Committee on National Security Systems Model Paper Example

Introduction

The Committee on National Security Systems (CNSS) model comprises of 27 cells for establishment and evaluation of information security for development of secure systems. In relation to my course, (IA 673) D2L Bright-space, the CNSS model does not only aim at securing security information but also value the security of diverse information such as tests and grades for the course. The 27 cells represent all areas that must be considered for effective security of information (McCumber, 2004). With regards to my course, the CNSS model should address three broad aspects including my personal information, examinations and course results and grades.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Save 25%

Personal information

Confidentiality: personal information regarding the course should not be available to the public. Intentional or accidental aspects should not expose sensitive information to the public.

Integrity: personal information must be accurate. Neither intentional nor accidental modification of information should happen.

Availability: my personal information should be accessible to allow me to to make changes if need be. The personal data should also be available for the relevant authorities when needed.

Storage: my personal information must be stored in secure servers that are little of invasion.

Processing: the system should allow for reflection of changes to my personal information. Changes should reflect to the system.

Transmission: my personal data should not be susceptible to modification in case of transmission.

Policy: policies regarding access to personal information and data must be clearly defined. For instance, accessibility should only be granted to the administration and me.

Education: training must be done so that the staff upholds integrity and confidentiality of personal information.

Technology: software for capturing and storage of personal information must be specified.

Examinations

Confidentiality: the system should keep tests safe from students access.

Integrity: course examinations must be accurate and safe from invasion by students.

Availability: examinations must be available at the right time as per schedules.

Storage: examinations should be stored in secure servers that are free from tamper.

Processing: servers hosting the examinations should give provisions for answers and allows for evaluations and hence results.

Transmission: examinations and test answers should be transmissible upon completion. The system should not be susceptible to delays.

Policy: examination policies including access to tests and adherence to time frames must be considered.

Education: training for students on test policies should be done.

Technology: delivery of examinations should be done on secure browser software.

Course results

Confidentiality: the results from my course examinations and tests should not be exposed to the public.

Integrity: examination and test results should not be susceptible to modification by intruders. The results should be a true reflection of the examinations.

Availability: the system should aid easy access to my results. It should also allow the administration to post and change results.

Storage: results and grades should be stored in secure servers that are free from alteration.

Processing: system should allow for performance of operations on results as well as the calculation of grades.

Transmission: results and grades should not be susceptible to alteration or modification during transmissions.

Policy: policies regarding the integrity of course grades and test results must be clearly defined.

Education: both students and staff must understand policies governing confidentiality and integrity of examination results.

Technology: specification of software for calculation and storage of results must be done. Also, the software and hardware used should not be susceptible to tamper and alterations.

References

McCumber, J. (2004). Assessing and managing security risk in IT systems: A structured methodology. CRC Press.