Architecture and Design

Course

Cybersecurity

Subjects

Career & Technical Education

Cybersecurity

Grade Levels

Duration (hours)

Already have a Canvas account? Log In

Overview

In this unit, students will learn how to secure environments, especially when dealing with the cloud and hybrid-type models.

Standards

CompTIA Security+ (SYO-601) Objectives 2.1 – 2.8

Cyber Connections

Networks and Internet

Hardware and Software

Threats and Vulnerabilities

Digital Citizenship

Lessons

2.1 - Explain the importance of security concepts in an enterprise environment

Configuration management
- Diagrams
- Baseline configuration
- Standard naming conventions
- Internet protocol (IP) schema
Data sovereignty
Data protection
- Data loss prevention (DLP)
- Masking
- Encryption
- At rest
- In transit/motion
- In processing
- Tokenization
- Rights management
Hardware security module (HSM)
Geographical considerations
Cloud access security broker (CASB)
Response and recovery controls
Secure Sockets Layer (SSL)/Transport Layer Security (TLS) inspection
Hashing
API considerations
Site resiliency
- Hot site
- Cold site
- Warm site
Deception and disruption
- Honeypots
- Honeyfiles
- Honeynets
- Fake telemetry
- DNS sinkhole

2.2 - Summarize virtualization and cloud computing concepts

Cloud models
- Infrastructure as a service (IaaS)
- Platform as a service (PaaS)
- Software as a service (SaaS)
- Anything as a service (XaaS)
- Public
- Community
- Private
- Hybrid
Cloud service providers
Managed service provider (MSP)/ managed security service provider (MSSP)
On-premises vs. off-premises
Fog computing
Edge computing
Thin client
Containers
Microservices/API
Infrastructure as code
- Software-defined networking (SDN)
- Software-defined visibility (SDV)
Serverless architecture
Services integration
Resource policies
Transit gateway
Virtualization
- Virtual machine (VM) sprawl avoidance
- VM escape protection

2.3 - Summarize secure application development, deployment, and automation concepts

2.4 - Summarize authentication and authorization design concepts

2.5 - Given a scenario, implement cybersecurity resilience

Redundancy - Geographic dispersal
- Disk
- Redundant array of inexpensive disks RAID) levels
- Multipath
- Network
- Load balancers
- Network interface card (NIC) teaming
- Power
- Uninterruptible power supply (UPS)
- Generator - Dual supply - Managed power distribution units (PDUs)
Replication
- Storage area network
- VM
On-premises vs. cloud
Backup types
- Full
- Incremental
- Snapshot
- Differential
- Tape
- Disk
- Copy
- Network-attached storage (NAS)
- Storage area network
- Cloud
- Image
- Online vs. offline
- Offsite storage
- Distance considerations
Non-persistence
- Revert to known state
- Last known-good configuration
- Live boot media
High availability
- Scalability
Restoration order
Diversity
- Technologies
- Vendors
- Crypto
- Controls

2.6 - Explain the security implications of embedded and specialized systems

Embedded systems
- Raspberry Pi
- Field-programmable gate array (FPGA)
- Arduino
Supervisory control and data acquisition (SCADA)/industrial control system (ICS)
- Facilities
- Industrial
- Manufacturing
- Energy
- Logistics
Internet of Things (IoT)
- Sensors
- Smart devices
- Wearables
- Facility automation
- Weak defaults
Specialized - Medical systems
- Vehicles
- Aircraft
- Smart meters
Voice over IP (VoIP)
Heating, ventilation, air conditioning (HVAC)
Drones/AVs
Multifunction printer (MFP)
Real-time operating system (RTOS)
Surveillance systems
System on chip (SoC)
Communication considerations
- 5G
- Narrow-band
- Baseband radio
- Subscriber identity module (SIM) cards
- Zigbee
Constraints
- Power
- Compute
- Network
- Crypto
- Inability to patch
- Authentication
- Range
- Cost
- Implied trust

2.7 - Explain the importance of physical security controls

2.8 - Summarize the basics of cryptographic concepts