A security policy is a statement that partitions the states of a system into a set of authorized, or secure, states and a set of unauthorized, or non-secure states .

žA secure system is a system that starts in an authorized state and cannot enter an unauthorized state.

žA breach of security occurs when a system enters an unauthorized state.

žLet X be a set of entities and let I be some information. Then I has the property of confidentiality with respect to X if no member of X can obtain information about I.

žLet X be a set of entities and let I be some information or a resource. Then I has the property of integrity with respect to X if all members of X trust I.

žLet X be a set of entities and let I be a resource. Then I has the property of availability with respect to X if all members of X can access I.

žA security mechanism is an entity or procedure that enforces some part of the security policy.

žA secure system is a system that starts in an authorized state and cannot enter an unauthorized state.

žA breach of security occurs when a system enters an unauthorized state.

žLet X be a set of entities and let I be some information. Then I has the property of confidentiality with respect to X if no member of X can obtain information about I.

žLet X be a set of entities and let I be some information or a resource. Then I has the property of integrity with respect to X if all members of X trust I.

žLet X be a set of entities and let I be a resource. Then I has the property of availability with respect to X if all members of X can access I.

žA security mechanism is an entity or procedure that enforces some part of the security policy.

žA security model is a model that represents a particular policy or set of policies.

## Types of Security Policy

- ›Military Security policy
- ›Commercial security policy