Security Architecture & Design

Question 1

Architecture

Answer 1

A high-level perspective of how business requirements are to be structures and aligned with technology and processes in a comprehensive and manageable way.

Question 2

Best practice

Answer 2

A well-recognized and accepted approach to designing, developing, managing/ monitoring, and enhancing processes: often codified into a standard.

Question 3

Cache

Answer 3

The very fast memory directly on the CPU chip body. It is not upgradeable.

Question 4

Central Processing Unit (CPU)

Answer 4

The heartbeat of a system. It controls primary processing, interaction with peripheral devices, organization of memory, and control over networking operations.

Question 5

Closed systems

Answer 5

Proprietary interfaces. Many older systems used proprietary interfaces, and implementations were customized for a specific application’s environments. Interoperability was sacrificed to achieve uniqueness and obscurity, an illusion that security through obscurity works.

Question 6

Confidentiality

Answer 6

Limiting information access and disclosure to authorized users.

Question 7

Dedicated systems

Answer 7

Single level of processing permitted. In military applications, this often means that the system was only used for a single purpose (i.e. firing a weapon) and only personnel holding the designated security clearance are granted access to the system.

Question 8

Embedded systems

Answer 8

A single purpose computer built into a device and typically programmed to perform a dedicated function.

Question 9

Enterprise Security Architecture (ESA)

Answer 9

Includes all areas of security for an organization: leadership, strategy, organizational structure, planning, design, implementation, and operations.

Question 10

Firmware

Answer 10

Software that is permanently (or semi-permanently) embedded in hardware and typically provides low-level services and/or control of hardware.

Question 11

Framework

Answer 11

A defined approach to the process used to achieve the goals of an architecture, based on policy, and reflecting the requirements and expectations of the various stakeholders.

Question 12

Infrastructure

Answer 12

The integrated building blocks that support the goals of the architecture.

Question 13

Information-flow model

Answer 13

Tracks the movement of information from one object to another so that movement of sensitive data to an unprotected area will be identified. A covert channel is the release of information in violation of security policy. The Information-Flow Model specifically addresses the issue of covert channel analysis; no other model addresses this.

Question 14

Information Security Architecture (ISA)

Answer 14

Another term from the ISO/IEC 27002. High-level description of how security requirements are structured.

Question 15

Information Security Management System (ISMS)

Answer 15

Sets a standard for addressing security throughout the development, deployment, and implementation schedule.

Question 16

Integrity

Answer 16

The trustworthiness of information resources.

Question 17

Lattice-based model

Answer 17

Hierarchical model defining access control priviledge levels. Each subject and object would be defined in a level of the lattice with a least upper boundary and greatest lower boundary.

Question 18

Mainframe

Answer 18

A large, highly fault-tolerant, multiuser computer engineered to run without interruption for long periods of time.

Question 19

Microcomputers

Answer 19

These may take many forms, such as free-standing towers, desktops, or blades.

Question 20

Minicomputer

Answer 20

Often seen as the little brother to a mainframe, but frequently still architected into a centralized model.

Question 21

Model

Answer 21

Outlines how security is to be implemented within the organization.

Question 22

Multilevel systems

Answer 22

Processing at two levels is permitted through some form of user authentication and authorization (i.e. user and administrator).

Question 23

Non-interference model

Answer 23

Is based upon rules to prevent processes (subjects) that are operating in different domains from affecting (interfering with) each other in violation of security policy.

Question 24

Open systems

Answer 24

Standards-based interfaces. Many of today’s systems use standard interfaces and support standardized protocols. Most of these are designed for client/ server environments.

Question 25

Primary storage

Answer 25

The memory directly accessible by the CPU and with the highest response speed.

Question 26

Protection Profile (PP)

Answer 26

A general set of security requirements and objectives for a category of products that meet similar customer needs for IT security.

Question 27

Registers

Answer 27

Very high-speed storage structures built into the CPU chip set and are often used to store timing and state information for the CPU to maintain control over processes.

Question 28

Security kernel

Answer 28

Consists of several components including software, firmware, and hardware. They represent all the security functionality of the operating system.

Question 29

Security Target (ST)

Answer 29

Contains the IT security objectives and requirements of a specific, identified TOE and defines the functional and assurance measures offered by that TOE to meet stated requirements.

Question 30

Servers

Answer 30

Provide storage and computing services for users who are connected to them. They are typically larger, more fault-tolerant computers, usually serving more than one user.

Question 31

Single-level systems

Answer 31

Like early generation PCs running DOS and early Windows OS, these systems place all users at the same privilege level and permit users to execute any instruction available.

Question 32

State-machine model

Answer 32

Is one that looks for a change in state. State is defined as the condition an entity is in at a point in time. A state machine- such as a stateful inspection firewall- looks for a change in state over time.

Question 33

Target of evaluation (TOE)

Answer 33

A set of software, firmware, and/or hardware to be evaluated, possibly accompanied by guidance.