Professional Documents
Culture Documents
Q. No. 1. Discuss the following McCumber model in detail and make a complete policy with the
help of this model for IT company. (All policies should be clear and in bullet forms)
Introduction
McComber Cube Model was reported as the further research by McComber in 1991 for Information System
Security (INFOSEC) which has becoming flourishing into Information Assurance (IA) due to rapid changing
of information environment nowadays. The model has been becoming popular as it accommodates IA
professions to develop IT and IS knowledge and it is also widely used as information system security
assessment across organizations. For instance, Canadian Trusted Computer Product Evaluation Criteria
(CTCPEC) is adopting the cube as their criteria (Macon achy et al. 2001). Hence, this report aims to
breakdown the methodology of McComber Cube that is contained of three broad scopes specifically in
NAME MARYAM KHALIL ENROLL 01-135202-037
Information State, Critical Information Characteristics, and Security Measures. Furthermore, the report will
be informed several benefits of the cube either for an individual or in a scale of an organization
Information States
The simple analogy to make it understandable easily, McComber (1991) made a simple analogy of
information as a compoundH2O which is imperative in human kind. Water can be a liquid state that gives
sustainability in the desert to drowns an individual, steam state that can help people to cook yet it also
can burn a chef and ice state that can make a drink more pleasant, whereas it can also ruin the airport
runway. Therefore, science does not deal with the perception of the compound, but with its state
(McCumbers, 1991).While H2O can be water, steam, and ice, the information can be three states as well.
At any given moment, information is being transmitted, stored, and processed (McCumbers, 1991). Those
three states exist regardless the media in which the information occurs, and the difference between those
states are paramount and fundamental to apply the model accurately. Cryptography, for example, can be
used to guard information while it is transferred through a computer network and even while it is stored
on magnetic media (McCumbers, 1991).
confidentiality
confidentiality has a pivotal role in the safety policy for the information system. A security policy is the set
of rules that, given identified subjects and objects, determines whether a given subject can gain access to
a particular purpose (DOD85, Cited in McCumbers, 1991).In this case, the personal end users or a group
are
NAME MARYAM KHALIL ENROLL 01-135202-037
integrity
Integrity is an assets (which) can only be modified by authorized parties (PFL89, cited in McCumbers,
1991).However, McCumbers (1991) asserts a broader definition of integrity as a quality of information
which identifies how closely the data represent reality.
Availability
Availability is the crucial as well as the other critical information characteristics. It ensures the data
information available to authorized users when it is requested or needed
Security measures
Security Measures At this stage, we attempt to make sure that the critical information characteristics are
well maintained while the data information change from one state to another.
system security not only product that can up to date over the time. Concerning technology, it is highly likely
to keep up with it and always aware to its changing. Thus, the policy and practice need to be established
as checks and balances of the security solutions.
Conclusion
As information as mentioned earlier which can be seen, there are nine distinctive interstices with three
aspects each layer. The first element gives information regarding the information states which can be
changed into three states. The second point is the critical aspect of information which should be protected.
The last is a measure which should be enhanced the data information security by considering end users
and the technology in which the data information is located