Get the LinuxSecurity news you want faster with RSS
Powered By
Security Dictionary
Can't tell 'smtp' from 'snmp'? Find the precise meaning of these and hundreds of other security-related terms in our convenient and up-to-date Security Dictionary.
security policy
(I) A set of rules and practices that specify or regulate how a
system or organization provides security services to protect
sensitive and critical system resources. (See: identity-based
security policy, rule-based security policy, security
architecture, security mechanism, security model.)
(O) "The set of rules laid down by the security authority
governing the use and provision of security services and
facilities." [X509]
(C) Ravi Sandhu notes that security policy is one of four layers
of the security engineering process (as shown in the following
diagram). Each layer provides a different view of security,
ranging from what services are needed to how services are
implemented.
What Security Services Should Be Provided?
^
| + - - - - - - - - - - - +
| | Security Policy |
| + - - - - - - - - - - - + + - - - - - - - - - - - - - - +
| | Security Model | | A "top-level specification" |
| + - - - - - - - - - - - + <- | is at a level below "model" |
| | Security Architecture | | but above "architecture". |
| + - - - - - - - - - - - + + - - - - - - - - - - - - - - +
| | Security Mechanism |
| + - - - - - - - - - - - +
v
How Are Security Services Implemented?
