Confidentiality, integrity, and availability are the cornerstones of information assurance. When coupled with the concept of authentication, these tenants provide administrators with the necessary focus to protect information systems from adversaries. If I were building a learning management system similar to WebTycho for Booz Allen, it would be critical to integrate these security goals during the development of the collaboration tool.
Confidentiality is the concept of making data available to only the people or systems that are authorized to access it (Pfleeger & Pfleeger, 2006, p. 256). In regards to a learning management system, this would require that an individual’s personal data such as grade information, communications, and activity logs are not made available to other users. Access control systems often allow administrators to integrate a level of confidentiality within an information system. More specifically, the Bell-LaPadula model is especially well known for ensuring the confidentiality of data.
The Bell-LaPadula system was proposed by David Bell and Len LaPadula in response to concerns expressed by the United States Air Force in regards to the security of its information systems (Blanton, 2010). In 1973, the engineers developed the model to focus specifically on protecting the confidentiality of data (Blanton, 2010). The Bell-LaPadula security model assigns subjects and objects within an information system a label that indicates its security classification (Balon & Thabet, 2004). Essentially, security labels are used to identify the minimum levels of security required to access resources. The Bell-LaPadula access control model follows two properties, the simple security property and the star prope...
... middle of paper ...
...wo or all three of the aforementioned authentication factors should be integrated. If the new system mirrored that of WebTycho, a simple user name/password authentication process would be sufficient.
By carefully addressing confidentiality, integrity, availability, and authentication throughout the development process of the learning management system, administrators can ensure a greater sense of security within the tool.
Works Cited
Balon, N., & Thabet, I. (2004). The Biba security model (p 1-4). The University of Michigan
Blanton, M. (2010). Computer security: Multi-level security (p 3-27). The University of Notre Dame
Pfleeger, C.P., & Pfleeger, S.L. (2006). Security in computing. Upper Saddle River, NJ: Pearson Education, Inc.
Vacca, J. R. (2009). Computer and information security handbook. Burlington, MA: Morgan Kaufmann Publishers.
In this section we investigate attacks and threats to our primary devices. These attacks and threats are built off of the vulnerabilities the previous section and help to determine which security controls would be most valuable against future attacks.
The Operating System (OS) is the heart of computer server and client systems; therefore they are the pivotal components of the Information Technology (IT) architecture. The OS contains the crucial data, information, and applications, which are vulnerable, and can be infiltrated to cripple the entire IT architecture of the organization. Therefore, it becomes mandatory to properly safeguard the OS from an internal or external intrusion (Stallings & Brown, 2012). This critical thinking report will highlight the security concerns that may impact the OS. Further, the security guidelines and best practices for the OS in general, along with the specific fundamentals regarding the Windows and Linux OS are comprehensively illustrated.
DWP is resolved to shield the classification, respectability and accessibility of all physical and electronic data resources of the establishment to guarantee that administrative, operational and contractual prerequisites are satisfied. The general objectives for data security at ABC Corporation
Created by Philip Zimmermann in 1991, this program has been widely used throughout the global computer community to protect the confidentiality and integrity of the users’ data, giving them the privacy of delivering messages and files only to their intended individual or authorized person (Singh, 2012). Not only being useful for individuals as a privacy-ensuring program, it has also been used in many corporations to protect their company’s data from falling into the wrong hands (Rouse, 2005).
Security helps the organization meet its business objectives or mission by protecting its physical and financial resources, reputation, legal position, employees, and other tangible and intangible assets through the selection and application of appropriate safeguards. Businesses should establish roles and responsibilities of all personnel and staff members. However, a Chief Information Officer should be appointed to direct an organization’s day to day management of information assets. Supporting roles are performed by the service providers and include systems operations, whose personnel design and operate the computer systems. Each team member must be held accountable in ensuring all of the rules and policies are being followed, as well as, understanding their roles, responsibilities and functions. Organizations information processing systems are vulnerable to many threats that can inflict various types of damage that can result in significant losses (Harris, 2014). Losses can come from actions from trusted employees that defraud the system, outside hackers, or from careless data entry. The major threat to information protection is error and omissions that data entry personnel, users, system operators and programmers make. To better protect business information resources, organizations should conduct a risk analysis to see what
Mandatory access control creates a classification of resources and allows access only to people of a certain security clearance. The controls are enforced by the operating system. For example, the operating system cannot convert a classified document to a lower classification without a formal, documented process of declassification by ...
Gibson, Darril. Understanding The Security Triad (Confidentiality, Integrity, and Availability). Pearson IT Certification. 2011. http://www.pearsonitcertification.com/articles/article.aspx?p=1708668
Summary Report for: Computer Security. (2010). January 10, 2011, from O*net Online: retreived January/15/2011 http://online.onetcenter.org/link/summary/15-1071.01
Whitman, M., & Mattord, H. (2010). Management of information security. (3rd ed., p. 6). Boston, MA: Cengage Learning.
Principle of Security Management by Brian R. Johnson, Published by Prentice-Hall copyright 2005 by Pearson Education, Inc.
Nowadays, teaching is no longer restricted to face-to-face interaction between the students and the teachers. (Yueh & Hsu, 2008). The usage of learning management systems in the classroom and in the workplace continues to play an important role in helping instructors, trainers and educators in meeting their pedagogical as well as their organizational goals (see Argyris, 1977; Beatty & Ulasewicz, 2006; Liu, Li & Carlsson, 2010; Shrivastava, 1983; Ong, Lai & Wang, 2004). Becoming ubiquitous since the 80’s and 90’s, learning management systems (LMS) are one of the means of e-learning—a learning situation where instructors and learners are separated by distance, time, or both (Raab, Ellis, & Abdon, 2002) as well as m-learning (mobile
Kelly, C. T. (2005). Security: a Brief History. In C. T. Kelly, Buisness, Corporate, and Industrial
Johnson, B. R. (2005). Principles of Security Management. Upper Saddle River, NJ: Pearson Prentice Hall.
Privacy exist wherever personal information or other sensitive information is collected, stored, used, and finally destroyed or deleted – in digital form or otherwise. The challenge of data privacy is to use data while safe-guarding individual's privacy preferences and their personally identifiable information. The fields of computer security, data security, and information security design and utilize software, hardware, and human resources to address this issue.
This report aim to explain how is achieved risk control through strategies and through security management of information.