Chapter 16. Day 15: Security Architecture and Design

A computer system includes operating systems, equipment, networks, and applications. Based on the information security requirements, a computer system also consists of controls that enforce various levels of confidentiality, integrity, and availability needs of the information. A document that specifies the security requirements and needs to be addressed and maintained in a computer system is known as the security policy.

Security architecture and design enforces the security requirements of computer systems as defined in the security policy. Some of the important objectives of this domain are to address the security concepts, principles, structures, and standards for computer architecture and computer systems. These objectives form the baseline for designing, implementing, monitoring, and securing computer systems. This domain also addresses various security models pertaining to computer architecture, assurance mechanisms, guidelines, and standards.