RMIT Classification: Trusted

Lecture 1
Introduction to
Cybersecurity

1
 RMIT Classification: Trusted

Session Objectives

After reading completing the week contents, you should be able to :

• Define cybersecurity, and its principles and design concepts
• Understand cybersecurity terminologies
• Discuss about assets, threats, vulnerabilities and controls

22
 RMIT Classification: Trusted

What is cybersecurity?

• Cybersecurity is the process of protecting information by

preventing, detecting, and responding to attacks.
• The protection of internet-connected systems, including hardware,
software and data, from cyberattacks.

33
 RMIT Classification: Trusted

What is cybersecurity? (cont)

• The objective of cybersecurity is to protect each of us from the

harm that can result from inadvertent or intentional misuse,
compromise, or destruction of information and information
systems.
• our economy,
• our critical infrastructure,
• and our country

44
 RMIT Classification: Trusted

Critical Infrastructure Sectors

55
 RMIT Classification: Trusted

Cybersecurity Principles: CIA

• Confidentiality: is the principle of protecting sensitive information

against disclosure to unauthorized entities.
• violation of confidentiality: capturing network traffic and stealing
password files, social engineering, port scanning, shoulder
surfing, eavesdropping, sniffing, …
• Integrity: is the principle of protecting information against improper
modification.
• Violations of integrity: viruses, logic bombs, unauthorized
access, errors in coding and applications, malicious
modification, intentional replacement, and system back doors.

66
 RMIT Classification: Trusted

Cybersecurity Principles: CIA (cont)

• Availability: is the assurance that the systems responsible for

delivering, storing and processing information are accessible when
needed, by those who need them.
• violation of availability: DoS attacks, object destruction, and
communication interruptions.

77
 RMIT Classification: Trusted

CIA goals, events leading breach and

Countermeasures
Goal Events leading to breaches Countermeasures
Confidentiality • Lack of authentication, encryption • encryption, strict access control, rigorous
• leaving open otherwise secured access points authentication procedures, data
• accessing malicious code that opens a back classification, and extensive personnel
door, training.

Integrity • accidentally deleting files; • strict access control, rigorous authentication

• entering invalid data; procedures, intrusion detection systems,
• Altering configurations, including errors in object/data encryption, hash total
commands, codes, and scripts; verifications
• introducing a virus;
• executing malicious code such as a Trojan
Availability • accidentally deleting files, • designing intermediary delivery systems
• overutilizing a hardware or software component, properly, using access controls effectively,
• under allocating resources, monitoring performance and network traffic,
• and mislabeling or incorrectly classifying using firewalls and routers to prevent DoS
objects. attacks, implementing redundancy for
critical systems, and maintaining and testing
backup systems.

88
 RMIT Classification: Trusted

IAAA

• Identification: a process of professing an identity

• Authentication: the mechanism of verifying the identity of a user to
prevent unauthorized access.
• Authorization:  the services which determines which resources are
accessed when and by who, and the associated operations.

99
 RMIT Classification: Trusted

IAAA (cont)

• Accounting keeps track of what users do, including what they

access, the amount of time they access resources, and any
changes made.

+
• Non-Repudiation - protection against denial by one of the parties
in a communication.

10
10
 RMIT Classification: Trusted

Security Design Concepts

• Least privilege: A principal should be given only those privileges

needed to accomplish its tasks. No more, no less.
• Open design: Success of mechanism should not depend on it
being secret.
 “No security through obscurity”
 Inevitably, the secret gets out
 Insiders will know the secret

11
11
 RMIT Classification: Trusted

Security Design Concepts (1)

• Open design: Success of mechanism should not depend on it

being secret.
 Increased assurance if many critics.
 Some form of secret is necessary. Make these secrets
replaceable data rather than the algorithm itself. eg:
cryptographic key
• Defense in depth - Implementation of security in layers It requires
that organization establish multiple layers of security controls
and safeguards.
12
12
 RMIT Classification: Trusted

Security Design Concepts:

Defense in depth

Physical Perimeter Network Host Application Data

Administrative Security Security
Security Security Security
Policies Authenticated Advanced The
Cameras Firewalls Application
Routing Malware Actual
Protection Robustness Data
Planning Protocols
IPS Testing and Traversin
Locks Best Practices g the
Control Plane Antivirus
Training Segmen- Network
Policing
tation Fuzzing
Network
VLANS,
Device
ect
Hardening

13
13
 RMIT Classification: Trusted

Security Design Concepts …

• Need to know – refers to an access authorization scheme in which

a subject’s right to access an object takes into consideration not
just a privilege level but also the relevance of the data involved in
the role the subject plays (or the job they perform). This indicates
that the subject requires access to the object to perform their job
properly or to fill some specific role.

14
14
 RMIT Classification: Trusted

Security Design Concepts (1)

• Separation of duties - builds on the principle of least privilege. It

requires the use of granular access permissions; that is, different
permissions for each type of privileged operation.
• Fail secure - will default to a secure state in the event of a failure,
blocking all access
• Economy of mechanisms - Sufficiently small and simple as to be
verified and implemented

15
15
 RMIT Classification: Trusted

Security Design Concepts (2)

• Complete Mediation - Every access to every object must be

checked and efficient.
• Least Common Mechanism - Minimize the amount of mechanism
common to more than one user and depended on by all users.
Every shared mechanism is a potential information path.
• Psychological Acceptability - User interface must be easy to use,
so that users routinely and automatically apply the mechanisms
correctly. Otherwise, they will be bypassed. Security mechanisms
should not add to difficulty of accessing resource.
16
16
 RMIT Classification: Trusted

Security Concepts …

17
17
 RMIT Classification: Trusted

The McCumber Cube/Cybersecurity

Sorcery Cube
• It is a security framework for managing, evaluating and protecting
systems and networks
• Three dimensions
 Security goals -for evaluating and protecting cybersecurity
 Information state -safeguarding of data in transit, at rest and in
process states
 Counter measures -the types of solutions or weapons
organizations use to protect cyber space

18
18
 RMIT Classification: Trusted

Information Security Vs Cybersecurity

https://www.sciencedirect.com/science/article/pii/S0167404813000801
19
19
 RMIT Classification: Trusted

Who are the attackers?

• Operator/user blunders.
• Hackers driven by intellectual challenge (or boredom).
• Insiders: employees or customers seeking revenge or gain
• Criminals seeking financial gain.
• Organized crime seeking gain or hiding criminal activities.
• Organized terrorist groups or nation states trying to influence
national policy.

20
20
 RMIT Classification: Trusted

Who are the attackers? (cont)

• Foreign agents seeking information for economic, political,

or military purposes.
• Tactical countermeasures intended to disrupt military
capability.
• Large organized terrorist groups or nation-states intent on
overthrowing government.

21
21
 RMIT Classification: Trusted

Terminologies

• Malware: Malicious software. It is a general term.

• Ransomware: A type of malware that tries to extract a ransom
payment in exchange for unblocking access to an asset that
belongs to the victim or in exchange for a promise not to release
the data captured by the ransomware.
• Spam: The abuse of electronic messaging systems to
indiscriminately send unsolicited bulk messages.

22
22
 RMIT Classification: Trusted

Terminologies (1)

• Backdoor (trapdoor): Any mechanisms that bypass a normal

security check; it may allow unauthorized access to functionality.
• Keyloggers: Software that captures keystrokes on a compromised
system.
• Zombie or bot: A program activated on an infected machine that
launches attacks on other machines.
• Spyware: Software that collects information from a computer and
transmits it to another system.

23
23
 RMIT Classification: Trusted

Terminologies (2)

• Adware: Advertising that is integrated into software. It results in

pop-up ads or redirection of a browser to a commercial site.
• Denial-of-service (DoS) attack: An attack that prevents authorized
access to resources or the delaying of time-critical operations.
• Distributed denial-of-service (DDoS) attack: A DoS technique
that uses numerous hosts to perform the attack.

24
24
 RMIT Classification: Trusted

Terminologies (3)

• DNS attacks: Attacks that encompass a variety of exploits that

subvert the functioning of the Domain Name System (DNS), which
provides a mapping between hostnames and IP addresses.

25
25
 RMIT Classification: Trusted

Terminologies (4)

• Hacker or cracker: An unauthorized user who attempts to or gains

access to an information system.
• White hat hacker - an ethical computer hacker, who specializes
in hack testing to in order to improve the security of these
systems.
• Black hat hacker - hackers violating computer or Internet
security maliciously
• Gray hat hacker -is a combination of a black hat and a white hat
hacker.

26
26
 RMIT Classification: Trusted

Terminologies (5)

• Injection flaw: A vulnerability that is created from insecure coding

techniques and results in improper input validation, which allows
attackers to relay malicious code through a web application to the
underlying system.
• Code injection: Insertion of malicious code by exploiting an
injection flaw.
• Password attack: A method of accessing an obstructed device,
using one of various methods, by capturing the user ID/password of
a validated user.

27
27
 RMIT Classification: Trusted

Asset

• Asset is an  item of value to achieve business objectives. E.g.

customer data, employee records, financial documents, business
plans, intellectual property, IT information, reputation, and brand
• Tangible vs intangible assets 
• How to categorise assets? Hardware, software, network, data,
people? 

28
28
 RMIT Classification: Trusted

Hardware assets

• Hardware assets include servers, workstations, laptops, mobile

devices, removable media, networking and telecommunications
equipment, and peripheral equipment.
• Key concerns are loss of a device, through theft or damage, and
lack of availability of the device for an extended period.

29
29
 RMIT Classification: Trusted

Hardware assets (cont)

• Another concern is device malfunction, due to deliberate

malfunction or other causes.
• Asset valuation needs to take into account the replacement cost of
the hardware, disruption losses, and recovery expenses.

30
30
 RMIT Classification: Trusted

Software assets

Software assets include applications,

operating systems and other system
software, virtual machine and container
Availability is a key consideration here, and
virtualization software, software for
asset valuation must take account of
software-defined networking (SDN) and
disruption losses and recovery expenses
network function virtualization (NFV),
database management systems, file
systems, and client and server software

31
31
 RMIT Classification: Trusted

Information assets

• Information assets comprise the information stored in databases

and file systems, both on-premises and remotely in the cloud
• ITU-T X.1055 lists the following as types of information assets in a
telecommunications or network environment:
 Communication data
 Routing information
 Subscriber information
 Blacklist information
32
32
 RMIT Classification: Trusted

Information assets (1)

• Types of information assets in a telecommunications or network

environment:
 Registered service information
 Operational information
 Trouble information
 Configuration information
 Customer calling patterns
 Customer geographic locations
33
33
 RMIT Classification: Trusted

Information assets (2)

• Types of information assets in a telecommunications or network

environment:
 Traffic statistical information
 Contracts and agreements
 System documentation
 Research information
 User manuals

34
34
 RMIT Classification: Trusted

Information assets (3)

• Types of information assets in a telecommunications or network

environment:
 Customer information
 Training materials
 Billing information
 Operational or support procedures

35
35
 RMIT Classification: Trusted

Information assets (4)

• Types of information assets in a telecommunications or network

environment:
 Business continuity plans
 Emergency plan fallback arrangements
 Audit trails and achieved information

36
36
 RMIT Classification: Trusted

Identify and Prioritize Information Types

(Table is on page 87
in the textbook)

37
37
 RMIT Classification: Trusted

Business assets

The business assets category

includes organization assets
that don’t fit into other
categories

This includes human

resources, business
processes, and physical plant

This category also includes

intangible assets such as
organization control, know-
how, reputation, and image of
the organization

38
38
 RMIT Classification: Trusted

Threat

• Threat- is an event or condition that has the potential for causing

asset loss and the undesirable consequences or impact from such
loss.
• E.g. ransomware, virus, backdoor, trojan horse, hacker, DoS, SQL
injection.

39
39
 RMIT Classification: Trusted

Threat (1)

• Three categories of threat sources

 Environmental e.g. floods, earthquakes, power failure
 Business resources e.g. equipment failure, supply chain
disruption, and unintentional harm caused by employees.
 Hostile actors e.g. hackers, hacktivists, insider threats, criminals,
and nation-state actors.

40
40
 RMIT Classification: Trusted

Threat (2)

• Threats can be classified according to STRIDE threat model

• Optional Research: Sources of information about threats that can
be used for cyber intelligence e.g. Verizon Data Breach
Investigations Report, Threat Horizon Report, ENISA Threat
Landscape Report, Trustwave Global Security Report, Cisco Annual
Cybersecurity Report, Fortinet Threat Landscape Report

41
41
 RMIT Classification: Trusted

Sources of information
It is difficult to get reliable
Three important categories of
information on past events and
threat information sources are:
to assess future trends for a
variety of reasons, including:

In-house experience
Organizations are often reluctant to • An important source of information on
report security events in an effort to save threats is the experience an organization
corporate image, avoid liability costs,
has already had on identifying attempted
and, in the case of responsible and successful attacks on its assets
management and security personnel,
avoid career damage
Thus, keeping
informed on threats
is an ongoing and Security alert services
never-ending battle • These are concerned with detecting threats
Some attacks may be carried out or at
as they develop to enable organizations to
least attemped without being detected
patch code, change practices, or otherwise
by the victim until much later, if ever
react to prevent a threat from being
realized

Threats continue to evolve as Global threat surveys

adversaries adapt to new security • Of great value for threat identification is the
controls and discover new techniques various global threat surveys that are
readily available

42
42
 RMIT Classification: Trusted

Data breach investigation report

• The DBIR defines a security incident as a security event that

compromises the integrity, confidentiality, or availability of an
information asset.
• The DBIR defines a breach as an incident that results in the
confirmed disclosure—not just potential exposure—of data to an
unauthorized party

43
43
 RMIT Classification: Trusted

Verizon data breach investigations report

(DBIR)

This authoritative and highly The results in the 2018 report are
respected annual report is based on data from more than 53,000
perhaps the most important security incidents and over 2,200 data
source of information that an compromises from 65 countries and
organization can consult 67 organizations

Further, threats are broken down along three

dimensions
Results are broken down by 20 • Pattern
industry sectors such as • This includes DoS, privilege misuse, lost and stolen
assets, point of sale, miscellaneous errors, web
accommodation, entertainment, attacks, crimeware, payment care skimmers, and
cyber-espionage
finance, healthcare, • Action
manufacturing, public, and utilities • This includes hacking, malware, social breach, error
misuse, physical breach, and environmental-based
damage
• Asset
• This includes servers, media, user devices, persons,
networks, kiosks/terminals and embedded devices
(Internet of Things [IoT] devices)

44
44
 RMIT Classification: Trusted

Data breach investigation report (1)

• The report also summarizes, with data, key aspects of the attack,
including:
• Actors

• Broken down into the categories outsiders, internal actors,

state-affiliated actors, multiple parties, partners, and
organized criminal groups
• Tactics
• Includes hacking, malware, leveraging stolen and/or weak
passwords, social attacks, errors, privilege misuse, and
physical actions

45
45
 RMIT Classification: Trusted

Data breach investigation report (2)

• The report also summarizes, with data, key aspects of the attack,
including:
 Other common factors

 Includes malware installed via malicious email attachments,

financially motivated breaches related to espionage and
discovered by third parties

 Given the wealth of high-quality data, the DBIR is an essential tool

in the threat identification process.

46
46
 RMIT Classification: Trusted

Threat horizon report

• A useful complement to the DBIR is the annual Threat Horizon

Report from the ISF
• This report differs from the DBIR in two ways:
• It is a more broad-brush treatment, identifying key threat trends
rather than detailed threats and detailed target profiles
• The Threat Horizon Report attempts to project the likely major
threats of the next two years

47
47
 RMIT Classification: Trusted

Threat horizon report (cont)

• Threat Horizon 2019 highlights nine major threats, broken down

into three challenging themes, that organizations can expect to
face over the next two years as a result of increasing
developments in technology
• Disruption
• Distortion
• Deterioration

48
48
 RMIT Classification: Trusted

Disruption

• Likely due to an over-reliance on fragile connectivity requiring a

seismic shift in the way business continuity is planned, practiced and
implemented
• The major threats are:
• Premeditated Internet outages bringing trade to its knees
• Ransomware hijacks on the IoT
• Privileged insiders being coerced into giving up the crown jewels

49
49
 RMIT Classification: Trusted

Distortion

• As trust in the integrity of information is lost, the monitoring of

access and changes to sensitive information becomes critical, as
does the development of complex incident management procedures
• The major threats are:
• Automated misinformation gaining instant credibility
• Falsified information compromising performance
• Subverted blockchains shattering trust

50
50
 RMIT Classification: Trusted

Deterioration

• Controls may be eroded by regulations and technology bringing a

heightened focus on risk assessment and management in light of
regulatory changes and the increased prevalence of artificial
intelligence in everyday technology
• The major threats are:
• Surveillance laws exposing corporate secrets
• Privacy regulations impeding the monitoring of insider threats
• A headlong rush to deploy artificial intelligence (AI) leading to
unexpected outcomes
51
51
 RMIT Classification: Trusted

Top Cybersecurity threats by ENISA

52
52
 RMIT Classification: Trusted

Kill chain

• A systematic process used to target and engage an adversary to

create desired effects. In the context of cyber- security, it consists
of reconnaissance, weaponization, delivery, exploitation,
installation, command and control, and action.

53
53
 RMIT Classification: Trusted

Phases of the kill chain

Reconnaissance • The adversary determines likely targets for attack

• The adversary couples an exploit with a means of gaining access to

Weaponization the specific system to be attacked

• Weaponized payload is delivered to the victim via email, web access,

Delivery USB, or other means

Exploit • The delivered bundle exploits a vulnerability to enable installation

Installation • The malware package is installed on the asset

• Once a threat is in an organization’s system, the attacker creates a

Command and command and control channel to be able to operate the malware
control remotely
• With command and control in place, the threat can be activated to
Actions achieve the goals of the attack, which could be to obtain data, do
damage, or make a ransom demand
54
54
 RMIT Classification: Trusted

Security operations center (soc)

• A facility that tracks and integrates multiple security inputs,

ascertains risk, determines the targets of an attack, contains the
impact of an attack, and recommends and/or executes responses
appropriate to any given attack. In some cases, an organization
establishes a SOC for itself. In other cases, SOC services are
outsourced to a private company that specializes in providing such
services.

55
55
 RMIT Classification: Trusted

Trustwave global security report

• This annual report is based on findings from extensive data

sources, including breach investigations, global threat intelligence,
product telemetry, and a number of research sources
• Trustwave operates a number of security operations centers
(SOCs) as a managed security service and from them has logged
billions of security and compliance events each day, examined data
from tens of millions of network vulnerability scans, and conducted
thousands of penetration tests.

56
56
 RMIT Classification: Trusted

Trustwave global security report (1)

• The key features of the Trustwave Global Security Report

include:
 Breakdown by type of data or other asset targeted
 Median time between intrusion and detection
 Breakdown by vulnerability and exploitation
 Breakdown by method of intrusion

57
57
 RMIT Classification: Trusted

Trustwave global security report (2)

• The report also provides:

 A detailed breakdown of how various attacks are carried out
 Examples of existing malware currently operating
 A look at the specific state of security in the areas of network,
database, and application security

58
58
 RMIT Classification: Trusted

Cisco annual cybersecurity report

Another excellent source of threat information

The report is approximately organized along the lines of kill chain

concepts

The report provides a detailed description of current attacker behavior

patterns and also highlights coming vulnerabilities

59
59
 RMIT Classification: Trusted

Fortinet threat landscape report

The findings in this report represent the collective intelligence of FortiGuard

Labs, drawn from Fortinet’s vast array of network devices/sensors within
production environments

This comprises billions of threat events and incidents observed in live

production environments around the world, reported quarterly

Three measures are reported:

Volume Prevalence Intensity
• Measure of overall • Measure of spread or • Measure of daily volume or
frequency or proportion; the pervasiveness across frequency; the average
total number or percentage groups; the percentage of number of observations of a
of observations of a threat reporting organizations that threat event per organization
event observed the threat event at per day
least once

60
60
 RMIT Classification: Trusted

Vulnerability

• Vulnerability is a weakness in an information system, system

security procedures, internal controls or implementation that
could be exploited or triggered by a threat source.

61
61
 RMIT Classification: Trusted

Vulnerability (cont)

62
62
 RMIT Classification: Trusted

RISK- The likelihood and impact of a threat

harming an asset

Vulnerabilit Risk
y

Threat Asset

63
63
 RMIT Classification: Trusted

Cyber Attack

• any action that compromises the security of information. It is

usually used interchangeably with threat
• Generic types of attacks
 Passive attack
 Active attack

64
64
 RMIT Classification: Trusted

Cyber Attack (1)

 Origin of attacks
• Internal Security Threats
• employees with malicious intentions as they have details of
network, infrastructures , policies, and its confidential data.
• Because of direct access, Internal threats have the
potential damage than external threats.

65
65
 RMIT Classification: Trusted

Cyber Attack (2)

• Origin of attacks
• External Security Threats
• External threats are skilled attackers can exploit
vulnerabilities in networked devices

66
66
 RMIT Classification: Trusted

Cyber Attack (3)

a. Passive Attack
• attempts to learn or make use of information from the system but
does not affect system resources.
• Two types of passive attacks are:
 Release of message contents
 Traffic analysis.

67
67
 RMIT Classification: Trusted

Cyber Attack (4)

b. Active Attack
• Modification of the data stream or the creation of a false stream
• Four types of active attacks
 Masquerade
 Replay
 Modification of messages
 Denial of service.

68
68
 RMIT Classification: Trusted

Common attack types

• Network Attacks
 Packet sniffing - Passively monitoring and recording
transmission of password, cookie, session, information, etc
 man-in-the-middle - Interception of packets between client and
server, and change the packets as they pass through
 DNS hacking - Insert malicious routes into DNS tables to send
traffic for genuine sites to malicious sites

69
69
 RMIT Classification: Trusted

Common attack types (1)

• Web attacks
• Phishing -A digital form of social engineering that uses
authentic-looking—but bogus—emails to request information
from users or direct them to a fake website that requests
information.
• SQL Injection- Malicious SQL statements are inserted into
forms for execution. It can extract database contents of an
organization to the attacker
• Cross Site Scripting - a complex JavaScript program that steals
data left by other writing sites that you have visited in same
browsing session.
70
70
 RMIT Classification: Trusted

Common attack types (2)

• OS, applications and software attacks

• Virus: Malware that, when executed, tries to replicate itself into
other executable code;
• Worm: A computer program that runs independently and
propagates itself
• Trojan horse: A computer program that appears to have a useful
function but also has a hidden and potentially malicious function
that evades security mechanisms

71
71
 RMIT Classification: Trusted

Common attack types (3)

• OS, applications and software attacks

• Rootkit: A set of hacker tools used after an attacker has broken
into a computer system and gained root-level access.
• Buffer Overflow - occurs when the volume of data exceeds the
storage capacity of the memory buffer
• Social engineering: A general term for attackers trying to trick
people into revealing sensitive information

72
72
 RMIT Classification: Trusted

Control

• Control- The management, operational and technical safeguards

or countermeasures prescribed for a system to protect the
confidentiality, integrity and availability of the system and its
information.
• In most cases, organizations establish cybersecurity policies
following the principles of defense-indepth.

73
73
 RMIT Classification: Trusted

Control (cont)

Physical Perimeter Network Host Application Data

Administrative Security Security
Security Security Security
Policies Authenticated Advanced The
Cameras Firewalls Application
Routing Malware Actual
Protection Robustness Data
Planning Protocols
IPS Testing and Traversin
Locks Best Practices g the
Control Plane Antivirus
Training Segmen- Network
Policing
tation Fuzzing
Network
VLANS,
Device
ect
Hardening

74
74
 RMIT Classification: Trusted

A defence-in-depth implementation

75
75
 RMIT Classification: Trusted

Types of Controls

• Deterrent- A deterrent access control is deployed to discourage

violation of security policies. Deterrent and preventive controls are
similar, but deterrent controls often depend on individuals
deciding not to take an unwanted action.
• Preventative - A preventive access control is deployed to thwart
or stop unwanted or unauthorized activity from occurring.

76
76
 RMIT Classification: Trusted

Types of Controls (1)

• Detective -A detective access control is deployed to discover or

detect unwanted or unauthorized activity. Detective controls
operate after the fact and can discover the activity only after it has
• Compensating -A compensation access control is deployed to
provide various options to other existing controls to aid in
enforcement and support of security policies. They can be any
controls used in addition to, or in place of, another control.

77
77
 RMIT Classification: Trusted

Types of Controls (2)

• Corrective - A corrective access control modifies the environment

to return systems to normal after an unwanted or unauthorized
activity has occurred. It attempts to correct any problems that
occurred as a result of a security incident
• Recovery - an extension of corrective controls but have more
advanced or complex abilities. Examples of recovery access
controls include backups and restores, fault tolerant drive systems,
system imaging, server clustering, antivirus software, and database
or virtual machine shadowing.

78
78
 RMIT Classification: Trusted

Types of Controls (3)

• Directive - deployed to direct, confine, or control the actions of

subjects to force or encourage compliance with security policies.
Examples of directive access controls include security policy
requirements or criteria, posted notifications, escape route exit
signs, monitoring, supervision, and procedures.

79
79