Introduction & New Concepts

Introduction to Key Concepts

We will cover, at a high level, the following concepts which will be required on the exam:

3.1 - Research, Implement, and Manage Engineering Processes Using Secure Design Principles

Traditional Concepts:

Threat Modeling: Systematic approach of identifying, assessing, and mitigating potential vulnerabilities in a system.
Least Privilege: Grant users the minimal levels of access or permissions they need to perform their work.
Defense in Depth: Multilayered security approach designed to provide redundancy and mitigate the potential impact of a security breach.
Secure Defaults: Configuration settings preset by manufacturers to minimize security risks.
Fail Securely: Systems should default to a secure state in the event of a failure.

Contemporary Concepts:

Keep It Simple: Simplicity in design reduces the potential for security vulnerabilities.
Zero Trust: Security model where every request is fully authenticated, authorized, and encrypted before granting access.
Privacy by Design: Integrate data privacy protections from the initial design stages of systems or processes.
Trust but Verify: Always verify the legitimacy of information, even from trusted sources.
Shared Responsibility: Security is not just the responsibility of one party but should be shared among all stakeholders involved.

3.2 - Understand the Fundamental Concepts of Security Models

Examples: Biba model, Bell-LaPadula model, and State Transition model.

3.3 - Select Controls Based on System Security Requirements

This involves identifying appropriate security measures based on the specific security requirements of a system.

3.4 - Understand Security Capabilities of Information

For instance, the application of encryption and decryption techniques to protect data (like TPN).

3.5 - Assess and Mitigate the Vulnerabilities of Security Architectures, Designs, and Solution Elements

Identifying potential security weaknesses in systems and implementing measures to reduce the risk of these vulnerabilities being exploited.

3.6 - Select and Determine Cryptographic Solutions

This involves choosing appropriate cryptographic techniques based on the system's security requirements.

3.7 - Understand Methods of Cryptanalytic Attacks

These attacks are covered extensively in the Attacks and Countermeasures chapter. Some examples include:

Bruce Force	Ciphertext Only	Known Plaintext	Frequency Analysis
Chosen Ciphertext	Implementation Attacks	Side-Channel Attacks	Fault Injection
Timing Attacks	Man-in-the-Middle Attacks	Pass the Hash Attacks	Kerberos Exploitation

3.8 - Apply Security Principles to Site and Facility Design

This involves integrating security considerations into the design and layout of physical spaces where systems or information are housed.

3.9 - Design Site and Facility Security Controls

Establishing security measures in the physical environment to protect system and information resources. This could involve barriers, surveillance, or controlled access points, among others.

Zero Trust Security

Zero Trust Security seeks to address the shortcomings of traditional perimeter-based security models. At its core, it operates on the principle of "never trust, always verify."

Key Elements:

User Identity as Control Plane: This shifts the focus from merely securing the network perimeter to treating user identity as the core security element.
Assumption of Breach: Zero Trust inherently assumes a potential compromise or breach. It operates on the premise that every request, even those from within the organization, could be a threat.

Core Components of Zero Trust Security:

Identity Verification: This involves rigorous identity verification protocols to authenticate each user. For instance, multifactor authentication and strict password policies can be used.
Device Management: Only devices compliant with the organization's security standards are allowed access to resources. This may involve ensuring devices are updated, have enabled firewalls, and use antivirus software.
Application Management: Only secure, organization-approved applications are permitted access to sensitive data. These applications are regularly scanned and updated to eliminate potential vulnerabilities.
Data Protection: Data is encrypted both at rest and in transit to ensure its safety, even if an unauthorized entity were to gain access.

Example: Consider a digital library that hosts thousands of rare and valuable books. In the past, this library used a simple username-password system for access. However, they faced a series of breaches due to stolen credentials and decided to move towards a Zero Trust Security model.

Under the Zero Trust approach, every access request to the digital library is treated as a potential threat, regardless of whether it comes from a long-time member or a new visitor.

Each user is required to verify their identity via multifactor authentication. The library also checks the security status of the device making the request to ensure it doesn't pose a risk. Only approved reading apps can access the digital books, and all the data is encrypted to protect it from unauthorized access.

In this way, the digital library successfully transitions to a Zero Trust Security model, ensuring the safety and integrity of its rare and valuable collection.

Secure Defaults

This principle states that the default configuration of any system, application, or service should inherently reflect a restrictive and conservative enforcement of the security policy. In essence, systems should be 'secure out of the box'. This principle applies not only to the practices within your organization, but also to the expectations you should have of your hardware, software, and service vendors.

A server should come with the minimal set of open ports necessary for its operation, and an application should have all its optional features turned off by default.

Fail Securely

"Fail Securely" dictates that components should default to a state that denies access when a failure occurs, rather than granting access. This principle ensures that even in the event of an unexpected system or application failure, security is maintained.

Example: if an authentication server fails, the system should not allow all users to log in freely; instead, it should prevent all users from logging in until the issue is resolved. This principle protects against unauthorized access that could occur during system malfunctions or failures.

Trust but Verify

Historically, Trust but Verify was the norm in security. Under this principle, once a user gained access to the 'secured' area of a system (for example, after entering a password), they were largely trusted to move within that area without constant verification.

However, the evolution of cyber threats rendered this approach inadequate. Adversaries learned how to bypass initial security checks or exploit the trust granted within the system. Imagine a burglar breaking into a house and then freely roaming inside, asking the family for sensitive information. Any sensible person wouldn't trust the burglar just because they're already inside the house.

This realization led to the emergence of Zero Trust Security. This modern model operates on the belief that threats can come from anywhere, even from within the system. Therefore, it continuously verifies the identity of everyone and everything trying to connect to the system, regardless of their prior status. This strategy is akin to having security cameras in every room of the house, not just at the entrance. By doing so, the system can better fortify itself against potential threats.

Privacy by Design

Privacy by Design is a framework that integrates privacy considerations into the fabric of systems, technologies, policies, and design processes. It's rooted in seven foundational principles outlined by the International Association of Privacy Professionals (IAPP).

Applying these principles as part of a layered defense strategy (defense in depth) within a Zero Trust framework helps to ensure privacy while maintaining a robust security posture.

1. Proactive not Reactive

This principle encourages a forward-thinking approach to privacy, where potential issues and privacy breaches are anticipated and prevented before they occur, rather than addressed after the fact.

2. Privacy as Default Setting

Systems should automatically protect users' privacy; individuals shouldn't have to take extra steps to secure their private data. By default, personal data should not be collected or shared without the individual's consent.

3. Privacy Embedded into Design

Privacy is not an afterthought or an add-on feature; it's a core component that should be part of the system's design and architecture from the very beginning.

4. Positive-Sum not Zero-Sum

The positive-sum approach means that privacy and other considerations, like security or usability, can all be achieved in tandem without sacrificing one for the other. The zero-sum approach, by contrast, views privacy and other factors as trade-offs, where improving one would degrade the other.

5. End-to-End Security — Full Lifecycle Protection

This principle mandates the protection of data from the moment it's collected until its final disposition. This means securing it during storage, processing, and transmission, as well as when it is deleted or anonymized.

6. Visibility and Transparency

Organizations must be open and transparent about their data practices, including how data is collected, used, and stored. This principle is often implemented through comprehensive privacy policies and clear user communications.

7. Respect for User Privacy

User-centric privacy means giving users control over their data. They should be informed about their data use and have the power to opt in or out. It also includes complying with regulations like the General Data Protection Regulation (GDPR), which strengthens individuals' privacy rights.

Keep It Simple Stupid (KISS)

Complexity is the worst enemy of security.

—Bruce Schneier

The KISS principle is a timeless concept that extends beyond cybersecurity. At its core, the principle argues that simpler designs are often the best.

Let's take Bob, the enthusiastic cybersecurity manager, unveils a security system so intricate that it takes 10 authentication steps and referencing a 500-page manual to send an email:

During the launch, Bob asks Alice, the CEO, to demo the system. She spends 15 minutes to log in, only to get blocked: "Suspicious activity detected."
In the following weeks, employees become so frustrated with the cumbersome system that they start to bypass it.
They share passwords, keep themselves permanently logged in, and even start using personal email for official communication.

Despite Bob's high-tech approach, security is now weaker than ever due to non-compliance and workarounds.

A good example of the KISS principle in action is the secure operating system, Qubes OS. The team behind Qubes OS chose Xen for its simplicity, despite the fact that Kernel-based Virtual Machine (KVM) has more features. While KVM may offer more functionalities, its complexity could lead to potential security vulnerabilities, reinforcing why simplicity can be paramount in cybersecurity.

Simplicity helps to avoid configuration mistakes and leads to better-integrated and smarter security layers. It doesn't necessarily mean you'll have a single security vendor, but you may have fewer vendors, and you'll likely rely on a standardized suite that serves as your organization's foundation.

For instance, you might choose a Google suite for all your collaborative needs or a Microsoft 365 suite, but not both. Simplicity allows organizations to focus on incremental improvements, rather than striving for unattainable perfection.

Best-in-Suite vs Best-in-Breed

"Best-in-suite" and "best-in-breed" are two approaches to choosing software solutions. "Best-in-suite" refers to a collection of products that work well together because they're from the same vendor. In contrast, "best-in-breed" selects the best product for each function, regardless of the vendor.

For example, choosing a single vendor like Microsoft for your organization's needs would mean using Office 365 for document collaboration, Outlook for email, and Teams for communication. This is a best-in-suite approach. It simplifies defense-in-depth because these products are designed to integrate smoothly, minimizing compatibility issues and gaps in security.

On the other hand, a best-in-breed approach might involve selecting Google Docs for document collaboration, Outlook for email, and Slack for communication, because each is arguably the best in its respective category. However, integrating these disparate systems can create complexity and potential vulnerabilities.

The Value of Simplicity

Simplicity helps to avoid configuration mistakes and leads to better-integrated and smarter security layers. It doesn't necessarily mean you'll have a single security vendor, but you may have fewer vendors, and you'll likely rely on a standardized suite that serves as your organization's foundation.

For instance, you might choose a Google suite for all your collaborative needs or a Microsoft 365 suite, but not both. Simplicity allows organizations to focus on incremental improvements, rather than striving for unattainable perfection.