Chapter 4: Security Architecture and Design - Final Notes

I want to hit a few key concepts near the end of chapter 4 here. Fist of all, the difference between certification and accreditation. Certification is a technical evaluation that can lead to accreditation. Accreditation is a formal acceptance of system security. Next, the difference between an open system and a closed system. Open systems follow standards and published specs. Closed, on the other hand, do not follow specific, industry standards. In other words, it is proprietary, and there might be room for more advanced security. Systems will always have flaws, bugs, and "open doors". Hackers are always trying to identify these imperfections and exploit them. The book puts it a good way. No matter how many laws and improvements society makes, there are always going to be cops and robbers. In the same sense, there are always going to be hackers that will try to get into systems.