I am going to switch gears a little bit this week, taking a side-step from the personal privacy aspect of my posts, and leaning more toward what we are covering in class this week. One topic that interested me was that of Security Management Models. As I was reading through the textbook about these models, I related back to work and personal life. Interestingly, it helped me grasp the concept a little better. So, I wanted to discuss a couple of them and how "layman's terms" turned the light bulb on upstairs.
Our book outlined a couple of integrity models: Bell-LaPadula and Biba. These integrity models essentially state the same principles. The basics of these models attempt to maintain the integrity of data. As such, higher and lower levels of classification and integrity are maintained. It sounds foreign, right? That is where I put a touch of life into it. If you have children, you can relate to you being the higher level. If not, then your parents are the higher level.
As parents, we dictate to our children on a daily basis. We tell them to do things like clean their rooms, do their homework, and complete their chores. Our higher level of authority allows that. However, our children, typically speaking, do not tell us what to do. It's that old expression, "I'm the parent, that's why." Thus, in our every day lives, we become living examples of these integrity models. When that integrity is compromised, such as your child telling you no, we take action to correct that compromise.
Businesses have due diligence to do the same thing. If the integrity of their data is compromised to a lower level that is not authorized to access certain data, measures are taken to correct the behavior and attempt to ensure it does not reoccur. In my line of work, the military, we have the same type of scenarios. If you recall the behaviors of Private Bradley Manning and Edward Snowden and the reaction of the military and Federal government in their wake, you can see this model in play and where it failed.
The integrity was upheld by allowing them access to the data, but it failed when that data was subsequently linked to outside agencies. Thus, the lower level, the civilian world, were given access to data we should not have been granted access to. Actions were taken to remedy the behavior, ensuring it would not happen again, and Private Manning was punished by the military for breaking his agreement to keep the data confidential. In the case of Edward Snowden, it is still ongoing and we do not know what the outcome will be. We also use these principles in our private life.
Think about your data on Facebook. You have the option of keeping your data private. In this case, you are the higher level of authority and allow certain access to a lower level, your friends. If you have no privacy settings set up, all of your data is available for viewing by anyone using Facebook. Your "wall" is a great example of this integrity. Your settings can dictate that you and your friends have read and write access to your wall, thus keeping outsiders from posting to it. On the other hand, a lack of privacy settings makes your wall fair game to anyone wishing to write messages on it. Your privacy settings maintain the integrity of your data. Should that integrity be violated, you have a valid complaint against Facebook for not maintaining it.
As you can see, it is interesting how our normal daily lives revolve around something as simple as these integrity models. Again, I was looking for a way to relate the learning to how we function in life. It made it easy to remember and clarified certain aspects of it for me. Essentially, we are living life in terms of security management models in this technologically advanced world we live in. Interesting, huh?
Referenced Sites
Gellman, B. (2103, December 23). Edward Snowden, after months of NSA revelations, says his mission's accomplished. Retrieved October 12, 2014, from http://www.washingtonpost.com/world/national-security/edward-snowden-after-months-of-nsa-revelations-says-his-missions-accomplished/2013/12/23/49fc36de-6c1c-11e3-a523-fe73f0ff6b8d_story.html
Maniscalchi, J. (2010, May 17). Information Security Models for Confidentiality and Integrity. Retrieved October 12, 2014, from http://www.digitalthreat.net/2010/05/information-security-models-for-confidentiality-and-integrity/
Tate, J. (2013, August 21). Bradley Manning sentenced to 35 years in WikiLeaks case. Retrieved October 12, 2014, from http://www.washingtonpost.com/world/national-security/judge-to-sentence-bradley-manning-today/2013/08/20/85bee184-09d0-11e3-b87c-476db8ac34cd_story.html
Our book outlined a couple of integrity models: Bell-LaPadula and Biba. These integrity models essentially state the same principles. The basics of these models attempt to maintain the integrity of data. As such, higher and lower levels of classification and integrity are maintained. It sounds foreign, right? That is where I put a touch of life into it. If you have children, you can relate to you being the higher level. If not, then your parents are the higher level.
As parents, we dictate to our children on a daily basis. We tell them to do things like clean their rooms, do their homework, and complete their chores. Our higher level of authority allows that. However, our children, typically speaking, do not tell us what to do. It's that old expression, "I'm the parent, that's why." Thus, in our every day lives, we become living examples of these integrity models. When that integrity is compromised, such as your child telling you no, we take action to correct that compromise.
Businesses have due diligence to do the same thing. If the integrity of their data is compromised to a lower level that is not authorized to access certain data, measures are taken to correct the behavior and attempt to ensure it does not reoccur. In my line of work, the military, we have the same type of scenarios. If you recall the behaviors of Private Bradley Manning and Edward Snowden and the reaction of the military and Federal government in their wake, you can see this model in play and where it failed.
The integrity was upheld by allowing them access to the data, but it failed when that data was subsequently linked to outside agencies. Thus, the lower level, the civilian world, were given access to data we should not have been granted access to. Actions were taken to remedy the behavior, ensuring it would not happen again, and Private Manning was punished by the military for breaking his agreement to keep the data confidential. In the case of Edward Snowden, it is still ongoing and we do not know what the outcome will be. We also use these principles in our private life.
Think about your data on Facebook. You have the option of keeping your data private. In this case, you are the higher level of authority and allow certain access to a lower level, your friends. If you have no privacy settings set up, all of your data is available for viewing by anyone using Facebook. Your "wall" is a great example of this integrity. Your settings can dictate that you and your friends have read and write access to your wall, thus keeping outsiders from posting to it. On the other hand, a lack of privacy settings makes your wall fair game to anyone wishing to write messages on it. Your privacy settings maintain the integrity of your data. Should that integrity be violated, you have a valid complaint against Facebook for not maintaining it.
As you can see, it is interesting how our normal daily lives revolve around something as simple as these integrity models. Again, I was looking for a way to relate the learning to how we function in life. It made it easy to remember and clarified certain aspects of it for me. Essentially, we are living life in terms of security management models in this technologically advanced world we live in. Interesting, huh?
Referenced Sites
Gellman, B. (2103, December 23). Edward Snowden, after months of NSA revelations, says his mission's accomplished. Retrieved October 12, 2014, from http://www.washingtonpost.com/world/national-security/edward-snowden-after-months-of-nsa-revelations-says-his-missions-accomplished/2013/12/23/49fc36de-6c1c-11e3-a523-fe73f0ff6b8d_story.html
Maniscalchi, J. (2010, May 17). Information Security Models for Confidentiality and Integrity. Retrieved October 12, 2014, from http://www.digitalthreat.net/2010/05/information-security-models-for-confidentiality-and-integrity/
Tate, J. (2013, August 21). Bradley Manning sentenced to 35 years in WikiLeaks case. Retrieved October 12, 2014, from http://www.washingtonpost.com/world/national-security/judge-to-sentence-bradley-manning-today/2013/08/20/85bee184-09d0-11e3-b87c-476db8ac34cd_story.html
No comments:
Post a Comment