Domain Based Security

Last updated July 25, 2023

"Domain Based Security", abbreviated to "DBSy", is a model-based approach to help analyze information security risks in a business context and provide a clear and direct mapping between the risks and the security controls needed to manage them. A variant of the approach is used by the UK government's HMG Infosec Standard No.1 technical risk-assessment method.^[1] DBSy is a registered trade mark of QinetiQ Ltd.

DBSy was developed in the late 1990s by the Defence Evaluation and Research Agency (DERA). It is a model-based approach to information assurance that describes the requirements for security in an organisation, taking account of the business that needs to be supported. The model is based around the concept of a security domain, which represents a logical place where people work with information using a computer system, and which has connections with other security domains where this is necessary to support business activity. Hence the focus is on the information that needs protection, the people that work with it and the people they exchange information with. The model can also describe the physical environments where people work and the system boundaries where major system security measures are placed. A systematic method is then applied to the model to identify and describe the risks to which valuable information assets are exposed and specify security measures that are effective in managing the risks.

History

DBSy has its origins in the late 1990s, having been developed by the Defence Evaluation and Research Agency (DERA) for the Ministry of Defence (MOD). Initially called the Domain Based Approach, it was developed alongside Purple Penelope to support the MOD's increasing need for interconnections between systems operating at different security levels,^[2]^[3]

It was recognised that the risks associated with such connections were directly related to the nature of the information exchange that was needed and that an effective model for understanding and managing the risks would need to take account of the business needs for information sharing. It was also recognised that the controlled release of information from a system handling secret information (sometimes referred to at the time as 'down grading' or 'sanitisation') was not adequately described by any of the existing models of Information security (notably Bell-LaPadula, Biba and the associated information flow models).

Information flow models were found to be unhelpful in understanding the risks when information has to be shared with people and systems that are not entirely trusted. An effective model for understanding and managing the risks would need to take account of the business needs for exchanging information both within and outside an organisation.^[4]

The modelling technique was applied to some major projects for the MOD and as a result of this experience the graphical modelling techniques were revised and a rigorous risk assessment method, based on the concepts of compromise paths was developed. An approach to IT security documentation through a project lifecycle was also created.^[5] Domain Based Security conferences were held at QinetiQ Malvern in June 2005 and June 2006, promoting discussion of how it could be more widely used, both for defence ^[6] and commercial systems .^[7]

A variant of the DBSy method was subsequently developed and incorporated into the UK government's HMG Infosec Standard No.1 Technical Risk Assessment method, the standard method to be used for security risk assessments for all government Information Technology systems.

The DBSy model

The DBSy approach uses simple models to represent the requirements for security in an organisation using two different but related viewpoints: the Infosec Business Model represents the security aspects of the business, while the Infosec Infrastructure Model represents the logical provision of strong boundaries that enforce separation. When combined, they make up an Infosec Architecture Model .^[8] This model forms the basis for conducting a systematic and rigorous risk assessment.

The Infosec business model defines security domains and the connections between them. The model specifies the limits of what information can be processed and exchanged between security domains and so forms the set of security requirements for the business. In particular, connections that are not explicitly modelled are not permitted and are required not to occur. A security domain is characterised by a set of information assets, which may be valuable to the organisation, as well as the people that work with the information and the applications and services that act on their behalf. Connections between domains are characterised by the nature of the interaction that is required (such as interpersonal messages, or shared access to a database) and the sensitivity and integrity requirements of the information exchange. The model can also represent the kinds of physical environment from which a domain can be accessed.

The Infosec infrastructure model defines islands of computing infrastructure that are required to be logically separate, so that information cannot be exchanged between them except at identifiable and manageable points of connection, referred to as causeways. An island is characterised by the strength of separation between it and any other islands and by the people who manage its computing infrastructure.

An Infosec architecture model combines the business and infrastructure views, by showing which security domains are supported by which islands of infrastructure. Where there are connections between security domains that are hosted on different islands, the connections must be supported by an appropriate causeway.

Risk assessment method

The DBSy method uses a rational risk framework for describing the risks to which some information assets are exposed. Similar kinds of assets are grouped together as a focus of interest, and the risk assessment process is applied to each focus of interest in turn.

The key factors determining the risk to a particular focus of interest are:

business Impact of compromise to the confidentiality, integrity or availability of the focus of interest;
sets of people who might wish to inflict damage (threat sources) and their motivation for doing so;
groups of people with different opportunities to inflict damage (threat actors) and their capability to do so, who may also be threat sources or could be influenced by others;
the means by which each threat actor might cause damage (causes of compromise);
the defences in place (or planned) to protect the focus of interest.

This risk framework is applied in a systematic fashion to an organisation-specific Infosec architecture model, representing the security-relevant features of an organisation's business and IT systems. Through this process a set of Compromise Paths can be systematically described and the relative effectiveness of different countermeasures can be assessed .^[9]

Comparison with other IA risk methods

DBSy differs from other IT risk management methods in that its primary focus is on people, the business drivers of an organisation and the way the business works, rather than on technical security measures. The analyst is required to systematically define the groups of people that pose a threat and the ways they might cause harm, providing a rigorous, business-oriented framework for the concepts of threat and vulnerability. The aim is to understand and analyse information security risks faced by an organisation, especially where the risks appear to conflict with needs for business efficiency across the organisation or in dealings with customers and business partners.

Related Research Articles

Risk management is the identification, evaluation, and prioritization of risks followed by coordinated and economical application of resources to minimize, monitor, and control the probability or impact of unfortunate events or to maximize the realization of opportunities.

Defence Intelligence (DI) is an organisation within the United Kingdom intelligence community which focuses on gathering and analysing military intelligence. It differs from the UK's intelligence agencies in that it is an integral part of a government department – the Ministry of Defence (MoD) – rather than a stand-alone organisation. The organisation employs a mixture of civilian and military staff and is funded within the UK's defence budget. The organisation was formerly known as the Defence Intelligence Staff (DIS), but changed its name in 2009.

In the U.S., critical infrastructure protection (CIP) is a concept that relates to the preparedness and response to serious incidents that involve the critical infrastructure of a region or the nation. The American Presidential directive PDD-63 of May 1998 set up a national program of "Critical Infrastructure Protection". In 2014 the NIST Cybersecurity Framework was published after further presidential directives.

The British Ministry of Defence Architecture Framework (MODAF) was an architecture framework which defined a standardised way of conducting enterprise architecture, originally developed by the UK Ministry of Defence. It has since been replaced with the NATO Architecture Framework.

Threat modeling is a process by which potential threats, such as structural vulnerabilities or the absence of appropriate safeguards, can be identified and enumerated, and countermeasures prioritized. The purpose of threat modeling is to provide defenders with a systematic analysis of what controls or defenses need to be included, given the nature of the system, the probable attacker's profile, the most likely attack vectors, and the assets most desired by an attacker. Threat modeling answers questions like “Where am I most vulnerable to attack?”, “What are the most relevant threats?”, and “What do I need to do to safeguard against these threats?”.

The IDEAS Group is the International Defence Enterprise Architecture Specification for exchange Group. The deliverable of the project is a data exchange format for military Enterprise Architectures. The scope is four nation and covers MODAF (UK), DoDAF (US), DNDAF (Canada) and the Australian Defence Architecture Framework (AUSDAF). The initial scope for exchange is the architectural data required to support coalition operations planning, including:

Information assurance (IA) is the practice of assuring information and managing risks related to the use, processing, storage, and transmission of information. Information assurance includes protection of the integrity, availability, authenticity, non-repudiation and confidentiality of user data. IA encompasses both digital protections and physical techniques. These methods apply to data in transit, both physical and electronic forms, as well as data at rest. IA is best thought of as a superset of information security, and as the business outcome of information risk management.

Governance, risk management and compliance (GRC) is the term covering an organization's approach across these three practices: governance, risk management, and compliance.

Information security management (ISM) defines and manages controls that an organization needs to implement to ensure that it is sensibly protecting the confidentiality, availability, and integrity of assets from threats and vulnerabilities. The core of ISM includes information risk management, a process that involves the assessment of the risks an organization must deal with in the management and protection of assets, as well as the dissemination of the risks to all appropriate stakeholders. This requires proper asset identification and valuation steps, including evaluating the value of confidentiality, integrity, availability, and replacement of assets. As part of information security management, an organization may implement an information security management system and other best practices found in the ISO/IEC 27001, ISO/IEC 27002, and ISO/IEC 27035 standards on information security.

ISO/IEC 27005 "Information technology — Security techniques — Information security risk management" is an international standard published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) providing good practice guidance on managing risks to information. It is a core part of the ISO/IEC 27000-series of standards, commonly known as ISO27k.

Information technology risk, IT risk, IT-related risk, or cyber risk is any risk relating to information technology. While information has long been appreciated as a valuable and important asset, the rise of the knowledge economy and the Digital Revolution has led to organizations becoming increasingly dependent on information, information processing and especially IT. Various events or incidents that compromise IT in some way can therefore cause adverse impacts on the organization's business processes or mission, ranging from inconsequential to catastrophic in scale.

Proactive cyber defence, means acting in anticipation to oppose an attack through cyber and cognitive domains. Proactive cyber defence can be understood as options between offensive and defensive measures. It includes interdicting, disrupting or deterring an attack or a threat's preparation to attack, either pre-emptively or in self-defence.

<span class="mw-page-title-main">Advanced persistent threat</span> Set of stealthy and continuous computer hacking processes

An advanced persistent threat (APT) is a stealthy threat actor, typically a state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period. In recent times, the term may also refer to non-state-sponsored groups conducting large-scale targeted intrusions for specific goals.

In computer security, a threat is a potential negative action or event facilitated by a vulnerability that results in an unwanted impact to a computer system or application.

An information security operations center is a facility where enterprise information systems are monitored, assessed, and defended.

HMG Information Assurance Standard No.1, usually abbreviated to IS1, was a security standard applied to government computer systems in the UK.

IT risk management is the application of risk management methods to information technology in order to manage IT risk, i.e.:

IASME Governance is an Information Assurance standard that is designed to be simple and affordable to help improve the cyber security of Small and medium-sized enterprises (SMEs).

The cyber security community in the United Kingdom is diverse, with many stakeholders groups contributing to support the UK Cyber Security Strategy. The following is a list of some of these stakeholders.

The Government Security Classifications Policy (GSCP) is a system for classifying sensitive government data in the United Kingdom.

References

↑ HMG IA Standard No. 1 "Technical Risk Assessment", Issue 3.51, October 2009, "Archived copy" (PDF). Archived from the original (PDF) on 26 May 2012. Retrieved 15 August 2014.{{cite web}}: CS1 maint: archived copy as title (link) accessed 15 August 2014
↑ Pomeroy, B.; Wiseman, S. (1998). "Private desktops and shared store". Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217). pp. 190–200. doi:10.1109/CSAC.1998.738618. ISBN 0-8186-8789-4. S2CID 43062314.
↑ Macdonald, Ruaridh (September 1997). "Purple Penelope and UK MOD's Emerging Strategy for Information Security" (PDF). Archived from the original (PDF) on 20 October 2014.
↑ Goh, Chiew Pheng (30 November 2003). A Security Model for a Defence-Related Organization (PDF) (Thesis).
↑ Robinson, Clare; Hughes, Kay (September 2002). "What are security citeseerxs for? Objectives of MOD's Accreditation Documents". CiteSeerX 10.1.1.195.186 .
↑ Hayat Z, Reeve J, Boutle C, "Domain Based Security: Improving Practices” Southampton University, sponsored by BAe Systems, 2005 http://www.hpl.hp.com/techreports/2005/HPL-2005-141.pdf Accessed 26 August 2014
↑ Monahon B et al., "DBSy in a Commercial Services Context” HP Laboratories Bristol, HPL-2005-141, 4 August 2005 http://www.hpl.hp.com/techreports/2005/HPL-2005-141.pdf Accessed 26 August 2014
↑ Ashenden D, Warrener K, "Understanding Risk Dependencies in Information Systems", Proceedings of the 4th Australian Information Warfare and IT Security Conference, Adelaide, Nov 2003.
↑ Hughes K, Wiseman S, "Analysis of Information Security Risks: Policy for Protection through to Implementation", Proceedings of the 4th European Conference on Information Warfare and Security, Academic Conferences Ltd. ISBN 1-905305-02-8, July 2005.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] HMG IA Standard No. 1 "Technical Risk Assessment", Issue 3.51, October 2009, "Archived copy" (PDF). Archived from the original (PDF) on 26 May 2012. Retrieved 15 August 2014.{{cite web}}: CS1 maint: archived copy as title (link) accessed 15 August 2014

[2] Pomeroy, B.; Wiseman, S. (1998). "Private desktops and shared store". Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217). pp. 190–200. doi:10.1109/CSAC.1998.738618. ISBN 0-8186-8789-4. S2CID 43062314.

[3] Macdonald, Ruaridh (September 1997). "Purple Penelope and UK MOD's Emerging Strategy for Information Security" (PDF). Archived from the original (PDF) on 20 October 2014.

[4] Goh, Chiew Pheng (30 November 2003). A Security Model for a Defence-Related Organization (PDF) (Thesis).

[5] Robinson, Clare; Hughes, Kay (September 2002). "What are security citeseerxs for? Objectives of MOD's Accreditation Documents". CiteSeerX 10.1.1.195.186 .

[6] Hayat Z, Reeve J, Boutle C, "Domain Based Security: Improving Practices” Southampton University, sponsored by BAe Systems, 2005 http://www.hpl.hp.com/techreports/2005/HPL-2005-141.pdf Accessed 26 August 2014

[7] Monahon B et al., "DBSy in a Commercial Services Context” HP Laboratories Bristol, HPL-2005-141, 4 August 2005 http://www.hpl.hp.com/techreports/2005/HPL-2005-141.pdf Accessed 26 August 2014

[8] Ashenden D, Warrener K, "Understanding Risk Dependencies in Information Systems", Proceedings of the 4th Australian Information Warfare and IT Security Conference, Adelaide, Nov 2003.

[9] Hughes K, Wiseman S, "Analysis of Information Security Risks: Policy for Protection through to Implementation", Proceedings of the 4th European Conference on Information Warfare and Security, Academic Conferences Ltd. ISBN 1-905305-02-8, July 2005.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]