Theoretical Background:

Bell-La Padula (BLP) model is a model of computer security that focuses on mandatory and discretionary access control. It was spelled out in an influential paper by David E Bell and Leonard J. La Padula.

The relevant paper was published in 1976 - in the days of the proto-Internet. The security model therefore focused on confidentiality - keeping different users on different terminals on a mainframe from accessing each other's files. In addition, as the funding for their research (and much computer security research throughout history) came from the military, they conformed to the Top Secret/Secret/Classified/Unclassified hierarchy.

The goal of BLP, therefore, was to keep secret data secret, and share secret data when it was allowed to be shared.

Multilevel security or multiple levels of security (MLS) is the application of a computer system to process information with incompatible classifications (i.e., at different security levels), permit access by users with different security clearances and needs-to-know, and prevent users from obtaining access to information for which they lack authorization. There are two contexts for the use of multilevel security. One is to refer to a system that is adequate to protect itself from subversion and has robust mechanisms to separate information domains, that is, trustworthy. Another context is to refer to an application of a computer that will require the computer to be strong enough to protect itself from subversion and possess adequate mechanisms to separate information domains, that is, a system we must trust. This distinction is important because systems that need to be trusted are not necessarily trustworthy.

System architecture or systems architecture is the conceptual model that defines the structure, behavior, and more views of a system. An architecture description is a formal description and representation of a system, organized in a way that supports reasoning about the structures and behaviors of the system.

Task: Security Architecture and Model Analysis

1) Document and present your organizations Business and Enterprise Architecture.

Note: Your document should provide an insight into your business vision and mission supported by the Enterprise Architecture (IT)

2) Conduct an assessment and highlight the security architecture that has been implemented in your organization

Note: In this task you must show the Security Controls have been applied basis on the threats your organization is exposed to. Example: Layering of Firewall, IDS, IPS, Anti-Virus, and Security Models for critical information etc.