HOME

TheInfoList



Click Here for Items Related To - Compartmentalization (information Security)
OR:
Compartmentalization (information Security) on:   [Wikipedia]   [Google]   [Amazon]

Compartmentalization, in
information security Information security is the practice of protecting information by mitigating information risks. It is part of information risk management. It typically involves preventing or reducing the probability of unauthorized or inappropriate access to data ...
, whether public or private, is the limiting of
access to information Access may refer to: Companies and organizations * ACCESS (Australia), an Australian youth network * Access (credit card), a former credit card in the United Kingdom * Access Co., a Japanese software company * Access International Advisors, a h ...
to persons or other entities on a
need-to-know The term "need to know" (alternatively spelled need-to-know), when used by governments and other organizations (particularly those related to military or intelligence), describes the restriction of data which is considered very confidential and ...
basis to perform certain tasks. It originated in the handling of
classified information Classified information is confidential material that a government deems to be sensitive information which must be protected from unauthorized disclosure that requires special handling and dissemination controls. Access is restricted by law or ...
in
military A military, also known collectively as armed forces, is a heavily armed, highly organized force primarily intended for warfare. Militaries are typically authorized and maintained by a sovereign state, with their members identifiable by a d ...
and
intelligence Intelligence has been defined in many ways: the capacity for abstraction, logic, understanding, self-awareness, learning, emotional knowledge, reasoning, planning, creativity, critical thinking, and problem-solving. It can be described as t ...
applications. It dates back to antiquity, and was successfully used to keep the secret of
Greek fire Greek fire was an incendiary weapon system used by the Byzantine Empire from the seventh to the fourteenth centuries. The recipe for Greek fire was a closely-guarded state secret; historians have variously speculated that it was based on saltp ...
. The basis for compartmentalization is the idea that, if fewer people know the details of a mission or task, the risk or likelihood that such information will be compromised or fall into the hands of the opposition is decreased. Hence, varying levels of clearance within organizations exist. Yet, even if someone has the highest clearance, certain "compartmentalized" information, identified by codewords referring to particular types of secret information, may still be restricted to certain operators, even with a lower overall security clearance. Information marked this way is said to be codeword–classified. One famous example of this was the
Ultra Ultra may refer to: Science and technology * Ultra (cryptography), the codename for cryptographic intelligence obtained from signal traffic in World War II * Adobe Ultra, a vector-keying application * Sun Ultra series, a brand of computer work ...
secret, where documents were marked "Top Secret Ultra": "Top Secret" marked its security level, and the "Ultra" keyword further restricted its readership to only those cleared to read "Ultra" documents. Compartmentalization is now also used in commercial
security engineering Security engineering is the process of incorporating security controls into an information system so that the controls become an integral part of the system's operational capabilities. It is similar to other systems engineering activities in that ...
as a technique to protect information such as
medical record The terms medical record, health record and medical chart are used somewhat interchangeably to describe the systematic documentation of a single patient's medical history and health care, care across time within one particular health care provide ...
s.


Example

An example of compartmentalization was the
Manhattan Project The Manhattan Project was a research and development program undertaken during World War II to produce the first nuclear weapons. It was led by the United States in collaboration with the United Kingdom and Canada. From 1942 to 1946, the ...
. Personnel at Oak Ridge constructed and operated centrifuges to isolate
uranium-235 Uranium-235 ( or U-235) is an isotope of uranium making up about 0.72% of natural uranium. Unlike the predominant isotope uranium-238, it is fissile, i.e., it can sustain a nuclear chain reaction. It is the only fissile isotope that exists in nat ...
from naturally occurring uranium, but most did not know exactly what they were doing. Those that knew did not know why they were doing it. Parts of the weapon were separately designed by teams who did not know how the parts interacted.


See also

*
Information sensitivity Information sensitivity is the control of access to information or knowledge that might result in loss of an advantage or level of security if disclosed to others. Loss, misuse, modification, or Access control, unauthorized access to sensitive in ...
*
Principle of least privilege In information security, computer science, and other fields, the principle of least privilege (PoLP), also known as the principle of minimal privilege (PoMP) or the principle of least authority (PoLA), requires that in a particular abstraction l ...
*
Sensitive compartmented information Sensitive compartmented information (SCI) is a type of United States classified information concerning or derived from sensitive intelligence sources, methods, or analytical processes. All SCI must be handled within formal access control systems ...


References

* {{refend Data security National security Classified information Intelligence assessment