Features
Features:

Product Tour >

Edraw AI >

Paid Plans:

Individuals >

Business >

Eduaction >
Resources
Blog

History

How-tos & Tips

Discovery

Biography

Business Analysis

Examples

AI concept Map

Free AI Mind Map Generator

Onenote Mind Map

Bcg Matrix Examples

Nike Marketing Strategy

Unilever SWOT Analysis

Make Mind Maps in Google Docs

Guide

FAQs

What's New

Resource Center
Templates
All Templates

Brain Storming Templates

Strategy and Planning Templates

Project Management Templates

Product Management Templates

Human Resources Templates

Agile Workflow Templates

Marketing Templates

Education Templates

Fun and Games Templates

User Gallery
Download
Pricing
Enterprise

MindMap Gallery Safety engineering mind map

Safety engineering mind map

This is a mind map about security engineering, including cryptography and symmetric key algorithms, PKI and cryptographic applications, security models, principles of design and capabilities, etc.

Edited at 2024-02-22 13:35:15

PlotWizard

Recent works View more works>>

Safety engineering mind map

PlotWizard

Recent works View more works>>

Recommended to you
Outline

CISSP-3-Security Engineering
- 55
- 2
PlotWizard

Safety Engineering

6. Cryptography and symmetric key algorithms

Historical milestones in cryptography

Caesar cipher

Password using single letter substitution method

American Civil War

Ultra and Enigma

Basic knowledge of cryptography

Goals of cryptography

Confidentiality

accomplish

Symmetric cryptosystem

Use a shared secret key, available to all users of the cryptosystem

asymmetric cryptosystem

Use public and private keys that are combined individually for each user of the system

Scene classification

Data at rest/stored

Data stored on hard drives, backup tapes, cloud storage services, USB devices and other media

Data in motion

Data being transferred over the network between two systems

Data in use

Data held in the active memory of a computer system and accessible to processes running on the system

integrity

form of resistance

Intentional tampering by third parties in an attempt to insert false information, intentional deletion of part of the data and unintentional changes due to failures in the transmission process

Authentication

non-repudiation

Non-repudiation is provided by public key or asymmetric key systems

The concept of cryptography

cryptography

cryptanalysis

cryptographic mathematics

Boolean mathematics

logic operation

modular function

One way function

Nonce

Zero knowledge proof

Split knowledge

cost function

password

codes and passwords

Codes work on words and phrases, passwords work on characters and bits

shift cipher

Replace password

one time pad

Movement key password

block cipher

stream cipher

confusion and diffusion

modern cryptography

Password key

Symmetric key algorithm

Asymmetric key algorithm

Hash algorithm

Symmetric cipher

data encryption standards

Electronic Code Book (ECB)

Simple mode that is easiest to understand and least secure

Cipher Block Chaining Mode (CBC)

Password Feedback Mode (CFB)

Output feedback mode (OFB)

Counter mode (CTR)

Triple DES

International Data Encryption Algorithm

Blowfish

Skipjack

Advanced Encryption Standard

Symmetric key management

Advantages: Users only need to remember a key to encrypt and decrypt, with small calculation volume, fast speed and high efficiency. Disadvantages: Key exchange is not secure

Password life cycle

When selecting encryption algorithms, you should pay attention to the password life cycle and ensure that protected information is not leaked through appropriate governance controls. The selected algorithm, protocol, and key length are sufficient to maintain the integrity of the cryptosystem.

recommend

Specifies the cryptographic algorithms acceptable to the agency: AES, 3DES, and RSA

Identifies the acceptable key length that can be used with each algorithm based on the sensitivity of the information being transmitted

Enumerate available secure transaction protocols such as: SSL and TLS

7.PKI and password applications

asymmetric cryptography

Public and private keys

RSA

EI Gamal

Discrete logarithm calculation based on the work of Diffie-Hellman

Can be encrypted and signed

Disadvantages: Any encrypted message is doubled in length, and the transmission speed is slow

Diffie-Hellman

ECC

Elliptic curve cryptography theory

Advantages: superior performance, fast processing speed

hash function

5 basic requirements

Input can be of any length

The output has a fixed length

It is relatively easy to compute a hash function for any input

Hash functions are collision-free

Hash functions are one-way

SHA

SHA-1

There is a weakness, collision attack

SHA-2

SHA-256

Generate 256-bit message digest with 512 block size

SHA-224

Borrows a reduced version of the SHA-256 hash, using a 512-bit size to generate a 224-bit message digest

SHA-512

Generate 512-bit message digest with 1024-bit block size

SHA-384

Borrows a reduced version of the SHA-512 hash to generate a 384-bit message digest with a 1024-bit size

digital signature

public key infrastructure

Asymmetric key management

applied cryptography

8. Principles of security model, design and capabilities

Implement and manage engineering processes using safe design principles

object and subject

Principal: The user or process that issues the request to access the resource

Object: The resource that the user or process wants to access

closed system and open system

Technologies used to ensure confidentiality, integrity, and availability

limit

Example: Process Read Limit-Sandbox

limit

isolation

control

mandatory access control

discretionary access control

Trust and Guarantee

Understand the basic concepts of security models

Trusted Computing Base (TCB)

TCSEC (Orange Book)

TCB (Trusted Security Base)

1.Safety Boundary 2. Reference monitors and kernels

State machine model

information flow model

non-interference model

Take-Grant model

access control matrix

Bell-LaPadula model

Biba model

Clark-Wilson model

Brewer and Nash model

Goguen-Meseguer model

Sutherland model

Graham-Denning model

Select controls based on system security requirements

Rainbow series

TCSEC classification and required functions

General guidelines

Industry and International Security Implementation Guidelines

Certification and accreditation

Understand the security functions of information systems

memory protection

Virtualization

Trusted Platform Module

interface

fault tolerance

9. Security vulnerabilities, threats and countermeasures

Assess and mitigate security vulnerabilities

hardware

processor

execution type

Multitasking

multiprocessing

multiple programs

Multithreading

Processing type

single state

multi-state

protection mechanism

protective ring

process status

ready state

waiting state

Operating status

regulatory status

stop state

safe mode

operating mode

user mode

privileged mode

memory

ROM

programmable read-only memory

erasable programmable read-only memory

electrically erasable programmable read-only memory

Memory

random access memory

real memory

Cache RAM

Memory security issues Storage devices store and process data, some of which may be very sensitive. Therefore, it is crucial to understand the various types of memory and understand how they store and retain data. Any storage device that may hold sensitive data should be purged before being allowed to leave your organization for one reason or another. This is especially important for secondary memory and ROM PROM EPROM EEPROM devices because these devices retain data after power is removed.

Address immediately

Direct addressing

Base address offset addressing

Indirect addressing

storage device

Primary storage devices and secondary storage devices

Volatile storage devices vs. non-volatile storage devices

Random access and sequential access

Input and output devices

monitor

printer

Keyboard\Mouse

modem

firmware

Device firmware

BIOS/UEFI

The more complex the system, the fewer guarantees it provides

client based system

applet

local cache

ARP cache

hosts file

DNS cache

Server-based system

Database system security

polymerization

reasoning

Data mining and data warehousing

data analysis

Massively parallel data systems

Distributed systems and endpoint security

Cloud-based systems and cloud computing

grid computing

peer-to-peer network

Internet of things

Industrial control system

Assess and mitigate web-based system vulnerabilities

Limit account permissions

Perform input validation

Assess and mitigate mobile system vulnerabilities

Device security

1. Full-device encryption

2. Remote wipe

3.Lock

4. Lock screen

5.GPS

6. Application Control

7. Storage separation

8. Asset tracking

9.Inventory control

10. Mobile device management

11.Device access control

12. Removable storage

13. Turn off unused features

Application security

1.Key management

2. Credential Management

3. Identity verification

4. Geolocation tagging

5. Encryption

6. Application whitelist

BYOD concerns

BYOD (Bring Your Own Device) is a policy that allows employees to bring their own personal mobile devices to work and use these devices to connect to business resources and the Internet via the company network.

Notice: 1. Data ownership 2. Ownership Support 3. Patch management 4. Anti-virus management 5. Evidence collection 6. Privacy 7. Joining/Resigning 8. Follow company policies 9. User acceptance 10. Architecture/Infrastructure Considerations 11.Legal issues 12.Acceptable Use Policy 13. On-board camera/video

Assess and mitigate vulnerabilities in embedded devices and cyber-physical systems

Examples of embedded systems and static systems

Ways to protect embedded and static systems

Basic security protection mechanism

technical mechanism

layered

abstract

data hiding

process isolation

Hardware separation

Security policy and computer architecture

Strategy mechanism

1. Principle of least privilege

2. Separation of privileges

3. Accountability

Common architectural flaws and security issues

covert passage

time covert channel

Storage covert channel

A covert channel is a method used to pass information over a path not normally used for communication. Because this path is not typically used for communication, it may not be protected by the system's normal security controls. The use of covert channels provides a means to violate, bypass, or compromise security policies without being detected. Covert channels are one of the key examples of security architecture vulnerabilities.

Attacks and security issues based on design or coding flaws

1. Trusted recovery

2. Input and parameter checking

3. Maintain hooks and privileged programs

4. Incremental attack

programming

Timing, state changes and communication interruptions

technology and process integration

Electromagnetic radiation

10.Physical security requirements

Safety Principles for Site and Facility Design

safety facility plan

Site selection

Visibility

natural disaster

Facility design

Implement site and facility security control

Management

Facility construction and selection

Site management

personnel control

Security awareness training

Emergency response and procedures

Technology category

Access control

Intrusion detection

alarm

Closed circuit television surveillance system (CCTV)

electricity supply

Fire detection and firefighting

Live class

fence

illumination

door lock

building materials

Police dogs and guards

Control function sequence

1. Deterrence

2. block

3.Monitoring

4. Delay

Equipment failure

1. Prepare spare parts

2. Sign an SLA with the hardware manufacturer

3. Send for repair in time

Wiring room

Server rooms and data centers

1.Smart card

2. Proximity card reader

3. Intrusion detection system

4. Access abuse

5. Launch safety

media storage facility

Infrastructure and HVAC

1. Noise

2. Temperature, humidity and static electricity

3. Water problems (leakage, flooding)

Fire prevention, detection and firefighting

Four stages of fire

Stage 1: Early Stage In this stage only the air is ionized and no smoke is produced. Stage 2: Smoke stage Smoke can be seen coming from the fire point. Stage 3: Flame Stage In this stage, the flame is visible to the naked eye. Stage 4: Hot stage In stage 4, the fire temperature rises sharply along the time axis and accumulates a large amount of heat. Everything that is combustible burns. The earlier a fire is discovered, the easier it is to extinguish, and the less damage caused by the fire and the fire extinguishing agent.

fire extinguisher

fire detection system

sprinkler fire protection system

gas fire protection system

Implementation and management of physical security

border security control

internal security controls