Page 648 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 648

policy tightly targets a single implementation effort. (Although it may
               be adapted from other, similar efforts, it should reflect the target as

               accurately and completely as possible.)

               For system developers, a security policy is best encountered in the
               form of a document that defines a set of rules, practices, and
               procedures that describe how the system should manage, protect, and
               distribute sensitive information. Security policies that prevent
               information flow from higher security levels to lower security levels

               are called multilevel security policies. As a system is developed, the
               security policy should be designed, built, implemented, and tested as it
               relates to all applicable system components or elements, including any
               or all of the following: physical hardware components, firmware,
               software, and how the organization interacts with and uses the system.
               The overall point is that security needs be considered for the entire life
               of the project. When security is applied only at the end, it typically
               fails.



               Policy Mechanisms

               As with any security program, policy mechanisms should also be put
               into place. These mechanisms are extensions of basic computer
               security doctrine, but the applications described in this section are
               specific to the field of computer architecture and design.



               Principle of Least Privilege

               Chapter 13, “Managing Identity and Authentication,” discusses the
               general security principle of least privilege and how it applies to users
               of computing systems. This principle is also important to the design of
               computers and operating systems, especially when applied to system
               modes. When designing operating system processes, you should
               always ensure that they run in user mode whenever possible. The

               greater the number of processes that execute in privileged mode, the
               higher the number of potential vulnerabilities that a malicious
               individual could exploit to gain supervisory access to the system. In
               general, it’s better to use APIs to ask for supervisory mode services or
               to pass control to trusted, well-protected supervisory mode processes
               as they’re needed from within user mode applications than it is to
   643   644   645   646   647   648   649   650   651   652   653