The mechanisms of protection are the elements that
have direct contact with threats and content. While many other elements
of protection are involved in the overall process, these mechanisms are
at the business end of technical security.
Perception: Perception defenses include
obscurity, profiles of facilities and systems, appearances, and
deception methods and are the part of technical protection that
directly contacts the attack and their agents. [Drill-Down]
Structure: Structural defenses are predominantly separation mechanisms intended to
implement access control policies, provide functional units with their
functions, and implement the separation associated with change controls.
They include mandatory and discretionary access controls and different
resulting communications structures such as partially ordered sets,
diodes, firewalls, and other similar barriers.
Content: Content controls include
separation mechanisms (high surety) transforms (medium
surety) and filters (low surety). They analyze location, markings, syntax, and
situation to determine what information should be transformed or allowed
Behavior: Behavioral mechanisms tend to be
low surety but some can be higher surety.
They involve looking for and limiting changes, effects of time, fail
safe modes, fault tolerant computing, intrusion and anomaly detection
and response systems, and human behavioral traits and patterns. This
includes separation of duties, least privilege, and other similar
limitations as well. Tracking of behavior is critical to chain of
custody and transparency, and as such, this increases with increased
surety in those areas.
The overall utility of protection mechanisms is that
they interact directly with the content and facilitate it proper use for
business while limiting its improper use. They assure business utility
and mitigate against attempts to reduce this utility or misuse it for