HOME

TheInfoList



Click Here for Items Related To - Security Modes
OR:
Security Modes on:   [Wikipedia]   [Google]   [Amazon]

Generally, security modes refer to information systems security modes of operations used in
mandatory access control In computer security, mandatory access control (MAC) refers to a type of access control by which the operating system or database constrains the ability of a ''subject'' or ''initiator'' to access or generally perform some sort of operation on an ...
(MAC) systems. Often, these systems contain information at various levels of security classification. The mode of operation is determined by: * The type of users who will be directly or indirectly accessing the system. * The type of data, including classification levels, compartments, and categories, that are processed on the system. * The type of levels of users, their need to know, and formal access approvals that the users will have.


Dedicated security mode

In this mode of operation, all users must have: * Signed
NDA NDA may stand for: Military * National Defence Academy (India), a military academy in India * National Defence Act, legislation for organizing and funding Canada's military * National Defense Academy of Japan, a military academy in Japan * Nig ...
for ''ALL'' information on the system. * Proper clearance for ''ALL'' information on the system. * Formal access approval for ''ALL'' information on the system. * A valid
need to know The term "need to know", when used by government and other organizations (particularly those related to the military or espionage), describes the restriction of data which is considered very sensitive. Under need-to-know restrictions, even if one ...
for ''ALL'' information on the system. All users can access ''ALL'' data.


System high security mode

In
system high mode System high mode, or simply system high, is a security mode of using an automated information system (AIS) that pertains to an environment that contains restricted data that is classified in a hierarchical scheme, such as Top Secret, Secret and Uncl ...
of operation, all users must have: * Signed
NDA NDA may stand for: Military * National Defence Academy (India), a military academy in India * National Defence Act, legislation for organizing and funding Canada's military * National Defense Academy of Japan, a military academy in Japan * Nig ...
for ''ALL'' information on the system. * Proper clearance for ''ALL'' information on the system. * Formal access approval for ''ALL'' information on the system. * A valid
need to know The term "need to know", when used by government and other organizations (particularly those related to the military or espionage), describes the restriction of data which is considered very sensitive. Under need-to-know restrictions, even if one ...
for ''SOME'' information on the system. All users can access ''SOME'' data, based on their
need to know The term "need to know", when used by government and other organizations (particularly those related to the military or espionage), describes the restriction of data which is considered very sensitive. Under need-to-know restrictions, even if one ...
.


Compartmented security mode

In this mode of operation, all users must have: * Signed
NDA NDA may stand for: Military * National Defence Academy (India), a military academy in India * National Defence Act, legislation for organizing and funding Canada's military * National Defense Academy of Japan, a military academy in Japan * Nig ...
for ''ALL'' information on the system. * Proper clearance for ''ALL'' information on the system. * Formal access approval for ''SOME'' information they will access on the system. * A valid
need to know The term "need to know", when used by government and other organizations (particularly those related to the military or espionage), describes the restriction of data which is considered very sensitive. Under need-to-know restrictions, even if one ...
for ''SOME'' information on the system. All users can access ''SOME'' data, based on their
need to know The term "need to know", when used by government and other organizations (particularly those related to the military or espionage), describes the restriction of data which is considered very sensitive. Under need-to-know restrictions, even if one ...
and formal access approval.


Multilevel security mode

In
multilevel security Multilevel security or multiple levels of security (MLS) is the application of a computer system to process information with incompatible classifications (i.e., at different security levels), permit access by users with different security clearan ...
mode of operation (also called Controlled Security Mode), all users must have: * Signed
NDA NDA may stand for: Military * National Defence Academy (India), a military academy in India * National Defence Act, legislation for organizing and funding Canada's military * National Defense Academy of Japan, a military academy in Japan * Nig ...
for ''ALL'' information on the system. * Proper clearance for ''SOME'' information on the system. * Formal access approval for ''SOME'' information on the system. * A valid
need to know The term "need to know", when used by government and other organizations (particularly those related to the military or espionage), describes the restriction of data which is considered very sensitive. Under need-to-know restrictions, even if one ...
for ''SOME'' information on the system. All users can access ''SOME'' data, based on their
need to know The term "need to know", when used by government and other organizations (particularly those related to the military or espionage), describes the restriction of data which is considered very sensitive. Under need-to-know restrictions, even if one ...
, clearance and formal access approval


Summary

{, class="wikitable" border="1" , - ! ! Signed NDA for ! Proper clearance for ! Formal access approval for ! A valid need to know for , - , Dedicated security mode , ALL information on the system. , ALL information on the system. , ALL information on the system. , ALL information on the system. , - , System high security mode , ALL information on the system , ALL information on the system , ALL information on the system , SOME information on the system , - , Compartmented security mode , ALL information on the system , ALL information on the system , SOME information on the system , SOME information on the system , - , Multilevel security mode , ALL information on the system , SOME information on the system , SOME information on the system , SOME information on the system


See also

*
Access control In the fields of physical security and information security, access control (AC) is the selective restriction of access to a place or other resource, while access management describes the process. The act of ''accessing'' may mean consuming ...
* Multifactor authentication *
Bell–LaPadula model The Bell–LaPadula Model (BLP) is a state machine model used for enforcing access control in government and military applications. It was developed by David Elliott Bell and Leonard J. LaPadula, subsequent to strong guidance from Roger R. Sche ...
*
Biba model The Biba Model or Biba Integrity Model developed by Kenneth J. Biba in 1975, is a formal state transition system of computer security policy that describes a set of access control rules designed to ensure data integrity. Data and subjects are group ...
* Clark-Wilson model *
Discretionary access control In computer security, discretionary access control (DAC) is a type of access control In the fields of physical security and information security, access control (AC) is the selective restriction of access to a place or other resource, whil ...
(DAC) * Graham-Denning model *
Multilevel security Multilevel security or multiple levels of security (MLS) is the application of a computer system to process information with incompatible classifications (i.e., at different security levels), permit access by users with different security clearan ...
(MLS) *
Mandatory access control In computer security, mandatory access control (MAC) refers to a type of access control by which the operating system or database constrains the ability of a ''subject'' or ''initiator'' to access or generally perform some sort of operation on an ...
(MAC) *
Security" \n\n\nsecurity.txt is a proposed standard for websites' security information that is meant to allow security researchers to easily report security vulnerabilities. The standard prescribes a text file called \"security.txt\" in the well known locat ...
*
Security engineering Security engineering is the process of incorporating security controls into an information system so that the controls become an integral part of the system’s operational capabilities. It is similar to other systems engineering activities in th ...
*
Take-grant model The take-grant protection model is a formal model used in the field of computer security Computer security, cybersecurity (cyber security), or information technology security (IT security) is the protection of computer systems and networks fr ...


References

*Krutz, Ronald L. and Vines, Russell Dean, The CISSP Prep Guide; Gold Edition, Wiley Publishing, Inc., Indianapolis, Indiana, 2003.


External links


DoD 5200.28
defines the security terms Computer security models