- Perception: Perception defenses include
obscurity, profiles of facilities and systems, appearances, and
deception methods and are the part of technical protection that
directly contacts the attack and their agents. [Drill-Down]
- Structure: Structural defenses are predominantly separation mechanisms intended to
implement access control policies, provide functional units with their
functions, and implement the separation associated with change controls.
They include mandatory and discretionary access controls and different
resulting communications structures such as partially ordered sets,
diodes, firewalls, and other similar barriers.
- Content: Content controls include
separation mechanisms (high surety) transforms (medium
surety) and filters (low surety). They analyze location, markings, syntax, and
situation to determine what information should be transformed or allowed
- Behavior: Behavioral mechanisms tend to be low surety but some can be higher surety. They involve looking for and limiting changes, effects of time, fail safe modes, fault tolerant computing, intrusion and anomaly detection and response systems, and human behavioral traits and patterns. This includes separation of duties, least privilege, and other similar limitations as well.
The overall utility of protection mechanisms is that they interact directly with the content and facilitate it proper use for business while limiting its improper use. They assure business utility and mitigate against attempts to reduce this utility or misuse it for nefarious purposes.
For more details and in-depth coverage of these issues, buy the Governance Guidebook.
This was first published in January 2006