DOMAIN 1

Self-Signed Certificate

• A certificate that you create and sign yourself, not by a trusted Certificate Authority (CA).

• Used for:

  • Internal testing

  • Private networks

• Example: You make your own certificate on your laptop just to test HTTPS locally — it works, but no one else trusts

CRL Certificate (Certificate Revocation List)

• A list of digital certificates that have been revoked (no longer valid).

• Used for: Checking if a certificate is still trustworthy.

• Example:
  If a company’s key is stolen → that certificate goes on the CRL list so browsers reject it.

Web of Trust

An alternative to a centralized CA is a "web of trust," where multiple individuals sign each other's certificates. If you trust a friend who has signed a third party's certificate, you can trust that third party.

Wildcard Certificate

• A certificate that secures a domain and all its subdomains using a * (wildcard symbol).

• Used for:

  • Simplifying HTTPS setup for multiple subdomains.

• Example:
  *.example.com covers:

  • sales.example.com

  • support.example.com

  • mail.example.com

  • all others automatically

Zero Trust

a security model where no one is trusted by default, whether they are inside or outside the network.

• Every user, device, or application must verify their identity and permissions continuously before being allowed to access resources.

• “Trust nothing, verify everything.”

Tokenization

• Replaces sensitive data with a unique token.

• Key point: The token has no meaningful value, but a mapping exists so you can safely reference the original data.

• Use case: Credit cards, social security numbers.

• Example: 4111 1111 1111 1111 → TKN_839275

Data masking

• Hides or replaces part of the data to display non-sensitive information while keeping it usable in format.

• Key point: Only safe for display or testing, original data may not be accessible.

• Use case: Showing last 4 digits of a credit card, test databases.

• Example: 4111 1111 1111 1111 → 4111 **** **** 1111

Version control

• A system that tracks changes to code or components over time, recording each version.

• Purpose: Ensures teams can deploy the latest version, revert to previous versions, and manage concurrent development.

• Example: Using Git to manage updates to multiple application modules.

Dependency mapping

• A process that identifies and documents relationships and dependencies between components in a system or application.

• Purpose: Helps understand how changes in one component may affect others.

• Example: Module A depends on Module B; changing B may impact A

OCSP (Online Certificate Status Protocol)

• A protocol to check the real-time status of a digital certificate issued by a Certificate Authority (CA).

• Purpose: Allows clients to verify if a certificate has been revoked without downloading a full CRL (Certificate Revocation List).

• Example: Browser asks CA: “Is this certificate valid or revoked?” → CA replies valid /revoked

Root of trust (RoT)

• a secure hardware or software component that starts the boot process and ensures every step after it is trusted and verified.

• It checks digital signatures of each boot stage — if any part is tampered with, the process stops or reports an error.

• Think of it like the “security guardian” of your system startup

Standard Operating Procedures (SOPs)

A set of documented, step-by-step instructions that describe how to perform routine operations consistently and correctly.

Purpose:

Ensure consistency, quality, and safety in processes.

Used across the organization so everyone follows the same steps for each change

Backout Plan

A rollback or recovery plan that defines how to undo a change and restore the system to its previous state if something goes wrong.

Purpose: Provides safety and risk control during changes — ensures you can revert without damage

KMS (Key Management System)

• A system (often cloud-hosted) that generates, stores, rotates, and manages cryptographic keys and secrets.

• Use case: Storing API keys, database encryption keys, passwords, or tokens securely.

• Key point: Can manage many secrets for multiple applications in the cloud.

CSR (Certificate Signing Request)

• A request sent to a CA to issue a digital certificate. Contains info about the requester and their public key.

• Use case: Requesting a certificate to secure a website or application.

• Key point: Just a request, not a storage or management tool.

AES‑256

• is the current standard for symmetric encryption.

• uses a 256-bit key, providing strong security for modern applications.

• It is widely recommended for confidential data encryption.

Managerial Controls

• Policies, plans, and guidelines created by management to define the organization’s security strategy.

• These set the rules for how security should be managed and evaluated.

Examples:

• Security policies

• Risk assessments

• Budget planning for security

• Compliance audits

Operational Controls

• Security measures that people perform as part of daily operations to maintain and improve security.
  These focus on procedures and practices rather than technology.

Examples:

• Security awareness training

• Incident response

• Backup operations

• Reviewing logs or reports