As a security architect, you are designing security architecture. Which of the following least likely provides you with architectural and design principles?
A. ISO/IEC 19249
B. System Development Life Cycle (SDLC)
C. NIST SP 800-160 Volume 1
D. Saltzer and Schroeder
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is B. System Development Life Cycle (SDLC).
An SDLC defines the phases and processes when engineering a system. It typically doesn’t provide specific design principles because of the diversity of systems.
Saltzer and Schroeder’s principles and ISO/IEC 19249 are introduced in the CISSP CBK Reference, 5th edition. Moreover, NIST SP 800-160 V1 also provides secure design principles.
The title of ISO/IEC TS 19249 is Information technology — Security techniques — Catalogue of architectural and design principles for secure products, systems and applications.
Reference
A BLUEPRINT FOR YOUR SUCCESS IN CISSP
My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.
- It is available on Amazon.
- Readers from countries or regions not supported by Amazon can get your copy from the author’s web site.
作為安全架構師,您正在設計安全架構。 以下哪項最不可能為您提供架構和設計原則?
A. ISO / IEC 19249
B. 系統開發生命週期(SDLC)
C. NIST SP 800-160第1卷
D. Saltzer和Schroeder