Which security model requires that all subjects and devices are untrusted by default, and access is granted only after verification, regardless of the network location?
Trap 1: Least Privilege
Least Privilege is a principle of granting minimal necessary access, but it is not the overarching model described.
Trap 2: Defense in Depth
Defense in Depth uses multiple layers of security, but does not inherently distrust all subjects by default.
Trap 3: CIA Triad
The CIA Triad is a model for confidentiality, integrity, and availability, not an access control model.
- A
Least Privilege
Why wrong: Least Privilege is a principle of granting minimal necessary access, but it is not the overarching model described.
- B
Defense in Depth
Why wrong: Defense in Depth uses multiple layers of security, but does not inherently distrust all subjects by default.
- C
CIA Triad
Why wrong: The CIA Triad is a model for confidentiality, integrity, and availability, not an access control model.
- D
Zero Trust
Zero Trust explicitly requires verification for every access attempt, regardless of location.