that same

The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement