Symmetric Encryption

Symmetric encryption uses a single shared secret key for both encryption and decryption, making it fast but requiring secure key distribution. CISSP contrasts it with asymmetric cryptography, which solves key distribution using key pairs.

Related Terms

All CISSP Terms

CIA Triad

The CIA triad is the trio of confidentiality, integrity, and availability that underpins nearly every information-security decision.

Risk Management

Risk management is the process of identifying, assessing, treating, and monitoring risk so that residual risk stays within an organization's tolerance.

Quantitative Risk Analysis

Quantitative risk analysis expresses risk in monetary terms, chiefly through SLE × ARO = ALE (single loss expectancy times annualized rate of occurrence equals annualized loss expectancy).

Residual Risk

Residual risk is the risk that remains after controls have been applied.

Defense in Depth

Defense in depth layers multiple independent controls so that the failure of any one does not expose the asset.

Least Privilege

Least privilege grants each subject only the access strictly required to perform its function, and no more.

Bell-LaPadula Model

Bell-LaPadula is a confidentiality-focused security model enforcing 'no read up, no write down' to protect classified data.

Biba Model

The Biba model is an integrity-focused security model enforcing 'no read down, no write up' so trusted data is not contaminated by lower-integrity sources.

PKI

Public Key Infrastructure (PKI) is the framework of certificate authorities, certificates, and keys that binds identities to public keys and enables trust.

Symmetric Encryption

Symmetric encryption uses a single shared secret key for both encryption and decryption, making it fast but requiring secure key distribution.

Access Control Models

Access control models — DAC, MAC, RBAC, and ABAC — define how access decisions are made and who sets them.

Federated Identity

Federated identity lets users authenticate once with a trusted identity provider and access resources across independent domains, using standards such as SAML and OIDC.

RTO and RPO

Recovery Time Objective (RTO) is the maximum tolerable time to restore a service, and Recovery Point Objective (RPO) is the maximum tolerable data loss measured in time.

Security Operations

Security operations covers the day-to-day protective work of monitoring, incident response, forensics, and change and configuration management.

SDLC

The Software Development Life Cycle (SDLC) is the structured process for building software, into which CISSP embeds security at every phase.