Information Classification and Security Models

¶ … classification and risk analysis are some of the major initiatives that companies consider to be very expensive and unwarranted in relation to protection measures to business need. As a result of this consideration, organizations prefer seeking information technology support organizations to identify information that needs protection and the degree of protection as well as the technology solution. However, information classification is still an important protection measure to business need because of the need to secure different types of information in different ways.

Information classification can be described as the process of categorizing information, establishing a policy on how to handle information based on its category, and developing security measures on systems handling information accordingly. The classification of the information in order to determine protection measures to business need is dependent on the nature and type of the business or company. The need for information classification in the modern business world is because of the increasing significance of information to business practices.

The preference for information technology measures usually contributes to ineffective and inefficient technology centered on information protection plans that do not specifically deal with a firm's business need. Information classification is important for organizations because the need to protect information is more important today than ever before in light of rapid technological advancements (Fowler, p.3). Secondly, the need for protection is obvious while the solutions are not because of complexity of information, challenges in protecting information, and sophistication of technology.

Therefore, information classification will help the management to ensure company information is protected. Types of Security Architecture & Design Models: Security architecture and design is a domain that is made of concepts, standards, principles, and structures used to develop, implement, evaluate, and secure various technological aspects including operating systems, applications, network, and equipment. The domain also incorporates controls used to ensure levels or degree of integrity, confidentiality, and availability (Ouyang, p.2).

There are various types of security architecture and design models depending on how an information system or a computer shall enforce security policies. Some of the most common types of these models include Graham-Denning Model, State-Machine Model, Information-Flow Model, and Non-Interference Model. The other types of security architecture and design models are combination of these or generalized access control techniques. Graham-Denning Model is an architecture and design technique that functions on a series of objects, subjects, an access matrix, and rights.

In contrast, Information-Flow Model generally demonstrates the direction of data flow between objects depending on the levels of object security. The Non-Interference Model, which is commonly known as Goguen-Meseguer security model, is slackly based on the Information-Flow Model. However, this model focuses on the effect of actions of a subject at higher degree of sensitivity on the system state or actions of a subject at lower sensitivity level. The State-Machine Model is made of several.