Skip to main content

CISSP Mindmap – Domain 03

A comprehensive CISSP Mindmap Series will include all 8 Domains. This collection is designed to equip prospective CISSP professionals with essential resources for exam preparation, training and reference.

CISSP Mindmap - Domain 03

CISSP Interactive Mindmap
CISSP Interactive Mindmap_thumbnail_03

Domain_03: Key Concepts and Terminology

  • Confidentiality Models: Examples include Bell-LaPadula (focused on data confidentiality and preventing unauthorized data access).
  • Integrity Models: Examples include Biba and Clark-Wilson (focused on maintaining data integrity and preventing unauthorized modification).
  • Access Control Models: Discretionary Access Control (DAC), Mandatory Access Control (MAC), Role-Based Access Control (RBAC), and Attribute-Based Access Control (ABAC).
  • State Machine Model: A system is considered secure if it starts in a secure state and transitions between secure states.
  • Least Privilege: Users and systems should only have the permissions needed to perform their tasks.
  • Separation of Duties: Prevents conflict of interest by dividing responsibilities among individuals or systems.
  • Defense in Depth: Implementing multiple layers of security controls to protect resources.
  • Fail-Safe Defaults: By default, deny access unless explicitly granted.
  • Security Through Obscurity: Hiding system details to protect from threats (not recommended as a primary security mechanism).
  • Trusted Computing Base (TCB): The combination of hardware, software, and controls that work together to enforce a security policy.
  • Security Perimeter: The boundary that separates the TCB from the untrusted environment.
  • Reference Monitor: An abstract machine that mediates all access to objects, ensuring access controls are enforced.
  • Kernel: Core part of an operating system responsible for managing system resources and security controls.
  • Symmetric Encryption: Uses a single key for both encryption and decryption (e.g., AES, DES).
  • Asymmetric Encryption: Uses a pair of keys (public and private) for encryption and decryption (e.g., RSA, ECC).
  • Hash Functions: Generates a fixed-size output (hash) from input data (e.g., SHA-256).
  • Digital Signatures: Provides authentication, integrity, and non-repudiation.
  • Firewalls: Act as a barrier between trusted and untrusted networks, controlling traffic based on pre-defined rules.
  • VPN (Virtual Private Network): Encrypts data transmitted over the internet to provide secure access.
  • Intrusion Detection Systems (IDS): Monitors network traffic for suspicious activities and alerts.
  • Intrusion Prevention Systems (IPS): Monitors network traffic and actively blocks threats.
  • Vulnerability Assessment: Scanning systems for known security weaknesses.
  • Penetration Testing: Simulating an attack to identify potential vulnerabilities.
  • Threat Modeling: Identifying potential threats and vulnerabilities to design effective security measures.
  • IaaS, PaaS, SaaS: Understanding the differences in service models and the shared responsibility model.
  • Serverless Computing: Security considerations for serverless environments where the cloud provider manages infrastructure.
  • Data Portability and Encryption: Importance of encrypting data in transit and at rest within cloud
  • Internet of Things (IoT): Understanding the security implications of interconnected devices.
  • Artificial Intelligence (AI): Security considerations for AI-driven systems.
  • Blockchain: Decentralized ledger technology providing secure, immutable transactions.
  • Security Architecture: Design and structure of systems to align with security policies and requirements.
  • System Assurance: The level of confidence that a system is free from vulnerabilities and functions as intended.
Security Models and Architecture
  • Confidentiality Models: Examples include Bell-LaPadula (focused on data confidentiality and preventing unauthorized data access).
  • Integrity Models: Examples include Biba and Clark-Wilson (focused on maintaining data integrity and preventing unauthorized modification).
  • Access Control Models: Discretionary Access Control (DAC), Mandatory Access Control (MAC), Role-Based Access Control (RBAC), and Attribute-Based Access Control (ABAC).
  • State Machine Model: A system is considered secure if it starts in a secure state and transitions between secure states.
Secure Design Principles
  • Least Privilege: Users and systems should only have the permissions needed to perform their tasks.
  • Separation of Duties: Prevents conflict of interest by dividing responsibilities among individuals or systems.
  • Defense in Depth: Implementing multiple layers of security controls to protect resources.
  • Fail-Safe Defaults: By default, deny access unless explicitly granted.
  • Security Through Obscurity: Hiding system details to protect from threats (not recommended as a primary security mechanism).
System Security
  • Trusted Computing Base (TCB): The combination of hardware, software, and controls that work together to enforce a security policy.
  • Security Perimeter: The boundary that separates the TCB from the untrusted environment.
  • Reference Monitor: An abstract machine that mediates all access to objects, ensuring access controls are enforced.
  • Kernel: Core part of an operating system responsible for managing system resources and security controls.
Cryptography
  • Symmetric Encryption: Uses a single key for both encryption and decryption (e.g., AES, DES).
  • Asymmetric Encryption: Uses a pair of keys (public and private) for encryption and decryption (e.g., RSA, ECC).
  • Hash Functions: Generates a fixed-size output (hash) from input data (e.g., SHA-256).
  • Digital Signatures: Provides authentication, integrity, and non-repudiation.
Network Security
  • Firewalls: Act as a barrier between trusted and untrusted networks, controlling traffic based on pre-defined rules.
  • VPN (Virtual Private Network): Encrypts data transmitted over the internet to provide secure access.
  • Intrusion Detection Systems (IDS): Monitors network traffic for suspicious activities and alerts.
  • Intrusion Prevention Systems (IPS): Monitors network traffic and actively blocks threats.
Security Assessment
  • Vulnerability Assessment: Scanning systems for known security weaknesses.
  • Penetration Testing: Simulating an attack to identify potential vulnerabilities.
  • Threat Modeling: Identifying potential threats and vulnerabilities to design effective security measures.
Cloud Security
  • IaaS, PaaS, SaaS: Understanding the differences in service models and the shared responsibility model.
  • Serverless Computing: Security considerations for serverless environments where the cloud provider manages infrastructure.
  • Data Portability and Encryption: Importance of encrypting data in transit and at rest within cloud
Emerging Technologies
  • Internet of Things (IoT): Understanding the security implications of interconnected devices.
  • Artificial Intelligence (AI): Security considerations for AI-driven systems.
  • Blockchain: Decentralized ledger technology providing secure, immutable transactions.
Secure System Engineering
  • Security Architecture: Design and structure of systems to align with security policies and requirements.
  • System Assurance: The level of confidence that a system is free from vulnerabilities and functions as intended.

Domain_03: Key Terms & Definitions

  • Cryptology: The science of secure communication
  • Cryptography: Secret Writing. Creating messages whose meaning is hidden
  • Cryptanalysis: The science of breaking encrypted messages (recovering their meaning).
  • Cipher: A cryptographic algorithm
  • Encryption: Process by which plaintext is converted to ciphertext with a key, using a cipher. (Encipher)
  • Decryption: Process by which ciphertext is converted to plaintext (with the key) by the use of a cipher. (Decipher)
  • Kerckhoff’s Principle: Only the key should be kept secret. Algorithms should be publicly known.
  • Algorithm: Set of mathematical rules used in encryption and decryption
  • Key: Secret sequence of bits and instructions that governs the act of encryption and decryption
  • Work factor: Estimated time, effort, and resources necessary to break a cryptosystem
  • Diffusion: The order of the plaintext is dispersed in the ciphertext
  • Confusion: Creating a random relationship between the plaintext and the ciphertext
  • Substitution: Replaces one character with another, which provides diffusion
  • Permutation (Transposition): Provides confusion by rearranging the plaintext characters (like an anagram)
  • Modular Math: Shows what remains Y=25th letter. C=3rd letter. Y+C=B (b/c 25+3=28. 28-26=2 B=2nd letter)
  • XOR (Exclusive Or): Combining a key with a plaintext via XOR creates ciphertext (0+0=0 0+1=1 1+1=0 1+0=1)
  • Monoalphabetic Cipher: Uses ONE alphabet (A becomes X)
  • PolyAlphabetic Cipher: Uses two or more alphabets (A becomes X) (X becomes M) …
  • Running Key Cipher (Book Cipher): Substitution cipher using books, or some other
  • known source. Agree on the source, then note the page#, line#, and word offset. Uses whole words at each position.
  • Scytale Cipher: Spartans. Wrap cloth around a rod and write down all the strips of cloth. Unwind to encrypt.
  • Caesar Cipher (Rotation Cipher): Monoalphabetic rotation cipher. Key is # of places to shift in alphabet (3: A=D)
  • Vigenere Cipher: Polyalphabetic cipher. Alphabet repeated 26 times in a Vigenere Square.
  • One-Time Pad (Vernam Cipher): Unbreakable cipher. Key is as many bits as message. Key Mgmt issues.
  • Steganography: Hiding or embedding data (not encrypting) in an image.
  • Digital Signature: A hash value encrypted with a private key
  • Digital Certificate: A public key signed with a digital signature

Domain_03: Key Areas

  • Cryptography
  • Concepts of secure design principles
  • Security models fundamental principles
  • Security capabilities of information system
  • Cryptography: Concepts, methodologies, and practices
  • Physical security
  • Secure protocol and design components

Domain 03 - Security Architecture & Engineering_Mindmap

Full Screen

Resources

  • (ISC)2 CISSP Official Study Guide (OSG) 9th Edition by Mike Chapple, James Michael Stewart, and Darril Gibson
    • Chapter 06 – Chapter10, Pg219-489
  • CISSP All-in-One Exam Guide, Ninth Edition by Fernando Maymi and Shon Harris
    • Part III, Pg283-417
  • Eleventh Hour CISSP® Study Guide, Third Edition by Eric Conrad, Seth Misenar, Joshua Feldma
    • Domain-03, Pg47-93
  • Destination Certification – A Concise Guide by Rob Witcher, John Berti, Lou Hablas, Nick Mitropoulos
    • Domain-03, Pg97-235
  • The Official (ISC)2 CISSP CBK Reference, 6th Edition by Arthur Deane and Aaron Kraus

    • Domain-03, Pg147-281

Books Reference

Practice Tests Reference

Videos Reference

Credits & Disclaimer

We express our gratitude to the below-mentioned authors, creators, and sources which have been referred for the creation of our Interactive CISSP Mindmap – Mike Chapple and David Seidl (OSG), Luke Ahmed (SNT), Pete Zerger (Exam Cram), Prashant Mohan (Memory Palace) , Prabh (Coffee shots), Rob Witcher (destcert.com/)  and M. Waleed Khaliq (CISSP Concepts Guide).This Mindmap has been meticulously created to ensure that information is shared effectively. This Mindmap aims to offer a thorough grasp of essential concepts with a dedication to assist enhanced learning experiences. We hope that this resource helps people absorb information more thoroughly, which will lead to a broader understanding of each CISSP domains and is freely available for all.

Contribution

We have already included some reference images and short notes for most of the topics so that users can more effectively refer to the content in the mindmap. If you have any information, images, or notes that can make the mindmap more effective, please feel free to share them.

https://github.com/sajinshivdas/CISSP_Interactive_Mindmap/tree/main/CISSP_Domain_03

For issues and concern please feel free to raise a issue in Github link https://github.com/sajinshivdas/CISSP_Interactive_Mindmap/issues

Connect with me www.linkedin.com/in/sajin-shivdas