Security models
For a long time, security models have been developed with the vulnerability of information systems attack. Information systems are very vital systems in any given organization. There are many security policies which have been set up in many organizations so that the integrity and confidentiality of information is as safe as possible. There is various security models that have been developed that are used to manage the security issues in an organization; some are for specific organization while others are used internationally. This paper will look at one of the security models, the Clark-Wilson model. The main issue of concern with this security model is integrity and confidentiality. The Clark-Wilson model is concerned with unauthorized altering of data, fraud and emerging of errors in applications which are used for commercial purposes. The model considers two aspects of integrity which are internal and external. The internal aspects refer to the operations of the internal state of the system. On the other hand, the external aspect is the operations of the system in terms of the world outside.
This paper will give an illustrative example of health records to bring out the aspect of integrity using Clark-Wilson model. One important aspect of health records is the availability to view and read. It is therefore important that this model is included so that the issue of integrity and confidentiality is brought out clearly. In a health record, if there is a patient who would like to join a health record system, there are rules which are to be followed. These rules have to be followed and enforced by way of auditing. In the case where the record is used in one organization, then the Clark-Wilson model will be used in this particular state. In situations where the record is used in a collaborative environment, then there are rules which apply across the organizations. In such situation, the various organizations seeking to make use of the health record will have to follow the set rules. In electronic record, the Clark-Wilson model takes subjects as staff, the objects are the data that are stored electronically and also that subjects and objects are linked in an electronic way. For the subjects to manipulate any given data items, they will have to make use of the programs as they will not do this directly. If a patient record has to be altered, there are profiles that are allowed to do so. A doctor will only change the medical aspects of the patient record using a medical history part of the application program. The nurses will be required to do so using their system while a pharmacist will alter only medication without having to alter other areas. There is separation of duties in this model.
References
Allen, J. (2003). The ultimate guide to system security. Boston: Madison-Wesley.
Anderson, R. (2010). Security engineering: A guide to building dependable distributed systems. London: John Wiley and Sons.
Andress, J. (2011). The basics of information security. New York: Elsevier.
Dhillon, G. (2007). Information systems security and principles. New York: John Wiley & Sons.
Fischer-Hubner, S. (2001). IT security and privacy: Design and use of privacy-enhancing. New York: Springer.
Pfleeger, C., & Pfleeger, S. (2003). Security in computing. London: Prentice Hall Professional.
Singh. (2009). Network security management. New Delhi: PHI Learning Pvt. Ltd.