2 cissp ® Official Study Guide Eighth Edition


Control Redundancy and Diversity



Download 19,3 Mb.
Pdf ko'rish
bet359/881
Sana08.04.2023
Hajmi19,3 Mb.
#925879
1   ...   355   356   357   358   359   360   361   362   ...   881
Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

Control Redundancy and Diversity
As with any security solution, relying on a single security mechanism is unwise. Defense in 
depth uses multiple types of access controls in literal or theoretical concentric circles or lay-
ers. This form of layered security helps an organization avoid a monolithic security stance. 
A monolithic mentality is the belief that a single security mechanism is all that is required 
to provide sufficient security. By having security control redundancy and diversity, a static 
environment can avoid the pitfalls of a single security feature failing; the environment has 
several opportunities to deflect, deny, detect, and deter any threat. Unfortunately, no secu-
rity mechanism is perfect. Each individual security mechanism has a flaw or a workaround 
just waiting to be discovered and abused by a hacker.
Essential Security Protection 
Mechanisms
The need for security mechanisms within an operating system comes down to one simple 
fact: software should not be trusted. Third-party software is inherently untrustworthy, no 
matter who or where it comes from. This is not to say that all software is evil. Instead, this 

380
Chapter 9 

Security Vulnerabilities, Threats, and Countermeasures
is a protection stance—because all third-party software is written by someone other than 
the OS creator, that software might cause problems. Thus, treating all non-OS software as 
potentially damaging allows the OS to prevent many disastrous occurrences through the use 
of software management protection mechanisms. The OS must employ protection mecha-
nisms to keep the computing environment stable and to keep processes isolated from each 
other. Without these efforts, the security of data could never be reliable or even possible.
Computer system designers should adhere to a number of common protection mecha-
nisms when designing secure systems. These principles are specific instances of the more 
general security rules that govern safe computing practices. Designing security into a 
system during the earliest stages of development will help ensure that the overall security 
architecture has the best chance for success and reliability. In the following sections, we’ll 
divide the discussion into two areas: technical mechanisms and policy mechanisms.

Download 19,3 Mb.

Do'stlaringiz bilan baham:
1   ...   355   356   357   358   359   360   361   362   ...   881



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish