In information security, models provide a way to formalize security policies. Such models can be abstract or intuitive. All models are intended to provide an explicit set of rules that a computer can follow to implement the fundamental security concepts, processes, and procedures that make up a security policy. The models offer a way to deepen your understanding of how a computer operations system should be designed and developed to support a specific security policy. No system can be totally secure; security professionals have several security models to consider.
Let’s say you work for one of the following types of industry:
Choose a different industry than from last week’s discussion, and then from the list below, select a model and summarize the model as you understand it. State why you might use this model in your job. Include at least one advantage and disadvantage of the model you’ve chosen. Include a real-life example of the model in use.
Make sure to include any special or unique security feature for the model.
Trusted computing base
State machine model
Information flow model
Access control matrix
Brewer and Nash model (also known as the Chinese wall)