Premium Essay

Mccumber Cube

In: Other Topics

Submitted By mohamedakram
Words 275
Pages 2
McCumber Cube

What is the McCumber Cube? model framework for establishing and evaluating information security (information assurance) programs
What are the three dimensions of the McCumber Cube?
Desired goals, Information states and security measures
What are the desired goals?
Confidentiality , integrity and availability.
What are the information states?
Storage, transmission and processed
What are the security measures?
Technology, policies, people
Define confidentiality as it relates to the McCumber Cube.
Prevent the disclosure of sensitive information from unauthorized people, resources, and processes
Define integrity as it relates to the McCumber Cube.
The protection of system information or processes from intentional or accidental modification
Define availability as it relates to the McCumber Cube.
The assurance that systems and data are accessible by authorized users when needed

Define storage as it relates to the McCumber Cube.
Data at rest, information that is stored in memory or on disk
Define transmission as it relates to the McCumber Cube.
Data in transit, transferring data between information systems
Define processing as it relates to the McCumber Cube. performing operations on data in order to achieve a desired objective.
Define policies as it relates to the McCumber Cube. administrative controls, such as management directives, that provide a foundation for how information assurance is to be implemented within an organization
Define people as it relates to the McCumber Cube. ensuring that the users of information systems are aware of their roles and responsibilities regarding the protection of information systems and are capable of following standards
Define technology as it relates to the McCumber Cube. software and hardware-based solutions designed to protect information systems (examples: anti-virus, firewalls,…...

Similar Documents

Premium Essay

Introduction to Computer Security

...Introduction to Computer Security CSE 3482 Introduction to Information/Computer Security Instructor: N. Vlajic, Winter 2014 Learning Objectives Upon completion of this material, you should be able to: • Describe the key security requirements of confidentiality, integrity and availability (CIA). • Describe the CNSS security model (McCumber Cube). • Identify today’s most common threats and attacks against information. • Distinguish between different main categories of malware. Required Reading Computer Security, Stallings: Chapter 1 Computer Security, Stallings: Chapter 6 Introduction • Information Technology – technology involving development & use of computer systems & networks for the purpose of processing & distribution of data  in many organizations, information/data is seen as the most valuable asset categories of IT jobs:  IT administrator - installs, maintains, repairs IT equipment  IT architect - draws up plans for IT systems and how they will be implemented  IT engineer - develops new or upgrades existing IT equipment (software or hardware)  IT manager - oversees other IT employees, has authority to buy technology and plan budgets  Introduction (cont.) • Information System – entire set of data, software, hardware, networks, people, procedures and policies that deal with processing & distribution of information in an organization  each component has its own strengths, weaknesses, and its own security......

Words: 1194 - Pages: 5

Premium Essay

Firewall Solution

...wiring infrastructure and ongoing monitoring of network traffic to find anomalous traffic. 23. What is a buffer overflow, and how is it used against a Web server? A buffer overflow is an attack in which more data is sent to a buffer than it can handle. The data received might then overflow the input buffer and modify the memory state of the program without authorization. Web servers are susceptible since all access to them is, by design, through an open port, which makes them susceptible to this form of attack unless the server’s operating systems and Web server programs are kept up to date. Real World Exercises 1. Assume that a security model is needed for the protection of information in your class. Using the CNSS model (McCumber Cube), write a brief statement on how you would address the three components represented in each cell. The student answer to this question will vary since it is a personal response to the problem. 2. Consider the most important item among all the categories of information stored on your personal computer. As it applies to that item of information (your information asset), identify an example of a corresponding threat, threat agent, vulnerability, exposure, risk, attack, and exploit. The student answer to this question will vary since it is a personal response to the problem. 3. Using the Web, identify the chief information officer, chief information security officer, and one systems administrator for your school. Which of......

Words: 1780 - Pages: 8

Premium Essay

Computer Security Management

...CSE 4482 Computer Security Management: Assessment and Forensics Introduction to Information Security Instructor: N. Vlajic, Fall 2010 Learning Objectives Upon completion of this material, you should be able to: • Define key terms and critical concepts of information security. List the key challenges of information security, and key protection layers. Describe the CNSS security model (McCumber Cube). Be able to differentiate between threats and attacks to information. Identify today’s most common threats and attacks against information. • • • • Introduction “In the last 20 years, technology has permeated every facet of the business environment. The business place is no longer static – it moves whenever employees travel from office to office, from office to home, from city to city. Since business have become more fluid, …, information security is no longer the sole responsibility of a small dedicated group of professionals, …, it is now the responsibility of every employee, especially managers.” content/uploads/2010/01/mobile- Information Technology • Information Technology – enables storage and transportation of information from one business unit to another in many......

Words: 4051 - Pages: 17

Premium Essay

Ch1 Comp Security

...or unauthorized modification, or disclosure? a.|Exploit|c.|Vulnerability| b.|Exposure|d.|Loss| ANS: D PTS: 1 REF: 5 5. Organizations must minimize ____ to match their risk appetite. a.|threats|c.|risk| b.|access|d.|loss| ANS: C PTS: 1 REF: 5 6. An unlocked door is an example of a(n) ____. a.|vulnerability|c.|risk| b.|threat|d.|exploit| ANS: A PTS: 1 REF: 5-6 7. The CIA triad is based on three characteristics of information that form the foundation for many security programs: ____. a.|confidentiality, integrity, and asset| b.|confidentiality, integrity, and availability| c.|confidentiality, information, and availability| d.|communication, information, and asset| ANS: B PTS: 1 REF: 7 8. The McCumber Cube provides a ____ description of the architectural approach widely used in computer and information security. a.|linear|c.|graphical| b.|triangular|d.|semantic| ANS: C PTS: 1 REF: 8 9. Which individual interferes with or disrupts systems to protest the operations, policies, or actions of an organization or government agency? a.|Cyberterrorist|c.|Phreaker| b.|Packet monkey|d.|Hacktivist| ANS: D PTS: 1 REF: 11 10. Which individual is considered to be a script kiddie who uses automated tools to inundate a Web site with a barrage of network traffic, usually resulting in a denial of service? a.|Cyberterrorist|c.|Phreaker| b.|Packet monkey|d.|Hacktivist| ANS: B PTS: 1 REF: 12 11. Which threat is the most......

Words: 2296 - Pages: 10

Free Essay


...layer that enables it to best reduce the targeted risk in the least invasive manner. For example, using encryption at the presentation layer protects the data but may leave the details of the actual exchange exposed and vulnerable. Encrypting at the transport layer, on the other hand, can protect more details but potentially interferes with the effectiveness and efficiency of some of the protocols used. An information assurance model devised by Maconachy et al. can be used to relate information assurance to networks. This model is an extension of an earlier information security model developed by McCumber. As shown in Figure 2 below, computer networks (i.e., the transmission layer) are represented by the top row of the "Rubik's Cube." The five pillars of information assurance are shown across the top, and security countermeasures (e.g., technology) are on the right face of the cube. Figure 2. Information assurance model (source: This information assurance model shows multiple intersections between the five pillars and the transmission layer. This also holds true for the intersections between the five pillars and the OSI model; the security services can be expected to apply to the OSI model's multiple layers. Note that the information assurance model has a column labeled "people." Perhaps the OSI model needs an eighth layer to describe information assurance services that......

Words: 9561 - Pages: 39

Premium Essay


...information security includes the broad areas of information security management (the topic of this book), computer and data security, and network security; it also shows that policy is the space where these components overlap. (You will learn about policy in detail in Chapter 4). CNSS Security Model The CNSS document NSTISSI No. 4011 National Training Standard for Information Security (InfoSec) Professionals (see presents one comprehensive model of information security. The CNSS security model, also known as the McCumber Cube after its developer, John McCumber, is rapidly becoming the standard for many aspects of the security of information systems. This model, illustrated in Figure 1-2, shows the three dimensions central to the discussion of information security. If we extend the relationship among the three dimensions represented by the axes shown in the figure, we end up with a 3 × 3 × 3 cube with 27 cells. Each cell represents an area of intersection among these three dimensions that must be addressed to secure information systems. When using this model to design or review any information security program, you must make sure that each of the 27 cells is properly addressed by each of the three communities of interest. For example, the cell representing the intersection between the technology, integrity, and storage areas is expected to include controls or safeguards addressing the use of technology to protect the What Is......

Words: 229697 - Pages: 919