The Committee of National Security Services Model - Case Study Example

Physical Security Models Physical Security Models Information systems are of so much importance and to ensure that information systems like the computer rooms, disks, and laptops are protected is through controls by use of physical security. Physical security can be defined as the act that sees to it that hardware, software, personnel, networks, programs and data are protected from potential physical threats that are in a position to cause extensive damage or losses to an agency, enterprise or institution. The protection can be against natural disasters, fire, vandalism, burglary, theft, and terrorism. Many people tend to lay emphasis on issues such as viruses, Trojans, hacking and spyware thus overlooking physical security. They forget that physical security breaches can be conducted with limited or without the technical know- how on the attacker’s part and also that natural disasters and accidents are part of day- to- day life thus inevitable (Rouse, 2005). Open System Interconnect (OSI) Security Model The Open System Interconnect model is made up of seven layers: Application, presentation, session, transport, network, data link and physical. The physical layer is the lowest layer of the model and its functions include transmitting and receiving the bit stream that is unstructured and raw over a medium that is physical in nature. The physical layer describes the mechanical, electrical/ optical and the functional interfaces on the medium that is physical and carries the received signals for all higher layers. The physical layer helps in encoding of data, attachment to the physical medium, transmission technology and transmission on the physical medium (Rhee, 2003). The data link layer ensures that the data that is transferred on the physical layer; from a node to another, is free from error. This enables the layers above it to be able to have a transmission that is error free. So as to do this, the layer of data link provides an establishing and terminating link that ensures that the logical link is established and terminated between two different nodes. It also has a traffic control frame that commands the nod of transmission to stop when there are no frame buffers available. The layer is also characterized by frame sequencing that sees to it that it transmits or receives the frames sequentially. Other characteristics of the layer are it has frame acknowledgement, frame delimiting, error checking capabilities and a medium that allows for management access (Rhee, 2003). The network layer helps in the controlling of the subnet operations through making decisions in relations to which path a data should move in relations to the conditions of the network, service priority and other related factors. This layer therefore ensures that there is provision of routing; traffic control through subnets; frame fragmentation; address mapping that is physical and logical in nature; and usage accounting of the subnet (Rhee, 2003). Transport layer makes it possible that the delivered messages are free from errors, and with no chances of duplication or loss. Its size and complexity depends with the complexity and size of service that it is supposed to carry. To ensure reliability, there is a need for a transport layer in minimal size. The session layer function is to allow for establishment of sessions between that processes that run on distinct stations. The session layer provides session establishment and support. Presentation layer ensures that data is formatted before it is presented to the application layer. It can be referred to as network translator. Application layer is the last layer and its function is to serve as a window through which the users and the application processes can access the services of the network. This layer’s function includes: device redirection and resource sharing, access of remote files and remote printer, communication (inter- process), directory services, electronic messaging and virtual terminal of the network (Rhee, 2003). Committee of National Security Systems (CNSS) Model The CNSS model definition of information security is: the information and important element protection that includes the hardware and systems that are used to receive, use, keep (store) and pass the information (transmit). This makes the broad areas of managing information security to be categorized as network security, and data and computer data security (Whitman & Mattord, 2012). The Committee of National Security Services Model of securing information is an advanced model that was developed by an industry of computer security that is known as C.I.A triangle. However, since the mainframe development, C.I.A triangle has been seen as the computer security industry standard. This concept is based on the characteristics of information that are of value to the organization in question; these characteristics are: Integrity, Confidentiality and Availability (Whitman & Mattord, 2012). These three features are important until today when it comes to information security, but the demerit of CNSS model is seen in the case that it is not flexible enough to handle the dynamic environment. A good example of the CNNS evolutionary model is the Voice over Internet Protocol (VoIP). In the Voice over Internet Protocol configuration, the instruments of the telephone are connected through a network of distribution to the switch to the telephone. This makes the telephone not to rely on the switch alone, but other network devices too. The VoIP is not like any other telephone instrument, like the normal telephone that is connected to CTS (Computerized Telephone System); its features are hosed of a computer that has network connectivity and a microphone attached to it and in some scenarios, there is an in- built web server that sees to it that the features administration is easier. This enables the reduction on the part of “telephone switch” connection through the use of protocols that are open- standard in nature. Using open- standard protocol will see to it that there are a vast number of individuals who have the knowledge in relation to system commands thus escalating the chances of compromising the system. This is a model that can be used to safe- guard someone’s hardware if there is a potential party that is suspected (Gantz & Philpott, 2013). Gordon- Loeb Security Model This is a mathematically oriented economic model that helps in the analyzing of investment level that is optimal when it comes to information security. It holds the view that the amount used for protection should be viewed as just a small portion of the expected loss. Expected loss here is the value of the expected loss due to breach of information security. This model holds that it will be uneconomical to invest more than 37 % of the total value of loss expected due to a security breach in a security system. This model also shows that the optimal amount spent on information security should not always increase due to increase in vulnerability of the set of information (Kanta, 2008). This means that the organization can gain higher benefits through as far as security is concerned when they decide to invest in the security systems that have a medium vulnerability level on part of the information set that is to be protected. The Gordon- Loeb model helps in the vulnerability reduction when it comes to information systems. This helps in the effective and efficient management of the risks associated with security incidents. The Gordon- Loeb model is important in the fact that it has been formalized in reference to the reduction of vulnerability. This formalization helps in the information sharing discussions and also I the discussions of problems that would be referred to as free- rider when it comes to information security. In summary, the Gordon- Loeb model gives economic benefit through vulnerability reduction. G- L model also helps in the study of dynamic issues (Kanta, 2008). A good example of the G-L model is the GL- 1. GL-1 is a motion detector that is normally placed outside the door with the professional power to control light applications. Through its use of 110- 240V of alternating current and developing a power relay with a special heavy duty it is able to control directly a vast quantity of lighting gadgets whereby 2kW is its maximum load. Through these features, GL- 1 is used in promoting personal safety, reduce lighting costs of security lights, deter intruders and welcome guests (Kanta, 2008). The development of technology has enabled most people to engage in the use of technological information systems. Individuals, private sectors and government departments including federal agencies have invested so much in the information system that they would not like to lose even a bit of it. This has enabled the development of models that will see to it that these data are protected from potential physical threats that may see to it that the party loses information on the worst scenario. To see that data is protected against natural disasters, fire, vandalism, terrorism, burglary and theft, there are several security models that have been developed since the times of the memorial. These models include and not limited to Open System Interconnect (OSI) Security Model; Business Security Model; Committee of National Security Systems (CNSS) Model and Gordon- Loeb Security Model just to name a few. These models have features that see to it that their functions enable the protection of information against physical threats. References Gantz, S. D., & Philpott, D. R. (2013). FISMA and the risk management framework: The new practice of federal cyber security. Boston: Syngress. Kanta M. (2008). Productivity space of Information Security in an Extension of the Gordon- Loeb’s Investment Model. Retrieved from http://weis2008.econinfosec.org/papers/Matsuura.pdf Rhee, M. Y. (2003). Internet security: Cryptographic principles, algorithms, and protocols. New York, NY: Wiley. Rouse M. (2005). Physical Security. Search Security. Retrieved from http://searchsecurity.techtarget.com/definition/physical-security Whitman, M. E., & Mattord, H. J. (2012). Principles of information security. Boston, MA: Course Technology. Read More