Please enable JavaScript.
Coggle requires JavaScript to display documents.
Domain 3 Security Architecture and Engineering -13% - Coggle Diagram
Domain 3 Security Architecture and Engineering -13%
3.1 Research, implement and manage engineering processes using secure design principles
Threat modeling
Least privilege
Defense in depth
Secure defaults
Fail securely
Separation of Duties (SoD)
Keep it simple
Zero Trust
Privacy by design
Trust but verify
Shared responsibility
3.9 Design site and facility security controls
Wiring closets/intermediate distribution facilities
Server rooms/data centers
Media storage facilities
Evidence storage
Restricted and work area security
Utilities and Heating, Ventilation, and Air Conditioning (HVAC)
Environmental issues
Fire prevention, detection, and suppression
Power (e.g., redundant, backup)
3.2 Understand the fundamental concepts of security models
(e.g., Biba, Star Model, Bell-LaPadula)
3.3 Select controls based upon systems security requirements
3.4 Understand security capabilities of Information Systems (IS) (e.g., memory protection, Trusted Platform Module (TPM), encryption/decryption)
3.5 Assess and mitigate the vulnerabilities of security architectures, designs, and solution elements
Client-based systems
Server-based systems
Database systems
Cryptographic systems
Industrial Control Systems (ICS
Cloud-based systems (e.g., Software as a Service (SaaS), Infrastructure as a Service (IaaS), Platform as a Service (PaaS))
Distributed systems
Internet of Things (IoT)
Microservices
Containerization
Serverless
Embedded systems
High-Performance Computing (HPC) systems » Edge computing systems
Virtualized systems
3.6 Select and determine cryptographic solutions
Cryptographic life cycle (e.g., keys, algorithm selection)
Cryptographic methods (e.g., symmetric,
asymmetric, elliptic curves, quantum)
Public Key Infrastructure (PKI)
Key management practices
Digital signatures and digital certificates
Non-repudiation
Integrity (e.g., hashing)
3.7 Understand methods of cryptanalytic attacks
Brute force
Ciphertext only
Known plaintext
Frequency analysis
Chosen ciphertext
Implementation attacks
Side-channel
Fault injection
Timing
Man-in-the-Middle (MITM) » Pass the hash
Kerberos exploitation » Ransomware
3.8 Apply security principles to site and facility design