Chapter 3

Security Architecture and Engineering

This chapter covers the following topics:

  • Information Systems Life Cycle: Phases discussed include stakeholders’ needs and requirements; requirements analysis; architectural design; development /implementation; integration; verification and validation; transition/deployment; operations and maintenance/sustainment, and retirement/disposal.

  • Engineering Processes Using Secure Design Principles: Concepts discussed include the ISO/IEC 15288:2015 and NIST SP 800-160 systems engineering standards, objects and subjects, closed versus open systems, threat modeling, least privilege, defense in depth, secure defaults, fail securely, separation of duties (SoD), keep it simple and small, Zero Trust, Privacy ...

Get CISSP Cert Guide, 5th Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial