Home > Security Tips > > Security Models and Architecture
Security Tips:
EMAIL THIS
 TIPS & NEWSLETTERS TOPICS 


Security Models and Architecture


Written by Shon Harris; Published by McGraw-Hill/Osborne Media
07.28.2003
Rating: -4.75- (out of 5)


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


This excerpt is from Chapter 5, Security Models and Architecture of CISSP All-in-One Exam Guide, Second Edition, written by Shon Harris and published by McGraw-Hill/Osborne Media.

Computer and information security covers many areas within an enterprise. Each area has security vulnerabilities and, hopefully, some corresponding countermeasures that raise the security level and provide better protection. Not understanding the different areas and security levels of network devices, operating systems, hardware, protocols and applications can cause security vulnerabilities that can affect the environment as a whole.

Two fundamental concepts in computer and information security are the security model, which outlines how security is to be implemented -- in other words, providing a "blueprint" -- and the architecture of a computer system, which fulfills this blueprint.

A security policy outlines how data is accessed, what level of security is required and what actions should be taken when these requirements are not met. The policy outlines the expectations of a computer system or device. A security model is a statement that outlines the requireme...



nts necessary to properly support and implement a certain security policy. If a security policy dictates that all users must be identified, authenticated and authorized before accessing network resources, the security model might lay out an access control matrix that should be constructed so that it fulfills the requirements of the security policy. If a security policy states that no one from a lower security level should be able to view or modify information at a higher security level, the supporting security model will outline the necessary logic and rules that need to be implemented to ensure that under no circumstances can a lower-level subject access a higher-level object in an unauthorized manner. A security model provides a deeper explanation of how a computer operating system should be developed to properly support a specific security policy.

NOTE Individual systems and devices can have their own security policies. We are not talking about organizational security policies that contain management's directives. The systems' security policies and models they use should enforce the higher-level organizational security policy that is in place.

>> Read the rest of Chapter 5, Security Models and Architecture.

Rate this Tip
To rate tips, you must be a member of SearchSecurity.com.
Register now to start rating these tips. Log in if you are already a member.




BROWSE BY TAG
Infosec Training, Careers and Events,   Security Training,   Security Management,   Security Policy & Infrastructure,   Information Security Policies, Procedures and Guidelines,   Information Security Management,   VIEW ALL TAGS

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   



RELATED CONTENT
Infosec Training, Careers and Events
What's your infosec IQ?
Face-off: Hiring a hacker
November 2003: The best of SearchSecurity.com
Alert: New RPC vulnerabilities
Who's Who in Infosec
Oracle CSO sees 'unbreakable' security as a must
New foundation to promote standards for security pros
Novell consultants getting their CISSPs
RSA: Addressing security's people problem
RSA: Enterprise security suffering from information overload

Security Training
CISSP study tips
Choosing the right vendor-specific security cert
Even in a down economy, certification is often worth it
Choosing the right certification

Security Management
Smart shopper's guide to correlation tools
What's your infosec IQ?
Countdown begins for Mydoom DDoS attacks
Hackers scanning for ports opened by Mydoom
National cybersecurity alert system launched
Dangerous, familiar application vulnerabilities top list
Potent Mydoom worm flooding inboxes
SSL VPNs stealing IPSec's thunder
Security insurance may be a smart policy for some
China official makes information security a priority

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary

DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.



Research Solutions for Network Security, Access Control and Security Threats
TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts