HOME

TheInfoList



Click Here for Items Related To - Security Modes
OR:
Security Modes on:   [Wikipedia]   [Google]   [Amazon]

Generally, security modes refer to information systems security modes of operations used in
mandatory access control In computer security, mandatory access control (MAC) refers to a type of access control by which the operating system or database constrains the ability of a ''subject'' or ''initiator'' to access or generally perform some sort of operation on a ...
(MAC) systems. Often, these systems contain information at various levels of security classification. The mode of operation is determined by: * The type of users who will be directly or indirectly accessing the system. * The type of data, including classification levels, compartments, and categories, that are processed on the system. * The type of levels of users, their need to know, and formal access approvals that the users will have.


Dedicated security mode

In this mode of operation, all users must have: * Signed NDA for ''ALL'' information on the system. * Proper clearance for ''ALL'' information on the system. * Formal access approval for ''ALL'' information on the system. * A valid
need to know The term "need to know", when used by government and other organizations (particularly those related to the military or espionage), describes the restriction of data which is considered very sensitive. Under need-to-know restrictions, even if one ...
for ''ALL'' information on the system. All users can access ''ALL'' data.


System high security mode

In system high mode of operation, all users must have: * Signed NDA for ''ALL'' information on the system. * Proper clearance for ''ALL'' information on the system. * Formal access approval for ''ALL'' information on the system. * A valid
need to know The term "need to know", when used by government and other organizations (particularly those related to the military or espionage), describes the restriction of data which is considered very sensitive. Under need-to-know restrictions, even if one ...
for ''SOME'' information on the system. All users can access ''SOME'' data, based on their
need to know The term "need to know", when used by government and other organizations (particularly those related to the military or espionage), describes the restriction of data which is considered very sensitive. Under need-to-know restrictions, even if one ...
.


Compartmented security mode

In this mode of operation, all users must have: * Signed NDA for ''ALL'' information on the system. * Proper clearance for ''ALL'' information on the system. * Formal access approval for ''SOME'' information they will access on the system. * A valid
need to know The term "need to know", when used by government and other organizations (particularly those related to the military or espionage), describes the restriction of data which is considered very sensitive. Under need-to-know restrictions, even if one ...
for ''SOME'' information on the system. All users can access ''SOME'' data, based on their
need to know The term "need to know", when used by government and other organizations (particularly those related to the military or espionage), describes the restriction of data which is considered very sensitive. Under need-to-know restrictions, even if one ...
and formal access approval.


Multilevel security mode

In
multilevel security Multilevel security or multiple levels of security (MLS) is the application of a computer system to process information with incompatible classifications (i.e., at different security levels), permit access by users with different security clearan ...
mode of operation (also called Controlled Security Mode), all users must have: * Signed NDA for ''ALL'' information on the system. * Proper clearance for ''SOME'' information on the system. * Formal access approval for ''SOME'' information on the system. * A valid
need to know The term "need to know", when used by government and other organizations (particularly those related to the military or espionage), describes the restriction of data which is considered very sensitive. Under need-to-know restrictions, even if one ...
for ''SOME'' information on the system. All users can access ''SOME'' data, based on their
need to know The term "need to know", when used by government and other organizations (particularly those related to the military or espionage), describes the restriction of data which is considered very sensitive. Under need-to-know restrictions, even if one ...
, clearance and formal access approval


Summary

{, class="wikitable" border="1" , - ! ! Signed NDA for ! Proper clearance for ! Formal access approval for ! A valid need to know for , - , Dedicated security mode , ALL information on the system. , ALL information on the system. , ALL information on the system. , ALL information on the system. , - , System high security mode , ALL information on the system , ALL information on the system , ALL information on the system , SOME information on the system , - , Compartmented security mode , ALL information on the system , ALL information on the system , SOME information on the system , SOME information on the system , - , Multilevel security mode , ALL information on the system , SOME information on the system , SOME information on the system , SOME information on the system


See also

* Access control * Multifactor authentication *
Bell–LaPadula model The Bell–LaPadula Model (BLP) is a state machine model used for enforcing access control in government and military applications. It was developed by David Elliott Bell and Leonard J. LaPadula, subsequent to strong guidance from Roger R. S ...
*
Biba model The Biba Model or Biba Integrity Model developed by Kenneth J. Biba in 1975, is a formal state transition system of computer security policy that describes a set of access control rules designed to ensure data integrity. Data and subjects are group ...
* Clark-Wilson model *
Discretionary access control In computer security, discretionary access control (DAC) is a type of access control defined by the Trusted Computer System Evaluation Criteria (TCSEC) as a means of restricting access to objects based on the identity of subjects and/or groups to ...
(DAC) * Graham-Denning model *
Multilevel security Multilevel security or multiple levels of security (MLS) is the application of a computer system to process information with incompatible classifications (i.e., at different security levels), permit access by users with different security clearan ...
(MLS) *
Mandatory access control In computer security, mandatory access control (MAC) refers to a type of access control by which the operating system or database constrains the ability of a ''subject'' or ''initiator'' to access or generally perform some sort of operation on a ...
(MAC) *
Security" \n\n\nsecurity.txt is a proposed standard for websites' security information that is meant to allow security researchers to easily report security vulnerabilities. The standard prescribes a text file called \"security.txt\" in the well known locat ...
* Security engineering * Take-grant model


References

*Krutz, Ronald L. and Vines, Russell Dean, The CISSP Prep Guide; Gold Edition, Wiley Publishing, Inc., Indianapolis, Indiana, 2003.


External links


DoD 5200.28
defines the security terms Computer security models