Security Architecture (OBJ 3.1 & 4.1)
Security Architecture
- Design, structure, and behavior of an organization's information security environment
- Encompasses components such as:
- Hardware
- Software
- Processes
- People
On-Premise vs. Cloud Deployment
- On-Premise
- Traditional local infrastructure setup
- Within an organization's own premises
- Cloud
- Delivery of computing services over the internet
Cloud Security Considerations
- Shared Physical Server Vulnerabilities
- Inadequate Virtual Environment Security
- User Access Management
- Lack of Up-to-date Security Measures
- Single Point of Failure
- Weak Authentication and Encryption Practices
- Unclear Policies and Data Remnants
Virtualization and Containerization
- Different virtualization types
- Containerization benefits and risks
- Vulnerabilities like vm escape and resource reuse
Serverless Computing
- Computing model where the cloud provider dynamically manages server allocation and provisioning
- Developers focus solely on writing code
Microservices Architecture
- Collection of small, autonomous services
- Each performs a specific business process
Software-Defined Network (SDN)
- Dynamic, programmatically efficient network configuration
- Improves network performance and monitoring
Infrastructure as Code (IaC)
- Automation of managing and provisioning technology stack
- Software-driven setup instead of manual configuration
Centralized vs. Decentralized Architectures
- Benefits and risks of centralized and decentralized setups
Internet of Things (IoT)
- Network of physical devices with sensors and connectivity
- Enables data exchange among connected objects
ICS and SCADA
- Industrial Control Systems (ICS)
- For industrial production including manufacturing, transportation, energy, and utilities.
- Supervisory Control and Data Acquisition (SCADA)
- Subset of ICS
- Control and monitor physical processes such as electricity transmission, gas transportation, water distribution and wastewater collection.
Embedded Systems
- Dedicated computer system designed for specific functions
- Part of a complete device system with hardware components