CISSP Exam Cram: Security Architecture and Models
Introduction
The security architecture and models domain deals with hardware, software, security controls, and documentation. When hardware is designed, it needs to be built to specific standards that should provide mechanisms to protect the confidentiality, integrity, and availability of the data. The operating systems (OSs) that will run on the hardware must also be designed in such a way as to ensure security. Building secure hardware and operating systems is just a start. Both vendors and customers need to have a way to verify that hardware and software perform as stated; that both the vender and client can rate these systems and have some level of assurance that such systems will function in a known manner. This is the purpose of evaluation criteria. They allow the parties involved to have a level of assurance.
This chapter introduces the trusted computer base and the ways in which systems can be evaluated to assess the level of security. To pass the CISSP exam, you need to understand system hardware and software models and how models of security can be used to secure systems. Standards such as Common Criteria Information Technology System Evaluation Criteria (ITSEC) and Trusted Computer System Evaluation Criteria (TCSEC) are covered on the exam.