O'Reilly logo

CISSP For Dummies, 4th Edition by Peter Gregory, Lawrence Miller

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Security Models

Security models help us to understand the sometimes-complex security mechanisms in information systems. Security models illustrate simple concepts that we can use when analyzing an existing system or designing a new one.

In this section we describe the time-honored concepts of confidentiality, integrity, and availability (known together as CIA, or the CIA Triad), and access control models.

Confidentiality

Confidentiality refers to the concept that information and functions should be accessed only by authorized subjects. This is usually accomplished through several means, including

check.png Access and authorization: Ranging from physical access to facilities containing computers, to user account access and role-based access controls, the objective here is to make sure that only those persons with proper business authorization are permitted to access information.

check.png Vulnerability management: This includes everything from system hardening to patch management and the elimination of vulnerabilities from web applications. What we’re trying to avoid here is any possibility that someone can attack the system and get to the data.

check.png Sound system design: The overall design of the system excludes ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required