The Control Architecture

The enterprise operates protection through the creation, operation, and adaptation of a control architecture. The control architecture includes structural mechanisms that obtain security objectives through access control, functional units, perimeters, authorization, change control, and lower surety non-architectural units.

  • Protection Objectives: Integrity, availability, and confidentiality have long been considered keystones of information protection, and in recent years, use control and accountability have joined the ranks of critical information protection objectives. The acronym CIA (for confidentiality, integrity, availability) were historically used because of the military emphasis on confidentiality and the historical basis of information security in the cryptographic roots of confidentiality. But for most businesses, integrity is more important than anything else because wrong answers often produce higher consequences than no answers or leaked answers.

    • Integrity: With the increased use of computers for control over machines, integrity is critical to preventing loss of life and similar consequences while secrecy holds only financial losses and possible fines which are rarely levied in cases of accidental or maliciously induced releases. Integrity generally includes proper association of source to content, freedom from inappropriate changes to content, and that the content is reflective of the desired reality to within the known parameters.

    • Availability: Outages increasingly cause serious losses to businesses as they become more dependent on information technology for operational needs and as just-in-time systems become more critical to business success. Availability generally includes fault intollerance (hardening and increased reliability) and redundancy aspects.

    • Confidentiality: Confidentiality is still o0f great import, but keeping secrets for long time periods is a rare exception today and not the norm. Therefore the time limits of secrecy combined with the general availability of information to those willing to search for it reduce the emphasis on this issue. While regulatory requirements in certain cases can be very substantial and consequences very serious it is typically considered third to integrity and availability today in most business contexts. Confidentiality typically involves limits on access and utility of exposed representations of content.

    • Use control: Use control becomes more of an issue as the utility of control functions and similar mechanisms leads to higher consequences of misuse. For example the ability to use an enterprise identity management system control plane implies the potential for massive damage because of the high risk aggregation caused by the dependency on this system by the rest of the enterprise that has integrated identity management. Use control typically involves identity, authentication levels, and authorities for use.

    • Accountability: Accountability is fundamental to the ability to attribute actions to actors for attributing financial and other responsibility. Legal and regulatory drivers also increasingly force accountability. Accountability typically includes attribution of actions to actors, situational information relating to time, context, and so forth, and the activity performed.

  • Access Controls: Access controls in the control architecture sense, have to do with the overall model used for determining validity of access of subjects (people, programs, etc.) to objects (things, data, files, systems, etc.). The typical model uses (1) clearance levels for people and other subjects, (2) classifications for data and other objects, (3) a rule for matching clearances to classifications to determine access restrictions, (4) a notion of need-to-know that allows separation of projects and other elements based on risk aggregation and similar requirements, (5) separation requirements for assuring the proper division of content and infrastructure, and (6) surrounding controls that assure that the access control is implemented.

  • Functional Units: These are classes of mechanisms that are used to partition information and systems in different ways so that separation of classification levels and need to know areas are based on a set of control mechanisms and an architectural level mechanism for control and audit, separation of control and audit from data, separation of duties, and similar separation mechanisms.

  • Perimeters: The perimeter architecture provides for physical and logical separations of zones with different and possibly sequencial protection mechanisms to limit access and activities passing those barriers.

  • Use: Authorization for use is a process in which a subject is identified, an adequaqte level of authenticaiton of that identity is provided for the contextual use, authorization for that use is granted or denied based on that use and the authenticatied identity, and use proceeds or doesn't.

  • Change Control: Change control is an identified set of architectural requirements and implementation mechanisms that separate research and development, testing and approval, and operations from each other, and provide the means for assuring proper control and approval processes over changes.

In combination, these form the architectural elements of the control architecture, independent of implementation specifics.

For more details and in-depth coverage of these issues, buy the Governance Guidebook.

This was last published in January 2006

Dig Deeper on Data security strategies and governance

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.