CISSP – Need to know, least privilege and objects/subjects.

  • Least Privilege and Need to know.
    • Least Privilege – (Minimum Necessary Access) Give users/systems exactly the access they need, no more, no less.
    • Need to know – Even if you have access, if you do not need to know, then you should not access the data.
  • Non-repudiation.
    • A user can not deny having performed a certain action. This uses both Authentication and Integrity.
  • Subject and Object.
    • Subject – (Active) Most often users, but can also be programs – Subject manipulates Object.
    • Object – (Passive) Any passive data (both physical paper and data) – Object is manipulated by Subject.
    • Some can be both at different times, an active program is a subject; when closed, the data in program can be object.

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

You may also like

Leave a Reply