System functions and related data structures are typically isolated into well-defined logical units. Which of the following allows the relationships of these units to be better understood, so that dependencies are clear and undesired complexity can be avoided.? (Wentz QOTD)
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is A. Layering.
Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams and an informative reference for security professionals.
The principles of modularity and layering are fundamental across system engineering disciplines. Modularity and layering derived from functional decomposition are effective in managing system complexity, by making it possible to comprehend the structure of the system. Yet, good modular decomposition, or refinement in system design is challenging and resists general statements of principle.
Modularity serves to isolate functions and related data structures into well-defined logical units. Layering allows the relationships of these units to be better understood, so that dependencies are clear and undesired complexity can be avoided.
The security design principle of modularity extends functional modularity to include considerations based on trust, trustworthiness, privilege, and security policy. Security-informed modular decomposition includes the following:
– allocation of policies to systems in a network;
– allocation of system policies to layers;
– separation of system applications into processes with distinct address spaces; and
– separation of processes into subjects with distinct privileges based on hardware-supported privilege domains.
The security design principles of modularity and layering are not the same as the concept of defense in depth, which is discussed in Section F.4.
Source: NIST SP 800-160 Vol 1
系統功能和相關數據結構通常被隔離到定義明確的邏輯單元中。 下列哪項可以更好地理解這些單元的關係，從而使依賴關係清晰，並且可以避免不需要的複雜性。？ (Wentz QOTD)
A. 分層 (Layering)
B. 模塊化 (Modularity)
C. 抽象 (Abstraction)
D. 封裝 (Encapsulation)