79Chapter2SecurityArchitectureandModelsTheSecurityArchitectureandModelsDomaincontainstheconcepts,prin-ciples,structures,andstandardsusedtodesign,implement,monitor,andsecureoperatingsystems,equipment,networks,applications,andthosecontrolsusedtoenforcevariouslevelsofavailability,integrity,andconfi-dentiality.Oneofthekeyaspectsofbeinganinformationsystemsecurityprofes-sionalistodesignandbuildasecurityinfrastructurethatmeetscurrentandfuturebusinessneeds.Thischapterexplainsthekeyprinciplesandconceptscentraltothesecurityarchitectureofanyorganization.Whencoupledwiththeconceptscoveredintheotherchapters(withparticularemphasisonthetelecommunications,cryptography,andaccesscontrolmodules),thischaptergivestheCISSPthenecessarybreadthtoaddressthechallengesofdevelopingasecurityarchitectureandtheinsighttoeval-uatetheexistingorlegacyarchitectureofanorganization.TheCISSPcandidateshouldbeableto:•Identifythesecurityissuesandcontrolsassociatedwitharchitec-turesanddesigns.•Describetheprinciplesofcommoncomputerandnetworkorgani-zation,architectures,anddesigns.•Definesecuritymodelsintermsofconfidentiality,integrity,andinformationflow.Thischapterisdividedintofivetopicareas.Thefirstsectionbeginsbydefiningtheconceptofasecurearchitecture.TheInformationProtectionEnvironmentsectionidentifiesthesystemarchitectureenvironmentandoutlinessomeofthefactorsassociatedwithdesigningasecurearchitec-ture.Thethirdsection,SecurityTechnologyandTools,providesanexpla-nationofthetypesofcontrolsavailabletodesignersdevelopingasecurearchitecture.Inaddition,theconceptsofsecuritymodelsareintroducedtoprovideanoverviewofvarioussecuritytheoriesfordesigningasecuresystem.Thefinaltopicsoutlinewhatorganizationscandotoensurethat80OFFICIAL(ISC)2®GUIDETOTHECISSP®EXAMsecurityisapartofthearchitecturaldesignandseveralmanagementcon-trolsarementioned.IntroductionDefiningSecurityArchitectureBuildinganinformationsystemrequiresabalanceamongvariousrequirements,suchascapability,flexibility,performance,easeofuse,cost,businessrequireme...
