Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Security model. Confusion.

Status
Not open for further replies.

whostolemyhandle

IS-IT--Management
Aug 8, 2002
11
AU
If anyone has "All in One CISSP Certification exam guide, Shon Harris, Osborne ISBN 0-07-219353", can you explain the bizzare picture of a security model on p 70, Fig 3.5?

It is supposed to be a "layered" model where each layer supports the one above. Here it is, top,down.

{"assess business objectives"}
{"Vulnerability Assessment","Penetration testing"}
{"Quantitive and Qualatitive Risk Assessment","Risk Analysis","Define risks and threats"}
{"Protection requirements","Data classification","Functionality Evaluation"}
{"Legal liabilities","Security Awareness","System reliability","Policy and procedures"}
{"Cost effective solutions","Safeguards","Counter measures"}
{"Data integrity","Confidentiality","Security Assurance"}
{"Total Security"}

Noting too, the dubious oxymoronic term "total security", I don't see how the particular arrangement was chosen.

I do see that "Total Sucurity" is under "Data integrity","Confidentiality" & "Security Assurance", and that these three are the oft-quoted "CIA triad"
But as an example, try explaining the placement of "legal liabilities".

 
The triad is actually Confidentiality, Integrity, and Availability, IIRC. Will have to dig out the book and take a look at the model (I should be studying anyway).
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top