Back to Security Architecture Models

Brewer-Nash Model

5 minutes 5 Questions

The Brewer-Nash Model, also known as the 'Cinderella' or 'Cinderella-Time' Model, focuses on data confidentiality while maintaining a balance between data availability and temporal access restrictions. Developed by Roger Brewer and Michael Nash in the early 1980s, it is primarily designed for commercial applications. The model prevents potential conflicts of interest by limiting the length of time a user has access to certain information. Once granted access, the user can only access the data for a limited period, preventing prolonged exposure to sensitive data. It's suitable in situations where timely and temporary access to information is crucial.

Guide to the Brewer-Nash Model

What is the Brewer-Nash Model?
The Brewer-Nash model, also known as the 'cinderella' model, is a security architecture model utilized to maintain data privacy in databases. It is often used in scenarios where sensitive information, like financial or personal data, should be hidden from unauthorized users.

Why is it important?
The significance of the Brewer-Nash model lies in its effectiveness to prevent misuse or abuse of sensitive data. It applies strict limitations on user's data access to avoid potential data leaks.

How does it work?
The Brewer-Nash model works on a dynamic data masking principle. Users can only access the information if they have not observed certain other data subsets that could potentially allow them to infer sensitive information. It consequently restricts users from viewing sensitive data that they are not authorized to see.

Exam Tips: Answering Questions on Brewer-Nash Model
For taking exams covering the Brewer-Nash model, keep the following points in mind:
1. Remember the main purpose of the Brewer-Nash model: to prevent indirect data inference for unauthorized viewers.
2. In case of any scenario-based question, focus on identifying data subsets that could potentially lead to a significant data leak.
3. Be familiar with how containment and complier directives are applied in Brewer-Nash.
4. Understand how conflict of interest can be resolved using the Brewer-Nash model.

Test mode:
Start practice test
CISSP - Security Architecture Models Example Questions

Test your knowledge of Amazon Simple Storage Service (S3)

Question 1

A financial company implements the Brewer-Nash Model for customer data privacy. A loan officer is reviewing the credit report of a client for a mortgage application. Which action violates the Brewer-Nash Model?

Correct Answer: Accessing the client's investment portfolio for the past year

The Brewer-Nash Model aims to protect data privacy by preventing unauthorized access to information. In this scenario, accessing the client's investment portfolio for the past year is not essential for reviewing the mortgage application and therefore, violates the Brewer-Nash Model.

Question 2

You are the CISO of a leading online retail company implementing the Brewer-Nash Model to protect customer data. Which additional protocol should you include to comply with the Brewer-Nash Model?

Correct Answer: Strict access controls on employee access to customer credit card information

The Brewer-Nash Model promotes data privacy using cinderella access control technique to enforce restrictions on sensitive information. Implementing strict access controls on employee access to customer credit card information complies with the Brewer-Nash Model.

Question 3

Which aspect of the Brewer-Nash Model is primarily responsible for managing information flow between different organizational units?

Correct Answer: Chinese Walls

The correct answer is 'Chinese Walls.'

In the Brewer-Nash Model, also known as the Chinese Wall Model, Chinese Walls are the primary mechanism for managing information flow between different organizational units. This model is specifically designed to prevent conflicts of interest in organizations by creating logical barriers between different departments or units.

Chinese Walls are conceptual barriers that restrict the flow of information between different parts of an organization. They are particularly important in financial institutions, consulting firms, and other organizations where maintaining confidentiality and preventing conflicts of interest is crucial.

The other options are incorrect:

'Data Sanitization Protocols' are important for data protection but are not specifically related to managing information flow between organizational units in the Brewer-Nash Model.

'Conflict Resolution Mechanisms' may be used to address conflicts after they occur, but they are not the primary method for preventing information flow between units in this model.

'Dynamic Access Control Lists' are a general security mechanism for controlling access to resources, but they are not specific to the Brewer-Nash Model or primarily responsible for managing information flow between organizational units.

The Chinese Wall concept is fundamental to the Brewer-Nash Model and is the key element in preventing unauthorized information flow between different parts of an organization, making it the best answer to this question.

Go Premium

CISSP Preparation Package (2024)

  • 4537 Superior-grade CISSP practice questions.
  • Accelerated Mastery: Deep dive into critical topics to fast-track your mastery.
  • Unlock Effortless CISSP preparation: 5 full exams.
  • 100% Satisfaction Guaranteed: Full refund with no questions if unsatisfied.
  • Bonus: If you upgrade now you get upgraded access to all courses
  • Risk-Free Decision: Start with a 7-day free trial - get premium features at no cost!
More Brewer-Nash Model questions
9 questions (total)
Start 9 question test