Page 547 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 547
those protective mechanisms. Until this point, when discussing
preventive measures, we have focused on policy measures and the
software that runs on a system. However, security professionals must
also pay careful attention to the system itself and ensure that their
higher-level protective controls are not built on a shaky foundation.
After all, the most secure firewall configuration in the world won’t do a
bit of good if the computer it runs on has a fundamental security flaw
that allows malicious individuals to simply bypass the firewall
completely.
In this chapter, we’ll cover those underlying security concerns by
conducting a brief survey of a field known as computer architecture:
the physical design of computers from various components. We’ll
examine each of the major physical components of a computing
system—hardware and firmware—from a security perspective.
Obviously, the detailed analysis of a system’s hardware components is
not always a luxury available to you because of resource and time
constraints. However, all security professionals should have at least a
basic understanding of these concepts in case they encounter a
security incident that reaches down to the system design level.
The Security Engineering domain addresses a wide range of concerns
and issues, including secure design elements, security architecture,
vulnerabilities, threats, and associated countermeasures. Additional
elements of this domain are discussed in various chapters: Chapter 6,
“Cryptography and Symmetric Key Algorithms,” Chapter 7, “PKI and
Cryptographic Applications,” Chapter 8, “Principles of Security
Models, Design, and Capabilities,” and Chapter 10, “Physical Security
Requirements.” Please be sure to review all of these chapters to have a
complete perspective on the topics of this domain.
