welcome to our website.
We are currently redesigning most of our pages in order to offer the best possible service for our international visitors. As you might have already noticed, we provide a wealth of useful information on our website which of course makes the whole process quite time-consuming. Please understand that you might therefore encounter websites that have not been translated so far. Please also be aware that some content (like for example content under "Teachings" that is only relevant for students of the Westphalia University of Applied Sciences) will not be translated at all.
Should you have particular interest in a not yet translated part of our website, please do not hesitate to contact us. We will be happy to summarize the page's content for you or answer your specific questions.
The Institute for Internet Security - if(is) is an innovative, independent, scientific facility of the Westphalia University of Applied Sciences. Besides research and development, we are a creative service provider with a focus on Internet security. One of our overall tasks is to push forward research and development in terms of Internet security and to improve the statutory framework of Internet security.
Since the official opening in May 2005, the young and creative research team turned the institute into one of the most considerable competencies for Internet security. Our aim is to make the Internet a more trustworthy and secure place.
We do not live in a perfect (business) world
We do not live in a perfect world - and we all know that.
But we have learned to handle this fact in a responsible manner and therefore we created a basic level of security. But what do we have to do, to gain a comparable security for the electronic world, so we can use the opportunities that the new concepts bring along?
A perfect world does not exist
In a perfect world trust and friendliness would be the highest principles, all information would be freely accessible, nobody would enrich himself at the expense of others, all customers would pay the desired and adequate price for goods and services and market competition would be transparent, fair and regulated.
The real world looks different: Information and knowledge - that means power - are unequally dispensed, burglary and theft threaten property, fraud and betrayal are part of our business life, terror and violance threaten our daily life. But during the time we have learned to handle that and now we are able to adequately protect ourselves.
How to protect us in the real world
A doorman takes care that no stranger enters the company building, lockers care for a safe keeping of values (information, strategy papers, citizen data), armoured delivery vans ensure the transport of enterprise values.
Civil registry offices ensure the unambigous identity of a person and its provability. The registry office takes care that we are clearly identifiable by our first name and surname, place of birth and our birthday. Passports are issued that allow us to prove the distinct identity of the holder beyond doubt. Sealed envelopes care for the confidential exchange of information, manual signatures for its obligation.
We know that this obligation is also liable for the actions that are initiated or executed through the letter e.g. in business or law issues.
Real vs. electronic business world
A very important aspect in an efficient society is trustworthiness - as well in business life as in our daily life. In our real world we learned from the beginning what meaning our manual signature has and how we value trusthworthiness through personal contacts and intuitive appraisement.
In our electronic world we cannot use our traditional mechanisms, because we indirectly communicate via networks like the Internet. We do not know for sure who is our communication partner and who is tapping or maybe manipulating our communication. That means we need a different approach to fulfill our basic security needs, other than in the real world.
- In our electronic business world we need confidentiality as a basic security service, so no unauthorized individuals are able to read-out the stored or transferred information.
- We need procedures for authentication in order to know with whom we are performing business processes and who is accessing our information and resources via network.
- Furthermore we need to be able to verify data integrity to make sure that data is unchanged i.e. still in its original state.
Let us for example take a look at logistic information: Without reliable, unchanged logistic information a trader would not know who has ordered something or where his goods have to be delivered to. Also he would not know what he has in stock and what not etc. He would be incapable of acting.
- Finally the verifiability of electronic business processes is necessary to make sure that they are binding.
Which challenges are we facing in the electronic world?
We are currently experiencing a fundamental change towards an information society. We have to become aware that more and more business processes are handled via Internet with the help of IT system. This leads to an increasing need for IT security measures, which enable a base of confidentiality in the electronic business world.
Conventional business processes in the real world have been and still will be protected by security measures like gatekeepers, security transports, safes etc. For business processes in the electronic world, at least equivalent mechanisms are needed.
This is even more important when considering the steadily increasing value of electronic information. The changing business processes result in more and more data, which are considerable financial values, being saved on computer systems or transferred through networks. This includes development records, customer data, logistic information or strategic concepts which can influence stock market values. These bits and bytes can easily be worth millions of Euros.
When we make ourselves aware of how often such information is transferred via e-mail on the one hand and that on the other hand only 5% of all e-mails are encrypted, it is easy to see that we need a security solution as quickly as possible.
Another challenge is a lacking sense of guilt that is quite common in the electronic world. If you want to steal company values in the real world, you have to climb over fences, force doors and windows open, maybe even blast a vault. Everyone who does something like this if fully aware, that he is commiting a crime! In the electronic world the hackers or crackers are sitting in front of their screens with coffee and cookies. They are basically doing the same thing, but often they do not feel like doing something wrong. The inhibition level is lower and thereforce the probability of attacks is higher.
One essential difference to the real world is, that companies and organizations in the electronic world have to protect themselves from dangers: The Internet is international, laws are currently limited to national borders. That means that a state is currently unable to offer appropriate protection. It will certainly take us at least ten years until international laws are passed - e.g. as part of the G8-efforts. Until then suitable IT security measures have to fill the gap.
How can we properly protect ourselves in the electronic world?
The aforementioned security mechanisms, which we know from the real world, are analogously available in the electronic world:
Firewalls and PC security systems - as electronic doorkeepers - prevent unauthorized access to the internal IT of an organization from the outside.
File and hard disk drive encryption function as a digital vault for safe storage of electronic information.
So called Virtual Private Networks (communication encryption units) protect you from manipulation and unauthorized insight when transferring data - similarly to an armoured delivery van.
Public Key Infrastructures (PKIs) - like registry offices - provide an unambigous and secure identification of business partners in the Internet.
Encrypted e-mails allow confidential correspondence, electronic signatures guarantee bindingness and therefore a higher legal certainty.
If we want to utilise the benefits of the electronic world - of an information society - we have to limit the risks like we do in the real world. That means we have to use appropriate security solutions and take care that their development keeps pace with the development of their environment.