Research, implement and manage engineering processes using secure design principles
Key Concepts
Threat modelingLeast privilegeDefense in depthSecure defaultsFail securelySegregation of DutiesKeep it simpleZero trustPrivacy by designShared responsibilitySASE
Understand the fundamental concepts of security models
Key Concepts
BibaStar ModelBell-LaPadula
Select controls based upon systems security requirements
Key Concepts
Control selectionSecurity requirements
Understand security capabilities of Information Systems
Key Concepts
Memory protectionTPMEncryption/decryption
Assess and mitigate vulnerabilities of security architectures
Key Concepts
Client-based systemsServer-based systemsDatabase systemsCryptographic systemsICSCloud-based systemsDistributed systemsIoTMicroservicesContainerizationServerlessEmbedded systemsHPCEdge computingVirtualized systems
Select and determine cryptographic solutions
Key Concepts
Cryptographic life cycleKeysAlgorithm selectionSymmetricAsymmetricElliptic curvesQuantumPKI
Understand methods of cryptanalytic attacks
Key Concepts
Brute forceCiphertext onlyKnown plaintextFrequency analysisChosen ciphertextImplementation attacksSide-channelFault injectionTimingMITMPass the hashKerberos exploitationRansomware
Apply security principles to site and facility design
Key Concepts
Site designFacility design
Design site and facility security controls
Key Concepts
Wiring closetsServer roomsData centersMedia storageEvidence storageRestricted areasHVACEnvironmental issuesFire suppressionPower redundancy
Manage the information system lifecycle
Key Concepts
Requirements analysisArchitectural designDevelopmentIntegrationVerificationValidationDeploymentOperationsMaintenanceRetirementDisposal