ABSTRACT
One of the key attributes of the McCumber Cube approach is the requirement to extrapolate and analyze information flow characteristics. The concept of information flow is a unique aspect of this methodology and is superior to a technology-based approach. In technology-based methodologies, security safeguards are applied to specific IT products, media, or subsystems. In other words, safeguards are defined by the current capabilities and vulnerabilities of the particular technology products and protocols employed in the network infrastructure. This means that every time a system component is replaced, upgraded, or modified, the security attributes of the system need to be completely reassessed and in many cases, adapted to the new technology. Although the McCumber Cube methodology will not preclude the necessity for adapting technical controls to changes in technology, it ensures consistency of security policy and safeguards enforcement requirements.
