Security Architecture & Design Flashcards
Architecture
A high-level perspective of how business requirements are to be structures and aligned with technology and processes in a comprehensive and manageable way.
Best practice
A well-recognized and accepted approach to designing, developing, managing/ monitoring, and enhancing processes: often codified into a standard.
Cache
The very fast memory directly on the CPU chip body. It is not upgradeable.
Central Processing Unit (CPU)
The heartbeat of a system. It controls primary processing, interaction with peripheral devices, organization of memory, and control over networking operations.
Closed systems
Proprietary interfaces. Many older systems used proprietary interfaces, and implementations were customized for a specific application’s environments. Interoperability was sacrificed to achieve uniqueness and obscurity, an illusion that security through obscurity works.
Confidentiality
Limiting information access and disclosure to authorized users.
Dedicated systems
Single level of processing permitted. In military applications, this often means that the system was only used for a single purpose (i.e. firing a weapon) and only personnel holding the designated security clearance are granted access to the system.
Embedded systems
A single purpose computer built into a device and typically programmed to perform a dedicated function.
Enterprise Security Architecture (ESA)
Includes all areas of security for an organization: leadership, strategy, organizational structure, planning, design, implementation, and operations.
Firmware
Software that is permanently (or semi-permanently) embedded in hardware and typically provides low-level services and/or control of hardware.
Framework
A defined approach to the process used to achieve the goals of an architecture, based on policy, and reflecting the requirements and expectations of the various stakeholders.
Infrastructure
The integrated building blocks that support the goals of the architecture.
Information-flow model
Tracks the movement of information from one object to another so that movement of sensitive data to an unprotected area will be identified. A covert channel is the release of information in violation of security policy. The Information-Flow Model specifically addresses the issue of covert channel analysis; no other model addresses this.
Information Security Architecture (ISA)
Another term from the ISO/IEC 27002. High-level description of how security requirements are structured.
Information Security Management System (ISMS)
Sets a standard for addressing security throughout the development, deployment, and implementation schedule.
Integrity
The trustworthiness of information resources.
Lattice-based model
Hierarchical model defining access control priviledge levels. Each subject and object would be defined in a level of the lattice with a least upper boundary and greatest lower boundary.
Mainframe
A large, highly fault-tolerant, multiuser computer engineered to run without interruption for long periods of time.
Microcomputers
These may take many forms, such as free-standing towers, desktops, or blades.
Minicomputer
Often seen as the little brother to a mainframe, but frequently still architected into a centralized model.
Model
Outlines how security is to be implemented within the organization.
Multilevel systems
Processing at two levels is permitted through some form of user authentication and authorization (i.e. user and administrator).
Non-interference model
Is based upon rules to prevent processes (subjects) that are operating in different domains from affecting (interfering with) each other in violation of security policy.
Open systems
Standards-based interfaces. Many of today’s systems use standard interfaces and support standardized protocols. Most of these are designed for client/ server environments.
Primary storage
The memory directly accessible by the CPU and with the highest response speed.
Protection Profile (PP)
A general set of security requirements and objectives for a category of products that meet similar customer needs for IT security.
Registers
Very high-speed storage structures built into the CPU chip set and are often used to store timing and state information for the CPU to maintain control over processes.
Security kernel
Consists of several components including software, firmware, and hardware. They represent all the security functionality of the operating system.
Security Target (ST)
Contains the IT security objectives and requirements of a specific, identified TOE and defines the functional and assurance measures offered by that TOE to meet stated requirements.
Servers
Provide storage and computing services for users who are connected to them. They are typically larger, more fault-tolerant computers, usually serving more than one user.
Single-level systems
Like early generation PCs running DOS and early Windows OS, these systems place all users at the same privilege level and permit users to execute any instruction available.
State-machine model
Is one that looks for a change in state. State is defined as the condition an entity is in at a point in time. A state machine- such as a stateful inspection firewall- looks for a change in state over time.
Target of evaluation (TOE)
A set of software, firmware, and/or hardware to be evaluated, possibly accompanied by guidance.
