CIS502 Discussion Response
CIS502 discussion post responses.
Respond to the colleagues posts regarding:
Security Models
In information security, models provide a way to formalize security policies. Such models can be abstract or intuitive. All models are intended to provide an explicit set of rules that a computer can follow to implement the fundamental security concepts, processes, and procedures that make up a security policy. The models offer a way to deepen your understanding of how a computer operations system should be designed and developed to support a specific security policy. No system can be secure; security professionals have several security models to consider.
Let’s say you work for one of the following types of industry:
Choose a different industry from last week’s discussion, and then from the list below, select a model and summarize the model as you understand it. State why you might use this model in your job. Include at least one advantage and disadvantage of the model you’ve chosen. Include a real-life example of the model in use. Make sure to include any special or unique security features for the model.
TS’s post states the following:Top of Form
Trusted Computing Base (TCB)
This system is compiled of everything within a computing system that ensures a secure environment. This would include things like the operating system, security mechanisms, prescribed procedures, physical locations, and network hardware/software. Normally there are requirements for controlling access, backing up data, supporting user authentications, guarding against viruses and system infiltrations.
TCB is also accountable for confidentiality and integrity. It is the only portion of a system that functions at a high level of trust. It enforces the security policy and monitors four basic functions: Input/output operations, Execution domain switching, Memory protection, Process activation.
Manufacturing may use TCB to protect trade secrets that they store in computers or devices. If your field or product is competitive enough then you may worry about people stealing or employees selling information that gives you a completive advantage. Ensuring that your data is safeguarded would be critical.
One advantage of a TCB is its security. Having the peace of mind knowing that your data is safe and has very little potential to be infiltrated.
BE’s post states the following:Top of Form
I have selected the services industry and the Brewer and Nash model (also known as the Chinese Wall Model.) I understand the model as a tool used as a commercial security analysis conflict of interest binary relation (CIR). This model could be used at my job to service employee banking safely. One advantage is that it prohibits a person from accessing several conflicts of interest categories and avoids conflict of interest. One disadvantage is that the datasets and the objects, along with the subjects, should flow according to or the metaphorically will not work correctly. An example would be a Brewer and Nash wall between the company’s data from Bank A and Bank B; if the user had access data from bank B first, then they could not be able to access data. The objective is to avoid conflict of interest between parties.