CISSP Domain 3
The CISSP Domain 3 – security architecture and engineering Domain covers important security engineering topics such as Principles of Secure design, Trusted Computer base elements, Security Models, Security Controls and Security Evaluation Criteria’s. In this Study guide we will cover some of the main concepts you will need to know for the exam.
Security Controls
There are many different flavors of controls that are outlined in the CISSP DOMAIN 3 CBK, so be sure to understand them all. Starting with what they do:
Preventive – tries to prevent something bad from happening, like a fence
Detective – tries to identify/notify when something bad actually happens, like an audit log
Corrective – tries to fix or recover from the bad thing that happened, like terminating an employee
Controls can also be placed into categories:
Management – refers to policy or human related controls, such as policy development
Operational – relating to processes or day-to-day operations, such as account provisioning
Technical – something that technology handles, such as authentication
Another category method puts the controls into the following:
Physical – related to facilities, such as the fence previously mentioned
Administrative – related to policies and people processes, such as the hiring/firing process
Technical – related to or controlled by technology, such as the audit logging capabilities
And the last few:
Common or Inheritable – related to things that are controlled at the higher level and applicable across the organization.
Tailored controls – when the control is tuned for a specific standard or use-case, such as adding a 60-day threshold to the control “user accounts must expire [after 60 days of inactivity]” instead of “user accounts must expire [at an organization-defined frequency]”.
Controls can be evaluated in three ways:
- Testing – live interaction with the system
- Interviewing – staff and management to verify the controls
- Examining – documents that prove how the control was implemented
Least Privilege
This is to protect Confidentiality and Data Integrity. Subjects are granted only the privileges necessary to perform assigned work tasks and no more.
LEAST PRIVILEGE –> (applied to ACTIONS) users have minimum necessary access to perform their job duties
Need to Know
Even if you have access, if you do not need to know, then you should not access the data.
- NEED TO KNOW –> (applied to DATA) need VALID reason to access the data
Defence-in-Depth
Defense-in-depth is an information assurance strategy that provides multiple, redundant defensive measures in case a security control fails or a vulnerability is exploited. Defense-in-depth security architecture is based on controls that are designed to protect the physical, technical and administrative aspects of your network.
Secure Defaults
The secure defaults principle simply says that the systems should be designed to default to a secure mode if we don’t do anything else out of the box or after a reset. Configuration settings should default to secure options and require intervention to modify those options rather than defaulting to a weak configuration.
Fail Safe and Fail Secure
The simplest way to remember the difference between fail-safe, and fail-secure is to use the locksmith’s approach, whereas a fail-safe method places a door into an unlocked position when an event occurs. A fail secure attitude renders the door locked.
Separation of Duties (SoD)
Separation of duties and responsibilities is a type of security control intended to counter insider threats, whether malicious or accidental. The separation of duties principle says that no single person should possess two permissions that in combination, allow them to perform a sensitive operation. Instead, those permissions should be separated and held by two different groups of people.
Zero Trust Framework
Zero trust is a concept designed to minimize uncertainty in enforcing accurate, least privilege access to information systems and services. The goal is to have every access request be authenticated, authorized and encrypted prior to the access being granted to a resource or asset. A successful zero trust approach can only be achieved through maintaining continuous validating and monitoring user activities. Some of the Zero trust security solutions are:
- Internal Segmentation Firewalls (ISFWs)
- Multi-factor authentication (MFA)
- Identity and Access Management (IAM)
- Next-generation endpoint security
Shared Responsibility
A shared responsibility security design principle where an organisation must realise and share responsibility and take their role in this situation seriously in order to establish and maintain secucrity