Chapter 4: Domain 3: Security Architecture and Engineering
Abstract
Domain 3: Security Engineering represents a large and complex technical domain. The chapter presents cloud, virtualization, and microservices concepts. It describes key cryptographic concepts of authentication and non-repudiation in addition to confidentiality and integrity, which are concepts presented in many of the domains. Beyond the foundational operations such as substitution and permutation and types of cryptosystems, symmetric, asymmetric, and hashing, this chapter also introduces key modes of operation for symmetric cryptosystems, Electronic Code Book (ECB), Cipher Block Chaining (CBC), Cipher Feedback (CFB), Output Feedback (OFB), and Counter Mode (CTR). The goal of the domain’s final section is to ensure that the safety of personnel is a key consideration when considering physical and environmental security. To ensure this safety requires an understanding of common issues that could negatively impact personnel’s safety, such as fire, smoke, flood, and toxins, with particular emphasis on smoke and fire detection and suppression. Physical security is the other main focus of this chapter and attention is given to physical access control matters including fences, gates, lights, cameras, locks, mantraps, and guards.
Keywords
Asymmetric encryption; Hash function; Hypervisor; Mantrap; Tailgating; Symmetric encryption; Zero Trust Architecture
EXAM OBJECTIVES IN THIS CHAPTER:
- Secure Design Principles
- Security Models
- Evaluation Methods, Certification, and Accreditation
- Secure System Design Concepts
- Secure Hardware Architecture
- Secure Operating System and Software Architecture
- Virtualization, Cloud, and Distributed Computing
- System Vulnerabilities, Threats, and Countermeasures
- Cornerstone Cryptographic Concepts
- Types of Cryptography
- Cryptographic Attacks
- Implementing Cryptography
- Perimeter Defenses
- Site Selection, Design, and Configuration
- System Defenses
- Environmental Controls