Features
Features:

Product Tour >

Edraw AI >

Paid Plans:

Individuals >

Business >

Eduaction >
Resources
Blog

History

How-tos & Tips

Discovery

Biography

Business Analysis

Examples

AI concept Map

Free AI Mind Map Generator

Onenote Mind Map

Bcg Matrix Examples

Nike Marketing Strategy

Unilever SWOT Analysis

Make Mind Maps in Google Docs

Guide

FAQs

What's New

Resource Center
Templates
All Templates

Brain Storming Templates

Strategy and Planning Templates

Project Management Templates

Product Management Templates

Human Resources Templates

Agile Workflow Templates

Marketing Templates

Education Templates

Fun and Games Templates

User Gallery
Download
Pricing
Enterprise

MindMap Gallery CISSP-3-Security Engineering

CISSP-3-Security Engineering

CISSP-Information System Security Professional Certification Applicable Mind Map, the main contents include security architecture, cryptography, and physical security.

Edited at 2021-11-10 11:57:56

PlotWizard

Recent works View more works>>

CISSP-3-Security Engineering

PlotWizard

Recent works View more works>>

Recommended to you
Outline

Safety engineering mind map
- 24
- 1
PlotWizard

Safety Engineering

security architecture

In the systems engineering life cycle Use safe design principles

Systems engineering life cycle

key technical process

demand analysis

key management processes

safety principles

NIST SP 800-14

NIST SP 800-27

Engineering Principles for Information Technology Security (A Baseline for Achieving Security)

Security development life cycle framework

BSIMM

ISO/IEC 21827:2008

Architecture

Enterprise security architecture

Common architecture (Enterprise architecture, IT architecture, security architecture)

ZACHMAN

TOGAF

SABSA

Security Architecture Development Methods

Obtain and analyze security requirements

Create and design security architecture

System security architecture

Common system components

CPU

process

thread

virtual machine

multi-programming

Multitasking

multiprocessing

Multithreading

Multi-process and multi-threading are more likely to lead to race condition attacks

Protection mechanism—protection ring

memory

cache

random access memory

ROM

auxiliary memory

virtual memory

Attacks on storage

Basic input/output/peripherals

operating system

single layer operating system

layered operating system

microkernel operating system

Hybrid microkernel operating system

Information system security capabilities

Processor status

Secure memory management

access control mechanism

layered

data hiding

abstract

Encryption protection

Host firewall

Audit and Monitoring

Virtualization

isolation

security model

State machine model

information flow model

interference-free model

multilevel lattice model

matrix-based model

Security model example

Bell-LaPadula model

Concern about confidentiality

No reading, no writing

Biba model

focus on completeness

No reading, no writing

Clark-Wilson model

Chinese Wall Model (Brew and Nash: Chinese Wall)

Lipner model

Graham-Denning model

Harrison-Ruzzo-Ullman model

Database security

cloud computing

Three service models

SaaS

IaaS

PaaS

Four deployment modes

Private Cloud

community cloud

public cloud

hybrid cloud

five basic characteristics

resource pool

Allocate on demand

remote access

Fast and flexible

measurable

Cloud security Pay attention to data isolation

Security Architecture Weaknesses

System weaknesses

TEMPEST

status attack (race condition)

covert passage

middleware

Mainframe and thin client systems

Server weaknesses

single point of failure

Client Weaknesses

Software and system vulnerabilities and threats

Web security

XML

SAML

OWASP

Mobile system weaknesses

Embedded and cyber-physical device vulnerabilities

Information system security assessment model

product evaluation model

TOE

EAL 1-7

ISO/IEC 15408

Industry and International Security Implementation Guidelines

ISO27001 (ISMS-Information Security Management System)

COBIT

PCI-DSS

Cryptography

Terminology and basic concepts

Diffusion Diffusion

Cryptology

Cryptography (cryptography; cryptography)

Cryptanalysis(Cryptoanalysis/Cryptodecryption)

cryptography history

Manual period

atbash

password stick

Caesar cipher

mechanical age

modern period

Emerging Technologies

Quantum cryptography

Cryptosystem

Basic principles and methods of encryption

substitute

Transposition (Permutation)

other

rolling password hidden password

one time pad

Steganography

According to the processing method of plain text (symmetric encryption algorithm)

block encryption

stream encryption

Other cryptographic transformation techniques

Classification according to encryption method (key characteristics)

Symmetric cryptography

advantage

shortcoming

out-of-band transmission

DES

ECB (Electronic Code Book) mode

CBC (Ciphertext Block Chaining) mode

CFB (ciphertext feedback) mode

OFB (output feedback) mode

CTR (counting) mode

2DES

3DES

AES

CCMP

IDEA

CAST

SAFER

Blowfish

Twofish

RC4

unsafe

RC5

Application of symmetric cryptography technology

Confidentiality

Asymmetric cryptography

advantage

shortcoming

Diffie-Hellman

Solved hard-coding (hard coding)

RSA

ECC

ElGamal

Knapsack algorithm (Merkle)

Application of asymmetric cryptography technology

Confidentiality

Authenticity and non-repudiation

Confidentiality, authenticity and non-repudiation

hybrid encryption

Combining symmetric and asymmetric cryptography to ensure confidentiality

message integrity

Hash function

Simple hash function

MD5

SHA-1

sha-2/sha-3

256

224

384

512

Attacks on hashing algorithms

Collision problem (birthday attack)

Brute force attack

cryptanalysis

Complete implementation

Hash verification integrity

HMAC

CBC-MAC

CMAC

Four ways to compare

digital signature

accomplish

No confidentiality provided

Public Key Infrastructure (PKI)

digital certificate

CA center

Key management process

Kerckhoff principle

Advances in Key Management

Key creation

key distribution

Key storage and destruction

Certificate replacement costs and revocation

Key recovery

Key escrow

TPM (Trusted Platform Module)

1. Store and manage BIOS power-on password and hard disk password

2. TPM security chip can perform a wide range of encryption

3. Encrypt any partition of the hard disk

cryptography applications

Services that can be provided

Confidentiality

Authenticity (Certificate)

Integrity (hash value)

Non-repudiation (asymmetric encryption)

Authorization (providing an individual with a key to access a resource - a session key)

Link encryption

Encrypt all information, including user information, packet headers, trailers, addresses and routing information

End-to-end encryption

Only user information is encrypted, packet headers, trailers, addresses and routing information are not encrypted.

S/MIME

PGP

HTTPS

SET

SSH

IPSec (IKE performs key exchange and can use the ISAKMP framework) Network layer encryption

Two protocols

ESP

ICV (Integrity Check Value) (AH, ESP comparison)

Two working modes

Transmission mode

tunnel mode

Security Association (SA)

DRM (Digital Right Management)

digital water mark

Password life cycle

Three stages (password/key resistance to cracking decreases over time)

strong

weak

lack of resistance

Algorithm/Protocol Governance

Some other security issues

Password attack methods

Ciphertext-only attack

known plaintext attack

selected plaintext attack

Differential Cryptoanalysis

linear cryptanalysis

side channel attack

Error analysis

detection attack

replay attack

algebraic attack

frequency analysis

Reverse Engineering

social engineering

Attacking a random number generator

Temporary Files

other

physical security

Site and facility design considerations

ATM cash machines should pay attention to physical security and prevent physical damage

The data center should not be located on the ground floor or top floor of the building. It should be located at the core of the building.

security investigation

Protection target identification

Threat identification

Current status of facilities

Physical Security Plan

CPTED

The difference from goal strengthening

natural access control

natural surveillance

Reinforcement of natural areas

factors to consider

place

visibility

accessibility

Surrounding areas and conditions

natural disaster

put up

wall

floor

ceiling

window

Door

building materials

Glass

internal division

other

Entrance

garage

communication

facility

data center

The air pressure in the data center must be positive.

Plan outline

Implement a physical security plan

Physical security operations

data center

electricity

question

interference

electromagnetic interference

radio frequency interference

fluctuation

Voltage is too high

Voltage too low

power supply interruption

Protect

ups

Online

backup

power cord conditioner

backup power

Preventive measures and best practices

Lightning strike protection

Cable management

environment

Temperature and humidity

anti-static

ventilation

Heat dissipation

fire

Fire classification

prevention

Detection

Thermal excitation

flame excitation

smoke ignition

Light Detection (Optoelectronic Devices)

Ionization type (fastest)

Detector installation location

put out

Principles of fire extinguishing (isolating burning materials and oxygen)

water

Acid-base fire extinguishing agent

carbon dioxide

Gas fire extinguishing

fire extinguishing system

portable fire extinguisher

Sprinkler System

wet pipe

Main pipe

Pre-response

Flooding

Gas fire extinguishing

Halon

Aero-K

CO2 (easily causing suffocation)

FM-200 (Heptafluoropropane)

perimeter security

Facility access control

mechanical lock

combination lock

password

device lock

lock strength

Lock cylinder classification

The technology of opening mechanical locks without a key is called lock picking

Personnel access control

tailgating

External border access protection mechanism (non-entry protection)

fence

Door

illumination

physical surveillance

CCTV

intrusion detection system

Electromechanical systems

Volume measurement system (sound, light, temperature, electromagnetism, vibration)

proximity detection system

Optoelectronic or photometric detection systems

Passive infrared detection system (needs to automatically compensate for changes in background temperature)

Acoustic detection system

Vibration detection system

Physical access control audit

Emergency plan testing and drills (Drill at least once a year)