CSSLP Certification All-in-One Exam Guide, Second Edition, 2nd Edition

CHAPTER 5 Policy Decomposition

In this chapter, you will

• Learn how policy can be decomposed into security requirements

• Examine the specifics of confidentiality, integrity, and availability requirements

• Explore authentication, authorization, and auditing requirements

• Explore the connection between audit and security requirements

Policy decomposition involves the mapping of high-level policy statements into lower-level policies, a process that can be repeated until the policies are implementable. Policy is a term that can have several meanings, depending upon the context of its use. The National Institute of Standards and Technology (NIST) categorizes computer security policies into three types: program policies, issue-specific ...

Get CSSLP Certification All-in-One Exam Guide, Second Edition, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

CSSLP Certification All-in-One Exam Guide, Second Edition, 2nd Edition by Wm. Arthur Conklin, Daniel Paul Shoemaker

CHAPTER 5

Policy Decomposition

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly