2 Information Systems Security Architecture Professional
2 Information Systems Security Architecture Professional
Summary
Summary (ISC)2 Information Systems Security Architecture Professional (ISSAP)
17 views 1 purchase
Course
2 Information Systems Security Architecture Professional
Institution
2 Information Systems Security Architecture Professional
Book
Official (ISC)2® Guide to the ISSAP® CBK
The Information Systems Security Architecture Professional (ISSAP) is a CISSP who specializes in designing security solutions and providing management with risk-based guidance to meet organizational goals. ISSAPs facilitate the alignment of security solutions within the organizational context (e.g....
information systems security architecture professional
se
Connected book
Book Title:
Author(s):
Edition:
ISBN:
Edition:
Written for
2 Information Systems Security Architecture Professional
All documents for this subject (1)
Seller
Follow
jeroenkloet
Reviews received
Content preview
BOOK SUMMARY
(ICS)2 OFFICIAL GUIDE TO THE ISSAP CBK
SECOND EDITION
2
,DOMAIN I
ACCESS CONTROL SYSTEMS & METHODOLOGY
Access Control concepts
Security architects should be interested in access control because it has desirable attributes that can preserve
the critical information found in Line of Business systems. Systems with logical access controls watch over
important information. These desirable attributes of logical access controls can protect resources from loss or
exposure and provide accountability for those accessing the information or system.
Essentially, access control is a way to discover the following:
Who (which subject) is accessing the information?
What (object) is being accessed?
How (via which mechanism) might the access occur?
The combined usage of subjects, objects, permissions, and rights forms the foundation of a system’s access
control, where:
Subjects are the persons, entities, or processes that want to access an object.
Objects are resources such as files, devices, or services.
Permissions are the type of access a subject is given. Common permissions include read, write, modify,
delete, and execute.
Rights are special abilities granted to a subject. For example, an administrator has the right to create
accounts, while ordinary users do not. Rights have policy influences over the interactive who, what, and
how questions of the access control mechanism.
Access control coupled with auditing establishes the basis for accountability. Auditing is the process of
recording access control actions and is the principal method used to achieve accountability.
Access control is the fundamental mechanism that provides for the confidentiality, integrity, and availability of
information within an information technology (IT) system. Access control thus enables:
Confidentiality, through measures that project objects from unauthorized disclosure.
Integrity, by preventing unauthorized modifications when properly implemented.
Availability, when integrity is properly enabled.
A system security policy can be viewed as a structure, such as the one depicted below. Confidentiality,
integrity, and availability establish the foundation of a security policy. Rules formed by laws, regulations,
standards, and policy are the primary pillars supporting the policy. The rules give shape to managerial,
organizational, and technical controls that make up the foundation of the system security policy.
2
,The mechanisms of access control can be found in a variety of products and at multiple levels within an IT
system. The more common products implementing access control include:
Network devices. Access control at network level tends to be more connection oriented, such as allowing
or disallowing ports and protocols associated with given IP addresses. Typically, an access control
mechanism is limited to the box (router, switch, firewall) itself.
Operating systems. Most operating systems provide some form of access control by default. At this level,
an access control mechanism is sometimes shared among workstations and servers in a network.
However, this is not always the case for every commercial operating system.
Database Management Systems. Many databases provide capabilities to control access to the data they
contain. In some cases, a database management system might also be able to distribute access control
functionality among distributed systems, in much the same way as some operating systems.
Applications. Some applications contain their own access control mechanisms, which might be as simple
as allowing or denying access based on presenting acceptable credentials or a robust access control
mechanism like those found in an operating system or database.
The figure below illustrates many different access control methods and techniques that can be applied to the
various layers of the Open System Interconnectivity (OSI) model.
Two important features of access control mechanisms are the Access Control List (ACL) and the ACL repository.
The ACL identifies the security attributes of a particular system object. Typically, this will include information
about the object owner and other entities having authorized access associated with the rights granted to each
entity. Each subject identified in an ACL is known as an Access Control Entity (ACE). The ACL repository is used
to manage each ACL in the system.
Discretionary Access Control
Discretionary Access Control (DAC) is the predominant access control technique in use today. The underlying
concept of DAC is to give an object owner the discretion to decide who is authorized to access an object and to
what extent. The definition of an object owner is the person who best understands the value of the
object to the organization.
Read. It is essential to understand that read permission does not mean read-only. It really means read-
and-copy. Any subject with the permission to read a file can also make a copy of the same file. This occurs
during the reading process. When an application reads a data file, it makes a copy of the contents in
memory.
2
, Write. Giving an entity the ability to write to a file object allows it to write anything to that object. This
could include a virus, appended to the end. Another problem with this permission is that an entity could
also replace all the data in a file with one byte of information. This is like having the ability to delete a file.
The implication of the write permission is that object integrity can be affected.
Execute. It is essential to understand the concept of the context of an executing process. When an entity
executes a process, that process typically has access to all object available to the entity. This feature of
DAC is what gives a Trojan horse the ability to steal information or damage a system.
DAC implementation strategies
Overcoming the challenges of the read permission is a difficult task, but mitigations are possible. The following
are some approaches to consider:
Limit access to essential objects only.
Label sensitive data.
Filter information where possible.
Provide guidance that prohibits unauthorized duplication of information.
Conduct monitoring for noncompliance.
Appropriate access control settings need to be established for all resources within a system. The following are
a few objects for which write permission should be restricted:
Configuration files. Any file used to store configuration information should be set to read-only where
updates are not routine actions.
Windows Registry. Lock down system registry keys to read-only. This is especially important for the run
keys, which designate software to execute a boot. Run keys are a primary target for malware.
Services. If a service is not needed, it should be disabled. If users do not need a service, then they should
be prevented through the ACL from interacting with it.
Data. Follow the concepts of least privilege and separation of duties when assigning permissions to data
files.
Solving the problem with execute permissions with DAC is by far the most important measure. The execution
of unauthorized processes can threaten the integrity of the user context, or worse, that of the entire system
when the context is that of an administrator or the system itself. The best approach to this problem is to apply
restrictive access controls to existing executables and monitor for unauthorized access instances. The following
is a list of recommended approaches:
Set access control entries for all executable binary files to read-only.
Prevent execution from removable media.
Use host-based firewalls.
Conduct software integrity inventories.
Monitor executions.
Nondiscretionary Access Control
Access control mechanisms that are neither DAC nor Mandatory Access Control (MAC) are referred to as forms
of nondiscretionary access control.
Role-Based Access Control (RBAC). It is desirable to limit individuals to only those resources that are
needed to support their duties. This can be achieved when user access is controlled according to assigned
job functions or roles. The unique quality of RBAC is that rights and permissions are ordered in a
hierarchical manner. Privileges on resources are mapped to job functions.
Originator Controlled (ORCON). An information owner may desire to control the life cycle of certain types
of information. Some of the desired control might concern how long the information remains available or
who can view the information.
Digital Rights Management (DRM). Intellectual content such as music, movies, and books need methods
to control who is authorized to access them. Additionally, DRM must have portability features, because a
user might want to access the protected content from different systems of platforms. It relies on
cryptographic techniques to preserve the authenticity of and access to protected information.
Usage Controlled (UCON). Another problem associated with protecting intellectual content involves
frequency of access. DRM techniques provide measures that attempt to control who can access the
2
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller jeroenkloet. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $5.33. You're not tied to anything after your purchase.
