You are on page 1of 1

Security Standards (222) Memory Components Cloud Service Models (241

)
ISO 27001 – focused on the standardization and certification of an Register – CPU also includes a limited amount of onboard Original service models – SaaS, PaaS; original deployment
organization’s information security management system (ISMS), memory, known as registers, that provide it with directly model- community & hybrid
security governance, a standard; ISMS. Info security minimum accessible memory locations that the brain of the CPU, the PaaS – Platform-as-a-Service is the concept of providing a
systems arithmetic-logical unit (ALU), uses when performing calculations computing platform and software solution stack as a virtual or cloud-
ISO 27002 – (inspired from ISO 17799) – a guideline which lists or processing instructions, small memory locations directly in the based service. Essentially, this type of cloud solution provides all the
security control objectives and recommends a range of specific CPU. aspects of a platform (that is, the operating system and complete
security controls; more granular than 27001. 14 areas Stack Memory Segment – used by processors to communicate solution package). The primary attraction of PaaS is the avoidance of
BOTH INSPIRED FROM BS7799 instructions and data to each other having to purchase and maintain high-end hardware and software
Control Frameworks (223) Monolithic Operating System Architecture – all of the code locally. Customer supplies application code that the vendor then
Consider the overall control framework or structure of the security working in kernel mode/system mode in an ad hoc and non- executes on its own infrastructure
solution desired by the organization. modularized OS SaaS – Software-as-a-Service, is a derivative of PaaS. SaaS
COBIT – Control Objectives for Information and Related Memory Addressing – When using memory resources, the provides on-demand online access to specific software applications
Technology, is a documented set of best IT security practices processor must have some means of referring to various or suites without the need for local installation. In many cases, there
crafted by the Information Systems Audit and Control Association locations in memory. The solution to this problem is known as are few local hardware and OS limitations.
(ISACA). It prescribes goals and requirements for security controls addressing, IaaS – Infrastructure-as-a-Service, takes the PaaS model yet another
and encourages the mapping of IT security ideals to business - Register Addressing – When the CPU needs step forward and provides not just on-demand operating solutions
objectives. information from one of its registers to complete an but complete outsourcing options. This can include utility or metered
COBIT 5 – is based on five key principles for governance and operation, it uses a register address (for example, computing services, administrative task automation, dynamic scaling,
management of enterprise IT: “register 1”) to access its contents. virtualization services, policy implementation and management
 Principle 1: Meeting Stakeholder Needs - Immediate Addressing – is not a memory addressing services, and managed/ filtered Internet connectivity.
scheme per se but rather a way of referring to data that Deployment Models, parent organization still responsible for patching
 Principle 2: Covering the Enterprise End-to-End
is supplied to the CPU as part of an instruction. For OS of virtual hosts,
 Principle 3: Applying a Single, Integrated Framework
example, the CPU might process the command “Add 2 CaaS – not a TERM!
 Principle 4: Enabling a Holistic Approach
to the value in register 1.” This command uses two - Private; cloud-based assets for a single organization.
 Principle 5: Separating Governance from Management. addressing schemes. The first is immediate Organizations can create and host private clouds using
COBIT is used not only to plan the IT security of an their own resources.
addressing— the CPU is being told to add the value 2
organization but also as a guideline for auditors. and does not need to retrieve that value from a memory - Community; provides cloud-based assets to two or more
location— it’s supplied as part of the command. The organizations. Maintenance responsibilities are shared
Virtualization (229) second is register addressing; it’s instructed to retrieve based on who is hosting the assets and the service
Used to host one or more operating systems within the memory of the value from register 1. models.
a single host computer. Such an OS is also known as a guest - Direct Addressing – In direct addressing, the CPU is - Public; model includes assets available for any consumers
operating system. From the perspective that there is an original or provided with an actual address of the memory location to rent or lease and is hosted by an external CSP. Service
host OS installed directly on the computer hardware, the additional to access. The address must be located on the same level agreements can be effective at ensuring the CSP
Oses hosted by the hypervisor system are guests. memory page as the instruction being executed. Direct provides the cloud-based services at a level acceptable to
- Virtual machine – simulated environment created by addressing is more flexible than immediate addressing the organization.
the OS to provide a safe and efficient place for since the contents of the memory location can be Hybrid – mix of public and private
programs to execute. changed more readily than reprogramming the
- Virtual SAN – software-defined shared storage system immediate addressing’s hard-coded data. Indirect Database Security (237)
is a virtual re-creation of a SAN on top of a virtualized Addressing Aggregation – SQL provides a number of functions that combine
network or an SDN. - Indirect addressing – uses a scheme similar to direct records from one or more tables to produce potentially useful
addressing. However, the memory address supplied to information. Aggregation is not without its security vulnerabilities.
Timing (233) the CPU as part of the instruction doesn’t contain the Aggregation attacks are used to collect numerous low-level security
TOCTTOU attack - race condition exploits, and communication actual value that the CPU is to use as an operand. items and combine them to create something of a higher security
disconnects are known as state attacks because they attack Instead, the memory address contains another memory level or value.
timing, data flow control, and transition between one system state address (perhaps located on a different page). The Inference – involve combining several pieces of non-sensitive
to another. CPU reads the indirect address to learn the address information to gain access to information that should be classified at
RACE - two or more processes require access to the same where the desired data resides and then retrieves the a higher level. However, inference makes use of the human mind’s
resource and must complete their tasks in the proper order for actual operand from that address. deductive capacity rather than the raw mathematical ability of
normal functions - Base + Offset Addressing – uses a value stored in modern database platforms.
one of the CPU’s registers as the base location from Data Warehousing – large databases, store large amounts of
which to begin counting. The CPU then adds the offset information from a variety of databases for use with specialized
supplied with the instruction to that base address and analysis techniques.
retrieves the operand from that computed memory Data Mining – technique allow analysts to comb through data
location. warehouses and look for potential correlated information.
Data dictionary – commonly used for storing critical information
about data, including usage, type, sources, DBMS software reads
the data