CISSP Domain 3 Refresh: Security Architecture and Engineering
Security Architecture and Engineering is a very important component of Domain #3 in the CISSP exam. It counts for a good chunk of it, as 13% of the topics in this domain are covered on the exam. But apart from that, the knowledge gained from this particular domain provides a crucial, fundamental background for any type or kind of cybersecurity professional.
The following is a list of knowledge areas that the aspiring CISSP-certified individual must have at least a baseline knowledge of.
As the CISSP exam questions are also scenario-based, you must be able to understand these principles and apply them:
Secure Design Principles
Incorporating security into the design process
Security engineers attempt to retrofit an existing system with security features designed to protect the confidentiality, integrity and availability of the data handled by that system.
In this approach, every access request is seen as having two different components: a subject who is requesting some type of access and an object which is the resource being requested.
There are two possible failure modes:
- Fail open system. If the security controls fail, they are automatically bypassed
- Fail secure system. This is where a security control fails, and the system locks itself down to a state where no access is granted
This part of the domain can be considered more theoretical in nature. Nevertheless, you still should have an understanding of them, as the CISSP exam will cover them to some degree or another. It is important to note that this not an all-inclusive list of the security models; you should refer to your study book or boot camp notes to get all of the details of all of the relevant models.
- Bell-LaPadula security model
- Biba integrity model
- Lattice-Based Access controls
- Integrity models
- Information Flow model
- Chinese Wall model
- Noninterference model
- Take-Grant Protection model
- The Access Control Matrix
- Zachman Framework for Enterprise Architecture
- Graham-Denning model
- Harrison-Ruzz-Ullman model
You also need to understand the following, regarding the approval process in an organization as to how a particular can be deployed and implemented:
- Certification. This is the process of determining that a technology product meets the requirements of a certain level of certification. It is a government-wide decision that a product meets certain security requirements
- Accreditation. This is a decision made after certification, and it is a specific decision as to whether a technology system may be used in a specific environment
Cloud Computing and Virtualization
As you prepare for the CISSP exam, you also need to understand the importance of the three families of cloud computing, which are as follows:
- Private cloud
- Public cloud
- Hybrid cloud
Organizations adopting a hybrid cloud approach use a combination of public and a private cloud. In this model, they may use the public for some computing workloads, but they also operate their own private cloud for other workloads.
High Availability and Fault Tolerance
For any security professional, the basics of having redundant systems and mitigating failures is of prime importance, and is reviewed as follows:
- The core concept of high availability is having operationally redundant systems sometimes at different locations, for example having a cluster of web serves in place that can continue to operate even if a single server fails
- Fault tolerance, on the other hand, helps protects a single system from failing in the first place by making it resilient in the conditions of technical failures
Client and Server Vulnerabilities
Most businesses and corporations have some sort of client-server network topology. This is where many workstations and wireless devices (the clients) are connected to a central server so that resources can be accessed quickly and easily. Given this level of importance in the real world, this is a rather heavily weighted component on the CISSP exam. You should have a firm grasp of the following concepts:
Client security issues
- Applets. Applets written in languages like Java and Microsoft’s ActiveX come with some serious security issues, as they let a remote website run code on your computer. For this reason, most security professionals recommend against using applets
- Local caching. A cache is a local store of information that browser uses to speed things up by eliminating redundant lookups. In an attack known as cache poisoning, an attacker inserts fake records in the DNS cache on a local computer which then redirects unsuspecting users of that computer to illegitimate websites. Similar types of attacks can happen for the address resolution protocol, and for files retrieved from the Internet
Server security issues
Security professionals must be aware of security issues that are particular to certain environments. All servers are affected by data flow control, while database servers must also be protected again aggregation, inference and other database-specific attacks.
There are two specific types of attacks that are specific to database servers, and are thus important to know for the CISSP exam:
- Aggregation. Aggregation occurs when an individual with a low-level security clearance is able to piece together facts available at that low level to determine a very sensitive piece of information that he or she should not have access to
- Inference. Inference occurs when an individual can figure out sensitive information from the facts available to him or her
For cybersecurity professionals, web security vulnerabilities are among the trickiest problems to tackle. The Open Web Application Security Project (OWASP) maintains a list of the top 10 web security vulnerabilities that the CISSP exam-taker should understand and should know the defense mechanism for the same. The current version of the OWASP top 10 was developed in 2017.
Given the importance of smartphones in both our personal and professional lives, keeping them secure from cyberattacks is a must. Given light of this, the CISSP exam covers key mobile security concepts which the candidate must be aware of, including the following. Please note that once again, this is not an all-inclusive list, so it is very important that you refer to your CISSP study book or boot camp material for more information.
Mobile device security
- Mobile devices should be protected with one or more access control mechanisms, such as passcodes and biometric fingerprint authentication
- Device encryption
- Ability to remove the contents of your device over the network, also known as remote wiping.
- Automatic screen-lock after certain period of inactivity
- User lockout if an incorrect passcode is entered too many times
Mobile device management
Mobile device management (MDM) solutions provide organizations with an easy way to manage the security settings on many mobile devices simultaneously. Mobile device management is a powerful tool that allows security professionals to ensure that all devices used with an organization’s data have security settings in place that match the organization’s security policy.
Mobile application security
Smartphone and tablet apps offer users a powerful set of features that improve their productivity. But security professionals must be sure to carefully evaluate each app to ensure that its use of data meets the organization’s security policies. For the CISSP exam you should understand the following application security concerns:
- Mobile application authentication
- Encryption of sensitive information
Smart Device Security
Given that technology is becoming more advanced and more “intelligent” in nature, smart device security is a topic covered in the CISSP exam. The candidate should have a firm grasp in terms of understanding the following concepts:
Industrial control systems
Industrial control systems (ICS) are the devices and systems that control industrial production and operation. These systems monitor electricity, gas, water and other utility infrastructure and production operations. Attacks on these systems can disable a nation’s power grid and can even destroy parts of a city’s infrastructure. For security professionals, it’s mandatory to secure the following types of industrial control system.
- Supervisory Control and Data Acquisition (SCADA)
- Distributed Control Systems (DCS)
- Programmable Logic Controllers (PLC)
Securing the IOT
Taking a layered approach to security and using multiple controls to achieve the same objectives improves the odds that your network will remain safe from embedded-device attacks. Following are some security measures for embedded devices:
- Ensure regular security updates (manual or automated) for embedded devices
- Implementing security wrappers for embedded devices
- Network segmentation for embedded devices
- Web-application firewall, as most of the embedded devices have web consoles
Whatever approach you choose, you should incorporate security, control, diversity and redundancy.
The basic thrust of the world of cybersecurity is ensuring that information and data will be rendered useless if intercepted by a third party while in transit. This is where the concepts of cryptography come into play, and in fact is an extremely weighted and heavily-covered topic not only in this particular domain, but on the CISSP exam as well. Therefore, the candidate must have a very deep understanding of these concepts. This is not all-inclusive, so once again, refer back to your CISSP training study book or boot camp training materials.
CISSP course exam takers should have an understanding of:
- Data Encryption Standard (DES)
- AES, Blowfish, and Twofish
- Rivest-Shamir-Adleman (RSA)
- PGP and GnuPG
- Elliptic-curve and quantum cryptography
Goals of cryptography
5 stages of cryptographic life cycle
- Phase I – Initiation: Gathers the requirements for the new cryptographic system
- Phase II – Development and Acquisition: Find an appropriate combination of hardware, software and algorithms that meets the organization security objectives
- Phase III – Implementation and Assessment: Configure and test the cryptographic system
- Phase IV – Operations and Maintenance: Ensure the continued secure operation of cryptographic system
- Phase V – Sunset: Phase out the system and destroy/archive keying material
Digital Rights Management
DRM uses encryption to render content inaccessible to those who do not possess the necessary license to view the information. It thus provides content owners with the technical ability to prevent the unauthorized use of their content.
Public-key infrastructure can be defined as the set of roles, policies and procedures required to manage, create, use, distribute, store and revoke digital certificates and manage public-key encryption. Important functions include the following:
- PKI and digital certificates
- Hash functions
- Digital signatures
- How digital certificate is created
- How digital certificate is revoked
For the CISSP exam, you should know following cryptanalytic attacks:
- Brute-force attacks
- Knowledge-based attacks
In the world of security, we often think of it in terms of hardware, software, database, servers, wireless devices, smartphones and so forth. But we often forget that these items are stored in a physical place, and these kinds of premises must be protected as well. This is also an important part of the CISSP exam, and the candidate must have a baseline understanding of the following concepts:
- Site and facility design
- Data center environmental controls
- Data center environmental protection
- Physical security controls types
- Physical access control
- Visitor management
This concludes our review of CISSP Domain 3: Security Architecture and Engineering. Thank you for reading, and good luck on your exam!