What security model would be used for a company like paypal?
I have read about Bell La Padula, Biba and Brewer Nash I cannot really see which of these would be applicable to a system which deals with financial transactions.
Another thing I am struggling to get my head around is how deep the security model goes, does it cover things like physical access to buildings and data centres and vetting of staff or is it primarily concerned with access to files on an operating system?
At what point is a security model discussed, I have worked at start ups and for the health service and in the energy sector and whilst I am only working as a developer I had never heard of any of these models, for example at what point does a company like paypal, going from start up to multi national start to consider these things?
Any help would be much appreciated as I am totally new to the subject of security models.