What is a security policy?
A security policy is a high-level conceptual written document of how a system is to operate.
It is words on paper.
What is a security model?
A security model provides the means to secure a system in accordance with the security policy.
Simply, a security model involves math.
How does a security model relate to a security policy?
The words on a paper (security policy) dictate the way a system is to be designed.
The math required to translate the requirements of the security policy is the security model.
The programmers use the security model to create the code to design the system.
CLICK TO ENLARGE!