Security Models

The security models define and enforce security policies to protect information, systems, and networks. They outline how information should be controlled, accessed, and protected based on the specific security requirements of an organization or system.

CIA Triad

It is a fundamental model in cybersecurity that represents the three core principles of information security: Confidentiality, Integrity, and Availability. These principles serve as the foundation for developing security policies, practices, and strategies to protect sensitive information and systems.

  • Confidentiality: Protection of data from unauthorized access and misuse

  • Integrity: Information is kept accurate and consistent unless authorized changes are made

  • Availability: Data must be available and accessible by the user to be useful

MAC Cumber Cube

Establish and evaluate information security initiatives by considering all of the related factors that impact them based on how Mandatory Access Control (MAC) policies can be applied in information security.

  • Critical information characteristics:

    • CIA Triad Elements: Fundamental principles for protecting information.

  • Information states:

    • Processing: The data that is used to operate on a system

    • Storage: Data that is stored in memory or on a permanent storage device

    • Transmission: Data traveling between information systems

  • Security measures:

    • Awareness, training, and education: Measures to ensure that users are knowledgeable about potential security threats and the actions to protect systems

    • Technology: Software and hardware-based solutions designed to protect information systems

    • Policy and procedure: Administrative controls that provide a base for how an organization implements information assurance

SFU Triangle

Define the level of security implemented in a system, emphasizing the balance between critical aspects of security systems: Security, Functionality, and Usability, and how improving one aspect may negatively impact the others.

  • Security: Establish the restrictions and protection of systems, networks, and data from unauthorized access, attacks, and breaches

  • Functionality: The capability of a system or application to perform its intended tasks and meet user needs

  • Usability: The ease with which users can interact with a system or application, including how intuitive and user-friendly the interface is

Last updated