Model Information Security Planning


Feb 22, 2014 (7 years and 5 months ago)


Model Information Security


Mohammed Ashfaq Ahmed

Adopt multilayered security

Follow defense
depth strategy


design from inside out
but tested from the outside in,

Information lies at core and most reliable
protection element lie close to it

Penetration of attackers occurs from
outside in

Seven layer security model…

It covers both the security of information as well as
the security of the information system

The layers of the model are

Information at the core

Cryptographic method layer

Verification and authentication layer

OS hardening layer

Information system architecture and design

Web services layer

The 8 ps of security layer

Benefits of this model..

vigorously protects information

Will slow down perpetrators as they
attempt any attack

Discourage attackers

Assist in identification of hackers

Low cost and effective

Information at the core..

Information reside at the core of the model

Why information at the core why not
information system


The information system is too vast and
cannot be narrowed sufficiently

Information has many properties like
disguise, protect, authenticate, test..

The most important and interesting quality of
information is changing state and still retaining
all of its semantic value

These factors allows us to effectively manage the


2. Cryptographic method layer..

It is the second layer and actually the
most important from a security
countermeasure point

It represents a formidable barrier that
coats and protects information

It uses the properties of information


Cryptography disguises information

Cryptographic methods are extremely
complex and require significant time
and cost to break

it provides an elegant linkage to the
authentication and verification layer

Cryptographic layers are many and

3.Authentication and verification layer..

It is closely related to cryptographic layer

It has two distinct parts

The inner authentication and verification
which pertains to the information
Ex. Digital signatures, code signing, etc.

The outer half which provides an
authentication and verification for the
information system

Ex. Password, access controls, etc

Authentication is the process of determining if
the information presented is real or fake

Authentication techniques usually take
advantage of any of the following four
factors to authenticate access to

Possession factor: something you have that
grant access to information

ex: smartcard, token etc.

Biometric factor: something that you are
that identifies you uniquely

ex: finger print, face print, DNA etc.

3. Knowledge factor: something you
know that is secret

Ex. Password, username etc.

4. Integrity factor: something that allows
the authentication routines to
authenticate your actions after you are
admitted access

Ex. Message authentication code( mac’s)

Authentication techniques can be used
either directly with information or as a
part of information system


is the one
one process of
matching the user by name against an
authentication template, maintained by
trusted third party and provide the
authentication status

My Question……?


The model is design from the inside out
and tested from outside in. It mean that
information is at the core to the model
ant the most reliable protection
elements of the plan are placed closest
to it. penetration by attackers occurs
from outside in, this concept is known
defense in depth