McCumber cube

The McCumber Cube

In 1991, John McCumber created a model framework for establishing and evaluating information security (information assurance) programs, now known as The McCumber Cube. This security model is depicted as a three-dimensional Rubik's Cube-like grid.

The concept of this model is that, in developing information assurance systems, organizations must consider the interconnectedness of all the different factors that impact them. To devise a robust information assurance program, one must consider not only the security goals of the program (see below), but also how these goals relate specifically to the various states in which information can reside in a system and the full range of available security safeguards that must be considered in the design. The McCumber model helps one to remember to consider all important design aspects without becoming too focused on any one in particular (i.e., relying exclusively on technical controls at the expense of requisite policies and end-user training).

Dimensions and attributes

Desired goals

Information states

Safeguards

Motivation

Per John McCumber's website, the idea is to push back the advance of security as an art and support it with a structured methodology that functions independent of technology evolution. The basis of this methodology is the inter-relationship among confidentiality, integrity and availability with storage, transmission and processing while applying the policy, procedures, human side and technology.

See also

References

    External links

    (Dead links!)

    This article is issued from Wikipedia - version of the Monday, December 28, 2015. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.