M of N Control: CISSP Domain –  Security Engineering

Let’s say you have something that 10 people have a portion of access to, i.e. the keys to a system, that’s the N.  Now let’s say someone has decided that 5 of those 10 people need to combine forces to gain access to that key, the 5 is the M and it stands for minimum.  So, in an M of N control the M stands for minimum and the N stands for total number and in this case you need 5 people to gain access to the system that 10 people have a key to.  It’s a way to ensure that only one person doesn’t have access to any given system.

Another example:  What if 5 people have combined keys to a bank vault.  That makes the N = 5.  Now let’s say you need 2 of those 5 people to come together to gain access to that vault.  That’s the M, i.e. 2, the minimum number of people needed to get in.

My Video

If you are like me, when you came across this topic you found it super confusing.  I’m hoping from this video you will see that it’s simple to understand given the right explanation, although you can see I made it somewhat more complicated than it really is.