CarlsCloud™ Six CISSP Mnemonics for Domain 3: Security Architecture and Engineering
Domain 3 of the CISSP exam, "Security Architecture and Engineering," involves complex concepts and in my opinion one of the largest domains to pull overall security and IT knowledge into one place. Mnemonics can be quite helpful in remembering these key points.
Here are mnemonics tailored for Domain 3: Security Architecture and Engineering
Did you enjoy CarlsCloud™ and has it helped you today?
If so, buy me a coffee or just shoot me an email to say thanks! https://www.buymeacoffee.com/carlscloud
Security Models:
"Bell LaPadula Prevents Reading, Biba Blocks Writing"
- Bell-LaPadula: Focuses on maintaining the confidentiality of objects. "No read up, no write down."
- Biba: Concentrates on integrity. "No write up, no read down."
Cryptography Concepts:
"Alice Sends Encrypted Love"
- Asymmetric Encryption
- Symmetric Encryption
- Encryption Algorithms
- Layered Security (Defense in Depth)
Types of Access Controls:
"Discretionary for People, Mandatory for Systems"
- Discretionary Access Control (DAC)
- Mandatory Access Control (MAC)
Common Security Principles:
"CIA Puts Non-Repudiation On Top"
- Confidentiality
- Integrity
- Availability
- Privacy
- Non-Repudiation
- Ownership
- Trustworthiness
Virtualization Security:
"Hardened VM Isolation"
- Hardening Virtual Servers
- Virtual Network Security
- Isolating Virtual Machines
Security Architecture Components:
"Kerberos Said To Go Clean Room"
- Kerberos
- Secure Sockets Layer (SSL)/Transport Layer Security (TLS)
- Trusted Platform Module (TPM)
- Gateway Security Mechanisms
- Content Distribution Networks
- Remote Authentication Dial-In User Service (RADIUS)
These mnemonics should help you aid in the retention of critical concepts from CISSP Domain 3. Remember, understanding the underlying principles is just as important as memorizing them.
1/20/23 UPDATE: Including this one as I also used it as a Evaluation Assurance Levels 1-7 mnemonic which helped me in my CISSP Exam prep. I will do my very best to post additional study materials and aids I used to pass the CISSP exam. I have so many sources I pulled from just have to dig them up and get them posted!
Evaluation Assurance Levels 1 - 7
FSMMSSF - For Sure My Mother So Sweet Forever
Functionally Tested
Structurally Tested
Methodically Tested
Methodically Designed
Semi-formal Design
Semi-formal Verified Design Tested
Formally Verified Designed and Tested