In Chapter 3 the word “Trust” is defined as related to information security. Based on your understanding of securing your environment, what are some of the common safeguards your recommend to ensure trust is viable in your organization.
Example: USE ONLY AS EXAMPLE
This week we are discussing trust and how is it best defined in relation to information security. Throughout my time in the military, I have heard the phrase, “special trust and confidence” more times than I can count to include during each promotion ceremony for myself or other military members. This phrase is included due to the trust that senior leadership is giving to those promoting service members as they take on additional responsibility and management roles. Additionally, for Federal, State, and Department of Defense employees that require a security clearance to perform certain duties, a similar phrase can be found due to the need to appropriately safeguard information for the sake of national security. While much of the responsibility falls on the individual to remain “trustworthy”, a certain percentage of responsibility must also fall on the company or entity that issues such trust, in the event the trust in the person is either misplaced or misjudged. Therefore, other mechanisms must be set in place to limit the potential for damage in the event an individual is deemed not to be trustworthy. Some common examples include physical security mechanisms such as the use of multi-factor authentication, high-security locks, intrusion detection systems, and the practice of securing any and all sensitive information in safes. (Jacobs, 2015) Additional safeguard include deterrence methods such as administrative policies and having employees sign acceptable use policies. For access to classified or sensitive information, one such safeguard method we learned about in the week one reading was the utilization of the Bell-LaPadula model, of which employed the “no write down, no read up approach”. (Jacobs, 2015) Other safeguard methods include the use of rule-based, role-based, and access control lists to limit the potential for not-trustworthy actions to occur. There is also asymmetric encryption, which utilizes both a public and a private key for the sender and receiver. (Jacobs, 2015)
Jacobs, S. (2015). Engineering information security: The application of systems engineering concepts to achieve information assurance. John Wiley & Sons, Incorporated.
Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.
You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.Read more
Each paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.Read more
Thanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.Read more
Your email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.Read more
By sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.Read more