Security+ Domain 3.0: Architecture and Design: Chapter 11

Chapter 11: Architecture Frameworks and Secure Network Architectures

Industry-Standard Frameworks and Reference Architectures

Regulatory

NERC CIP – https://www.nerc.com/pa/Stand/Pages/CIPStandards.aspx

Non-regulatory

NIST CSF – https://www.nist.gov/cyberframework

          • Framework Core
          • Implementation Tiers
          • Framework Profiles

National vs International

FedRAMP – https://www.fedramp.gov/

US-EU Safe Harbor Framework (old) – https://www.ftc.gov/tips-advice/business-center/privacy-and-security/u.s.-eu-safe-harbor-framework

EU-US Privacy Shield Framework (new) – https://www.privacyshield.gov/EU-US-Framework

GDPR – https://gdpr-info.eu/

Industry-specific

HITRUST CSF – https://hitrustalliance.net/hitrust-csf/

Benchmarks / Secure Configuration Guides

CIS

NVD

STIGs

Platform / Vendor-Specific Guides

General Purpose Guides

CIS Controls

Defense in Depth / Layered Security

Vendor diversity

Control diversity

Administrative

Technical

User Training

Zones and Topologies

DMZ

Extranet

Intranet

Wifi

Guest

Honeynets

NAT

        • Static
        • Dynamic
        • PAT

Ad Hoc

Segregation / Segmentation / Isolation

RSTP

Flat / depthless networks

Enclaves

Physical

Logical (VLANs)

Trunking

Virtualization

Air Gaps

Tunneling / VPN

Site-to-Site

Remote Access

Security Device Placement

Sensors

Collectors

Correlation Engines

Filters

Proxies

Firewalls

VPN Concentrators

SSL Accelerators

Load Balancers

DDoS Mitigators

Aggregation Switches

Taps and Port Mirrors