CNSS Model Exercise

Exercises: Answer problems 1 and 2 from the “Exercises” section(page 35) of Chapter 1 of the textbook.——————————————————————–Exercises:Some hints on Chapter 1  Exercise 1  (page 35)——————————————————————–A useful reference on the CNSS model can be foundin document NSTISSI No. 4011 from the National TrainingStandard for Information Security Professionals( www.cnss.gov/Assets/pdf/nstissi_4011.pdf )To answer Exercise 1 (page 35 of text) please refer to Figure 1.2(CNSS security model) on page 5 of Chapter 1 of the text.The CNSS model of Figure 1.2 identifies the nine interactingfactors that influence the security of any resource. The ninekey factors are:(1) Policy:  which deals with info security policies in place,(2) Education: which deals with education of users on security related issues,(3) Technology: which covers the technology used to implement security measures(4) Confidentiality:  confidentiality of info/data(5) Integrity: addresses measures in place to ensure data integrity(6) Availability: to ensure authorized users access to information in usable format(7) Storage: issues dealing with data storage(8) Processing: issues that cover the processing and handling of data(9) Transmission: covers issues related to factors that influence transmission of dataThese nine influencing factors can be modeled as a 3-dimensional cube asshown in Figure 1.2, where the each of the three axes of the cube representthree of these factors. When we consider the relationship among the threedimensions represented by the axes shown in Figure 1.2 we have a 3 x 3 x 3cube with 27 cells, where each cell represents an area of intersection amongthe three dimensions that must be addressed.In Exercise 1 you determine how you would address the different factors that impactthe security and protection of data/information pertaining to this class (such as studentinformation, student homework submissions, student discussion posts etc.) by applyingthe CNSS model (Figure 1.2).To apply the model, examine the intersecting cells on the CNSS cube from Figure 1.2and determine how you could address some of the factors influencing security of classinformation.Some examples that you may consider are:First you could consider the nine factors individually. For example,(1) Confidentiality:  Only students registered in the course have access to thecourse web page.(2) Integrity: Students would have unit logins which would be their means toaccess the course webpage via eCollege. Students can only alter or modifytheir own work, and cannot change or delete another student’s submitted work.(3) Availability:  The university would ensure that the eCollege site is accessibleto all online students with minimal downtime for maintenance and upgrades…. etc.After you have addressed the individual factors, you can address the intersectingcells in the CNSS security model of Figure 1.2. Some examples include:- Confidentiality/Policy/Storage – This cell represents the intersection of thefactors Data Confidentiality, Security Policy, and Data Storage. This can beaddressed by adopting the following policy:– “Only students registered in thecourse are able to access course related material and student discussion posts.Additionally, homework assignments are only viewable by the instructor and theapplicable student”- Integrity/Policy/Processing – formed by the intersection of the Integrity, Policy,and Processing cells in Figure 1.2. This can be addressed by having a policy suchas:– “The course would have a policy that would all work submitted by the studentsmust represent their own work, and would properly cite all sources referenced.”- Availability/Education/Processing – formed by the intersection of the Availability,Education, and Processing cells in Figure 1.2. This can be addressed by having apolicy such as:–

"Looking for a Similar Assignment? Order now and Get 15% Discount! Use Code "FIRST15"