2. Business Initiated Vulnerabilities

Remember Bell-LaPadula?

Multi-level access controls such as Bell-LaPadula have been in place for government applications for a very long time with good success. Why not implement a similar model for access across the board. A well defined business environment should understand where critical data is located and the risk involved with that data and control access based on area of responsibility or job function. Users and hosts should be limited access based on associated attributes of data, only accessing that data based on “need to know.” Any external entities should be treated as high-risk by default. Implementing tokenized access to data at rest above discretionary access controls would benefit ABAC and access awareness.

Add tags and help us assess and classify your idea. Pick from the list below or type in a new tag.

Voting

1 vote
Public Input
Idea No. 153