Question

Today, several security services are increasingly provided as common security services. These include audit and monitoring services, authentication services, access management services, directory services, and a variety of detection, prevention, and mitigation services. What is meant by common security services, and what advantage and disadvantage do they provide when compared to commodity security controls?

Answer 1

Common Security Services Manager

This section provides details on the main infrastructure component of the CDSA, the Common Security Services Manager (CSSM).

Overview

The Common Security Services Manager integrates the security functions required by applications to use cryptographic service provider modules (or tokens) and certificate libraries. In particular, it facilitates linking digital certificates to cryptographic actions and trust protocols. Tokens and certificate libraries plug into the CSSM as add-in modules.

Functionally, CSSM provides the services shown in Services Provided by CSSM :

• General module management services-install, dynamically attach, and dynamically locate module managers and add-in modules.
• Elective module managers-dynamically extend the APIs and security services available to applications implemented to use those services.
• Basic module managers-define a minimal set of security services APIs.
• Multi-service modules-allow a single add-in service module to implement services to functionally separate sets of CSSM APIs.
• Integrity Services-verify signed credentials to ensure trusted identification and authorizations.
• Security context management-aggregate and manage input and output parameters required when performing cryptographic operations.

General Module Management Services

CSSM manages a registry that records each component's logical name, attached components in the CSSM environment. CSSM manages a registry that records information about each installed add-in module and elective module manager. This information can be queried by applications, add-in modules, and components of CSSM. The registry is CSSM's critical information base. CSSM must protect this information base by controlling access to the information, (particularly write access), and checking the integrity of stored values upon retrieval.

The CSSM registry records the logical name of each add-in module and elective module manager, the information required to locate and dynamically initiate the component, and some minimal meta-data describing the capabilities and services implemented by the component. An add-in module may or may not implement all of the APIs defined by CSSM. Unimplemented functions are registered as null. For extensibility, an add-in module can implement additional functions outside of the CSSM-defined API calls. CSSM defines a single pass-through function, which an add-in module can overload with multiple custom functions. The meaning and use of these functions is documented outside of CSSM by the module vendor.

Major benefits of having an Common Security Serivices

• Lower costs in many areas.
• More time to focus on your business.
• Access to unique expertise and tools.
• Direct cyber security.
• Automatic detection and fixing of vulnerabilities.
• Increased action-oriented insight and reduced alert fatigue.
• Scalability.

Although technology such as surveillance cameras and alarms aid their work, it is still very involving and the Common security system has several disadvantages.

• Risk. Security officers place their life on the line every time they go to work. ...
• Low Pay. ...
• Difficult Work. ...
• Continuous Training.