Security Architecture and Design
The Security Architecture and Design domain contains the concepts, principles, structures, and standards used to design, implement, monitor, and secure operating systems, equipment, networks, applications, and those controls used to enforce various levels of confidentiality, integrity, and availability.
Information security architecture and design covers the practice of applying a comprehensive and rigorous method for describing a current and/or future structure and behavior for an organization’s security processes, information security systems, personnel and organizational sub-units, so that these practices and processes align with the organization’s core goals and strategic direction.
The candidate is expected to understand security models in terms of confidentiality, integrity, data flow diagrams; Common Criteria (CC) protection profiles; technical platforms in terms of hardware, firmware, and software; and system security techniques in terms of preventative, detective, and corrective controls.
Chapter 9 delves into this domain, which has the following major topics:
Reviewing security models and concepts
Evaluating information systems security using various models
Outlining security capabilities of information systems
Spotting vulnerabilities of system architectures
Reviewing vulnerabilities and threats to software and systems
Applying countermeasure principles