| Chapter 5 – |
Toward a New Framework for Information Security |
Donn Parker
Chapter Contents:
| |
5.1 |
|
Proposal for a New Information Security Framework
|
| |
5.1.1 |
|
Six Essential Foundation Elements
|
| |
5.1.1.1 |
|
Loss scenario 1: Availability
|
| |
5.1.1.2 |
|
Loss scenario 2: Utility
|
| |
5.1.1.3 |
|
Loss scenario 3: Integrity
|
| |
5.1.1.4 |
|
Loss scenario 4: Authenticity
|
| |
5.1.1.5 |
|
Loss scenario 5: Confidentiality
|
| |
5.1.1.6 |
|
Loss scenario 6: Possession
|
| |
5.1.1.7 |
|
Conclusions about the six elements
|
| |
5.1.1.8 |
|
What the dictionaries say about the words we use
|
| |
5.1.2 |
|
Comprehensive List of Information Losses
|
| |
5.1.2.1 |
|
Complete list of potential information losses
|
| |
5.1.2.2 |
|
Examples of loss and suggested controls
|
| |
5.1.2.3 |
|
Physical Information and Systems Losses
|
| |
5.1.2.4 |
|
Challenge of Complete Lists
|
| |
5.1.3 |
|
Functions of Information Security
|
| |
5.1.4 |
|
Selecting Safeguards Using a Standard of Due Care
|
| |
5.1.5 |
|
Threats, Assets, Vulnerabilities Model
|
| |
5.2 |
|
Clark-Wilson Integrity Model: A Framework for Business Applications Security
|
| |
5.2.1 |
|
Clark-Wilson Integrity Model Mechanisms and Principles
|
| |
5.2.1.1 |
|
Mechanisms
|
| |
5.2.1.2 |
|
Principles
|
| |
5.2.1.3 |
|
Additional Principles
|
| |
5.2.2 |
|
Major Elements of the Clark-Wilson Integrity Model
|
| |
5.2.3 |
|
Certification Rules
|
| |
5.2.4 |
|
Model in Use
|
| |
5.3 |
|
Conclusions
|
| |
5.4 |
|
Notes
|
|
|
|
