Step 6: Begin a Security Models Summary

In this step and the following step, you will develop a short summary for each of the security models listed. These reports will serve as an Appendix A to the final memo and will document the security models and their attributes in advance of the memo that you will deliver with your recommended approach.

Each summary should include a descriptive and evaluative paragraph on the following attributes:

Include the origins of the model (who developed it, when was it developed, and the context under which it was developed), main characteristics of the model (details on the business, sector, industry for whom the model was developed), and key features of the model, you will also identify key features, weaknesses, and targeted sectors and/or infrastructures.

Write summaries for the following common models:

• Bell-LaPadula
• Biba’s Strict Integrity Policy
• Clark-Wilson
• Chinese Wall
• Clinical Information Systems Security
• Noninterference Security
• Deducibility Security
• Graham-Denning

These Security Models Summary should be submitted as Appendix A (complete this in 2 pages with references)

Step 7: Analyze the Security Models

Analyze each of the security models that you reviewed above and their attributes against the needs of your organization as identified in the earlier steps. (Capital One). Identify features from the models that apply to your assigned organization’s security needs. Also include any security attributes that you believe are important for your organization but are not included in any of the models. The information that you gather here, will contribute to the development of a security plan.

Step 8: Design a Custom Security Plan

Having completed an assessment of your organization’s security posture and the analysis of security models, you will now design a custom security plan for the organization.(Capital One) The custom security plan should meet the following criteria:

• The security plan should coincide with the organization’s IT vision, mission, and goals.
• Include an information security program that aligns with business strategy.
• Incorporate all internal and external business functions within the organization’s security programs.
• Classify risks according to relevant criteria.
• Prioritize threats from both internal and external sources.
• Rank the most relevant security attributes for the organization and list them in priority order. This list will serve as Appendix B to your final assignment. (complete this in 3 pages with references)