Unit 11: Security Models & Frameworks and Methodologies for Information System Security




          administrator  to organize  access  control).  The  models  assist  map  theoretical  goals  onto  Notes
          mathematical associations that strengthen whichever execution is eventually selected.


                 Example: Windows, Unix, MacOS, etc.
          The mainly fitting description of a model from appears to be for an “abstract” or “theoretical”
          model, which is defined as “a hypothetical build that symbolizes physical, biological or social
          processes, with a set of variables and a set of rational and quantitative associations between
          them.”. For the purposes of this classification, a model is a high-level build displaying processes,
          variables, and relationships. Models are conceptual and abstract in nature and generally do not
          go into precise detail on how to be executed.
          Moreover, a high-quality model will be self-governing of technology, offering a general reference
          frame.

          The following technique has been identified to be theoretical and conceptual in nature, offering
          common direction toward attaining an objective without going into particular implementation
          details. It is categorized as a model.




             Notes  It is of huge importance here to note that there is, actually, only one technique
             classified as a model inside the situation of this document. Whereas numerous methods
             were  measured as candidates for models – like IA-CMM,  SSE-CMM, ISM3, ISO/IEC
             17799:2005, and COBIT– they all failed the description test for the similar reason: they all
             comprise  widespread practice  statements that  explain  how  to  put  into  practice  the
             method.

          Only one technique did not include practice statements, and as such deserves to unconnected.
          This technique fulfils the definition of a model by being theoretical conceptual, and technology-
          independent. As such, this model could be functional to other areas exterior of information
          security (like physical security) with little or no alteration of its core tenets.

          The McCumber Cube (“Information Systems Security: A Comprehensive Model”)

          Its purpose is to  offer an information-centric model that captures the association among the
          disciplines of interactions and computer security, without the restrictions of organizational or
          technical modifications.
          As  designated in the Stated purpose above, the McCumber Cube  is an information-centric
          model that has been practical to computer security. It concentrates on three proportions of
          information: Information States, Critical Information traits, and Security Measures. Inside every
          dimension are three aspects, which, when attached, effect in a three-dimensional cube where
          every dimension is on an axis of the cube.

          Dissimilar the frameworks portrayed below, the McCumber Cube does not go into particulars
          on execution, like with widespread practice statements. Rather, discusses instances of how the
          model can be accessed  within an organization after first offering a foundational conversation of
          computer security (or information security, or information guarantee, based on your preferred
          term today) and introducing the model in its entirety.
          This model is very functional for accepting a highly compound topic (computer security) in a
          very concise, albeit conceptual, manner. Moreover, the concentration on information permits
          the model to be applied to other topics beyond security with relative simplicity.




                                           LOVELY PROFESSIONAL UNIVERSITY                                   153