In 1991, John McCumber made the McCumber Cube as a model framework for figuring out how different things affect information security projects. These three aspects make up the security model:
- The fundamental principles that must be adhered to safeguard information systems.
- The protection of information in every possible form that it can acquire.
- The precautions that have been taken to ensure the data's safety.
- Confidentiality standards protect sensitive data from unauthorized access. Encryption, identity proofing, and two-factor authentication assure confidentiality.
- Integrity protects system data and operations from tampering. Hash functions or checksums ensure integrity.
- Authorized users can access systems and data when and as needed, while unauthorized users cannot. Maintenance, hardware repairs, software updates, and backups can do this.
- Processing data involves updating a database record (Data in process).
- Data held in memory or on a hard drive, SSD, or USB drive is called storage (Data at rest).
- Data transmission between information systems (Data in transit).
- Organizations implement security awareness, training, and education initiatives to increase end-user understanding of potential security risks and protective solutions.
- Technology is the word for the different software and hardware solutions made to protect data systems. For example, firewalls keep an eye on your network all the time to look for any suspicious activity.
- The administrative controls that provide the basis for how an organization implements information assurance are known as "policies and procedures," and they include things like incident response plans and best practice recommendations.
