Not having a security architecture

Both an overall security architecture and well-defined policy specifications are needed to address security challenges in an effectively

Security architecture models

You don't have to roll your own; there are several standard security architectures that you can choose from.

International Standard ISO 7498-2

This standard provides a general description of security services and related mechanisms that can be ensured by the security reference model. It covers security attacks relevant to Open System, general architectural elements that can be used to thwart such attacks, and circumstances under which the security elements can be used. This model, however, is somewhat static and in need of modernization; a lot has been learned about security since this model was published in 1989.

Moriconi, Xiaolei and Miemenschneider Methodology

This architecture is formalized in terms of common architectural abstractions; then it is refined into specialized architectures -- each one is suitable for implementation under different security assumptions.

Whitman & Mattford Methodology

This methodology makes use of the following architectural layers: physical, personal, operations, communications, network and information security.

NIST Special Publication 800-27, Security Principals and Practices

A comprehensive model for information security and an evaluation standard, it includes Lattice Model (a mathematical structure of elements organized by a relation); Bell-La Padula Confidentiality Model (sensitivity levels); and Biba Integrity Model, which defines integrity levels in terms of the Bell-La Padula levels.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about ExposureISOVIA

Show Comments