Security Architecture and Engineering

Know each principle and be able to recognize it in a scenario: least privilege, defense in depth, secure defaults, fail securely, separation of duties, zero trust vs trust-but-verify, privacy by design, shared responsibility, and SASE.

~40 min

Map each model to what it protects: Bell-LaPadula (confidentiality: no read up / no write down), Biba (integrity: no write up / no read down), Clark-Wilson (integrity via well-formed transactions), Brewer-Nash (conflict of interest).

~45 min

Use evaluation criteria and assurance to select controls. Know Common Criteria (EAL1–7), Target of Evaluation, Protection Profiles, and Security Targets.

~30 min

Hardware/firmware security primitives: memory protection (rings, isolation), the TPM, HSMs, and hardware-backed encryption/decryption.

~30 min

Recognize the characteristic weaknesses of each platform type — from classic client/server and databases to cloud, IoT, ICS/OT, containers, serverless, and edge.

~45 min

Core crypto: the lifecycle and key management, symmetric vs asymmetric (and elliptic-curve/quantum), PKI and certificates, digital signatures for integrity + nonrepudiation.

~50 min

Be able to match an attack to its scenario: brute force, ciphertext-only, known/chosen plaintext, frequency analysis, side-channel/timing, MITM, pass-the-hash, Kerberos exploitation, and ransomware.

~35 min

Apply CPTED (Crime Prevention Through Environmental Design) — natural surveillance, access control, and territorial reinforcement — when designing facilities.

~20 min

Know controls for sensitive areas and environmental threats: wiring closets, data centers, media/evidence storage, power redundancy, HVAC, and fire detection/suppression classes.

~35 min

Security is embedded across the system lifecycle from requirements through retirement/disposal — verification, validation, and secure decommissioning included.

~25 min