1 April 2025
CISSP - Domain 3
by ogmini
Domain 3 for the CISSP is a huge chunk of information and easily the longest chapter in my study book. Again, a mixture of subjects that I’m comfortable with and some that trend to the less comfortable.
Domain 3 - Security Architecture and Engineering
- Zero Trust
- Privacy By Design
- Security Models
- Layer Based Models
- Bell-LaPadula + Biba = Lipner
- Rule Based Models
- Certification vs Accreditation (Accreditation is the sign off on certification)
- Security Control Frameworks (ITIL, HIPAA, FedRAMP, etc)
- Security Capabilities of systems
- This is just a rehash of all my Comp Sci, Operating Systems, etc learning
- Vulnerability assessment and mitigation
- SaaS, PaaS, IaaS
- OWASP
- IoT
- Injection
- Validation
- Hardening/Baselines
- Cryptography options
- Rehash of knowledge from CSSLP
- Certificates
- Symmetric vs Asymmetric
- Public/Private Keys
- Cryptanalysis attacks
- Rehash of DFIR class on cryptography
- Physical Security
- Doors, Locks, Fences, Cameras, Fire Supression, etc
tags: certification