Skip to content

Page085

Unique Terms and Definitions

  • Asymmetric Encryption—encryption that uses two keys: if you encrypt with one you may decrypt with the other
  • Hash Function—one-way encryption using an algorithm and no key
  • Hypervisor—allows multiple virtual operating system guests to run on one host
  • Mantrap—a preventive physical control with two doors. Each door requires a separate form of authentication to open
  • Tailgating—following an authorized person into a building without providing credentials
  • Symmetric Encryption—encryption that uses one key to encrypt and decrypt
  • Zero Trust Architecture—modern design principle that treats both internal and external systems as untrusted

Introduction

The Security Architecture and Engineering domain is an example of the exam’s reordering and combining concepts from the 10 domains of the older exam to the current 8 domains. This domain contains large swaths of three formerly separate domains: Security Architecture, Cryptography, and Physical Security. As a result, this domain is quite large and bursting with content.

As mentioned in Chapter 1, Introduction, the new order doesn’t always flow logically, but that is not important for exam success. In the end you will face questions from all 8 domains, and questions will not overtly reference their domain of origin.

This domain begins with secure design principles, including threat modeling, defense-in-depth, zero trust, and more. Security architecture concepts follow, including security models, as well as secure system components in hardware and software. Next comes cryptography, including core concepts of symmetric encryption, asymmetric encryption, and hash functions. Finally, we will discuss physical security, where we will learn that safety of personnel is paramount.

Secure Design Principles

We will begin by discussing secure design principles, emphasizing modern methods for defending systems. The old “castle wall” design (bad things on the outside, good things on the inside) is dated and tends to fail against modern adversaries. Zero trust is a key component of modern defense, as we will discuss shortly.

Threat Modeling

Threat modeling seeks to formally describe the various attack vectors available to a system and helps plan for deploying proper mitigation. OWASP describes threat modeling:

Threat modeling works to identify, communicate, and understand threats and mitigations within the context of protecting something of value.

A threat model is a structured representation of all the information that affects the security of an application. In essence, it is a view of the application and its environment through the lens of security.

Threat modeling can be applied to a wide range of things, including software, applications, systems, networks, distributed systems, Internet of Things (IoT) devices, and business processes.

A threat model typically includes:

  • Description of the subject to be modeled
  • Assumptions that can be checked or challenged in the future as the threat landscape changes
  • Potential threats to the system
  • Actions that can be taken to mitigate each threat
  • A way of validating the model and threats, and verification of success of actions taken