Computer Architecture and Security Models

Computer architecture involves the organization of a structure, including its features and amenities, and Similarly, information architecture contains specifications, diagrams, designs, and requirements documentation for an organization's information and computing resources.

Hardware Architecture: Focuses on physical components, selecting and configuring hardware with security features like encryption modules and secure boot mechanisms.
Software Architecture: Deals with the structure of software systems, implementing secure coding standards, access controls, and conducting security testing and reviews.
Network Architecture: Involves designing networks and components, implementing controls like segmentation, encryption, and intrusion detection systems to safeguard data in transit and prevent unauthorized access.
System Design and Integration: Encompasses creating cohesive systems that meet organizational requirements, addressing security concerns, supporting defense-in-depth strategies, redundancy, failover mechanisms, and scalability without compromising security.
Cloud Computing Architecture: Understands cloud service and deployment models, implementing security controls and best practices tailored to cloud environments.

Security policies: Rules used to maintain organizational security, monitor and report in the case of security breaches.
Examples of common security policies:
- Acceptable Use Policy (AUP): Defines acceptable and prohibited uses of organizational resources.
- Password Policy: Specifies requirements for password creation and management.
- Data Classification Policy: Categorizes data based on sensitivity and criticality, outlining how to handle, store, transmit, and protect data.
- Access Control Policy: Establishes procedures for granting and revoking access to systems and data based on users' roles and responsibilities.
- Incident Response Policy: Outlines procedures for detecting, assessing, and responding to security incidents.
- Physical Security Policy: Defines measures to protect physical assets from unauthorized access, theft, or damage.
- Remote Access Policy: Establishes guidelines and controls for accessing organizational resources remotely.

Security models: Criteria and techniques designed to carry out certain aspects of the security policy, providing conceptual frameworks for understanding, implementing, and assessing security measures within an organization's IT infrastructure.
Examples of common security models:
- Bell-LaPadula model: Focuses on confidentiality, enforcing the "no read up, no write down" principle.
- Biba model: Prioritizes integrity, following the "no read down, no write up" principle.
- Clark-Wilson model: Emphasizes integrity and separation of duties, implementing transaction-based access controls.
- Non-Interference model: Aims to prevent covert channels that could compromise data confidentiality or integrity.
- Role-Based Access Control (RBAC): Assigns permissions based on users' roles.
- Attribute-Based Access Control (ABAC): Considers various attributes of users, resources, and environmental conditions to make access control decisions.
- Discretionary Access Control (DAC): Allows individual users to determine access permissions for resources they own.
- Mandatory Access Control (MAC): Centrally controls access permissions based on a security policy.

Countermeasures: Specific procedures, process implementations, and technologies used to protect the C-I-A (confidentiality, integrity, and availability) of all elements in the information architecture.