Not without reason modern companies, agencies and organizations are highly
preoccupied by the increasing number of virtual threats in form of various types
of malicious software. What is no less important, almost every system has
security vulnerabilities, which favor to hackers’ intrusion. Facing such a
serious problem, companies need security professionals able to cope with a
situation. Precisely for this goal
CISSP examination was created. The examination consists of 10 security
domains that cover all computer and network security and protection subject
area. The list of these domains you can see below:
• Access Control & Methodology
• Applications & Systems Development
• Business Continuity & Disaster Recovery Planning
• Cryptography
• Law, Investigation & Ethics
• Operations Security
• Physical Security
• Security Architecture & Models
• Security Management Practices
• Telecommunications & Network Security
One of the domains is named
Security Architecture & Models. The domain includes several sections:
organization, machine operation, protection mechanisms, evaluation criteria,
security models and common flows. The domain involves two major concepts that
are revealed in its name – security model and architecture. As far as security
models are concerned, they are represented by a net of security policies. Every
security model can be based on a formal model, a model of distributed computing
or a model of computation. There also may be no particular basis. They
detect what is necessary for implementing any security policy. Among the
security models there are the following ones:
Bell-La Padula, Biba, Clark & Wilson, Information flow, state machine and so
on.
Let’s have a good look at the Bell-La Padula model. It is generally utilized in
military and governmental organizations. The idea of Bell-La Padula model
development belongs to David Elliott Bell and Leonard J. La Padula. Bell-La
Padula is a formal model of security policy, the goal of which is the description
of access control rules. The Bell-La Padula model is based on access and
confidentiality, while another security model named Biba gives the description
of data integrity protection. Biba is a formal system of security policy created
by Kenneth J. Biba. The goal of data integrity protection is prevention of
modifications of information and maintenance of external and internal
permanence. One more security model is the Information Flow one that is based on
several stages, among which are the following – data supply, data acquisition,
data creation, data processing, data packaging, decision making and so on.
There are cases when a security policy requires identification, authentication
and authorization, then a
security model lays out the matrix for meeting the requirements of security
policy. Or, for example, if a security policy decides that some data should be
available only for particular employees, the function of security model is to
fulfill all necessary rules and actions for that. In a few words, it is up to a
security model to explain how to develop an operating system so that to obtain a
good support of the given security policy.
Talking about computer or network security, it is worth mentioning that it
consists of three components, which form a so called CIA triangle. These
components are confidentiality, integrity and availability. If to describe them
in a few words, confidentiality prevents data from unauthorized access.
Integrity is necessary so that the data or any resources are not destroyed. And
the last component of the CIA triangle is availability, which ensures for
authorized users access to available information.
The second component of the Security Architecture & Models domain is computer
architecture. Computer architecture represents the structure of a computer, each
part of which is necessary for the whole system to function. It involves buses,
hard drive, memory chips,
networking components and so on. While the presence of a security model
provides a blueprint, the computer architecture fulfills it. The goal of
computer security architecture is defined control solutions. In Security
Architecture can be sorted out such components as Data Classification Model and
Data Security Model. The first one establishes risks, while the second one
allows ensuring an end user in information security.
Computer architecture involves three subcategories:
• Instruction Set Architecture, also known as ISA. It means how an operating
system is seen by an assembly language. It includes processor register, word
size, address format and so on.
•
Microarchitecture, commonly known as computer organization that describes
how all the parts of the whole system interact for ISA implementation.
• System Design. Here all hardware items are involved, the list of which we have
already given above.
All of this is small pieces of the whole picture – security. And each parcel of
the system interacts with every other one to ensure data protection and
security.