In information security, models provide a way to formalize security policies. Such models can be abstract or intuitive. All models are intended to provide an explicit set of rules that a computer can follow to implement the fundamental security concepts, processes, and procedures that make up a security policy. The models offer a way to deepen your understanding of how a computer operations system should be designed and developed to support a specific security policy. No system can be totally secure; security professionals have several security models to consider.
Let’s say you work for one of the following types of industry:
Choose a different industry than from last week’s discussion, and then from the list below, select a model and summarize the model as you understand it. State why you might use this model in your job. Include at least one advantage and disadvantage of the model you’ve chosen. Include a real-life example of the model in use.
Make sure to include any special or unique security feature for the model.
NOTE: Never provide more security than is required so be careful to analyze the requirements of your choice in industry. Would you put a fence around your house, or would you put a mote with piranha around your house?
List of Models:
Trusted computing base
State machine model
Information flow model
Access control matrix
Brewer and Nash model (also known as the Chinese wall)