The Brewer and Nash model was constructed to provide information security access controls that can change dynamically. This security model, also known as the Chinese wall model, was designed to provide controls that mitigate conflict of interest in commercial organizations and is built upon an information flow model.
In the Brewer and Nash model, no information can flow between the subjects and objects in a way that would create a conflict of interest.
This model is commonly used by consulting and accounting firms. For example, once a consultant accesses data belonging to Acme Ltd, a consulting client, they may no longer access data to any of Acme's competitors. In this model, the same consulting firm can have clients that are competing with Acme Ltd while advising Acme Ltd. This model uses the principle of data isolation within each conflict class of data to keep users out of potential conflict of interest situations. Because company relationships change all the time, dynamic and up-to-date updates to members and definitions for conflict classes are important.
See also
References
- Harris, Shon, All-in-one CISSP Exam Guide, Third Edition, McGraw Hill Osborne, Emeryville, California, 2005.
- Chapple, Mike, et al, Certified Information System Security Professional - Official Study Guide, Eighth Edition, Sybex, John Wiley & Sons, Indiana, 2018.
External links
- Brewer, D.F.C.; Nash, M.J. (1989). "The Chinese Wall security policy" (PDF). Proceedings. 1989 IEEE Symposium on Security and Privacy. IEEE. pp. 206–214. doi:10.1109/SECPRI.1989.36295. ISBN 0-8186-1939-2. S2CID 7882054.