This unit looks at security models, which help us evaluate the classification of data (i.e., the appropriate level of protection) and various authorization models. Although many of these decisions and strategies may be dictated by the vendors and software, it is important to understand them, and any weaknesses in the models your organization must use.
In addition, we look at the physical hardware, and review some of the systems and applications topics we learned about in week 3 & 4.
The (ISC)2 Common Body of Knowledge (CBK) defines the key areas of knowledge for security architecture and design in this way:
The Security Architecture and Design domain contains the concepts, principles, structures, and standards used to design, implement, monitor, and secure, operating systems, equipment, networks, applications, and those controls used to enforce various levels of confidentiality, integrity, and availability.
Information security architecture and design covers the practice of applying a comprehensive and rigorous method for describing a current and/or future structure and behavior for an organization’s security processes, information security systems, personnel and organizational sub-units, so that these practices and processes align with the organization’s core goals and strategic direction.
The candidate is expected to understand security models in terms of confidentiality, integrity, data flow diagrams; Common Criteria (CC) protection profiles; technical platforms in terms of hardware, firmware, and software; and system security techniques in terms of preventative, detective, and corrective controls.
Key areas of knowledge:
- Understand the fundamental concepts of security models (e.g., Confidentiality, Integrity, and Multi-level Models)
- Understand the components of information systems security evaluation models
- Understand security capabilities of computer systems (e.g., memory protection, virtualization, trust platform module)
- Understand the vulnerabilities of security architectures
- Understand software and system vulnerabilities and threats
- Understand countermeasure principles (e.g., defense in depth)
This week’s topics:
- Security Models
- IS Evaluation Models
- Computer Hardware Architecture
- Computer Software Architecture
- Software and System Security Threats and Countermeasures
- Cloud Security Threats and Countermeasures
In this unit, plan to:
- Read: pages 330-360 in the Security Essentials text
- Complete: this week’s practical assignment
- Participate: in the weekly discussion forum
- Prepare: for the Case Study Review