
5
Policy Decomposition
In this chapter, you will
• Learn how policy can be decomposed into security requirements
• Examine the specifics of confidentiality, integrity, and availability requirements
• Explore authentication, authorization, and auditing requirements
• Explore the connection between audit and security requirements

Policy decomposition involves the mapping of high-level policy statements into lower-level policies, a process that can be repeated until the policies are implementable. Policy is a term that can have several meanings, ...
Get CSSLP Certification All-in-One Exam Guide now with the O’Reilly learning platform.
O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.