Compartmentalization (information security)

From Wikipedia, the free encyclopedia
Jump to: navigation, search

In matters concerning information security, whether public or private sector, compartmentalization is the limiting of access to information to persons or other entities who need to know it in order to perform certain tasks.

The concept originated in the handling of classified information in military and intelligence applications.

The basis for compartmentalization was the idea that, if fewer people know the details of a mission or task, the risk or likelihood that such information could be compromised or fall into the hands of the opposition is decreased. Hence, varying levels of clearance within organizations exist. Yet, even if someone has the highest clearance, certain "compartmentalized" information, identified by codewords referring to particular types of secret information, may still be restricted to certain operators, even with a lower overall security clearance. Information marked this way is said to be codeword–classified. One famous example of this was the Ultra secret, where documents were marked "Top Secret Ultra": "Top Secret" marked its security level, and the "Ultra" keyword further restricted its readership to only those cleared to read "Ultra" documents.[1]

Compartmentalization is now also used in commercial security engineering as a technique to protect information such as medical records.

Example[edit]

An example of compartmentalization was the Manhattan Project. Dr. J. Robert Oppenheimer, lead physicist, knew how to construct an atomic weapon. He did not know how to weaponize it or deploy it. Major General Leslie Groves did not know how to construct the bomb, but he became an expert on weaponizing and deploying it. Personnel at Oak Ridge constructed and operated centrifuges to isolate Uranium-235 from naturally occurring uranium. Most did not know what, exactly, they were doing. Those that did know, did not know why they were doing it. Parts of the weapon were separately designed by teams who did not know how the parts interacted.

See also[edit]

References[edit]