CHAPTER 4 The Basic Information Security Model

Who is in charge of the security of the Internet? How do I know?

– Cuckoo's Egg


This chapter introduces the basic framework used to implement information security. This framework consists of four elements – assets, vulnerabilities, threats, and controls. We define each of these terms, provide examples for each, and describe how they are related to each other. At the end of this chapter, you should know:

  • The elements of the basic information security model
  • The relationships between the elements of the basic information security model
  • The common classification of information security controls


The previous chapters have highlighted the importance of information security. In most organizations, system administrators take on the bulk of the responsibilities of maintaining information security. In anticipation of your continued interest in information security, these chapters have therefore also introduced you to the basic tasks performed by system administrators and the skills required to complete these tasks. In subsequent chapters, you will continue to build on these technical skills.

Information security is a very wide subject area because most information security incidents exploit some new weakness in an organization. Maintaining information security therefore requires attention to almost every aspect of the organization. To provide structure to these efforts, it is useful to organize all the activities associated ...

Get Information Security and IT Risk Management now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.