Secrecy, Integrity, and Availability

Confidentiality, Reliability, and Accessibility

Privacy, Security, and Performance

Protection, Efficiency, and Usability

A software program that detects malicious activity.

A profile of potential attackers, their capabilities, goals, and likely attack methods.

A set of guidelines for secure network configuration.

A historical record of past cyberattacks.

What you know

What you have

What you are

What you see

It involves tricking users into revealing sensitive information.

It attempts to guess a secret (like a PIN or password) by trying every possible combination.

It disrupts services by overwhelming a system with traffic.

It exploits software vulnerabilities to gain unauthorized access.

It is always more expensive to implement.

It is deterministic, meaning it always gives the same result.

It cannot be easily reset if compromised.

It requires constant internet connectivity to function.

Users can read up but not write down.

Users cannot read up or write down.

Users can write down but not read up.

Users can read and write at any security level.

To maximize the amount of operating system software.

To create a system that is impossible to compromise.

To provide a minimal set of operating system software that is close to provably secure.

To allow all users unrestricted access to system resources.

Authentication

Access Control

Isolation

Encryption