Domain 3 of the CISSP and Cybersecurity - Security architecture and engineering

Now when it comes to Domain 3, a domain built around security architecture and engineering, you have security architecture and engineering for this particular domain in cybersecurity and CISSP. This is the third of the eight domains that you have to understand to master cybersecurity and pass the CISSP exam in the field of cybersecurity.

With this domain, you have the principle known as least privilege where a user should only be given the minimum set of permissions that they need to carry out their job functions and no more. Then, you have separation of duties – a principle in cybersecurity that requires that no one individual have the power or ability to perform two separate functions that – if they were combined into a single function or job – could undermine security for a computer system and the organization that operates it. Next, you have the principle of the two-person control that requires the concurrence of two individuals to perform a single sensitive function. Defense-in-depth is the principle that requires the use of overlapping controls to meet the same control objective and protect against a single failure of one control. You have fail securely – a principle that requires a system to default to a secure state when a security mechanism fails – and zero trust – a model of network architecture that says decisions should be made based on a user’s identity and contextual information.

Symmetric Encryption is a form of encryption where a shared secret key is used for encrypting and decrypting data or information. The number of keys for symmetric cryptography can be defined by this equation: (n(n-1))/2. There are a bunch of different symmetric algorithms, including 3DES, AES, IDEA, and Blowfish with DES no longer being considered to be secure in modern cybersecurity.

In addition to this particular form of encryption, you have something known as asymmetric encryption – a form of encryption that works with each user having their own public/private key pair. With this form of encryption, you need the equation 2n to know how many keys you need for everything to be secure. Asymmetric algorithms can include RSA, El Gamal, and elliptic curve (ECC).

When it comes to asymmetric encryption, you can use it for hiding a message or to provide a digital signature, so you know who sent a particular message and if it truly came from that person. When you want to encrypt a message, you use the recipient’s public key to encrypt the message so they can decrypt it with the private key that they keep secret. If you are sending a message and want to prove it is from you, you encrypt your digital signature with a private key so only your public key which is known by all can decrypt the signature which shows it is from you!

There are multiple forms of cryptographic attack that can be used to attack any form of encrypted data and make it easier for a hacker or attacker to decipher the important hidden information, so you have to be careful. One form of cryptographic attack is brute force - attempts to guess the decryption key with random attempts. Then you have frequency analysis which is when you analyze the number of times different characters appear in the cipher text in order to try and decipher what the actual data says.

Quantum computing uses the principles of quantum mechanics to perform computing tasks, which can help with cryptography and encrypting information in the form of quantum computing. This would possibly defeat modern encryption algorithms if this method becomes fully implemented in the future.