Implementing and Administering an Multilevel Secure System › Determining What to Classify
Determining What to Classify
The MLS implementation team must decide how to label the subjects and objects at a site. For example, objects can be any of the following:
- Data sets
- User-defined resources and devices
- Graphics terminals
- VTAM nodes
- Communication lines
- Communications Controllers
- Channel-to-channel adapters
- DB2 resources
- UNIX files and directories
- UNIX IPC objects
- Servers
Subjects can be any of the following:
- System users
- Programs and processes
- Devices
Planning Questions
Before a security administrator can begin to create security labels and assign them to subjects and objects in the system, the MLS implementation team must first determine what users, data, and resources need to be classified and the implications of doing this. The following is a list of general questions to consider in planning for MLS:
- What levels of sensitivity of data exist?
- What areas of your organization have similar security requirements?
- What areas at the site need to segregate data from other areas while sharing resources?
- Which users need access to data at defined levels of sensitivity?
- What authorization should users have to access data at defined levels of sensitivity?
- How stringent does security need to be at your site? For example, does every resource and user need to be classified, or just certain users and resources?
- Does your site have the resources to establish and maintain the level of protection deemed necessary according to your security policy to protect your sensitive data and resources with security labels in an MLS environment?
- What software is currently running on your systems and what modifications, if any, would need to be made to configure this software in an MLS environment?
- What authorized programs are running on systems that might compromise MLS or be impacted by how MLS is established in the system?
- How would system performance be impacted by establishing or phasing in MLS and activating certain MLS system options?
Copyright © 2010 CA Technologies.
All rights reserved.
|
|