HOME

TheInfoList



Click Here for Items Related To - Brewer And Nash Model
OR:
Brewer And Nash Model on:   [Wikipedia]   [Google]   [Amazon]

The Brewer and Nash model was constructed to provide
information security Information security, sometimes shortened to InfoSec, is the practice of protecting information by mitigating information risks. It is part of information risk management. It typically involves preventing or reducing the probability of unauthori ...
access controls In the fields of physical security and information security, access control (AC) is the selective restriction of access to a place or other resource, while access management describes the process. The act of ''accessing'' may mean consuming ...
that can change dynamically. This security model, also known as the
Chinese wall A Chinese wall or ethical wall is an information barrier protocol within an organization designed to prevent exchange of information or communication that could lead to conflicts of interest. For example, a Chinese wall may be established to sepa ...
model, was designed to provide controls that mitigate conflict of interest in commercial organizations and is built upon an
information flow model Information is an abstract concept that refers to that which has the power to inform. At the most fundamental level information pertains to the interpretation of that which may be sensed. Any natural process that is not completely random ...
. In the Brewer and Nash model, no information can flow between the subjects and objects in a way that would create a conflict of interest. This model is commonly used by consulting and accounting firms. For example, once a consultant accesses data belonging to Acme Ltd, a consulting client, they may no longer access data to any of Acme's competitors. In this model, the same consulting firm can have clients that are competing with Acme Ltd while advising Acme Ltd. This model uses the principle of data isolation within each conflict class of data to keep users out of potential conflict of interest situations. Because company relationships change all the time, dynamic and up-to-date updates to members and definitions for conflict classes are important.


See also

*
Bell–LaPadula model The Bell–LaPadula Model (BLP) is a state machine model used for enforcing access control in government and military applications. It was developed by David Elliott Bell and Leonard J. LaPadula, subsequent to strong guidance from Roger R. Sche ...
* Biba model *
Clark–Wilson model The Clark–Wilson integrity model provides a foundation for specifying and analyzing an integrity policy for a computing system. The model is primarily concerned with formalizing the notion of information integrity. Information integrity is ...
*
Graham–Denning model The Graham–Denning model is a computer security model that shows how subjects and objects should be securely created and deleted. It also addresses how to assign specific access rights. It is mainly used in access control mechanisms for distrib ...


References

* Harris, Shon, All-in-one CISSP Exam Guide, Third Edition, McGraw Hill Osborne, Emeryville, California, 2005. * Chapple, Mike, et al, Certified Information System Security Professional - Official Study Guide, Eighth Edition, Sybex, John Wiley & Sons, Indiana, 2018.


External links

*{{cite journal , author = Dr. David F.C. Brewer and Dr. Michael J. Nash , title = The Chinese Wall Security Policy , publisher = IEEE , date= 1989 , journal = Proceedings of IEEE Symposium on Security and Privacy, 1989, Pp. 206-214 , url = http://www.cs.purdue.edu/homes/ninghui/readings/AccessControl/brewer_nash_89.pdf Computer security models