Risk Management Models

There are various Risk Management Models around, some of them discussed here:

General Risk Management Model: 

This five step general risk management model can be used in virtually any risk management process:

Step 1: Asset Identification

Identify and classify the assets, systems, and processes that need protection because they are vulnerable to threats. 

Step 2: Threat Assessment

After identifying assets, you identify both the threats and the vulnerabilities associated with each assets and the likelihood of their occurrence. All things have vulnerabilities; one of the key is to examine exploitable vulnerabilities. To list: CWE (from mitre.org), SANS Top 25 list, OWASP Top 10 list.. 

Step 3: Impact Determination and Quantification:

An impact is the loss created when a threat is realized and exploits a vulnerability. Tangible impact results in financial loss or physical damage. An intangible impact, such as impact on the reputation of a company, assigning a financial value can be difficult. 

Step 4: Control Design and Evaluation:

Determine the controls (also called countermeasure or safeguards) to put in place to mitigate risks. List of software control can be found in NIST SP 800-53
Step 5: Residual Risk Management:
A risk that remains after implementing controls is termed as residual risk. Multiple controls can be applied to achieve better defense posture through defense in depth.

Software Engineering Institute Model:

1. Identify:

Examine the system, enumerating potential risks.

2. Analyze:

Convert the risk data gathered into information that can be used to make decisions. Evaluate the impact, probability, and timeframe of the risk. Classify and prioritize each of the risks.

3. Plan: 

Review and evaluate the risks and decide what actions to take to mitigate them. Implement the plan.

4. Track:

Monitor the risks and the mitigation plans. Review periodically to measure progress and identify new risks.

5. Control:

Make corrections for deviations from risk mitigation plans. Changes in business procedures may require adjustments in plans or actions, as do faulty plans and risks that become problems.

Security Models

Security Models are used to understand the systems and processes developed to enforce security principles. There are three key elements which plays role in model implementation:

  • People
  • Processes
  • Technology

Various models discussed here are:

Access Control Models: 

There are various different access control models provide different aspect of protection but Access Control List (ACL) is the most commonly used. ACL is a list that contains the subject that has access right to a particular object. An ACL will identify not only the subject, but also the specific access that subject has for the object.

Other models discussed below: Discretionary Access Control (DAC), Mandatory Access Control (MAC), Role-based Access Control (RBAC), Rule-based Access Control (RBA)

Bell-LaPadula Confidentiality Model:

Bell-LaPadula security model is combination of mandatory and discretionary access control mechanism.

First Principle, known as – Simple Security Rule – that no subject can read information from an object with a security classification higher than that possessed by the subject itself. This is also refferred as “no-read-up” rule.

So arrange the access level in hierarchal form, with defined higher and lower level of access.

Bell-LaPadula was designed to preserve “confidentiality” – focused on read and write access.

Reading material higher than subject’s level is a form of unauthorized access.

Courtesy: rutgures.edu

Second Principle, known as *-property (star property) – states that subject can write an object only if it’s security classification is less than or equal to the object’s security classification.

Also known as “No-Write-Down” principle.

This prevents the dissemination of information users that do not have appropriate level of access.

Usage example – to prevent data leakage, publishing bank balance – to a public page..

Take-Grant Model:

  • Built upon Graph Theory
  • Distinct Advantage: Definitively Determine Rights – Unique Rights (take and grant)
courtesy: http://clinuxpro.com/wp-content/uploads/2013/10/Take-Grant-Model.png
  • Value lies in ability to analyze an implementation is complete or might be capable to leak information.