PACK
PACK and CeWL, for example, are tools for generating and ordering password lists.
The point of the CIA triad is for a security policy to address all three aspects simultaneously. However, the extent to which a given system leans on one or more parts of the triad will be determined by its role and the data it holds.
Privileged Identity Management (PIM): The translation of a user’s role in an organization to an access role on a system.
Privileged Access Management (PAM): The management of privileges on a system (including how they are tied to access roles, and how access is authenticated).
So, PIM is a species of identity management, while PAM is about access management.
The Bell-La Padula Model is used to manage confidentiality. It depends on an organization having well defined job rules and a hierarchical structure, and can be summarized as “no write down, no read up” (i.e., information from higher confidentiality layers cannot be written to lower layers, and users in lower layers cannot read information from higher layers). Note, however, that the existence of higher level data is not necessarily concealed.
The Biba Model is more concerned with integrity, and is basically the reverse of the Bell-La Padula Model - “no write up, no read down” (information can be read from higher levels, but only written to lower levels).
The Bell-La Padula Model is more common in the government, military, and other high-trust, high structure organizations, while the Biba Model is more common in corporate and medical settings.
Principles:
One relevant framework is STRIDE, which buckets risks into six categories:
Incident: A security breach. Incidents are typically binned by a combination of urgency + impact.
Phases of incident response: