NSTISSC SECURITY MODEL
‘National Security Telecommunications & Information systems security committee’ document.
It is now called the National Training Standard for Information security professionals.
The NSTISSC Security Model provides a more detailed perspective on security.
While the NSTISSC model covers the three dimensions of information security, it omits discussion of detailed guidelines and policies that direct the implementation of controls.
Another weakness of using this model with too limited an approach is to view it from a single perspective.
ü The 3 dimensions of each axis become a 3x3x3 cube with 27 cells representing areas that must be addressed to secure today’s Information systems.
ü To ensure system security, each of the 27 cells must be properly addressed during the security process.
ü For example, the intersection between technology, Integrity & storage areas requires a control or safeguard that addresses the need to use technology to protect the Integrity of information while in storage.
Understanding the technical aspects of information security requires that you know the definitions of certain information technology terms and concepts. In general, security is defined as “the quality or state of being secure—to be free from danger.”
Security is often achieved by means of several strategies usually undertaken simultaneously or used in combination with one another.