The Brewer and Nash model was constructed to provide information securityaccess controls that can change dynamically. This security model, also known as the Chinese wall model, was designed to provide controls that mitigate conflict of interest in commercial organizations and is built upon an information flow model.
In the Brewer and Nash model, no information can flow between the subjects and objects in a way that would create a conflict of interest.
This model is commonly used by consulting and accounting firms. For example, once a consultant accesses data belonging to Acme Ltd, a consulting client, they may no longer access data to any of Acme's competitors. In this model, the same consulting firm can have clients that are competing with Acme Ltd while advising Acme Ltd. This model uses the principle of data isolation within each conflict class of data to keep users out of potential conflict of interest situations. Because company relationships change all the time, dynamic and up-to-date updates to members and definitions for conflict classes are important.
Harris, Shon, All-in-one CISSP Exam Guide, Third Edition, McGraw Hill Osborne, Emeryville, California, 2005.
Chapple, Mike, et al, Certified Information System Security Professional - Official Study Guide, Eighth Edition, Sybex, John Wiley & Sons, Indiana, 2018.
External linksedit
Brewer, D.F.C.; Nash, M.J. (1989). "The Chinese Wall security policy" (PDF). Proceedings. 1989 IEEE Symposium on Security and Privacy. IEEE. pp. 206–214. doi:10.1109/SECPRI.1989.36295. ISBN0-8186-1939-2. S2CID 7882054.
May 19, 2024
brewer, nash, model, constructed, provide, information, security, access, controls, that, change, dynamically, this, security, model, also, known, chinese, wall, model, designed, provide, controls, that, mitigate, conflict, interest, commercial, organizations,. The Brewer and Nash model was constructed to provide information security access controls that can change dynamically This security model also known as the Chinese wall model was designed to provide controls that mitigate conflict of interest in commercial organizations and is built upon an information flow model In the Brewer and Nash model no information can flow between the subjects and objects in a way that would create a conflict of interest This model is commonly used by consulting and accounting firms For example once a consultant accesses data belonging to Acme Ltd a consulting client they may no longer access data to any of Acme s competitors In this model the same consulting firm can have clients that are competing with Acme Ltd while advising Acme Ltd This model uses the principle of data isolation within each conflict class of data to keep users out of potential conflict of interest situations Because company relationships change all the time dynamic and up to date updates to members and definitions for conflict classes are important See also editBell LaPadula model Biba model Clark Wilson model Graham Denning modelReferences editHarris Shon All in one CISSP Exam Guide Third Edition McGraw Hill Osborne Emeryville California 2005 Chapple Mike et al Certified Information System Security Professional Official Study Guide Eighth Edition Sybex John Wiley amp Sons Indiana 2018 External links editBrewer D F C Nash M J 1989 The Chinese Wall security policy PDF Proceedings 1989 IEEE Symposium on Security and Privacy IEEE pp 206 214 doi 10 1109 SECPRI 1989 36295 ISBN 0 8186 1939 2 S2CID 7882054 Retrieved from https en wikipedia org w index php title Brewer and Nash model amp oldid 1211955331, wikipedia, wiki, book, books, library,
