Abstract :
The information assurance (IA) model, an extension of the McCumber information security model, specifies security services for information when it is at rest, in transit, or being processed. According to the IA model, the processing information state is protected by technology, operations, and people security countermeasures. However, what has not been considered is the power wielded by an ordinary user over the processes in their environment. The authors consider people to be the principle countermeasure in the model. Unfortunately, this becomes problematic when users introduce unknown or unauthorized processes into a system which may affect information and the security services of the system. Indeed, such processes run with the rights and privileges of the user. The intentional or accidental execution of unauthorized applications epitomizes the insider threat. Therefore, system and data security is at the mercy of executing processes and the hands of the authorized user. Another way to represent this situation is to say that unknown and unauthorized processes, whether or not under the control of the user, change the secure state processing (SSP) of a system
Keywords :
authorisation; data security; information assurance model; people security countermeasures; secure state processing; security services; Authentication; Automatic control; Control systems; Data security; Information security; Libraries; Operating systems; Power system modeling; Power system security; Protection;
