YoVDO

CISSP Cert Prep (2021): 3 Security Architecture and Engineering

Offered By: LinkedIn Learning

Tags

CISSP Certification Courses Cybersecurity Courses Cloud Computing Courses Virtualization Courses Web Security Courses Encryption Courses Hardware Security Courses Key Management Courses Server Security Courses

Course Description

Overview

Prepare for domain three—Security Architecture and Engineering—of the CISSP certification exam. Get study tips for topics such as device security, cryptography, and key management.

Syllabus

Introduction
  • Security engineering
  • What you need to know
  • Study resources
1. Secure Design
  • Secure design principles
  • Security models
  • Security evaluation models
  • Separation of duties
  • Selecting security controls
  • Privacy by design
  • Secure defaults
2. Virtualization and Cloud Computing
  • What is the cloud?
  • Cloud computing roles
  • Drivers for cloud computing
  • Multitenant computing
  • Virtualization
  • Desktop and application virtualization
  • Cloud compute resources
  • Containerization
  • Cloud activities and the Cloud Reference Architecture
  • Cloud deployment models
  • Cloud service categories
  • Edge and fog computing
3. Hardware Security
  • Memory protection
  • Hardware encryption
  • Hardware and firmware security
4. Server Security Issues
  • Server and database security
  • NoSQL databases
  • Distributed and high performance computing
5. Web Security Issues
  • OWASP Top 10
  • SQL injection prevention
  • Cross-site scripting prevention
  • Cross-site request forgery prevention
  • Defending against directory traversal
  • Overflow attacks
  • Session hijacking
  • Privilege escalation
6. Embedded Systems Security
  • Industrial control systems
  • Internet of Things
  • Securing smart devices
  • Secure networking for smart devices
  • Embedded systems
  • Communications for embedded devices
7. Encryption
  • Understanding encryption
  • Symmetric and asymmetric cryptography
  • Goals of cryptography
  • Codes and ciphers
  • Cryptographic math
  • Choosing encryption algorithms
  • The perfect encryption algorithm
  • The cryptographic lifecycle
8. Symmetric Cryptography
  • Data Encryption Standard
  • 3DES
  • AES, Blowfish, and Twofish
  • RC4
  • Cipher modes
  • Steganography
9. Asymmetric Cryptography
  • Rivest, Shamir, Adelman (RSA)
  • PGP and GnuPG
  • Elliptic-curve and quantum cryptography
10. Key Management
  • Key exchange
  • Diffie-Hellman
  • Key escrow
  • Key stretching
  • Hardware security modules
11. Public Key Infrastructure
  • Trust models
  • PKI and digital certificates
  • Hash functions
  • Digital signatures
  • Digital signature standard
  • Create a digital certificate
  • Revoke a digital certificate
  • Certificate stapling
  • Certificate authorities
  • Certificate subjects
  • Certificate types
  • Certificate formats
12. Cryptanalytic Attacks
  • Brute force attacks
  • Knowledge-based attacks
  • Eavesdropping attacks
  • Implementation attacks
  • Limitations of encryption algorithms
  • Ransomware
13. Physical Security
  • Site and facility design
  • Data center environmental controls
  • Data center environmental protection
  • Power control
  • Physical access control
  • Visitor management
  • Physical security personnel
14. Threat Modeling
  • Threat intelligence
  • Managing threat indicators
  • Intelligence sharing
  • Threat research
  • Identifying threats
  • Automating threat intelligence
  • Threat hunting
15. Software Security Architecture
  • SOAP and REST
  • SOA and microservices
Conclusion
  • Continuing your preparation

Taught by

Mike Chapple

Related Courses

Learn Admin Fundamentals in Marketing Cloud
Salesforce via Trailhead Basic Cryptography and Programming with Crypto API
University of Colorado System via Coursera User Authentication & Authorization in Express
Codecademy Introduction to Web Authentication
World Wide Web Consortium (W3C) via edX Web Security Fundamentals
KU Leuven University via edX