Home » Security Training and Tips » Domains of CISSP: Security Architecture and Design

Domains of CISSP: Security Architecture and Design

The Security Architecture and Design domain contains the concepts, principles, structures, and standards used to design, implement, monitor, and secure operating systems, equipment, networks, and applications as well as those controls used to enforce various levels of confidentiality, integrity, and availability.

The candidate should understand security models in terms of confidentiality, integrity, and information flow; system models in terms of the Common Criteria; technical platforms in terms of hardware, firmware, and software; and system security techniques in terms of preventative, detective, and corrective controls.

Key Areas of Knowledge

  • Understand the fundamental concepts of security models (e.g., Confidentiality, Integrity, and Multi-level Models)
  • Understand the components of information systems security evaluation models
    • Product evaluation models (e.g., common criteria)
    • Industry and international security implementation guidelines (e.g., PCI-DSS, ISO)
  • Understand security capabilities of information systems (e.g., memory protection, virtualization, trusted platform module)
  • Understand the vulnerabilities of security architectures
    • System (e.g., covert channels, state attacks, emanations)
    • Technology and process integration (e.g., single point of failure, service oriented architecture)
  • Understand application and system vulnerabilities and threats
    • Web-based (e.g., XML, SAML)
    • Client-based (e.g., applets)
    • Server-based (e.g., data flow control)
    • Database security (e.g., inference, aggregation, data mining)
  • Understand countermeasure principles (e.g., defense in depth)


About this author:


Frank is a leading trainer in IT Security.

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.