Introduction
To work as a Security Manager (SM) for a civil society clearinghouse such as MCC, one needs adequate understanding of the Guidelines for the Security Certification and Accreditation of the Federal Information Technology Systems (GSCAFITS). This is because a SM handles sensitive profiles of public clients. GSCAFITS is a hub developed to support an enhanced system of information security for federal government executive agencies. It presents a more comparable, more consistent, more assessable repetition of the control of information security and a more systematic control for promoting more understanding of related agency risk missions that result from information system operations. Rather, the GSCAFITS facilitates more reliable, more trustworthy and more complete official authorized accreditation decisions for information security (Wartyo, 2008).
Accreditation and certification among experts in industries and US federal agencies is a necessary picayune process required for a SM to inspect the fit of IT infrastructure and system of an agency’s security.
MCC’s Security Requirements for Distributed Database
Converting from an in-house database to a distributed database (Ddb) for the MCC would be necessary to structure a secured and robust system for proper management of sensitive information. Briefly said, a Ddb is Databased-management-system (DBMS) centrally controlled with storage devices not quite attached to a CPU. Information in this case is not housed in unit computers, like it is the case with in-house database. This mean information is dispersed over an interconnected computer network system. Database replication and distribution improve end-user worksite performances (Felix, 2004).
If MCC needs a relational and object-oriented Ddb model, it could be designed to give protection against unwarranted interferences, maintain integrity, and multilevel and single level access controls. The efficiency and efficacy of feature delivery must be questioned for a proposed model. Hence, compliance with the C2 division/class of the Orange Book, U.S Department of Defense (DoD) Trusted Computer System Evaluation Criteria is sufficient protection for a MCC Ddb.
Discussion board
The seven issues evaluated and the value schemes assigned are very much practical. However, I feel there could be need for a specified update of profiles to indicate a sense of time. It must also handle effectively outcomes from decentralized and centralized authorization. Access control suggested by Thuraisingham (1995) could be necessary.
When deciding to go with the lower level or the higher level on the evaluation table C3.T10, it would be necessary to identify and specify the required level, and then follow it consistently.
The list of appendices to the SSAA has Appendix 1, 2, 3, and 4. Appendix 1 is Definitions which starts with AP1.1 (Authorized User) through AP 1.2.3 (Functions) to AP1.26 (Waivers). The documents required for the B-3 Division /Class in the Orange Book has rather listed fundamental Objectives and requirements for Trusted Computer System Evaluation Criteria and is not exactly homogenous with the AASS appendices.
The differences are especially noticeable where the B-3 Division /Class in the Orange Book is engaged with Accountability, Assurance and Documentation which are not found in the SSAA document.
Apart from Section B-3.4, other sections of the document referenced for development in the B-3 section in the Orange Book are listed in the DITSCAP and are applicable for the course scenario computer system.
References
Felix, M. (2004, May 14). Security and Accreditation of Information in Distributed Database. Web.
Thuraisingham, B., & Ford, W. (1995). Security Constraint Processing in a Multilevel Secure Distributed Database management System. Toronto: Transactions on Knowledge and Data Engineering.
Wartyo, S.A. (2008). Requirements for a Distributed Database. Makurdi: Aboki books.