Principles of Security
May 18, 2025CIA Triad
- Confidentiality: the data is altered by authorized people only
- Integrity: the data isn’t altered
- Availability: the data is available
Principles of Privileges
The level of access is divided into to factors
- The individual’s role/function within the organisation
- the sensitivity of the information being stored on the system
Privileged Identity Management PIM : translate a user’s role within an organisation into an access role on a system
Privileged Access Management PAM: the management of the privileges a system’s access role has, amongst other things
The Bell-La Padula Model
| Advantages | Disadvantages |
| Policies in this model can be replicated to real-life organisations hierarchies (and vice versa) | Even though a user may not have access to an object, they will know about its existence – so it’s not confidential in that aspect. |
| Simple to implement and understand, and has been proven to be successful. | The model relies on a large amount of trust within the organisation. |
members must go through vetting process
Biba Model
| Advantages | Disadvantages |
| This model is simple to implement. | There will be many levels of access and objects. Things can be easily overlooked when applying security controls. |
| Resolves the limitations of the Bell-La Padula model by addressing both confidentiality and data integrity. | Often results in delays within a business. For example, a doctor would not be able to read the notes made by a nurse in a hospital with this model. |