The security engineering domain consists of security design principles that are the building blocks of secure software, hardware, and networking products. This domain also addresses best practices, proven models, and processes that can be adapted during product design. The focus of this domain is to ensure good security implementation. This domain also deals with technical vulnerabilities and mitigation techniques. Additionally, cryptography and physical security principles and practices are also covered in this domain.
A candidate appearing for a CISSP exam is expected to have foundational concepts and knowledge in the following key areas of the security engineering domain:
To get the most out this chapter, you need to understand and memorize subtle differences between vulnerability testing and mitigation actions, security engineering and organizational processes, and information security models and systems security evaluation models.
Security engineering is based on design principles, practices, and models to ensure confidentiality, integrity, and the availability requirements of information assets. The end result could be the development of a product or supporting organizational processes. Further, the product could be hardware, software, or a combination of both.
Vulnerabilities are weaknesses in the process or product that might creep in during design stage, development, or in the end product. These weaknesses could be exploited for a myriad of reasons that include fraud, stealing trade secrets, the Denial-of-Services, and so on. Identifying vulnerabilities during design/development stage is critical to a secure an end product. Since the Information Technology environment is complex and diverse, it may not always be possible to foresee and identify all the possible vulnerabilities during the design/development stage itself. Hence, vulnerability identification remains essential even after the product or service roll-out. A robust security implementation needs mitigation plans and ongoing maintenance.
Observe the following illustration:
The following bullet points represent a brief overview of the preceding diagram. These points explain the overall structure of this chapter in a logical sequence: