Securing Commonly Used Architecture
The course is part of this learning path
This is the third course in Domain 3 of the CSSLP certification and covers the essential ideas, concepts, and principles that you need to take into account when building secure software.
- Understand the differences between commonly used computing architectures
This course is intended for anyone looking to develop secure software as well as those studying for the CSSLP certification.
Any experience relating to information security would be advantageous, but not essential. All topics discussed are thoroughly explained and presented in a way allowing the information to be absorbed by everyone, regardless of experience within the security field.
Then we have pervasive computing. This is based around widely available commodity computing devices of nearly any size and description, and this now puts computing in the hands of nearly everyone old enough to understand how to operate it. What it produces is a relatively new environment. There is the constant state we know as hyper-connectedness, this produces always on, always available operable conditions. They become platform agnostic, typically being delivered through standard web browser-type interfaces and we find that they can be accessible from quite literally almost anywhere, which would include from your home office, your downtown office, a mobile application, in a Starbucks somewhere or from your first class seat on an airline traveling inter-continentally through the wifi onboard the plane.
Now, accepted architectural features in these kinds of contexts are more important than ever, but connected devices cannot always support them. This can include things such as simple, basic security features. They don't support defense in depth and they don't typically have a fail-safe, fail-secure type of modality. There is the aspect of location-based computing. This would be GPS information that is used to connect with resources, products and services in close proximity to the device holder, and the fact that such data can be abused depending upon the actual stream content. This results in letting a person know about restaurants or shopping or other offers of vendors nearby broadcasting over a network that reaches to that device based on GPS coordinates of it.
Of course, we have RFID, the radio frequency information detection. There is the transponder type with active-passive tag and reader setups and then we have the active tracking for vehicles with passive reading for inventory as we might find in a Barnes & Noble bookstore. Pervasive computing also includes near-field communication, which allows for communication, but only over very small inches-wide gaps. Now, these are effective and quite frequently used in mobile tap and pay type of apps, like Apple Pay. Then we have our sensor device networks, which include sensing for meter reading at homes and businesses, weather sensing conditions with a broadcast capability to return the information to a central source and similar types of applications.
Mr. Leo has been in Information System for 38 years, and an Information Security professional for over 36 years. He has worked internationally as a Systems Analyst/Engineer, and as a Security and Privacy Consultant. His past employers include IBM, St. Luke’s Episcopal Hospital, Computer Sciences Corporation, and Rockwell International. A NASA contractor for 22 years, from 1998 to 2002 he was Director of Security Engineering and Chief Security Architect for Mission Control at the Johnson Space Center. From 2002 to 2006 Mr. Leo was the Director of Information Systems, and Chief Information Security Officer for the Managed Care Division of the University of Texas Medical Branch in Galveston, Texas.
Upon attaining his CISSP license in 1997, Mr. Leo joined ISC2 (a professional role) as Chairman of the Curriculum Development Committee, and served in this role until 2004. During this time, he formulated and directed the effort that produced what became and remains the standard curriculum used to train CISSP candidates worldwide. He has maintained his professional standards as a professional educator and has since trained and certified nearly 8500 CISSP candidates since 1998, and nearly 2500 in HIPAA compliance certification since 2004. Mr. leo is an ISC2 Certified Instructor.