Security Architecture and Design

The Security Architecture and Design domain contains the concepts, principles, structures, and standards used to design, implement, monitor, and secure operating systems, equipment, networks, applications, and those controls used to enforce various levels of confidentiality, integrity, and availability.

Information security architecture and design covers the practice of applying a comprehensive and rigorous method for describing a current and/or future structure and behavior for an organization’s security processes, information security systems, personnel and organizational sub-units, so that these practices and processes align with the organization’s core goals and strategic direction.

The candidate is expected to understand security models in terms of confidentiality, integrity, data flow diagrams; Common Criteria (CC) protection profiles; technical platforms in terms of hardware, firmware, and software; and system security techniques in terms of preventative, detective, and corrective controls.

Chapter 9 delves into this domain, which has the following major topics:

Reviewing security models and concepts

Evaluating information systems security using various models

Outlining security capabilities of information systems

Spotting vulnerabilities of system architectures

Reviewing vulnerabilities and threats to software and systems

Applying countermeasure principles