Page 161 - DCAP309_INFORMATION_SECURITY_AND_PRIVACY
P. 161

Unit 11: Security Models & Frameworks and Methodologies for Information System Security




          Information Systems Security (INFOSEC): Security of information systems beside unauthorized  Notes
          access to or amendment of information, whether in storage, processing, or transit, and against
          the denial of service to authorized users, counting those measures important to detect, document,
          and answer such threats.

          Self Assessment

          Fill in the blanks:
          4.   Preproduction models are frequently known as ......................... models.

          5.   Production Model is ......................... equipment in its concluding mechanical and electrical
               form.

          11.3 Frameworks


          Having called a model as a basic, high-level build, it turns out to be clear that another expression
          must be defined to address that class of technique that goes away from the theoretical space and
          begins to dabble in execution guidance. The word “framework” appears to fit that bill.
          In software development, a framework is a defined preserved structure in which another software
          project can be controlled and developed. This definition seems to be promising as it hints that a
          framework offers more detail and construction than a model.
          While a model is abstract and intangible, a framework is connected to comprehensible work.
          Moreover, frameworks set suppositions and practices that  are intended  to directly  impact
          executions. In distinction, models offer the general direction for attaining a goal or outcome, but
          without obtaining into the muck and mire of practice and measures.
          A framework is a basic construct that defines suppositions, concepts, values, and practices, and
          that involves guidance for executing itself.

          The following  methods have been identified to offer general guidance  toward attaining an
          outcome  without going  into particular detail on  a  single  concentrated task.  Each  of  these
          techniques has been categorized as a framework.

          The Security Framework

          1.   The Security Framework is a harmonized system of security tools.
          2.   It is similar to the Enterprise management framework.
          3.   It extends end to end of the customer enterprise architecture.
          4.   Security data centrally monitored 24x7 in a Security Operations Center.

          5.   In this data is  analyzed by means of correlation tools.
          Security Framework Considerations


          1.   Mapped to the customer’s architecture to offer end to end security.
          2.   Uses obtainable commercial and open source tools.
          3.   Leverages obtainable security infrastructure to.
          4.   Rapidly construct out the security framework.






                                           LOVELY PROFESSIONAL UNIVERSITY                                   155
   156   157   158   159   160   161   162   163   164   165   166