323652
Beschreibung
Mindmap von Craig Parker, aktualisiert more than 1 year ago
|
Erstellt von Craig Parker
vor etwa 11 Jahre
|
|
U2.2 Fundamentals
Anmerkungen:
- 1. Where to FOCUS 2.Where to PLACE 3. Complexity or Assurance 4.Centralise or Decentralise 5. Block access to layer below
- Dilemma
- Security unaware users have
specific security requirements but
no security expertise
- Orange Book
- Can predefined evaluation
criteria meet specific user
requirements
- Can predefined evaluation
criteria meet specific user
requirements
- IT SEC
- How can a security unaware
user assess a specific target
of valuation
- How can a security unaware
user assess a specific target
of valuation
- Orange Book
- Security unaware users have
specific security requirements but
no security expertise
- 1st Design Decision
- Where to focus
Sec Ctrls
- Can be placed
almost
anywhere
- Tends to be on Data and
Users, sometimes Operations
- Controls can be enforcd by
the operating system
- Controls can be procedural
- Tends to be on Data and
Users, sometimes Operations
- Can be placed
almost
anywhere
- Where to focus
Sec Ctrls
- 2nd Design Descision
- Where to place Sec Ctrls
- Can be placed at
any layer from
App to Physical
- As you move down the
layers you apply a more
universal control
- The lower you go
the more flexibility is
compromised
- Application Sec
provides greater
flexibility
- Application Sec
provides greater
flexibility
- The lower you go
the more flexibility is
compromised
- Higher layers are more
complex to secure, most
expensive and more dev
time required
- As you move down the
layers you apply a more
universal control
- Man - Machine Scale
- Can be placed at
any layer from
App to Physical
- Where to place Sec Ctrls
- 3rd Decision
- Complexity or Assurance
- Hardware based
= Simple controls
- Application
Based = feature
rich & complex
- Problem is, simplicity gives
higher assurance levels of
secuirity
- To achieve high assurance
products must be examined
in great detail
- Complex controls are harder
to analyse and therefore harder
to provide great arrurances
- Obvious tradeoff
between complexity
and assurance
- Complex controls are harder
to analyse and therefore harder
to provide great arrurances
- Hardware based
= Simple controls
- Complexity or Assurance
- 4th Descision
- Centralise or decentralise control
- Single entity
- Consistent, Uniform, may
become less efficient
- Consistent, Uniform, may
become less efficient
- Distributed Control
- More efficient but more
management and concerns
about consistency
- More efficient but more
management and concerns
about consistency
- Single entity
- Centralise or decentralise control
- 5th Descision
- Blocking access to
the layer below
- Protection
mechanisims
define a security
perimiter
- Once an attacker
is inside, defence
it breached
- Once an attacker
is inside, defence
it breached
- If a particular Sec mech is placed at
the services layer, how do you stop
an attacker from defeating that
mechanisim by breaking the OS at
the layer below
- A total solution is required
- A total solution is required
- Protection
mechanisims
define a security
perimiter
- Blocking access to
the layer below
Möchten Sie kostenlos Ihre eigenen Mindmaps mit GoConqr erstellen? Mehr erfahren.