Page 160 - DCAP309_INFORMATION_SECURITY_AND_PRIVACY
P. 160
Information Security and Privacy
Notes The disadvantage to the model is that it does not offer detailed execution details. Therefore, in
order to make utilization of the model, one must first appreciate it and interpret that
understanding into an attainable purpose or task. As such, selling this notion to senior
management may do well or fail, based on their ability to clutch the overall picture
presented.
As a high-level model, the McCumber Cube is a very expensive tool for assessing an organization
to help concentrates resources. It would be very functional united with a compatible framework
and method as discussed in the below sections.
Self Assessment
Fill in the blanks:
1. The ......................... assist map theoretical goals onto mathematical associations that
strengthen whichever execution is eventually selected.
2. Models are conceptual and ......................... in nature and generally do not go into precise
detail on how to be executed.
3. As a ......................... model, the McCumber Cube is a very expensive tool for assessing an
organization to help concentrates resources.
11.2 Terminology
Performance Reference Mode (PRM): Framework for performance dimension offering common
output dimensions during the federal government. It permits agencies to better handle the
business of government at a strategic level by offering a means for using an agency’s EA to
dimension the success of information systems investments and their influence on strategic
outcomes.
Preproduction Model: Version of INFOSEC equipment utilizing standard parts and suitable for
complete evaluation of form, design, and performance. Preproduction models are frequently
known as beta models.
Production Model : INFOSEC equipment in its concluding mechanical and electrical form.
Role-based Access Control (RBAC): A model for handling access to resources where allowed
actions on resources are recognized with roles instead of individual subject identities.
Technical Reference Model (TRM): A component-driven, technological framework that classifies
the standards and technologies to assist and enable the delivery of service components and
capabilities.
IA Infrastructure: The fundamental security framework that lies away from an enterprise’s
defined border, but assists its IA and IA-enabled products, its security position and its risk
management plan.
Risk Management Framework: A structured approach used to manage and control risk for an
enterprise.
Information Security: The defense of information and information systems from unofficial
access, use, revelation, disruption, alteration, or destruction so as to provide confidentiality,
integrity, and accessibility.
Information Security Policy: Collective of directives, policies, rules, and practices that stipulate
how an organization organizes, protects, and distributes information.
154 LOVELY PROFESSIONAL UNIVERSITY
