Premium Essay

Mccumber Cube

In: Other Topics

Submitted By mohamedakram
Words 275
Pages 2
McCumber Cube

What is the McCumber Cube? model framework for establishing and evaluating information security (information assurance) programs
What are the three dimensions of the McCumber Cube?
Desired goals, Information states and security measures
What are the desired goals?
Confidentiality , integrity and availability.
What are the information states?
Storage, transmission and processed
What are the security measures?
Technology, policies, people
Define confidentiality as it relates to the McCumber Cube.
Prevent the disclosure of sensitive information from unauthorized people, resources, and processes
Define integrity as it relates to the McCumber Cube.
The protection of system information or processes from intentional or accidental modification
Define availability as it relates to the McCumber Cube.
The assurance that systems and data are accessible by authorized users when needed

Define storage as it relates to the McCumber Cube.
Data at rest, information that is stored in memory or on disk
Define transmission as it relates to the McCumber Cube.
Data in transit, transferring data between information systems
Define processing as it relates to the McCumber Cube. performing operations on data in order to achieve a desired objective.
Define policies as it relates to the McCumber Cube. administrative controls, such as management directives, that provide a foundation for how information assurance is to be implemented within an organization
Define people as it relates to the McCumber Cube. ensuring that the users of information systems are aware of their roles and responsibilities regarding the protection of information systems and are capable of following standards
Define technology as it relates to the McCumber Cube. software and hardware-based solutions designed to protect information systems (examples: anti-virus, firewalls,...

Similar Documents

Premium Essay

Introduction to Computer Security

...Introduction to Computer Security CSE 3482 Introduction to Information/Computer Security Instructor: N. Vlajic, Winter 2014 Learning Objectives Upon completion of this material, you should be able to: • Describe the key security requirements of confidentiality, integrity and availability (CIA). • Describe the CNSS security model (McCumber Cube). • Identify today’s most common threats and attacks against information. • Distinguish between different main categories of malware. Required Reading Computer Security, Stallings: Chapter 1 Computer Security, Stallings: Chapter 6 Introduction • Information Technology – technology involving development & use of computer systems & networks for the purpose of processing & distribution of data  in many organizations, information/data is seen as the most valuable asset categories of IT jobs:  IT administrator - installs, maintains, repairs IT equipment  IT architect - draws up plans for IT systems and how they will be implemented  IT engineer - develops new or upgrades existing IT equipment (software or hardware)  IT manager - oversees other IT employees, has authority to buy technology and plan budgets  Introduction (cont.) • Information System – entire set of data, software, hardware, networks, people, procedures and policies that deal with processing & distribution of information in an organization  each component has its own strengths, weaknesses, and its own security......

Words: 1194 - Pages: 5

Premium Essay

Computer Security Management

...CSE 4482 Computer Security Management: Assessment and Forensics Introduction to Information Security Instructor: N. Vlajic, Fall 2010 Learning Objectives Upon completion of this material, you should be able to: • Define key terms and critical concepts of information security. List the key challenges of information security, and key protection layers. Describe the CNSS security model (McCumber Cube). Be able to differentiate between threats and attacks to information. Identify today’s most common threats and attacks against information. • • • • Introduction “In the last 20 years, technology has permeated every facet of the business environment. The business place is no longer static – it moves whenever employees travel from office to office, from office to home, from city to city. Since business have become more fluid, …, information security is no longer the sole responsibility of a small dedicated group of professionals, …, it is now the responsibility of every employee, especially managers.” content/uploads/2010/01/mobile- Information Technology • Information Technology – enables storage and transportation of information from one business unit to another in many......

Words: 4051 - Pages: 17

Premium Essay

Firewall Solution

...Chapter 1 Solutions File Review Questions 1. What is the difference between a threat agent and a threat? A threat is an object, person, or other entity that poses a risk of loss to an asset—i.e., the organizational resource that is being protected. A threat agent is a specific instance of a general threat. 2. What is the difference between vulnerability and exposure? A vulnerability is a weakness or fault in the protection mechanisms that are intended to protect information and information assets from attack or damage. An exposure is a weakness that is revealed or exposed to the attack environment. 3. What is a hacker? What is a phreaker? A hacker is a person who uses information systems or data networks without permission or in ways that violate the owner’s intentions, usually by bypassing controls or ignoring policy. A phreaker is a hacker on the voice telecommunication network. 4. What are the three components of the C.I.A. triangle? What are they used for? The C.I.A. triangle, an industry standard for computer security since the development of the mainframe, is based on the three characteristics of information that make it valuable to organizations: confidentiality, integrity, and availability. Confidentiality is the protection of information from disclosure or exposure to unauthorized individuals or systems. This means that only those with the rights and privileges to access information are able to do so. Integrity is when......

Words: 1780 - Pages: 8

Premium Essay

Ch1 Comp Security

...Chapter 1: Introduction to Information Security TRUE/FALSE 1. An indirect attack involves a hacker using a personal computer to break into a system. ANS: F PTS: 1 REF: 3 2. The value of information comes from the characteristics it possesses. ANS: T PTS: 1 REF: 6 3. By balancing information security and access, a completely secure information system can be created. ANS: F PTS: 1 REF: 8 4. The security blueprint is a detailed version of the security framework. ANS: T PTS: 1 REF: 25 5. One of the basic tenets of security architectures is the spheres of security. ANS: F PTS: 1 REF: 30 MULTIPLE CHOICE 1. Which term describes a subject or object’s ability to use, manipulate, modify, or affect another subject or object? a.|Attack|c.|Exploit| b.|Possession|d.|Access| ANS: D PTS: 1 REF: 3 2. Which resource is a physical asset? a.|Web site|c.|Data| b.|Computer system|d.|Information| ANS: B PTS: 1 REF: 3 3. In information security, ____ exists when a vulnerability known to an attacker is present. a.|threat|c.|risk| b.|loss|d.|exposure| ANS: D PTS: 1 REF: 4 4. Which term identifies a single instance of an information asset suffering damage, unintended or unauthorized modification, or disclosure? a.|Exploit|c.|Vulnerability| b.|Exposure|d.|Loss| ANS: D PTS: 1 REF: 5 5. Organizations must minimize ____ to match their risk appetite. a.|threats|c.|risk| b.|access|d.|loss| ANS: C PTS: 1 REF: 5 ...

Words: 2296 - Pages: 10

Free Essay


...Learning Objectives - OSI Overview After working with the content of the OSI model overview, you should be able to: Draw a diagram showing how communication takes place between two hosts on a network and the software and hardware objects involved in that communication. Describe the role of layered architectures in networks and data communications. Differentiate between the logical and physical structure of a network. Describe the use and importance of protocols in networking. Describe what data is accessible at each layer of the OSI model during communication and the potential risks avoided based on the placement of protection mechanisms at each layer. Description - OSI Overview Welcome to the OSI model. In this learning object, we will describe each of the layers of the OSI model and its associated protocols. The seven layers of the OSI model are physical, data link, network, transport, session, presentation, and application. We start with this overview, where you will learn how the seven layers work together to provide to users a seamless integration and operation of functions across networks worldwide in a way that potentially eliminates any indication of where the computing Protocols - Application Layer The protocols associated with the application layer include: DNS (Domain Name Service): resolves domain names to IP addresses FTP (File Transfer Protocol): transfers data over a network from one computer to another HTTP......

Words: 9561 - Pages: 39

Premium Essay


...Management of Information Security Third Edition This page intentionally left blank Management of Information Security Third Edition Michael Whitman, Ph.D., CISM, CISSP Herbert Mattord, M.B.A., CISM, CISSP Kennesaw State University ———————————————————————— Australia • Brazil • Japan • Korea • Mexico • Singapore • Spain • United Kingdom • United States Management of Information Security, Third Edition Michael E. Whitman and Herbert J. Mattord Vice President, Career and Professional Editorial: Dave Garza Executive Editor: Stephen Helba Managing Editor: Marah Bellegarde Product Manager: Natalie Pashoukos Developmental Editor: Lynne Raughley Editorial Assistant: Meghan Orvis Vice President, Career and Professional Marketing: Jennifer McAvey Marketing Director: Deborah S. Yarnell Senior Marketing Manager: Erin Coffin Marketing Coordinator: Shanna Gibbs Production Director: Carolyn Miller Production Manager: Andrew Crouth Senior Content Project Manager: Andrea Majot Senior Art Director: Jack Pendleton Cover illustration: Image copyright 2009. Used under license from Production Technology Analyst: Tom Stover © 2010 Course Technology, Cengage Learning ALL RIGHTS RESERVED. No part of this work covered by the copyright herein may be reproduced, transmitted, stored, or used in any form or by any means graphic, electronic, or mechanical, including but not limited to photocopying, recording, scanning, digitizing, taping, Web distribution,......

Words: 229697 - Pages: 919