Exam CISSP topic 1 question 206 discussion

This security designing principle says that the security mechanism must be generated as separate and protected modules and the security mechanism must be generated using the modular architecture. This principle helps in updating the security mechanism independently without modifying the entire system.

The security principle of modularity in systems security engineering provides isolated functions and data. This principle isolates functions into well-defined logical units, allowing them to be composed and managed independently. It extends functional modularity to include considerations based on trust, trustworthiness, privilege, and security policy. This means that different functions and data are separated and not dependent on each other, reducing the risk of compromise of one function or piece of data. Therefore, the correct answer is: C. Isolated functions and data

NASA says "The security principle of modularity services is to isolate functions into well-defined logical units so that they can be composed. Layering relates to the application layer, network layer, and security kernel/device layer."

Although CISSP CBK does not tell anything about modularity, the secure design principle of modularity is mentioned in NIST Special Publication 800-53: "These core security principles include, for example, simplicity, modularity, layering, domain isolation, least privilege, least functionality, and resource isolation/encapsulation. [...] The reduction in inter-module interactions helps to constrain security functions and to manage complexity. The concepts of coupling and cohesion are important with respect to modularity in software design. Coupling refers to the dependencies that one module has on other modules. Cohesion refers to the relationship between the different functions within a particular module. Good software engineering practices rely on modular decomposition, layering, and minimization to reduce and manage complexity, thus reducing software modules that are highly cohesive and loosely coupled. The organization implements security functions as largely independent modules that maximize internal cohesiveness within modules and minimize coupling between modules."

C is correct

The security principle of modularity provides isolated functions and data. This means that different functions and data are separated and not dependent on each other. This can help to reduce the risk of a compromise of one function or piece of data affecting other functions or data. Modularity can also make it easier to identify and fix security vulnerabilities, as it allows for a more targeted approach to security testing and remediation.

C is correct