EP 109: SDP 7: Complete Mediation
- S2E109
- 20:42
- November 10th 2023
https://www.yourcyberpath.com/109/
In this episode, we are returning to the Security Design Principles series, this time with Complete Mediation.
Complete mediation means the system checks the user trying to access a file or perform an action is authorized to access this file or perform this action.
Complete mediation is also implemented in the security reference monitor (SRM) in Windows operating systems. The SRM checks fully and completely that a user has access to perform an action each time they try to perform it.
It also ties back to one of the three As of cybersecurity, which is Authorization, since the user has to prove having access to something when they request it.
Complete mediation can be a huge challenge to usability, and it might be something that interferes with your operations. That’s where you need to understand that the security design principles are not a compliance list and that you should use them to enhance your systems. You should not be trying to get every principle to 100%.
What You’ll Learn
● What is complete mediation?
● What are some examples of complete mediation?
● How is complete mediation implemented in Windows?
● What are the challenges of complete mediation?
Relevant Websites For This Episode
● Akylade Certified Cyber Resilience Fundamentals (A/CCRF)
● IRRESISTIBLE: How to Land Your Dream Cybersecurity Position
● The Cyber Risk Management Podcast
Other Relevant Episodes
● Episode 103 - SDP 4: Compromise Recording
Your Cyber Path: How to Get Your Dream Cybersecurity Job
The Your Cyber Path podcast is designed to help you find out what it takes to get your dream cybersecurity job (from the hiring managers' perspective). After all, it is the hiring manager you need to impress in order to land your dream role. Stop wondering what the hiring manager is thinking, and learn first hand from our team of professional cybersecurity hiring managers who can help you cut through the process and understand what it takes to get hired these days.
Meet the Hosts
Jason Dion is a former college professor and the lead instructor at Dion Training Solutions. He has multiple information technology professional certifications, including Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), Certified Network Defense Architect (CNDA), Digital Forensic Examiner (DFE), Digital Media Collector (DMC), CySA+, Security+, Network+, A+, PRINCE2 Practitioner, and ITIL. With networking experience dating back to 1992, Jason has been a network engineer, Deputy Director of a Network Operations Center, and an Information Systems Officer for large organizations around the globe.
Kip Boyle is a husband, dad, entrepreneur, and experienced cyber risk manager. He founded Cyber Risk Opportunities LLC in 2015 after 7 years as the CISO of PEMCO Insurance in Seattle. As a captain on active duty in the US Air Force, he served in the Combat Archer and F-22 Stealth Fighter programs, where he was the director of enterprise network security. These days, he serves as virtual chief information security officer for many customers, including a professional sports team and fast-growing FinTech and AdTech companies. Over the years, Kip has built teams by interviewing hundreds of cybersecurity professionals. And now, he’s sharing his insider’s perspective with you!