Composite Default screen
/ CISSP Certification All-in-One Exam Guide / Harris / 222966-7/ Chapter 5
Security Models and Architecture
In this chapter, you will learn about the following topics:
• Computer architecture and the items that fall within it
• Trusted computing base and security mechanisms
• Components within an operating system
• Various security models
• Security criteria and ratings
• Certification and accreditation processes
Computer and information security covers many areas within an enterprise. Each area has security vulnerabilities and, hopefully, some corresponding countermeasures that raise the security level and provide better protection. Not understanding the different areas and security levels of network devices, operating systems, hardware, protocols, and applications can cause security vulnerabilities that can affect the environment as a whole.
Two fundamental concepts in computer and information security are the security model, which outlines how security is to be implemented—in other words, providing a
“blueprint”—and the architecture of a computer system, which fulfills this blueprint.
A security policy outlines how data is accessed, what level of security is required, and what actions should be taken when these requirements are not met. The policy outlines the expectations of a computer system or device. A security model is a statement that outlines the requirements necessary to properly support and implement a certain security policy. If a security policy dictates that all users must be identified, authenticated, and authorized before accessing network resources, the security model might lay out an access control matrix that should be constructed so that it fulfills the requirements of the security policy. If a security policy states that no one from a lower security level should be able to view or modify information at a higher security
References: P: 10CompAll-in-1966-7ch05.vp Monday, May 19, 2003 3:40:07 PM P: 10CompAll-in-1966-7ch05.vp Monday, May 19, 2003 3:40:07 PM