Question

Assume that a security model is needed to protect the information used in the class you are taking—say, the information in your course’s learning management system. Use the CNSS model to identify each of the 27 cells needed for complete information protection. Write a brief
a statement that explains how you would address the components represented in each of the 27 cells.

Answer 1

Solution

27 cells

1. Confidentiality-Policy-Storage.
2. Confidentiality-Policy-Processing.
3. Confidentiality-Policy-Transmission.
4. Confidentiality-Education-Storage.
5. Confidentiality- Education -Processing.
6. Confidentiality- Education -Transmission.
7. Confidentiality-Technology-Storage.
8. Confidentiality- Technology -Processing.
9. Confidentiality- Technology -Transmission.
10. Integrity-Policy-Storage.
11. Integrity-Policy-Processing.
12. Integrity-Policy-Transmission.
13. Integrity-Education-Storage.
14. Integrity-Education-Processing.
15. Integrity-Education-Transmission.
16. Integrity-Technology-Storage.
17. Integrity- Technology -Processing.
18. Integrity- Technology -Transmission.
19. Availability-Policy-Storage.
20. Availability -Policy-Processing.
21. Availability -Policy-Transmission.
22. Availability -Education-Storage.
23. Availability - Education -Processing.
24. Availability - Education -Transmission.
25. Availability -Technology-Storage.
26. Availability - Technology -Processing.
27. Availability - Technology -Transmission.

3 dimensions used in the security models

1. Confidentiality, Integrity and Availability
2. Policy, Education and Technology
3. Storage, Processing and Transmission

---

Confidentiality - Policy - Storage   An example of protecting the confidentiality of class information in storage by means of policy could be simply issuing rules to keep unauthorized viewers access restricted, such as a rule to lock file cabinets that contain the information.

Confidentiality - Policy - Processing   An example of protecting the confidentiality of class information in processing by means of policy could be simply issuing rules to keep unauthorized viewers access restricted while information is being processed, such as only allowing registered students in the class to attend and listen to lecture.

Confidentiality - Policy - Transmission   An example of protecting the confidentiality of class information in transmission by means of policy could be simply issuing rules to keep unauthorized viewers access restricted while information is being processed, such as only allowing registered students in the class to attend and listen to lecture.

Confidentiality - Education - Storage   An example of protecting the confidentiality of class information in storage by means of education could be accomplished by training students and faculty, such as teaching them what people are authorized access to the information in storage.

Confidentiality - Education - Processing   An example of protecting the confidentiality of class information that is being processed by means of education could be accomplished by training students and faculty, such as training how to verify if the people are authorized to get the information before class starts by something such as a student ID or schedule.

Confidentiality - Education - Transmission   An example of protecting the confidentiality of class information that is being transmitted by means of education could be accomplished by training students and faculty, such as training the students and faculty to close doors to the classroom while in lecture so that others outside would not hear the lecture.

Confidentiality - Technology - Storage An example of protecting the confidentiality of class information that is being stored by means of technology could be accomplished by something as simple as locks on file cabinets that contain the information while not in use.

Confidentiality - Technology - Processing   An example of protecting the confidentiality of class information that is being processed by means of technology could be accomplished by forcing the use of electronic IDs during classes.

Confidentiality - Technology - Transmission   An example of protecting the confidentiality of class information that is being transmitted by means of technology could be accomplished by having a password on a class website.

Integrity - Policy - Storage   An example of protecting the integrity of class information that is being stored by means of policy could be accomplished by simply making rules that state that only certified people may alter the information

Integrity - Policy - Processing   An example of protecting the integrity of class information that is being processed by means of policy could be accomplished by making a rule that forces students to study in only quiet areas without the help of other people not in the class.

Integrity - Policy - Transmission   An example of protecting the integrity of class information that is being processed by means of policy could be accomplished by making a rule that the teacher is not allowed to drink alcohol before class.

Integrity - Education - Storage   An example of protecting the integrity of class information that is being stored by means of education could be accomplished by teaching those who store the information who is authorized to change it.

Integrity - Education - Processing   An example of protecting the integrity of class information that is being processed by means of education could be accomplished by informing the students that studying with other non students will give incorrect information.

Integrity - Education - Transmission   An example of protecting the integrity of class information that is being transmitted by means of education could be accomplished by teaching the teachers effective ways to teach.

Integrity - Technology - Storage   An example of protecting the integrity of class information that is being stored by means of technology could be accomplished by electronically storing all the data on a device that forces authorization to modify it.

Integrity - Technology - Processing   An example of protecting the integrity of class information that is being processed by means of technology could be accomplished by making PowerPoint presentations to verify what the teacher says.

Integrity - Technology - Transmission   An example of protecting the integrity of class information that is being transmitted by means of technology could be accomplished by printing the PowerPoint presentations and giving a copy to each student.

Availability - Policy - Storage   An example of protecting the availability of class information that is being stored by means of policy could be accomplished by making policy stating that authorized students are allowed access to certain stored information.

Availability - Policy - Processing   An example of protecting the availability of class information that is being processed by means of policy could be accomplished by making a rule that only those authorized are allowed to enter the classroom.

Availability - Policy - Transmission   An example of protecting the availability of class information that is being transmitted by means of policy could be accomplished by making a rule that allows only students into the classroom and none other.

Availability - Education - Storage   An example of protecting the availability of class information that is being stored by means of education could be accomplished by teaching those who store the information the correct process of storage so that things don’t get lost.

Availability - Education - Processing   An example of protecting the availability of class information that is being processed by means of education could be accomplished by teaching those who teach the information to speak up so that everyone in the classroom can hear what is being taught.

Availability - Education - Transmission   An example of protecting the availability of class information that is being transmitted by means of education could be accomplished by teaching the students to remain quiet in the classroom so that all can hear the information.

Availability - Technology - Storage   An example of protecting the availability of class information that is being stored by means of technology could be accomplished by making the information available on the Internet via a password protected website.

Availability - Technology - Processing   An example of protecting the availability of class information that is being processed by means of technology could be accomplished by the teacher providing the PowerPoint files available to the student on the Internet to study.

Availability - Technology - Transmission   An example of protecting the availability of class information that is being transmitted by means of technology could be accomplished by the teacher using a microphone so the lecture is loud enough for all students to hear

---

all the best