Brewer and Nash model
The Brewer and Nash model was constructed to provide information security access controls that can change dynamically. This security model, also known as the Chinese wall model, was designed to provide controls that mitigate conflict of interest in commercial organizations and is built upon an information flow model.
In the Brewer and Nash model, no information can flow between the subjects and objects in a way that would create a conflict of interest.
This model is commonly used by consulting and accounting firms. For example, once a consultant accesses data belonging to Acme Ltd, a consulting client, they may no longer access data to any of Acme's competitors. In this model, the same consulting firm can have clients that are competing with Acme Ltd while advising Acme Ltd. This model uses the principle of data isolation within each conflict class of data to keep users out of potential conflict of interest situations. Because company relationships change all the time, dynamic and up-to-date updates to members and definitions for conflict classes are important.
See also
References
- Harris, Shon, All-in-one CISSP Exam Guide, Third Edition, McGraw Hill Osborne, Emeryville, California, 2005.
- Chapple, Mike, et al, Certified Information System Security Professional - Official Study Guide, Eighth Edition, Sybex, John Wiley & Sons, Indiana, 2018.
External links
- Brewer, D.F.C.; Nash, M.J. (1989). "The Chinese Wall security policy" (PDF). Proceedings. 1989 IEEE Symposium on Security and Privacy. IEEE. pp. 206–214. doi:10.1109/SECPRI.1989.36295. ISBN 0-8186-1939-2. S2CID 7882054.
- v
- t
- e
- Computer security
- Automotive security
- Cybercrime
- Cybersex trafficking
- Computer fraud
- Cybergeddon
- Cyberterrorism
- Cyberwarfare
- Electromagnetic warfare
- Information warfare
- Internet security
- Mobile security
- Network security
- Copy protection
- Digital rights management
- Adware
- Advanced persistent threat
- Arbitrary code execution
- Backdoors
- Bombs
- Hardware backdoors
- Code injection
- Crimeware
- Cross-site scripting
- Cross-site leaks
- DOM clobbering
- History sniffing
- Cryptojacking
- Botnets
- Data breach
- Drive-by download
- Browser Helper Objects
- Viruses
- Data scraping
- Denial-of-service attack
- Eavesdropping
- Email fraud
- Email spoofing
- Exploits
- Fraudulent dialers
- Hacktivism
- Infostealer
- Insecure direct object reference
- Keystroke loggers
- Malware
- Payload
- Phishing
- Polymorphic engine
- Privilege escalation
- Ransomware
- Rootkits
- Scareware
- Shellcode
- Spamming
- Social engineering
- Spyware
- Software bugs
- Trojan horses
- Hardware Trojans
- Remote access trojans
- Vulnerability
- Web shells
- Wiper
- Worms
- SQL injection
- Rogue security software
- Zombie
- Application security
- Secure coding
- Secure by default
- Secure by design
- Computer access control
- Computer security software
- Data-centric security
- Obfuscation (software)
- Data masking
- Encryption
- Firewall
- Intrusion detection system
- Information security management
- Runtime application self-protection
- Site isolation