The InfoSec Handbook: An Introduction to Information Security

by Umesh Hodeghatta Rao

On the Contextual Security Architecture Layer, Business Users provide the business requirements that must be met by the architecture. At the Conceptual Security Architecture layer, an architect provides the overall context by which the business requirements of the organization are to be met. On the Logical Security Architecture layer, the Designers provide a systems engineering model which views the business as a system and delineates it in terms of a system of systems through various sub-systems. On the Physical Security Architecture layer, the builder provides physical security mechanisms and the servers that will be required to provide these services. On the Component Security Architecture layer, the tradesmen work on specifications provided by the builder and work with specialist products and system components which together, build what was expected by the builder.

Separation Of concerns

Principle 1: Computer Security Supports the Mission of the Organization

Principle 2: Computer Security is an Integral Element of Sound Management

Principle 3: Computer Security Should Be Cost-Effective

Principle 4: Systems Owners Have Security Responsibilities Outside Their Own Organization

Principle 5: Computer Security Responsibilities and Accountability Should Be Made Explicit

Principle 6: Computer Security Requires a Comprehensive and Integrated Approach

Principle 7: Computer Security Should Be Periodically Reassessed

Principle 8: Computer Security is Constrained by Societal Factors

Biometric traits cannot be stolen or duplicated;

Fingerprints and a gummy bear beg to differ

Seven major sources of physical loss have been identified

4 of which are exacerbated by climate change

There have been instances of labor unions being used as a conduit by the competitors to create havoc on the premises of the target organization and physically damage the infrastructure.

Don't try and sell union-busting as infosec

Voice Recognition: Voice patterns differ from person to person.

Defeated by voice modelling

Fingerprint Biometrics:

I am a gummi bear

Facial Biometrics:

Like iPhone face ID that can't tell apart different members of the same family?

Some people have privacy reservations about this method.

Privacy reservations about facial recognition. I wonder why people are so precious about their coupon?

Possibility of forging the fingerprint by molding or fabricating it

It is advised that the users set the Bluetooth to off and enable it only when required.

Do not access secure websites using unsecured Wi-Fi connections. It is possible in such cases that your credentials are captured or sniffed by others.