Question

In: Operations Management

An explanation of the McCumber's Cube model and how the elements of this framework interact A...

  1. An explanation of the McCumber's Cube model and how the elements of this framework interact
  2. A discussion the role that the McCumber's Cube Framework plays in helping organizations form suitable policy
  3. A discussion of how these cases illustrate a failure to implement the framework effectively
  4. A discussion of the role management plays in information security as demonstrated by the Principles of Information Security *
  5. Identify Principles of Information Security that seemed to be ignored (this may be a couple, many, or all)

Solutions

Expert Solution

The Cybersecurity Cube (also called the McCumber Cube) is a tool developed by John McCumber, one of the early cybersecurity experts, in order to help manage the protection of networks, domains, and the Internet. The Cybersecurity Cube has three dimensions and looks somewhat like a Rubik’s Cube.

The first dimension of the Cybersecurity Cube includes the three principles of information security. The second dimension identifies the three states of information or data. The third dimension of the cube identifies the expertise required to provide protection. These are often called the three categories of cybersecurity safeguards.

How McCumber Cube can be used to form best maintenance policies

a. Failure-based maintenance (FBM) - a reactive policy to be carried out after a breakdown,

b. Time/use-based maintenance (TBM/UBM) - a preventive policy to be activated at pre-specified

time intervals.

c. Condition-based maintenance (CBM) - a predictive policy that becomes active when some

system parameters reach the predetermined values,

d. Opportunity-based maintenance (OBM) - one that is carried out only after some specific

situation arises; thus, it is considered to be a passive policy,

e. Design-out maintenance (DOM) - a policy whose primary premise is on the design for ease

(or even elimination) of maintenance.

The McCumber Cube Technique:

John McCumber developed the McCumber cube as a way to model risk management. This model provides the security practitioner with a means to graphically evaluate and manage risk for a system. Viewing the cube from different angles provides a security practitioner with a way to consider risk from different perspectives. The three primary aspects of the cube involve Information state (storage, processing, transmission), countermeasures (technology, policy, people), and security services (confidentiality, integrity, availability). The McCumber cube can be used by selecting a desired security service and considering what countermeasures must be implemented to protect the affected information states. Reducing the scope of the view of the McCumber cube could enhance risk-based decisions for the countermeasures needed to protect against specific attacks. An attack vector is a particular technique exploiting a system weakness; information state is what that needs to be protected, and countermeasures are those that can be implemented to defend the network. An analysis of these dimensions together results in the desired security goal.

Information Security Management:

Information security management is the process of carrying out various activities that facilitate the preservation of an organization's business information assets. Information security management involves implementing security measures that exemplify the instructions of an organization's security policy, various security procedures and other security programs. It is a continuous process, requiring constant review and adjustment in order to keep up with the latest technology developments and their associated risks and to further ensure that the organizations information security goals and objectives remain fulfilled to the fullest extent. It is essential to differentiate between information security management and information security governance, in order to highlight why each of these functions are so important in terms of securing business information assets.

PROCESS:

Information security management begins with clear direction. Additionally, the issuing of a corporate information security policy helps to express the commitment of the organization toward protecting the confidentiality, integrity and availability of business information. Hereafter a series of activities that aim to realize this commitment commence. Some of these activities include an initial assessment of various potential risks to information which is then followed by some form of risk management strategy. This enables an organization to identify and implement an assortment of physical, technical and operational security controls.

However, in order to effectively enforce accountability and responsibility for information security throughout an organization, various individuals need to fully understand the roles they play in this regard.

The Role of the Board of Directors:

The primary role of the board is to oversee the interests of the shareholders by effectively directing and controlling an organization and ensuring that all resources are appropriately utilized. The board must support the establishment and implementation of a robust information security program by setting the information security direction and communicating this through the corporate information security policy. The board must also receive management reports on the utility and effectiveness of their security program. This enables the board to ensure that their organization's security efforts remain on track.

The Role of Board Committees:

Board committees facilitate the board in carrying out their duties efficiently and show that the board's responsibilities are being appropriately accomplished. There are several board committees that can assist the board with their responsibility for information security - the IT oversight committee; secondly, the audit committee and lastly, the risk management committee. The information provided to the board by these various board committees, regarding the effectiveness of current security efforts further facilitates the board in the review of the organization's security policy.

AN INFORMATION SECURITY RESPONSIBILITY FRAMEWORK:

The management side of information security involves actions by non executive management and the CIO in order to address the implementation issues of information security from an infrastructure and best practice point of view. It is important to note that the CIO plays a major role in the entire information security function, as this individual has contributions to make in terms of both the governance and the management of information security. In the context of information security management, the CIO works closely with the CISO to develop strategies for information security that would involve activities such as risk management, risk monitoring, reporting and so forth. The business unit leaders, or department heads, are also responsible for ensuring that all employees are trained in security awareness and comply with information security policies, practices and procedures so that they act responsibly with regard to the organization's information assets.

The development of an information security responsibility framework helps to show that both governance and management support are essential constituents of a comprehensive information security function. Both governance and management support enables an organization to satisfy the full spectrum of information security risks by addressing all information security requirements.


Related Solutions

Define cis-acting elements and trans-acting factors. How do they interact in a eukaryotic cell?
Define cis-acting elements and trans-acting factors. How do they interact in a eukaryotic cell?
how would you envision the different layers defined in the OSI Reference Model to interact. how...
how would you envision the different layers defined in the OSI Reference Model to interact. how would you use the OSI model when troubleshooting a network connectivity problem
What is the model of motivation and what are its elements? How does the model apply...
What is the model of motivation and what are its elements? How does the model apply to purchasing an Apple device?
How does the competing values framework connect with Kolb's model of learning?
How does the competing values framework connect with Kolb's model of learning?
How does the competing values framework connect with Kolb's model of learning?
How does the competing values framework connect with Kolb's model of learning?
D. Describe FIVE basic elements of financial statements recognised under AASB Framework: The Framework for the...
D. Describe FIVE basic elements of financial statements recognised under AASB Framework: The Framework for the Preparation and Presentation of Financial Statements.
Describe how the business/brand might use each of the TBL framework elements to enhance their image...
Describe how the business/brand might use each of the TBL framework elements to enhance their image through their promotional activities. (1000 words minimum)
Give a comprehensive explanation of the ways that species can interact in communities. For each type...
Give a comprehensive explanation of the ways that species can interact in communities. For each type of interaction, state whether each species is helped, harmed, or unaffected by the interaction, and why. Given how each species is affected by a given interaction, how would you expect natural selection to influence what each species contributes to this interaction?
Discuss how you would envision the different layers defined in the OSI Reference Model to interact....
Discuss how you would envision the different layers defined in the OSI Reference Model to interact. Provide an example of how you would use the OSI model when troubleshooting a network connectivity problem
Describe how the aggregate demand/aggregate supply model interact at the macroeconomic level. Explain how productivity growth...
Describe how the aggregate demand/aggregate supply model interact at the macroeconomic level. Explain how productivity growth and changes in input prices change the aggregate supply curve. Identify influences on aggregate demand. Explain how the aggregate demand/aggregate supply model incorporates growth, unemployment, and inflation.
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT