Информациона безбедност – поглед у будућност

Abstract

Динамичан развој савремених технологија (пре свeга информационо-комуникационих – ИКТ), драматично мења начин на који живимо, при чему су бенефити њиховог коришћења препознати као основа за функционисање модерног друштва. Никада није било лакше да се потребне информације пронађу и да им се приступи са било ког места у било које време, што значајно олакашава свакодневне активности, али са друге стране, и значајно повећава претњу информационој безбедности. Тако је данас разматрање проблема информационе безбедности нераскидиво повезано са питањима сигурности рачунарских система и мрежа. То је потенцирано новим трендовима развоја и имплементације ИКТ као што су cloud computing, обрада великих података (big data processing) и Интернет ствари (IoT – Internet of Things). Истовремено, интеграција података добијених од друштвених и сензорских мрежа са биометријским подацима и традиционалним техникама надзора омогућава готово неограничену моћ скривеног праћења и надгледања, што је опет потенцијални напад на приватност појединца. Све наведено указује да је, у светлу примене модерних технологија, потребна ревизија традиционалне стратегије и приступа информационој безбедности. Циљ овог рада је да укаже на отворена питања информационе безбедности приликом развијања и имплементације модерних ИКТ са посебним нагласком на питања приватности.

The rapid development of modern technologies (primarily information and communication technology- ICT), have been changing dramatically the way we live, thereby recognizing the benefits of their use as a basis for the functioning of modern society. It’s never been easier to find and access relevant information from anywhere at any time, making everyday activities much easier, but on the other hand significantly increasing the threats to information security. Today, addressing the problem of information security is inseparable with issues such as computer systems security, network security and application security. It is emphasized with the new trends of development and implementation of ICT such as cloud computing, big data processing and Internet of Things (IoT). IoT paradigm in which every physical object is mapped as one (or more) cyber entities with the possibility of mutual (smart) interaction and automated data exchange (even without the permission of the subject), introduces new challenges in the field of network and application security with an emphasis on ethical and legal issues related to the issues of information security and privacy protection. This issue is particularly pronounced in the case of large-scale data analysis (data mining, big data analytics) and the processing of information obtained from sensor networks and other distributed sources of data (including social media) that allow automated identification, tracking, monitoring and profiling of individual. By collecting and analyzing all the available data of the individual, targeted/individualized services are enabled (or denial of the same as well). They are increasingly being used not only by companies in order to increase their profits, but also by government agencies, above all security services, which makes it an controversial issue. By integrating the data from the social and sensor networks a ‘higher form of collective awareness’ is obtained, where the search technology, data mining and visualization allow trends to be detected and events anticipated. At the same time fusion of social networks data with biometric data and traditional surveillance techniques allows almost unlimited power of secret tracking and monitoring, which is again a potential invasion of privacy. On the other hand, cloud computing as a challenge recognizes the accumulation of data with insufficient guarantee of access control by authorized entities. There is also a growing outscoring of the company’s business operations, which includes a large number of business partners, external suppliers and independent professionals who all have access to classified information. All of the above suggests that a revision of the traditional strategies and approaches to information security is needed. The aim of this paper is to point out some of the challenges and open issues where no adequate answer exist, and that society has to take seriously before (non-selective) employing of modern technologies make pointless every effort of professionals to ensure information security and protect the privacy in modern society.