Compartmentalization (intelligence)
Encyclopedia
In matters concerning information security
, whether public or private sector, compartmentalization is the limiting of access to information to persons or other entities who have a need to know
it in order to perform certain tasks.
The concept originated in the handling of classified information
in military
and intelligence
applications.
The basis for compartmentalization was the idea that, if fewer people know the details of a mission or task, the risk or likelihood that such information could be compromised or fall into the hands of the opposition is decreased. Hence, varying levels of clearance within organizations exist. Yet, even if someone has the highest clearance, certain "compartmentalized" information, identified by codeword
s referring to particular types of secret information, may still be restricted to certain operators, even with a lower overall security clearance. Information marked this way is said to be codeword–classified. One famous example of this was the Ultra secret, where documents were marked "Top Secret Ultra": "Top Secret" marked its security level, and the "Ultra" keyword further restricted its readership to only those cleared to read "Ultra" documents.
Compartmentalization is now also used in commercial security engineering
as a technique to protect information such as medical record
s.
Information security
Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction....
, whether public or private sector, compartmentalization is the limiting of access to information to persons or other entities who have a need to know
Need to know
The term "need to know", when used by government and other organizations , describes the restriction of data which is considered very sensitive...
it in order to perform certain tasks.
The concept originated in the handling of classified information
Classified information
Classified information is sensitive information to which access is restricted by law or regulation to particular groups of persons. A formal security clearance is required to handle classified documents or access classified data. The clearance process requires a satisfactory background investigation...
in military
Military
A military is an organization authorized by its greater society to use lethal force, usually including use of weapons, in defending its country by combating actual or perceived threats. The military may have additional functions of use to its greater society, such as advancing a political agenda e.g...
and intelligence
Intelligence (information gathering)
Intelligence assessment is the development of forecasts of behaviour or recommended courses of action to the leadership of an organization, based on a wide range of available information sources both overt and covert. Assessments are developed in response to requirements declared by the leadership...
applications.
The basis for compartmentalization was the idea that, if fewer people know the details of a mission or task, the risk or likelihood that such information could be compromised or fall into the hands of the opposition is decreased. Hence, varying levels of clearance within organizations exist. Yet, even if someone has the highest clearance, certain "compartmentalized" information, identified by codeword
Code name
A code name or cryptonym is a word or name used clandestinely to refer to another name or word. Code names are often used for military purposes, or in espionage...
s referring to particular types of secret information, may still be restricted to certain operators, even with a lower overall security clearance. Information marked this way is said to be codeword–classified. One famous example of this was the Ultra secret, where documents were marked "Top Secret Ultra": "Top Secret" marked its security level, and the "Ultra" keyword further restricted its readership to only those cleared to read "Ultra" documents.
Compartmentalization is now also used in commercial security engineering
Security engineering
Security engineering is a specialized field of engineering that focuses on the security aspects in the design of systems that need to be able to deal robustly with possible sources of disruption, ranging from natural disasters to malicious acts...
as a technique to protect information such as medical record
Medical record
The terms medical record, health record, and medical chart are used somewhat interchangeably to describe the systematic documentation of a single patient's medical history and care across time within one particular health care provider's jurisdiction....
s.
See also
- Classified informationClassified informationClassified information is sensitive information to which access is restricted by law or regulation to particular groups of persons. A formal security clearance is required to handle classified documents or access classified data. The clearance process requires a satisfactory background investigation...
- Information sensitivityInformation sensitivityInformation sensitivity is the control of access to information or knowledge that might result in loss of an advantage or level of security if disclosed to others who might have low or unknown trustability or undesirable intentions....
- Multilateral security model
- Principle of least privilegePrinciple of least privilegeIn information security, computer science, and other fields, the principle of least privilege, also known as the principle of minimal privilege or just least privilege, requires that in a particular abstraction layer of a computing environment, every module must be able to access only the...
- Read intoRead intoThe process of being read into a compartmented program generally entails being approved for access to particularly sensitive and restricted information about a classified program, receiving a briefing about the program, and formally acknowledging the...
- Sensitive Compartmented InformationSensitive Compartmented InformationSensitive compartmented information is a type of United States classified information concerning or derived from sensitive intelligence sources, methods, or analytical processes. All SCI must be handled within formal access control systems established by the Director of National Intelligence...
- Translucent database