Secure Processing from the Desktop: A Policy for Using Personal Workstations to Process Restricted Company Information
Abstract
Corporate data communications networks are rapidly becoming major information exchange resources for the companies they serve. They can easily provide the underlying services needed to share unclassified, non sensitive technical and administrative information throughout an enterprise. Increasingly, however, there may be a need to exchange sensitive or critical information of various kinds. Inevitably this will lead to requirements for safeguards to protect confidentiality, to preserve integrity, and to ensure availability. During 1993, the Information Security Technical Center of The MITRE Corporation developed a policy in anticipation of such needs. The first step was to define the information and functional requirements. For this purpose, restricted MITRE information was chosen as the focus. This category of sensitive information includes privileged memos, performance evaluations, business plans, and salary data; in general, it encompasses executive, financial, and personnel data. The second step was to develop a security policy governing the processing of restricted information on the desktop - on personal workstations with corporate inter computer networking capability. Such a policy defines responsibilities of employees as well as technical requirements for automated processing in teh desktop environment. The third step, currently underway, is to evaluate commercial products that may meet the requirements of the policy. In developing the security policy, we kept in mind the goal of requiring the minimum additional software and hardware consistent with acceptable risk.
Document Details
- Document Type
- Technical Report
- Publication Date
- Feb 01, 1994
- Accession Number
- ADA277160
Entities
People
- James G. Williams
- Leonard J. Lapadula
Organizations
- MITRE Corporation