Security Model
Jump to navigation
Jump to search
A Security Model is a Model (Abstract) that can specify a security policy (for a computing system).
- Context:
- It can range from being a Network Security Model, to being a Data Security Model, to being a Application Security Model.
- It can range from being a Traditional Security Model (e.g., Perimeter-Based Security Model) to being a Modern Security Model (e.g., Zero Trust Security Model).
- It can be based on different security principles, such as Least Privilege Principle, Defense in Depth, or Separation of Duties.
- It can be used to guide the security architecture and security measures in an IT Environment.
- It can include security mechanisms, such as authentication, authorization, encryption, and intrusion detection.
- It can be applied in various computing platforms, such as Cloud Computing, Mobile Computing, and Edge Computing.
- It can be critical in ensuring Data Privacy, Data Integrity, Data Availability, and Compliance with Security Standards.
- It can be influenced by Regulatory Requirements and Industry Standards.
- …
- Example(s):
- A Human Security Model, ...
- A Zero Trust Security Model, which operates on the principle of never trust, always verify.
- A Bell-LaPadula Model, which is focused on maintaining the confidentiality of data.
- A Biba Integrity Model, which is designed to prevent data tampering and unauthorized file access.
- …
- Counter-Example(s):
- A Non-Security Model, such as a Business Process Model.
- A Physical Security Model, such as for building security.
- …
- See: Information Security, Security Policy, Risk Management, Access Control, Cybersecurity, Network Security.