Terminologies

Various Terminologies in Cyber security

  • Defence in Depth

    • Defence in Depth is the use of multiple layers of security to an organisation's system and data in the hopes that multiple layers will provide redundancy in an organisation's security perimeter.

  • PIM - Privilege Identity Management

    • PIM is the concept of creating a system access role, based on the user's role/respossibility within an organisation.

  • PAM - Privilege Access Management

    • PAM is the concept of managing the privileges a system access role had.

  • Vetting

    • Vetting is the screening process where the applicant's backgrounds are examined to establish the risk they pose to the organisation. Therefore, applicants who've gone through the vetting process successful, are presumed as trustworthy.

  • Bell-La Padula Model

    • The Bell-La Padula Model is a model that is used to achieve Confidentiality in the CIA triad.

    • This model works by granting access to the objects(data) in the organisation.

    • This model follows the rule 'no write down, no read up'.

    • This model is useful for Government and military organisations, where every members of the organisation are presumed to have already done with the vetting process.

    • So, the higher authorities know the data/read the data of the lower personnel.

  • Biba Model

    • It the equivalent of Bell-La Padula Model for the Integrity element in the CIA Triad.

    • This model works by granting access to the objects(data) and subjects(users), on the rule 'no write up, no read down'.

    • This means that in the organisation, one can read or write data only on his level and can read above his level.

    • If you were a software developer, your company may use this model for the integrity of the data.

  • Threat Modelling

    • Threat modelling is the process of reviewing, improving, and testing the security protocols in place in the organisation's information security infrastructure and services.

    • An effective threat model includes:

      • Threat Intelligence

      • Asset Identification

      • Mitigation Capabilities

      • Risk Assessment

  • STRIDE Framework

    • Spoofing identity, Tampering with data, Repudiation threats, Information disclosure, Denial of service, Elevation of privileges.

  • PASTA Framework

    • Process for Attack Similation and Threat Analysis.

PreviousTry Hack Me

Last updated