This is the content of Security Architecture and engeneering of CISSP®
This domain 3 is worth 13% of the grade to be achieved
Domaine 3 of CISSP®
Content updated according to the new official programme for 2024
| N° | Description | |
|---|---|---|
| 3.1 | Research, implement and manage engineering processes using secure design principles | |
| 3.1.1 | Threat modeling | |
| 3.1.2 | Least privilege | |
| 3.1.3 | Defense in Depth | |
| 3.1.4 | Secure defaults | |
| 3.1.5 | Fail securely | |
| 3.1.6 | Separation of Duties (SoD) | |
| 3.1.7 | Keep it simple | |
| 3.1.8 | Zero Trust | |
| 3.1.9 | Privacy by design | |
| 3.1.10 | Trust but verify | |
| 3.1.11 | Shared responsibility | |
| 3.2 | Understand the fundamental concepts of security models (eg, Biba, Star Model, Bell-LaPadula) | |
| 3.3 | Select controls based upon Systems Security requirements | |
| 3.4 | Understand security capabilities of Information Systems (IS) (eg, memory protection, Trusted Platform Module (TPM), encryption/decryption) | |
| 3.5 | Assess And mitigate the vulnerabilities of security Architectures, designs and solution elements | |
| 3.5.1 | Client-based systems | |
| 3.5.2 | Server-based Systems | |
| 3.5.3 | Database systems | |
| 3.5.4 | Cryptographic systems | |
| 3.5.5 | Industrial Control Systems (ICS) | |
| 3.5.6 | Cloud-based systems (eg, Software as a Service (SaaS), Infrastructure as a Service (IaaS), Platform as a Service (PaaS)) | |
| 3.5.7 | Distributed systems | |
| 3.5.8 | Internet of Things (IoT) | |
| 3.5.9 | Microservices | |
| 3.5.10 | Containerization | |
| 3.5.11 | Serverless | |
| 3.5.12 | Embedded systems | |
| 3.5.13 | High-Performance Computing (HPC) systems | |
| 3.5.14 | Edge computing systems | |
| 3.5.15 | Virtualized systems | |
| 3.6 | Select and determine cryptographic Solutions | |
| 3.6.1 | Cryptographic lifeCycle (eg, keys, algorithm selection) | |
| 3.6.2 | Cryptographic methods (eg, symmetric, asymmetric, ellipticCurves, quantum) | |
| 3.6.3 | Public Key Infrastructure (PKI) | |
| 3.6.4 | Key management practices | |
| 3.6.5 | Digital signatures and Digital certificates | |
| 3.6.6 | Nonrepudiation | |
| 3.6.7 | Integrity (eg, hashing) | |
| 3.7 | Understand methods of cryptanalytic attacks | |
| 3.7.1 | Brute force | |
| 3.7.2 | Ciphertext only | |
| 3.7.3 | Known plaintext | |
| 3.7.4 | Frequency analysis | |
| 3.7.5 | Chosen PlainText/Ciphertext | |
| 3.7.6 | Implementation attacks | |
| 3.7.7 | Side-channel attacks | |
| 3.7.8 | Fault injection | |
| 3.7.9 | Timing | |
| 3.7.10 | Man-in-the-Middle (MITM) | |
| 3.7.11 | Pass the hash | |
| 3.7.12 | Kerberos exploitation | |
| 3.7.13 | Ransomware | |
| 3.8 | Apply security principles to site and facility design | |
| 3.9 | Design site and facility security controls | |
| 3.9.1 | Wiring closets/intermediate distribution facilities | |
| 3.9.2 | Server rooms/data centers | |
| 3.9.3 | Media storage facilities | |
| 3.9.4 | Evidence storage | |
| 3.9.5 | Restricted and work area security | |
| 3.9.6 | Utilities and Heating, Ventilation, and Air Conditioning (HVAC) | |
| 3.9.7 | Environmental issues | |
| 3.9.8 | Fire prevention, detection, and suppression | |
| 3.9.9 | Power (eg, redundant, backup) |