ASSESSMENT TOOLS

Assessment Tools

Pros and Cons of Assessment Tools

Introduction

Information protection is essential. Organizations are aware of it and gradually move to introduce, or at least, the study of various safety programs covering such areas of computer technology, such as communications, operating systems and information management. Protecting the integrity and authenticity of information is an element that has slowly been emerging as a key concept in the professional field. The aim and objective of this paper is to talk about the pros and cons of the various assessment tools.

Pros and Cons of Various Assessment Tools

The following part discusses various tools and models.

Clark Wilson Model

Clark-Wilson integrity model provides a basis to identify and analyze a policy of integrity a computing system. The model is primarily concerned with formalizing the notion of the integrity of the information. The integrity of the information is maintained by preventing the corruption of data items in a system due to error or malicious intent. An integrity policy describes how the data items in the system should remain valid for a system state to the next and indicates the potential for various principals in the system. The model defines the rules of application and certification rules. The following chart shows rules for Windows NT Security Model (Amoroso, 2004).

Take Grant Model

The take grant is a formal model used in the field of computer security, systems analysis for discretionary access control, confirms or refutes the degree of protection of the automated system, which must meet the regulated requirements. The model represents the entire system as a directed graph, where nodes either object or subjects play an important part. The arcs between them are labeled, and their values ??indicate the law that has an object or entity (node). The model is dominated by two rules: "give" and "take." They play a special role in it, rewriting the rules that describe acceptable ways to change the graph. In total there are 4 conversion rules. The problem or the weakness of this model is that if a transaction takes place other than these four conversion rules then in this situation this model becomes unable to protect the information (summers, 2007).

Biba Model

The Biba model preserves data integrity. It prevents data modification by unauthorized parties. It prevents unauthorized modification of data by authorized parties and it keeps internal and external consistency (Anderson, 2001).

In order to maintain the integrity of the information Biba model utilizes various integration policies. Labels are used to maintain the integrity of the information. The data that is labeled with high level of integrity is highly protected and data that is labeled with low level of integrity is less protected. So, the complicated process involves in this model is the labeling of the information (Krause and Tipton, 2008).

Bell-La Padula Model

The Bell-La Padula model aims to provide a means to formulate the problems associated with information protection and focuses on controlling the flow of information. Faced with access control systems in which the user can enable protection at ...