Disaster Recovery and Planning

Disaster Recovery and Planning

McCumber Cube model is a shorthand word which is used in reference to information systems security issues. The model originated in late 1980as and early 1900s and tried to provide insights on the relationships that existed between communications and computers security issues. The model aimed at developing security systems that would not be constrained or limited to the technical and organizational changes. The model is categorized into three parts; information states, critical information characteristics and security measures which aim at ensuring information systems security (McCumber, 2005, p. 99).

McCumber Cube model is also used or rather helps in classification of threats and vulnerabilities. The model is important when assessing high levels of abstractions in issues to do with security. The model is segmented into matrixes with nine intersection areas that help in the scrutiny and checking of threats that faces information systems (McCumber, 2005, p. 102). For instance, information confidentiality during its transmission or any intersections can be used to determine whether the system is faced with threats or not.

Critical information characteristics are one of the concerns in the information systems security. These characteristics include; confidentiality, availability and integrity. The three represent the security spectrum in an automated or computerized environment and are applicable to an organization regardless of its philosophy or way of operations/functioning.

Various security technologies can also be mapped into the nine intersections; the model provides an opportunity for protection of confidentiality of information during its transmission. This therefore, helps to reduce access of the information to unauthorized users helping safeguard the information. When planning for disaster recovery, the critical information characteristics of data in the model do not create semantic confusion or complexity. This is because; it clearly demonstrates how confidentiality, availability and integrity of system link or functions with other intersection in ensuring that the information systems are secure (McCumber, 2005, p. 102). For instance, confidentiality is an important security policy for any information system. There is certain information that is confidential and therefore, requires access limits therefore ensures that selected users are controlled on the data that they access. Therefore, for surety purposes certain information is protected and access limit are intuited to control authorized access. Integrity is yet another attribute or critical characteristics of information. Information considered to uphold to integrity is that which has qualities that closely identifies how the information represents the reality. Therefore, integrity to be achieved, the information should be relevant, accurate and be complete. The model therefore, helps in determining whether actually the information that is transmitted has integrity. Availability ensures that appropriate information is transmitted to the other user when needed or required. For information to be available, support power backups, parallel databases and spare data channels should be available. The availability also functions as check and balance in this model.

The model has a layer on education, training and awareness, as one of the prominent security measures. This awareness and education helps in identification of threats and vulnerabilities that may be associated with the use of automated information systems hence allowing affable steps to resolve the threats (McCumber, 2005, p. 107). Managers and any other employee in an organization should be equipped with skills and knowledge on security measures to enable them take precautions in safeguarding their systems security.

Therefore, the three critical information characteristics are easy to understand and conceptualize in understanding other relevant security issues within any information system. The three characteristic forms the foundation of the model.

Reference

McCumber, J. (2005). Assessing and Managing Security Risk in IT Systems: A Structured Methodology, New York: A CRC Press Company.