CarlsCloud™ Six CISSP Mnemonics for Domain 3: Security Architecture and Engineering

Carl Ballenger, CISSP -

Domain 3 of the CISSP exam, "Security Architecture and Engineering," involves complex concepts and in my opinion one of the largest domains to pull overall security and IT knowledge into one place. Mnemonics can be quite helpful in remembering these key points.

Here are mnemonics tailored for Domain 3: Security Architecture and Engineering

Did you enjoy  CarlsCloud™ and has it helped you today?

If so, buy me a coffee or just shoot me an email to say thanks! https://www.buymeacoffee.com/carlscloud

Security Models:

"Bell LaPadula Prevents Reading, Biba Blocks Writing"

  • Bell-LaPadula: Focuses on maintaining the confidentiality of objects. "No read up, no write down."
  • Biba: Concentrates on integrity. "No write up, no read down."

Cryptography Concepts:

"Alice Sends Encrypted Love"

  • Asymmetric Encryption
  • Symmetric Encryption
  • Encryption Algorithms
  • Layered Security (Defense in Depth)

Types of Access Controls:

"Discretionary for People, Mandatory for Systems"

  • Discretionary Access Control (DAC)
  • Mandatory Access Control (MAC)

Common Security Principles:

"CIA Puts Non-Repudiation On Top"

  • Confidentiality
  • Integrity
  • Availability
  • Privacy
  • Non-Repudiation
  • Ownership
  • Trustworthiness

Virtualization Security:

"Hardened VM Isolation"

  • Hardening Virtual Servers
  • Virtual Network Security
  • Isolating Virtual Machines

Security Architecture Components:

"Kerberos Said To Go Clean Room"

  • Kerberos
  • Secure Sockets Layer (SSL)/Transport Layer Security (TLS)
  • Trusted Platform Module (TPM)
  • Gateway Security Mechanisms
  • Content Distribution Networks
  • Remote Authentication Dial-In User Service (RADIUS)

These mnemonics should help you aid in the retention of critical concepts from CISSP Domain 3. Remember, understanding the underlying principles is just as important as memorizing them.

1/20/23 UPDATE:  Including this one as I also used it as a Evaluation Assurance Levels 1-7 mnemonic which helped me in my CISSP Exam prep.  I will do my very best to post additional study materials and aids I used to pass the CISSP exam.  I have so many sources I pulled from just have to dig them up and get them posted!

Evaluation Assurance Levels 1 - 7

Evaluation Assurance Level - Wikipedia
Wikimedia Foundation, Inc.Contributors to Wikimedia projects

FSMMSSF - For Sure My Mother So Sweet Forever

Functionally Tested

Structurally Tested

Methodically Tested

Methodically Designed

Semi-formal Design

Semi-formal Verified Design Tested

Formally Verified Designed and Tested