Understand shared responsibility. 

The security design principle indicates that organizations do not  operate in isolation. It is because we participate in shared responsibility that we must research,  implement, and manage engineering processes using secure design principles. 

Be able to explain the differences between multitasking, multicore, multiprocessing,  multiprogramming, and multithreading. 

Multitasking is the simultaneous execution of more than  one application on a computer and is managed by the OS. Multicore is the presence of multiple  execution cores in a single CPU. Multiprocessing is the use of more than one processor to increase  computing power. Multiprogramming is similar to multitasking and involves the pseudo simultaneous execution of two tasks on a single processor coordinated by the OS as a way to  increase operational efficiency. Multithreading permits multiple concurrent tasks to be performed  within a single process. 

Understand the concept of protection rings. 

From a security standpoint, protection rings organize  code and components in an OS into concentric rings. The deeper inside the circle you go, the higher  the privilege level associated with the code that occupies a specific ring.  

Know the process states. 

The process states are ready, running, waiting, supervisory, and stopped. 

Explain the two layered operating modes used by most modern processors. 

User applications  operate in a limited instruction set environment known as user mode. The OS performs controlled  operations in privileged mode, also known as system mode, kernel mode, and supervisory mode. 

Describe the different types of memory used by a computer. ROM is nonvolatile and can't be  written to by the end user. Data can be written to PROM chips only once. EPROM/UVEPROM chips  may be erased with ultraviolet light. EEPROM chips may be erased with electrical current. RAM chips  are volatile and lose their contents when the computer is powered off. 

Know the security issues surrounding memory components. 

Some security issues surround  memory components: the fact that data may remain on the chip after power is removed and the  control of access to memory in a multiuser system. 

Know the concepts of memory addressing. 

Means of memory addressing include register  addressing, immediate addressing, direct addressing, indirect addressing, and base-offset  addressing. 

Describe the different characteristics of storage devices used by computers. Primary storage is the  same as memory. Secondary storage consists of magnetic, flash, and optical media that must be first  read into primary memory before the CPU can use the data. Random access storage devices can be  read at any point, whereas sequential access devices require scanning through all the data physically  stored before the desired location. 

Understand the variations of storage types. 

The variations include primary versus secondary,  volatile versus nonvolatile, and random versus sequential. 

Know the security issues surrounding secondary storage devices. 

Three main security issues  surround secondary storage devices: removable media can be used to steal data, access controls and  encryption must be applied to protect data, and data can remain on the media even after file  deletion or media formatting. 

Know about emanation security. Many electrical devices emanate electrical signals or radiation that can be intercepted by unauthorized individuals. These signals may contain confidential, sensitive, or  private data. TEMPEST countermeasures to Van Eck phreaking (i.e., eavesdropping), include Faraday  cages, white noise, control zones, and shielding. 

Understand security risks that input and output devices can pose. 

Input/output devices can be  subject to eavesdropping and tapping, are subject to shoulder surfing, are used to smuggle data out  of an organization, or are used to create unauthorized, insecure points of entry into an  organization's systems and networks. Be prepared to recognize and mitigate such vulnerabilities. 

Know the purpose of firmware. Firmware is software stored on a ROM chip. 

At the computer level,  it contains the basic instructions needed to start a computer. Firmware is also used to provide  operating instructions in peripheral devices such as printers. Examples include BIOS and UEFI. 

Be aware of JavaScript concerns. 

JavaScript is the most widely used scripting language in the world  and is embedded into HTML documents. Whenever you allow code from an unknown and thus  untrusted source to execute on your system, you are putting your system at risk of compromise. 

Know about large-scale parallel data systems. 

Systems designed to perform numerous calculations  simultaneously include SMP, AMP, and MPP. Grid computing is a form of parallel distributed  processing that loosely groups a significant number of processing nodes to work toward a specific  processing goal. Peer-to-peer (P2P) technologies are networking and distributed application  solutions that share tasks and workloads among peers. 

Be able to define ICS. 

An industrial control system (ICS) is a form of computer-management device  that controls industrial processes and machines (aka operational technology). ICS examples include  distributed control systems (DCSs), programmable logic controllers (PLCs), and supervisory control  and data acquisition (SCADA). 

Be aware of distributed systems. 

A distributed system or a distributed computing environment  (DCE) is a collection of individual systems that work together to support a resource or provide a  service. The primary security concern is the interconnectedness of the components. 

Understand blockchain. 

A blockchain is a collection or ledger of records, transactions, operations, or  other events that are verified using hashing, timestamps, and transaction data. 

Understand data sovereignty. 

Data sovereignty is the concept that, once information has been  converted into a binary form and stored as digital files, it is subject to the laws of the country within  which the storage device resides.  

Understand smart devices. 

Smart devices are devices that offer the user a plethora of customization  options, typically through installing apps, and may take advantage of on-device or in-the-cloud  machine learning (ML) processing. 

Be able to define IoT. 

The Internet of Things (IoT) is a class of devices that are internet-connected in  order to provide automation, remote control, or AI processing to appliances or devices. The security  issues related to IoT often relate to access and encryption. 

Be able to define IIoT. 

Industrial Internet of Things (IIoT) is a derivative of IoT that focuses on  industrial, engineering, manufacturing, or infrastructure level oversight, automation, management,  and sensing. IIoT is an evolution of ICS and DCS that integrates cloud services to perform data  collection, analysis, optimization, and automation. 

Be aware of specialized devices. 

Specialized equipment is anything designed for one specific  purpose, to be used by a specific type of organization, or to perform a specific function. It may be  considered a type of DCS, IoT, smart device, endpoint device, or edge computing system. Some  common examples of specialized devices are medical equipment, smart vehicles, autonomous  aircraft, and smart meters. 

Be able to define SOA. 

Service-oriented architecture (SOA) constructs new applications or functions  out of existing but separate and distinct software services. The resulting application is often new;  thus, its security issues are unknown, untested, and unprotected. A derivative of SOA is  microservices. 

Understand microservices. 

A microservice is simply one element, feature, capability, business logic,  or function of a web application that can be called upon or used by other web applications. It is the  conversion or transformation of a capability of one web application into a microservice that can be  called upon by numerous other web applications. It allows large complex solutions to be broken into  smaller self-contained functions. 

Be able to define IaC. 

Infrastructure as code (IaC) is a change in how hardware management is  perceived and handled. Instead of seeing hardware configuration as a manual, direct hands-on, one-on-one administration hassle, it is viewed as just another collection of elements to be managed in  the same way that software and code are managed under DevSecOps (development, security, and  operations). 

Understand hypervisors. 

The hypervisor, also known as the virtual machine monitor/manager  (VMM), is the component of virtualization that creates, manages, and operates virtual machines. 

Know about the type I hypervisor. 

A type I hypervisor is a native or bare-metal hypervisor. In this  configuration, there is no host OS; instead, the hypervisor installs directly onto the hardware where  the host OS would normally reside. 

Know about the type II hypervisor. 

A type II hypervisor is a hosted hypervisor. In this configuration,  a standard regular OS is present on the hardware, and the hypervisor is then installed as another  software application. 

Be aware of VM escaping. 

VM escaping occurs when software within a guest OS is able to breach  the isolation protection provided by the hypervisor in order to violate the container of other guest  OSs or to infiltrate a host OS. 

Understand virtual software. 

A virtual application or virtual software is a software product deployed  in such a way that it is fooled into believing it is interacting with a full host OS. A virtual (or  virtualized) application has been packaged or encapsulated so that it can execute but operate  without full access to the host OS. A virtual application is isolated from the host OS so that it cannot  make any direct or permanent changes to the host OS. 

Know virtual networking. 

A virtualized network or network virtualization is the combination of  hardware and software networking components into a single integrated entity. The resulting  solution allows for software control over all network functions: management, traffic shaping,  address assignment, and so on. 

Know about SDx. 

Software-defined everything (SDx) refers to a trend of replacing hardware with  software using virtualization. SDx includes virtualization, virtualized software, virtual networking,  containerization, serverless architecture, infrastructure as code, SDN, VSAN, software defined  storage (SDS), VDI, VMI, SDV, and software-defined data center (SDDC). 

Know about VDI and VMI. 

Virtual desktop infrastructure (VDI) is a means to reduce the security risk  and performance requirements of end devices by hosting desktop/workstation OS virtual machines  on central servers that are remotely accessed by users. Virtual mobile infrastructure (VMI) is where  the OS of a mobile device is virtualized on a central server. 

Be aware of SDV. 

Software-defined visibility (SDV) is a framework to automate the processes of  network monitoring and response. The goal is to enable the analysis of every packet and make deep intelligence-based decisions on forwarding, dropping, or otherwise responding to threats. 

Understand SDDC. 

Software-defined data center (SDDC) or virtual data center (VDC) is the concept  of replacing physical IT elements with solutions provided virtually, and often by an external third  party, such as a cloud service provider (CSP). 

Be aware of XaaS. 

Anything as a service (XaaS) is the catch-all term to refer to any type of computing  service or capability that can be provided to customers through or over a cloud solution. Examples  are SECaaS, IPaaS, FaaS, ITaaS, and MaaS. 

Know some of the security issues of virtualization. 

Virtualization doesn't lessen the security  management requirements of an OS. Thus, patch management is still essential. It's important to  protect the stability of the host. Organizations should maintain backups of their virtual assets.  Virtualized systems should be security tested. VM sprawl occurs when an organization deploys  numerous virtual machines without an overarching IT management or security plan in place. 

Understand containerization. 

Containerization or OS virtualization is based on the concept of  eliminating the duplication of OS elements in a virtual machine. Each application is placed into a  container that includes only the actual resources needed to support the enclosed application, and  the common or shared OS elements are then part of the hypervisor. 

Know about serverless architecture. 

Serverless architecture is a cloud computing concept where  code is managed by the customer and the platform (i.e., supporting hardware and software) or  server is managed by the cloud service provider (CSP). There is always a physical server running the  code, but this execution model allows the software designer/architect/programmer/developer to  focus on the logic of their code and not have to be concerned about the parameters or limitations of  a specific server. This is also known as function as a service (FaaS).  

Understand embedded systems. 

An embedded system is typically designed around a limited set of  specific functions in relation to the larger product to which it is attached. 

Be aware of microcontrollers. 

A microcontroller is similar to but less complex than a system on a  chip (SoC). A microcontroller may be a component of an SoC. A microcontroller is a small computer  consisting of a CPU (with one or more cores), memory, various input/output capabilities, RAM, and  often nonvolatile storage in the form of flash or ROM/PROM/EEPROM. Examples include Raspberry  Pi, Arduino, and FPGA. 

Know about static systems/environments. 

Static systems/environments are applications, OSs,  hardware sets, or networks that are configured for a specific need, capability, or function, and then  set to remain unaltered. Be aware of network-enabled devices. Network-enabled devices are any type of portable or  non portable device that has native network capabilities. Network-enabled devices may be  embedded systems or used to create embedded systems. Network-enabled devices are also often  static systems. 

Know about cyber-physical systems. 

Cyber-physical systems refer to devices that offer a  computational means to control something in the physical world. In the past these might have been  referred to as embedded systems, but the category of cyber-physical seems to focus more on the  physical world results rather than the computational aspects. 

Understand embedded systems and static environment security concerns. 

Static environments,  embedded systems, network-enabled devices, cyber physical systems, HPC systems, edge computing  devices, fog computing devices, mobile devices, and other limited or single-purpose computing  environments need security management. These techniques may include network segmentation,  security layers, application firewalls, manual updates, firmware version control, wrappers, and  control redundancy and diversity. 

Know about HPC systems. High-performance computing (HPC) systems are computing platforms  designed to perform complex calculations or data manipulations at extremely high speeds.  Supercomputers and MPP solutions are common examples of HPC systems. 

Be aware of RTOS. 

A real-time operating system (RTOS) is designed to process or handle data as it  arrives on the system with minimal latency or delay. An RTOS is usually stored on read-only memory  (ROM) and is designed to operate in a hard real-time or soft real-time condition. 

Understand edge computing. 

Edge computing is a philosophy of network design where data and the  compute resources are located as close as possible in order to optimize bandwidth use while  minimizing latency. In edge computing, the intelligence and processing are contained within each device. Thus, rather than having to send data off to a master processing entity, each device can process its own data locally. 

Know about fog computing. 

Fog computing is another example of advanced computing architectures, which is also often used as an element in an IIoT deployment. Fog computing relies  upon sensors, IoT devices, or even edge computing devices to collect data, and then transfer it back to a central location for processing. Thus, intelligence and processing is centralized. 

Understand mobile device security. 

Personal electronic device (PED) security features can often be managed using a mobile device management (MDM) or unified endpoint management (UEM) solution. These include device authentication, full-device encryption, communication protection,  remote wiping, device lockout, screen locks, GPS and location services management, content  management, application control, push notification management, third-party application store  control, storage segmentation, asset tracking and inventory control, removable storage,  management of connection methods, disabling of unused features, rooting/jailbreaking, sideloading,  custom firmware, carrier unlocking, firmware OTA updates, key management, credential  management, and text messaging security. 

Understand mobile device deployment policies. 

A number of deployment models are available for allowing and/or providing mobile devices for employees to use while at work and to perform work tasks when away from the office. Examples include BYOD, COPE, CYOD, and COMS/COBO. You should also consider VDI and VMI options. 

Be aware of mobile device deployment policy details. 

A mobile device deployment policy should address data ownership, support ownership, patch and update management, security product management, forensics, privacy, onboarding/offboarding, adherence to corporate policies, user acceptance, architecture/infrastructure considerations, legal concerns, acceptable use policies, onboard cameras/video, recording microphone, Wi-Fi Direct, tethering and hotspots, and contactless payment methods. 

Understand process isolation. 

Process isolation requires that the OS provide separate memory spaces for each process's instructions and data. It also requires that the OS enforce those boundaries, preventing one process from reading or writing data that belongs to another process. 

Be aware of hardware segmentation. 

Hardware segmentation is similar to process isolation in purpose—it prevents the access of information that belongs to a different process/security level.  The main difference is that hardware segmentation enforces these requirements through the use of physical hardware controls rather than the logical process isolation controls imposed by an OS.  Understand the need for system security policy. The role of a system security policy is to inform and guide the design, development, implementation, testing, and maintenance of a particular system.  Thus, this kind of security policy tightly targets a single implementation effort. 

Be able to explain what covert channels are. 

A covert channel is a method that is used to pass information over a path that is not normally used for communication. Using a covert channel provides a means to violate, bypass, or circumvent a security policy undetected. Basic types are timing and storage. 

Know about vulnerabilities due to design and coding flaws. 

Certain attacks may result from poor design techniques, questionable implementation practices and procedures, or poor or inadequate testing. Some attacks may result from deliberate design decisions when special points of entry, built into code to circumvent access controls, login, or other security checks often added to code while under development, are not removed when that code is put into production. Poor coding practices and lack of security consideration are common sources or causes of vulnerabilities of system architectures that can be attributed to failures in design, implementation, prerelease code cleanup, or out-and-out coding mistakes. 

Be aware of rootkits. 

A rootkit is malware that embeds itself deep within an OS. The term is a derivative of the concept of rooting and a utility kit of hacking tools. Rooting is gaining total or full control over a system. 

Know about incremental attacks. 

Some forms of attack occur in slow, gradual increments rather than through obvious or recognizable attempts to compromise system security or integrity. Two such forms of attack are data diddling and the salami attack.