The third domain of CISSP exam ‘Security Architecture and Engineering’ focuses on the different processes, standards and structures required to design a secure system. (An information system is comprised of the operating system and network, equipment and applications. These are some examples of the objectives.
Secure design principles are used to implement and manage engineering processes
The CISSP certification tests a candidate’s knowledge of system engineering processes and their lifecycle, as well as how security is integrated into them. Planning, development, testing, deployment, maintenance, and maintenance are the phases of a system’s lifecycle. Secure design must be integrated into the system. Security should not be an afterthought.
This section also requires that the candidate understands how the three components of the system hardware, firmware, or software interact. The candidate should also be familiar with common architecture frameworks like the Zachman framework and SABSA (Sherwood applied security architecture) frameworks, TOGAF (The Open Group architectural framework) and ITIL [IT Infrastructure Library].
Understanding the basic concepts of security models
A security model is a blueprint for implementing security on an information system. The candidate should be familiar with the different security models, including the Bell LaPadula model and Biba model, Clark–Wilson Model, Brewer–Nash Model, Graham–Denning model, and Clark–Wilson Model.
Both the Bell LaPadula and Biba models are “information flow models”.
Model Bell LaPadula:
The Bell LaPadula model enforces the “confidentiality” aspect of the CIA triad. This model states that the “subject at certain levels cannot read data at higher security levels”. The same applies to subjects at lower security levels.
The integrity aspect of CIA triad is enforced by the Biba model, which was created after the Bell-LaPadula models. “The subject at a particular level cannot read data at lower integrity levels.” The “subject” cannot also modify data at a higher level.
Along with the security models, the candidate should also be familiar with product evaluation models like TCSEC (Trusted Computer System Evaluation Criteria), ITSEC, and ‘Common Criteria. These product evaluation models can be used to verify that information systems meet a set security goals.
The TCSEC, also known as the “Orange book”, was published for the first time in 1983. It includes a set of standards that the US Department of Defense (DoD) used to evaluate its systems. The criteria in the ‘Orange Book’ are diverse.
Division D’ – Minimal Protection
Division ‘C’ – Discretionary Protection
Division ‘B’ – Mandatory protection
Division ‘A’ – Verified protection
The TSEC was more concerned with the CIA’s ‘confidentiality. It attempted to evaluate its systems. The ‘Common criteria have replaced the TCSEC.
TCSEC and ITSEC weren’t universally accepted and ‘Common criteria’ was created. It quickly became the most widely used product evaluation criteria. The ‘Common criteria can be applied to both software and hardware products. We must determine the ST (security target) and ToE (target of evaluation), conformance claims, security requirements, and perform product evaluation accordingly.
There are seven levels of assurance (EALs), with EAL 1 being lowest and EAL 7 being highest.
Functionally tested EAL 1
EAL 2: Structurally TESTED
EAL 3: Methodically tested and checked
EAL 4: Methodically Designed and Tested, Reviewed
EAL 5 – Semi Formally Designed and Tested
EAL 6: Semi Formally Verified Design and Tested
EAL 7: Formally Verified Design & Tested
Select controls based on system security requirements
Candidats are expected to be familiar with the security controls (policies and procs).