Virtual data room for business data sharing is subject to the implementation of the adopted security policy, implementing the corresponding security models through the algorithms of its work.
The Main Features of Virtual Data Room Implementation
By now, a large number of different electronic data rooms have been developed, all of them expressing several initial security policies. In this case, the criterion of security of access of subjects to objects is important, i.e. the rule for dividing information flows generated by the access of subjects to objects into safe and unsafe.
The electronic data room is safe if and only if the subjects do not have the ability to violate (bypass) the security policy established in the system. The subject of security policy enforcement is the security monitor. Its presence in the structure of the system is accordingly a necessary safety condition. As for the conditions of sufficiency, they are contained in the safety of the safety monitor itself.
For the implementation of the dataroom, management and control of access of subjects to objects, information, and an object containing it are required:
- In a protected data room system, there is a special category of active entities that do not initialize and are not controlled by system users – system processes (subjects) that are initially present in the system.
- An object associated with a security monitor containing information about the access control system is the most critical information resource in a protected information system from the point of view of security.
- In a data room system, there may be a trusted user (system administrator), whose subjects have access to the object associated with the security monitor – data for managing the access control policy.
Business Data Sharing with the Main Data Room Security Features
A data room is an object associated with a security monitor that contains information about the access control policy in a particular system. The structure of the matrix, its creation, and change are determined by specific models and specific software and hardware solutions of the systems in which they are implemented.
- In general, the activities of the security service at the enterprise can take one of the forms:
- It can be part of the structure of the organization and be financed at its expense.
An electronic data room, as a separate commercial organization that provides security and protection services, can provide both complex and separate services. It can fully ensure the organization of the security system or perform specific tasks: determine where eavesdropping devices are installed; accompany transit traffic; provide bodyguards and other services. This category includes private detectives and security agencies and some government organizations.
Using electronic document flow, the routine functioning of the position will not be affected: all the necessary roles can be performed remotely: create primary and summary documents, approve, reject, analyze data, track task statuses, and the like.
The first rule protects information processed by more trusted persons from access by less trusted persons. The second rule prevents information leakage (conscious or unconscious) from high-level participants in the information processing process to low-level ones. Thus, if in discretionary models, access control occurs by giving users the authority to perform certain operations on certain objects, then mandatory models control access implicitly – by assigning security levels to all entities of the system that define all allowed interactions between them. Therefore, mandatory access control does not distinguish between entities that are assigned the same security level.