{"id":46,"date":"2013-03-31T23:30:29","date_gmt":"2013-03-31T23:30:29","guid":{"rendered":"https:\/\/www.softwareab.net\/wordpress\/?p=46"},"modified":"2013-04-09T11:30:16","modified_gmt":"2013-04-09T11:30:16","slug":"formal-security-models-and-the-organization","status":"publish","type":"post","link":"https:\/\/www.softwareab.net\/wordpress\/formal-security-models-and-the-organization\/","title":{"rendered":"Whitepaper 01-03: Formal Security Models and the Organization"},"content":{"rendered":"<p><a href=\"https:\/\/www.softwareab.net\/wordpress\/wp-content\/uploads\/2013\/03\/Formal-Security-Models-and-Our-Organization.pdf\">Click here to download &#8220;Formal Security Models and Our Organization&#8221;!<\/a><\/p>\n<p>Our organization performs work for and stores information on behalf of customers in the federal government. Our customers demand security, reliability, and scalability both for data storage and data access. To achieve these goals, we apply various formal security models to ensure that the data and systems we run operate within well-defined security perimeters. In this paper we look at selected formal security models to see how they enable us to satisfy customer requirements, thus helping us to provide the best possible value to them.<!--more--> Specifically, we examine:<\/p>\n<ul>\n<li>Brief definitions and <b>key terms<\/b> of selected formal security models.<\/li>\n<li>Our organization&#8217;s overall <b>security\u00c2\u00a0 policy<\/b> (\u00e2\u20ac\u0153statements outlining entity interaction, access control, protection methods, and remediation\u00e2\u20ac\u009d)<a title=\"\" href=\"file:\/\/\/C:\/Users\/andy.bruce\/Documents\/Unprotected\/school\/Norwich\/Course01\/Research%20Paper%2003\/Formal%20Security%20Models%20and%20Our%20Organization.doc#_edn1\">[i]<\/a> and how <b>s<\/b><b>ecurity models<\/b> (\u00e2\u20ac\u0153requirements for proper support of and implementation of a security policy\u00e2\u20ac\u009d)<a title=\"\" href=\"file:\/\/\/C:\/Users\/andy.bruce\/Documents\/Unprotected\/school\/Norwich\/Course01\/Research%20Paper%2003\/Formal%20Security%20Models%20and%20Our%20Organization.doc#_edn2\"><b><b>[ii]<\/b><\/b><\/a> affect our organizational <b>roles<\/b>.<\/li>\n<li>How we use the <b>Parkerian Hexad<a title=\"\" href=\"file:\/\/\/C:\/Users\/andy.bruce\/Documents\/Unprotected\/school\/Norwich\/Course01\/Research%20Paper%2003\/Formal%20Security%20Models%20and%20Our%20Organization.doc#_edn3\"><b>[iii]<\/b><\/a><\/b> to guide our <b>security structure<\/b>.<\/li>\n<\/ul>\n<p>We close this paper with our view of how we see computer security models adapting to future threats.<\/p>\n<div><br clear=\"all\" \/><\/p>\n<hr align=\"left\" size=\"1\" width=\"33%\" \/>\n<div>\n<p><a title=\"\" href=\"file:\/\/\/C:\/Users\/andy.bruce\/Documents\/Unprotected\/school\/Norwich\/Course01\/Research%20Paper%2003\/Formal%20Security%20Models%20and%20Our%20Organization.doc#_ednref1\">[i]<\/a>\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0 Shon Harris, \u00e2\u20ac\u0153Information Security and Risk Management,\u00e2\u20ac\u009d <i>CISSP All-in-One (AIO), 4th ed.<\/i>, (New York: McGraw-Hill, 2007), pg. 279. For space considerations, we paraphrase Harris&#8217; definition of a \u00e2\u20ac\u0153security policy.\u00e2\u20ac\u009d<\/p>\n<\/div>\n<div>\n<p><a title=\"\" href=\"file:\/\/\/C:\/Users\/andy.bruce\/Documents\/Unprotected\/school\/Norwich\/Course01\/Research%20Paper%2003\/Formal%20Security%20Models%20and%20Our%20Organization.doc#_ednref2\">[ii]<\/a>\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0 Ibid, pg. 279. As before, we paraphrase the definition given in the text for a \u00e2\u20ac\u0153security model.\u00e2\u20ac\u009d<\/p>\n<\/div>\n<div>\n<p><a title=\"\" href=\"file:\/\/\/C:\/Users\/andy.bruce\/Documents\/Unprotected\/school\/Norwich\/Course01\/Research%20Paper%2003\/Formal%20Security%20Models%20and%20Our%20Organization.doc#_ednref3\">[iii]<\/a>\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0 Seymour Bosworth, M.E. Kabay, Eric Whyne, eds., \u00e2\u20ac\u0153Chapter 3.1: Proposal for a new Information Security Framework,\u00e2\u20ac\u009d Computer Security Handbook: Volume 1, 4th ed. (Hoboken, NJ: John Wiley &amp; Sons, Inc., 2009), pg. 97. See the <i>Six Essential Security Elements<\/i> for a listing of the Parkerian Hexad.<\/p>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Click here to download &#8220;Formal Security Models and Our Organization&#8221;! Our organization performs work for and stores information on behalf of customers in the federal government. Our customers demand security, reliability, and scalability both for data storage and data access. &hellip;<\/p>\n<p class=\"read-more\"> <a class=\"more-link\" href=\"https:\/\/www.softwareab.net\/wordpress\/formal-security-models-and-the-organization\/\"> <span class=\"screen-reader-text\">Whitepaper 01-03: Formal Security Models and the Organization<\/span> Read More &raquo;<\/a><\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.2 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Whitepaper 01-03: Formal Security Models and the Organization - softwareab<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.softwareab.net\/wordpress\/formal-security-models-and-the-organization\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Whitepaper 01-03: Formal Security Models and the Organization - softwareab\" \/>\n<meta property=\"og:description\" content=\"Click here to download &#8220;Formal Security Models and Our Organization&#8221;! Our organization performs work for and stores information on behalf of customers in the federal government. Our customers demand security, reliability, and scalability both for data storage and data access. &hellip; Whitepaper 01-03: Formal Security Models and the Organization Read More &raquo;\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.softwareab.net\/wordpress\/formal-security-models-and-the-organization\/\" \/>\n<meta property=\"og:site_name\" content=\"softwareab\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cloudraticsolutions\/\" \/>\n<meta property=\"article:author\" content=\"https:\/\/www.facebook.com\/cloudraticsolutions\/\" \/>\n<meta property=\"article:published_time\" content=\"2013-03-31T23:30:29+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2013-04-09T11:30:16+00:00\" \/>\n<meta name=\"author\" content=\"Andrew Bruce\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@realcloudratics\" \/>\n<meta name=\"twitter:site\" content=\"@realcloudratics\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Andrew Bruce\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.softwareab.net\/wordpress\/formal-security-models-and-the-organization\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.softwareab.net\/wordpress\/formal-security-models-and-the-organization\/\"},\"author\":{\"name\":\"Andrew Bruce\",\"@id\":\"https:\/\/www.softwareab.net\/wordpress\/#\/schema\/person\/1337443eaeb75104e0410b508e67f600\"},\"headline\":\"Whitepaper 01-03: Formal Security Models and the Organization\",\"datePublished\":\"2013-03-31T23:30:29+00:00\",\"dateModified\":\"2013-04-09T11:30:16+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.softwareab.net\/wordpress\/formal-security-models-and-the-organization\/\"},\"wordCount\":272,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.softwareab.net\/wordpress\/#\/schema\/person\/1337443eaeb75104e0410b508e67f600\"},\"articleSection\":[\"Teknophobia\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.softwareab.net\/wordpress\/formal-security-models-and-the-organization\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.softwareab.net\/wordpress\/formal-security-models-and-the-organization\/\",\"url\":\"https:\/\/www.softwareab.net\/wordpress\/formal-security-models-and-the-organization\/\",\"name\":\"Whitepaper 01-03: Formal Security Models and the Organization - softwareab\",\"isPartOf\":{\"@id\":\"https:\/\/www.softwareab.net\/wordpress\/#website\"},\"datePublished\":\"2013-03-31T23:30:29+00:00\",\"dateModified\":\"2013-04-09T11:30:16+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.softwareab.net\/wordpress\/formal-security-models-and-the-organization\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.softwareab.net\/wordpress\/formal-security-models-and-the-organization\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.softwareab.net\/wordpress\/formal-security-models-and-the-organization\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.softwareab.net\/wordpress\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Whitepaper 01-03: Formal Security Models and the Organization\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.softwareab.net\/wordpress\/#website\",\"url\":\"https:\/\/www.softwareab.net\/wordpress\/\",\"name\":\"softwareab\",\"description\":\"Technocratica, Technopolitik, Technophobia\",\"publisher\":{\"@id\":\"https:\/\/www.softwareab.net\/wordpress\/#\/schema\/person\/1337443eaeb75104e0410b508e67f600\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.softwareab.net\/wordpress\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\/\/www.softwareab.net\/wordpress\/#\/schema\/person\/1337443eaeb75104e0410b508e67f600\",\"name\":\"Andrew Bruce\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.softwareab.net\/wordpress\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/www.softwareab.net\/wordpress\/wp-content\/uploads\/2024\/03\/andy-cartoon.jpg\",\"contentUrl\":\"https:\/\/www.softwareab.net\/wordpress\/wp-content\/uploads\/2024\/03\/andy-cartoon.jpg\",\"width\":400,\"height\":330,\"caption\":\"Andrew Bruce\"},\"logo\":{\"@id\":\"https:\/\/www.softwareab.net\/wordpress\/#\/schema\/person\/image\/\"},\"description\":\"Team-oriented systems mentor with deep knowledge of numerous software methodologies, technologies, languages, and operating systems. Excited about turning emerging technology into working production-ready systems. Focused on moving software teams to a higher level of world-class application development. Specialties:Software analysis and development...Product management through the entire lifecycle...Discrete product integration specialist!\",\"sameAs\":[\"http:\/\/cloudraticsolutions.net\/\",\"https:\/\/www.facebook.com\/cloudraticsolutions\/\",\"https:\/\/twitter.com\/realcloudratics\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Whitepaper 01-03: Formal Security Models and the Organization - softwareab","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.softwareab.net\/wordpress\/formal-security-models-and-the-organization\/","og_locale":"en_US","og_type":"article","og_title":"Whitepaper 01-03: Formal Security Models and the Organization - softwareab","og_description":"Click here to download &#8220;Formal Security Models and Our Organization&#8221;! Our organization performs work for and stores information on behalf of customers in the federal government. Our customers demand security, reliability, and scalability both for data storage and data access. &hellip; Whitepaper 01-03: Formal Security Models and the Organization Read More &raquo;","og_url":"https:\/\/www.softwareab.net\/wordpress\/formal-security-models-and-the-organization\/","og_site_name":"softwareab","article_publisher":"https:\/\/www.facebook.com\/cloudraticsolutions\/","article_author":"https:\/\/www.facebook.com\/cloudraticsolutions\/","article_published_time":"2013-03-31T23:30:29+00:00","article_modified_time":"2013-04-09T11:30:16+00:00","author":"Andrew Bruce","twitter_card":"summary_large_image","twitter_creator":"@realcloudratics","twitter_site":"@realcloudratics","twitter_misc":{"Written by":"Andrew Bruce","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.softwareab.net\/wordpress\/formal-security-models-and-the-organization\/#article","isPartOf":{"@id":"https:\/\/www.softwareab.net\/wordpress\/formal-security-models-and-the-organization\/"},"author":{"name":"Andrew Bruce","@id":"https:\/\/www.softwareab.net\/wordpress\/#\/schema\/person\/1337443eaeb75104e0410b508e67f600"},"headline":"Whitepaper 01-03: Formal Security Models and the Organization","datePublished":"2013-03-31T23:30:29+00:00","dateModified":"2013-04-09T11:30:16+00:00","mainEntityOfPage":{"@id":"https:\/\/www.softwareab.net\/wordpress\/formal-security-models-and-the-organization\/"},"wordCount":272,"commentCount":0,"publisher":{"@id":"https:\/\/www.softwareab.net\/wordpress\/#\/schema\/person\/1337443eaeb75104e0410b508e67f600"},"articleSection":["Teknophobia"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.softwareab.net\/wordpress\/formal-security-models-and-the-organization\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.softwareab.net\/wordpress\/formal-security-models-and-the-organization\/","url":"https:\/\/www.softwareab.net\/wordpress\/formal-security-models-and-the-organization\/","name":"Whitepaper 01-03: Formal Security Models and the Organization - softwareab","isPartOf":{"@id":"https:\/\/www.softwareab.net\/wordpress\/#website"},"datePublished":"2013-03-31T23:30:29+00:00","dateModified":"2013-04-09T11:30:16+00:00","breadcrumb":{"@id":"https:\/\/www.softwareab.net\/wordpress\/formal-security-models-and-the-organization\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.softwareab.net\/wordpress\/formal-security-models-and-the-organization\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.softwareab.net\/wordpress\/formal-security-models-and-the-organization\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.softwareab.net\/wordpress\/"},{"@type":"ListItem","position":2,"name":"Whitepaper 01-03: Formal Security Models and the Organization"}]},{"@type":"WebSite","@id":"https:\/\/www.softwareab.net\/wordpress\/#website","url":"https:\/\/www.softwareab.net\/wordpress\/","name":"softwareab","description":"Technocratica, Technopolitik, Technophobia","publisher":{"@id":"https:\/\/www.softwareab.net\/wordpress\/#\/schema\/person\/1337443eaeb75104e0410b508e67f600"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.softwareab.net\/wordpress\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/www.softwareab.net\/wordpress\/#\/schema\/person\/1337443eaeb75104e0410b508e67f600","name":"Andrew Bruce","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.softwareab.net\/wordpress\/#\/schema\/person\/image\/","url":"https:\/\/www.softwareab.net\/wordpress\/wp-content\/uploads\/2024\/03\/andy-cartoon.jpg","contentUrl":"https:\/\/www.softwareab.net\/wordpress\/wp-content\/uploads\/2024\/03\/andy-cartoon.jpg","width":400,"height":330,"caption":"Andrew Bruce"},"logo":{"@id":"https:\/\/www.softwareab.net\/wordpress\/#\/schema\/person\/image\/"},"description":"Team-oriented systems mentor with deep knowledge of numerous software methodologies, technologies, languages, and operating systems. Excited about turning emerging technology into working production-ready systems. Focused on moving software teams to a higher level of world-class application development. Specialties:Software analysis and development...Product management through the entire lifecycle...Discrete product integration specialist!","sameAs":["http:\/\/cloudraticsolutions.net\/","https:\/\/www.facebook.com\/cloudraticsolutions\/","https:\/\/twitter.com\/realcloudratics"]}]}},"_links":{"self":[{"href":"https:\/\/www.softwareab.net\/wordpress\/wp-json\/wp\/v2\/posts\/46"}],"collection":[{"href":"https:\/\/www.softwareab.net\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.softwareab.net\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.softwareab.net\/wordpress\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.softwareab.net\/wordpress\/wp-json\/wp\/v2\/comments?post=46"}],"version-history":[{"count":3,"href":"https:\/\/www.softwareab.net\/wordpress\/wp-json\/wp\/v2\/posts\/46\/revisions"}],"predecessor-version":[{"id":86,"href":"https:\/\/www.softwareab.net\/wordpress\/wp-json\/wp\/v2\/posts\/46\/revisions\/86"}],"wp:attachment":[{"href":"https:\/\/www.softwareab.net\/wordpress\/wp-json\/wp\/v2\/media?parent=46"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.softwareab.net\/wordpress\/wp-json\/wp\/v2\/categories?post=46"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.softwareab.net\/wordpress\/wp-json\/wp\/v2\/tags?post=46"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}