Notes per CISSP study material source
Official study guide 9th edition Certified Information Systems Security Professional
Chapter 1 - Security Governance Through Principles and Policies
Abstraction is used for efficiency. Similar elements are out into groups, classes or roles that are assigned security controls, restrictions or permissions as a collective.
Data hiding is preventing data from being discovered or accessed by a subject by positioning the data in a logical storage compartment that is not accessible or seen by the subject.
Security boundary is a line or intersection between any two areas, subnets, or environments that have different security requirements or needs. Once you identify a security boundary, you must deploy mechanisms to control the flow of information across that boundary.
Logical security boundaries are the points were electronic communications interfere with devices or services for which your organisation is legally responsible. (…) Unauthorised subjects are informed that they do not have access and that attempts to gain access will result in prosecution.
When transforming a security policy into actual controls, you must consider each environment and security boundary separately. (…) All security mechanisms must be weighed against the value of the objects they are to protect.
Security governance is the collection of practices related to supporting, evaluating, defining and directing the security efforts of an organisation.
Third-party governance is the system of external entity oversight that may be mandated by law, regulation, industry standards, contractual obligation, or licensing requirements. (…) Another aspect of third party-governance is the application or security oversight to third parties that your organisation relies on.