SharePoint 2007 introduced a updated security Model. The Five key elements of the model are given below with some basic information.
Individual user permissions
Individual permissions that grant the ability to perform specific actions e.g. View Items to view documents or items in a list.
A pre-defined set of permissions that grants users permission to perform related actions.
The default permission levels are: Limited Access, Read, Contribute, Design, and Full Control.
A person with a user account that can be authenticated through the authentication method used for the server.
User should be added to a group and groups should have permissions assigned.
A group of users. Can be a Windows security group (such as Department_A) that you add to the site, or a SharePoint group such as Site Owners, Site Members, or Site Visitors.
Group permissions can be changed any time.
Users or groups are assigned a permission level for a specific securable object: site, list, library, folder, document, or item. By default, permissions for a list, library, folder, document, or item are inherited from the parent site or parent list or library. However, anyone assigned a permission level for a particular securable object that includes the Manage Permissions permission can change the permissions for that securable object.