IS UNIT-2 (Yash Mule)

Unit 2 Information management and risk management.

2.1 Information security and Risk Management Security policies,
guidelines, standards.
Information security and risk management are critical components of
maintaining the confidentiality, integrity, and availability of information within
an organization. Security policies, guidelines, and standards play a crucial role
in establishing a framework for protecting sensitive information and managing
associated risks. Here's a breakdown of each of these elements:
1. Security Policies:
• High-level documents that outline the organization's approach to
information security.
• Provide overall goals, objectives, and principles for securing information.
• Cover areas such as access control, data classification, incident response,
acceptable use of resources, and employee responsibilities.
2. Security Guidelines:
• Detailed instructions and best practices for implementing specific
security controls and procedures.
• Serve as a practical reference for employees and system administrators.
• Cover topics like password management, data encryption, secure coding
practices, network configuration, and physical security measures.
3.Security Standards:
• Specific technical requirements and specifications that must be followed
for compliance.
• Provide detailed instructions on implementing security controls,
protocols, and configurations.
• Examples include PCI DSS, ISO/IEC 27001, and the NIST Cybersecurity
Framework.
• These policies, guidelines, and standards establish a comprehensive
approach to information security.
• They define security requirements, implement security controls, and
manage risks effectively.
• Ensure compliance with legal, regulatory, and industry-specific
requirements.
 IS UNIT-2 (Yash Mule)

• Regular review, updates, and communication of these documents are

essential.
• Helps address emerging threats, technological changes, and evolving
regulations.

2.2 Trusted computer base (TCB).

The Trusted Computing Base (TCB) is a term used in the field of computer
security to refer to the combination of hardware, software, and firmware
components that are critical to enforcing the security policy of a system. Here
are some key points about the Trusted Computing Base:

1. Definition: The TCB consists of the components within a computer

system that are responsible for maintaining and enforcing the system's
security policy. It includes the core components that handle security
functions and ensure the system's integrity and confidentiality.

2. Security Functions: The TCB is responsible for performing critical security

functions such as authentication, access control, encryption/decryption,
secure communication, and auditing. These functions help protect the
system and its data from unauthorized access, modification, or
disclosure.

3. Trusted Components: The components included in the TCB are designed

to be highly trusted and resistant to tampering or compromise. They are
typically subjected to rigorous testing, verification, and evaluation to
ensure their reliability and trustworthiness.

4. Boundaries: The TCB has defined boundaries that separate it from the
rest of the system. It helps identify which components are considered
part of the trusted base and which components are external and
potentially untrusted. The boundaries help minimize the potential attack
surface and reduce the risk of unauthorized access or manipulation.
5. Isolation: The TCB components are often isolated and separated from
other parts of the system to prevent unauthorized interference or
tampering. This isolation ensures that the TCB remains secure even if
other parts of the system are compromised.
 IS UNIT-2 (Yash Mule)

6. Evaluation and Assurance: The components of the TCB may undergo

evaluation and certification processes to provide assurance of their
security and trustworthiness. Evaluation schemes such as Common
Criteria (ISO/IEC 15408) are commonly used to assess the security
attributes of the TCB components.

7. Management and Maintenance: Proper management and maintenance

of the TCB are crucial for its effectiveness. This includes regular updates,
patching, monitoring, and auditing to address vulnerabilities, apply
security patches, and ensure ongoing security and integrity.

2.3 Rings of Trust.

The concept of "Rings of Trust" refers to a security model that divides
computer systems or software components into different levels of trust or
privilege. Each level, or "ring," represents a different level of access and
authority, with the innermost ring being the most trusted and privileged, and
the outer rings having progressively less trust and privilege. Here are some key
points about the Rings of Trust:
1. Rings of Trust is a security model that organizes computer systems or
software components into different levels of trust or privilege.

2. The model consists of multiple rings, typically numbered from 0 to 3,

representing different levels of trust and privilege.

3. Ring 0, the innermost ring, represents the most trusted and privileged
level. It often corresponds to the kernel mode in operating systems.

4. Rings 1, 2, and 3, the outer rings, have progressively less trust and
privilege. They typically correspond to user mode in operating systems.

5. Components in higher rings have greater privilege and access to critical

system resources, while components in lower rings have restricted
access and fewer privileges.
 IS UNIT-2 (Yash Mule)

6. The Rings of Trust model helps enforce security by preventing

components in lower rings from directly accessing or modifying
resources controlled by components in higher rings.

7. This isolation helps contain potential security breaches and limits the
impact of compromised components.

8. Ring transitions occur when a component needs to access resources or

perform privileged operations restricted to a higher ring. These
transitions are typically controlled and validated by the operating
system.

9. Security vulnerabilities that allow unauthorized elevation of privilege can

undermine the Rings of Trust model and enable attackers to gain
unauthorized access or execute malicious code with higher privileges.

10.The Rings of Trust model is commonly used in operating systems and

software architectures to enhance system security and protect critical
resources.
By employing the Rings of Trust model, computer systems can restrict access to
privileged resources, contain security breaches, and mitigate the impact of
compromised components, thereby enhancing overall system security.

2.2.3 Protection Mechanisms in a trusted Computing Base.

Protection mechanisms in a Trusted Computing Base (TCB) are security features
and controls that are implemented to safeguard the integrity, confidentiality,
and availability of the system and its resources. Here are some key protection
mechanisms commonly found in a TCB:
1. Access Control: Controls access to resources, ensuring only authorized
entities can access sensitive information or perform privileged
operations.

2. Cryptographic Controls: Provides secure communication, data

encryption, and digital signatures to protect data confidentiality and
integrity.
 IS UNIT-2 (Yash Mule)

3. Secure Boot: Ensures the system starts up using only trusted and
authorized firmware and software components, preventing unauthorized
modifications during boot-up.

4. Intrusion Detection and Prevention: Monitors system activities and

network traffic to detect and prevent unauthorized or malicious
activities.

5. Auditing and Logging: Records system activities, user actions, and

security events for forensic analysis and compliance monitoring.

6. Data Loss Prevention: Protects sensitive data from unauthorized

disclosure, loss, or theft through encryption, access controls, and secure
data disposal.

7. Tamper Resistance: Resists physical tampering or unauthorized

modifications to hardware, firmware, or software components.

8. Fault Tolerance: Provides redundancy and resilience to ensure the

system continues functioning in the presence of failures or attacks.

9. Security Testing and Validation: Involves rigorous testing, vulnerability

scanning, and code reviews to identify and address security weaknesses.

10.Security Updates and Patching: Regularly applies security updates and

patches to address known vulnerabilities and maintain the effectiveness
of protection mechanisms.

By implementing these protection mechanisms, a TCB can enhance the security

and trustworthiness of a computing system, safeguarding critical information
and resources from unauthorized access and malicious activities.
 IS UNIT-2 (Yash Mule)

2.3 system security assurance concepts, Trusted computer

security Evaluation Criteria.

2.3.1 System security assurance concepts

System security assurance concepts are principles and practices used to ensure
that a computer system meets its security objectives and operates in a secure
manner. These concepts provide a framework for designing, implementing, and
managing secure systems. Here are some key system security assurance
concepts:

1. Confidentiality: Confidentiality ensures that sensitive information is only

accessible to authorized individuals or entities. It involves measures such as
encryption, access controls, and data classification.

2. Integrity: Integrity ensures that data remains accurate, complete, and

unaltered throughout its lifecycle. Measures such as data validation,
checksums, and digital signatures are used to detect and prevent unauthorized
modifications.

3. Availability: Availability ensures that a system and its resources are

accessible and usable when needed. This involves redundancy, fault tolerance,
backup and recovery mechanisms, and protections against denial-of-service
(DoS) attacks.

4. Authentication: Authentication verifies the identity of users, systems, or

entities attempting to access the system. Techniques like passwords,
biometrics, smart cards, and multifactor authentication are used to establish
trust.

5. Authorization: Authorization determines the actions and operations that

authorized entities can perform within a system. Access control mechanisms,
role-based access control (RBAC), and permissions are used to enforce proper
authorization.
 IS UNIT-2 (Yash Mule)

6. Auditability: Auditability refers to the capability of tracking and recording

system activities and events for later analysis. Logs, audit trails, and monitoring
tools are used to detect and investigate security incidents or policy violations.

7. Least Privilege: Least privilege principle grants users and systems only the
minimum privileges necessary to perform their authorized tasks. This limits the
potential damage caused by compromised accounts or software vulnerabilities.

8. Security Testing and Evaluation: Security testing and evaluation involve

assessing the effectiveness of security controls through techniques like
penetration testing, vulnerability scanning, code reviews, and security audits.

9. Continuous Monitoring and Improvement: System security assurance is an

ongoing process that requires continuous monitoring, vulnerability
management, incident response, and regular updates to address emerging
threats and maintain a strong security posture.

By applying these system security assurance concepts, organizations can

establish robust security measures, protect against potential threats, and
ensure the integrity, confidentiality, and availability of their systems and data.

2.3.2 Trusted computer security Evaluation Criteria.

The Trusted Computer Security Evaluation Criteria (TCSEC), also known as the
Orange Book, is a framework for evaluating and classifying the security
capabilities of computer systems. It was developed by the U.S. Department of
Defence (DoD) to assess the security features and assurance of computer
systems. The TCSEC defines several evaluation criteria levels, known as
"evaluation classes," which indicate the level of security provided by a system.
Here are the evaluation classes defined in the TCSEC:
Class D: Minimal Protection
• Provides minimal security features.
• Designed for systems that do not require strong security measures.
 IS UNIT-2 (Yash Mule)

• Offers limited protection against casual or inadvertent threats.

Class C: Discretionary Protection
• Implements discretionary access control mechanisms.
• Allows users to control access to their own objects.
• Protects against unauthorized access by casual or inadvertent threats.
Class B: Mandatory Protection
• Includes all the features of Class C.
• Adds mandatory access control mechanisms.
• Provides stronger security measures for protecting sensitive data and
resources.
Class A: Verified Design
• Includes all the features of Class B.
• Requires a formal verification process to validate the system's security
mechanisms.
• Provides the highest level of security assurance.

Key Evaluation Criteria:

• Security Policy: The system must have a clear security policy defining
rules and guidelines for protecting information and resources.
• Identification and Authentication: The system must verify the identity of
users and authenticate their access to the system.
• Accountability: The system must track and log user activities and events
for audit and accountability purposes.
• Security Testing: The system must undergo rigorous testing and
evaluation to verify its security features.
• Documentation: The system must provide comprehensive
documentation describing its security features, architecture, and
implementation.
The TCSEC serves as a reference for evaluating the security capabilities of
computer systems. It provides a framework for assessing the security of
systems and helps organizations make informed decisions regarding the
security requirements of their systems.
 IS UNIT-2 (Yash Mule)

2.4 Information Technology security Evaluation Criteria,

Confidentiality and Integrity Models.

2.4.1 Information Technology security Evaluation Criteria

The Information Technology Security Evaluation Criteria (ITSEC) is a set of
criteria used to evaluate and certify the security features and capabilities of
computer systems. It was developed by a consortium of European countries to
establish common standards for evaluating the security of information
technology products and systems. Here are the key components of the ITSEC:
1. Evaluation Levels:
- ITSEC has seven evaluation levels (E0 to E6) representing increasing levels of
security assurance and functionality.
- Each level has specific requirements and objectives for system certification.

2. Security Functional Requirements:

- ITSEC defines security functional requirements that systems should meet to
achieve specific security objectives.
- These requirements cover areas like access control, authentication, secure
communication, auditing, and resource management.

3. Security Assurance Requirements:

- ITSEC includes security assurance requirements to assess the reliability and
effectiveness of security mechanisms.
- These requirements evaluate the system's development process, design
documentation, testing, vulnerability assessment, and security management.

4. Evaluation Process:
- ITSEC outlines a structured evaluation process involving documentation
review, testing, vulnerability analysis, and audits.
- Independent evaluators perform the evaluation based on the defined
criteria and provide certification or assurance levels for the system.
 IS UNIT-2 (Yash Mule)

5. Evaluation Assurance Levels (EALs):

- EALs indicate the level of assurance provided by a certified system.
- EALs range from E1 to E6, with E6 representing the highest level of
assurance.
- Each EAL corresponds to specific security assurance requirements and
evaluation activities.

6. Conformance:
- ITSEC evaluates the conformance of a system to the defined security
functional and assurance requirements.
- Conformance indicates how well the system meets the specified criteria and
provides the claimed security features.

The ITSEC framework provides a standardized approach to evaluate the

security of information technology products and systems. It helps organizations
assess the security capabilities of systems and make informed decisions about
their deployment in secure environments.

2.4.2 Confidentiality and Integrity Models.

Confidentiality and integrity are two fundamental aspects of information
security. Various models have been developed to ensure the confidentiality and
integrity of data and systems. Here are some commonly used models for
confidentiality and integrity:

Confidentiality Models:
1. Bell-LaPadula Model (BLP):
- Focuses on keeping information confidential.
- Users can only access information at or below their security level (no read
up).
- Prevents unauthorized disclosure of information.
 IS UNIT-2 (Yash Mule)

2. Biba Model:
- Emphasizes maintaining the integrity of information.
- Users can only modify information at or below their security level (no write
up).
- Prevents unauthorized modification of information.
3. Clark-Wilson Model:
- Focuses on data integrity and consistency.
- Defines well-formed transaction rules and separation of duties.
- Ensures data is modified through controlled operations to maintain integrity.

Integrity Models:
1. Brewer-Nash Model (CAP Theorem):
- Considers the trade-off between consistency, availability, and partition
tolerance in distributed systems.
- It is impossible to achieve strong consistency, high availability, and partition
tolerance simultaneously.
2. Brewer's "CAP Theorem" Extended (PACELC):
- Extends the CAP Theorem to include factors like latency and consistency
models.
- Considers the choice between availability and consistency during network
partitions.
3. Non-Interference Model:
- Focuses on preventing information leakage between different security
levels.
- Actions at higher security levels should not affect lower security levels.

These models provide frameworks and principles to maintain the

confidentiality and integrity of data and systems. Organizations can adopt these
models based on their specific security requirements and the sensitivity of the
data they handle.