Whitepaper 01-03: Formal Security Models and the Organization

Click here to download “Formal Security Models and Our Organization”!

Our organization performs work for and stores information on behalf of customers in the federal government. Our customers demand security, reliability, and scalability both for data storage and data access. To achieve these goals, we apply various formal security models to ensure that the data and systems we run operate within well-defined security perimeters. In this paper we look at selected formal security models to see how they enable us to satisfy customer requirements, thus helping us to provide the best possible value to them. Specifically, we examine:

  • Brief definitions and key terms of selected formal security models.
  • Our organization’s overall security  policy (“statements outlining entity interaction, access control, protection methods, and remediation”)[i] and how security models (“requirements for proper support of and implementation of a security policy”)[ii] affect our organizational roles.
  • How we use the Parkerian Hexad[iii] to guide our security structure.

We close this paper with our view of how we see computer security models adapting to future threats.

[i]      Shon Harris, “Information Security and Risk Management,” CISSP All-in-One (AIO), 4th ed., (New York: McGraw-Hill, 2007), pg. 279. For space considerations, we paraphrase Harris’ definition of a “security policy.”

[ii]     Ibid, pg. 279. As before, we paraphrase the definition given in the text for a “security model.”

[iii]    Seymour Bosworth, M.E. Kabay, Eric Whyne, eds., “Chapter 3.1: Proposal for a new Information Security Framework,” Computer Security Handbook: Volume 1, 4th ed. (Hoboken, NJ: John Wiley & Sons, Inc., 2009), pg. 97. See the Six Essential Security Elements for a listing of the Parkerian Hexad.

Team-oriented systems mentor with deep knowledge of numerous software methodologies, technologies, languages, and operating systems. Excited about turning emerging technology into working production-ready systems. Focused on moving software teams to a higher level of world-class application development. Specialties:Software analysis and development...Product management through the entire lifecycle...Discrete product integration specialist!

Leave a Reply

Your email address will not be published. Required fields are marked *