PRELIM Review - ITON

To align security controls with organizational risk tolerance

To develop a comprehensive threat management system

To establish effective controls for asset confidentiality

To ensure asset availability

Access Matrix Model

Bell-LaPadula Model

Clark & Wilson Model

Biba Model

Control, Information, Availability

Confidentiality, Information, Access

Control, Integrity, Access

Confidentiality, Integrity, Availability

Plan-Do-Check-Act model

Risk assessment

Incident response

Data encryption

To evaluate the effectiveness of security policies

To establish security roles and responsibilities

To categorize risks based on probability and impact

To monitor user behavior

Network Policy

Acceptance User Policy

User Account Policy

Remote Access Policy

Controlling access to sensitive data

Maintaining confidentiality

Ensuring data availability

Preventing unauthorized modifications

Increased complexity of management

Improved overall security

Increased hardware costs

Reduced visibility into threats

Creating multiple user accounts

Storing sensitive data in isolated blocks

Implementing strong passwords

Monitoring network traffic

Relies on judgment to categorize risks

Requires extensive historical data

Uses monetary values to measure risk

Focuses solely on financial impact