Domain Based Security is being used more and more for the identification, analysis and documentation of security issues in enterprise communication & information systems projects particularly in the military domain and for the Asp.net software companies in india. The procedure incorporates numerous security related activities in the early stages of the systems lifecycle to support in the specification of high-level, technology independent security functionality solutions.
The article focuses on:
- Ranking risks according to an correct value system
- Modeling business connections in an extensible manner
The DBSy Model(Domain based security)
The DBSy approach uses simple models to characterize the requirements for security in an organization using two different but related viewpoints: the InfoSec Business Model signifies the security aspects of the business, while the InfoSec Infrastructure Model signifies the logical provision of strong boundaries that enforce separation. When combined, they create an InfoSec Architecture Model. This model forms the basis for showing a systematic and rigorous risk assessment.
The InfoSec business model defines security domains for Asp.net software company india and the networks between them. The model specifies the limits of what info can be processed and replaced between security domains to form the set of security requirements for the business. In particular, connections that are not explicitly demonstrated are not permitted and are required not to occur. A security domain is characterized by a set of information assets, which may be valued to the organization, as well as the people that work with the information and the applications and services that perform on their behalf. Connections between domains are categorized by the nature of the interaction that is required (such as interpersonal messages, or shared access to a database) and the sensitivity and integrity requirements of the information exchange. The model can also signify the kinds of physical environment from which a domain can be accessed.
The InfoSec infrastructure model defines computing infrastructure that are essential to be logically separatefor Asp.net software companies india , so that statistics cannot be replaced between them except at recognizable and manageable points of connection, referred to as causeways. An island is characterized by the strength of separation between it and any other islands and by the people who achieve its computing infrastructure.
An InfoSec architecture model combines the business and infrastructure views, by showing which security domains are reinforced by which islands of infrastructure. Where there are links between securities domains that are hosted on different islands, the connections must be reinforced by an appropriate causeway.
Risk Assessment Method
The DBSy method uses a rational risk framework for linking the risks to which information assets are exposed.Assets are collected together as a focus of interest, and the risk assessment process for C#.net software companies in india is applied to each focus of interest in turn.
The key factors defining the risk to a particular focus of interest are:
- Business Impacts confidentiality, integrity or availability of the focus of interest.
- Sets of people who might demand to impose damage (threat sources) and their motivation for doing so.
- People with different opportunities to impose damage (threat actors) and their capability to do damage, who may also be threat sources or could be influenced by others.
- The means by which each threat performer might cause damage (causes of compromise).
Conclusion
Domain Based Security", abbreviated to "DBSy", is a model-based approach to help examine information security risks in a business context and provide a clear and direct mapping between the risks and the security controls desired to manage them.
References
No comments:
Post a Comment