Why Security Architectures and Models?
”I’m a Security Program Manager studying for my CISSP. What’s with all the material on Security Architectures and Models? How will knowing Bell-LaPadula help me do my job better?”
The various information security architectures and models are the result of a lot of consideration and experience, over decades of a lot of very smart people trying hard to get it right. To be ignorant of such foundational work is to be at a severe disadvantage in practical matters.
A building supervisor may not need to be a boiler technician, but he or she must absolutely understand the fundamentals of HVAC systems to be at all effective. Likewise the position may not require the skills of an architect, but absolutely demand a thorough familiarity with load-bearing structures, and an ability to evaluate what is necessary to maintain their integrity.
It is the same with information security program management.
/jonathan
Weblog Entry
Friday, August 10, 2007
Entry Notes
Category: Do I have to...?
Event: A common question.
Weather: Surrounded by fire in MT
Other Details:
I agree that some of the studies required to pass the CISSP can seem arcane and useless, but this is not one of them.
