Domain 3: Security Architecture and Engineering
3.1 Research, implement, and manage engineering processes using secure design principles:
- Threat modeling
- Least privilege
- Defense in depth
- Secure defaults
- Fail securely
- Separation of Duties (SoD)
- Keep it simple
- Zero trust
- Privacy by design
- Trust but verify
- Shared responsibility
3.2 Understand the fundamental concepts of security models (for example, Biba, Star Model, and Bell-LaPadula)
3.3 Select controls based upon systems security requirements
3.4 Understand security capabilities of Information Systems (IS) (for example, memory protection, Trusted Platform Module (TPM), and encryption/decryption)
3.5 Assess and mitigate the vulnerabilities of security architectures, designs, and solution elements:
- Client-based systems
- Server-based systems
- Database systems
- Cryptographic systems
- Industrial Control Systems (ICS)
- Cloud-based systems (for example...
