This lesson covers security models and access control models. A security model dictates how a system will explore security policy. Three common security models covered in this unit include: • Bell-LaPadula: designed for US Government Systems that protect state secrets; it is designed to protect CONFIDENTIALITY. • Biba: designed to protect the INTEGRITY of the knowledge base. • Clark-Wilson: Don't allow untrusted users to directly access your trusted resource of they'll break them. Instead, form them to access resources through a trusted interface. Access Control models covered in this unit are: • Discretionary access control (DAC): security of an object is at the owner's discretion. • Mandatory Access control (MAC): More secure than DAC as data owners cannot grant access • Role based access control (RBAC): The owner of an object does not control access. Each role has a set of fights and permission which cannot be changed unless a security administrator is involved.
ISC2 Certified Secure Software Life-cycle Professional (CSSLP)
This course helps professionals in the industry build their credentials to advance within their organization, allowing them to learn valuable managerial skills as well as how to apply the best practices to keep organizations systems running well.