What is Security Model in information security?

A security model is a computer model which can be used to identify and impose security policies. It does not need some prior formation it can be founded on the access right model or analysing computing model or computation model.

A security model is a structure in which a security policy is developed. The development of this security policy is geared to a specific setting or instance of a policy. A security policy is based upon authentication, but built inside the confines of a security model. For example, designing a security model based upon authentication and authorization, one consider the 4-factor model of security, such as authentication, authorization, availability, and authenticity.

A security policy determines how data is accessed, what level of security is needed, and what procedure should be taken when these requirements are not met. The policy framework the expectations of a computer system or device.

A security model is a statement that framework the requirements necessary to properly provide and implement a specific security policy. If a security policy indicates that some users should be identified, dependable, and recognized before accessing network resources, the security model can lay out an access control matrix that should be constructed so that it accomplish the requirements of the security policy.

If a security policy states that no one from a lower security level should be able to view or change data at a higher security level, the supporting security model will define the essential logic and rules that require to be implemented to provide that under no situations can a lower-level subject access a higher-level object in an unauthorized manner. A security model supports a higher description of how a computer operating system should be created to properly provide a definite security policy.

Information Security Models overpass the gap between security policy declarations (define which users should have access to data) and the operating system execution (which allows a management to organize access control). The models provide map theoretical objective onto mathematical associations that strengthen whichever execution is finally selected.

The mainly fitting representation of a model from appears to be for an “abstract” or “theoretical” model, which is represented as a hypothetical build that symbolizes physical, biological or social procedure, with a set of variables and a set of rational and quantitative relations between them.

For the goals of this classification, a model is a high-level build displaying processes, variables, and relationships. Models are theoretical and abstract in nature and usually do not go into precise element on how to be executed.