Areas of Security
Security has a wide base that touches on several different areas. The developers of the CISSP exam had the vision to understand this and demand that an individual who claims to be a security expert and wants to achieve this certification must also show that his expertise does not just lie in one area of security. Many areas of security affect each other. Physical security is interrelated with information security, database security lies on top of operating system security, operations security affects how computer systems are used, disaster recovery deals with systems in emergency situations, and almost every instance has some type of legal or liability issue tied to it. Technology, hardware, people, and procedures are woven together as a security fabric, as illustrated in Figure 2-2. When it is time to identify and resolve a specific problem, several strands of the security fabric may need to be unraveled and scrutinized so the best and most effective solution can be provided.
Figure 2-2. Technology, hardware, people, and procedures are woven together as a security fabric.
This chapter addresses some specific security issues regarding computers, information, and organizations. This is not an attempt to cover all relevant subjects, but rather to show specific instances to give you an idea of the vast area that security encompasses. The information in these sections is provided to set the stage for the deeper levels of coverage that will be addressed in the following chapters.