Contents at a Glance
by Dwayne Williams, Gregory B. White, Wm. Arthur Conklin, Nicholas Lane
CASP+ CompTIA Advanced Security Practitioner Certification All-in-One Exam Guide, Second Edition (Exam CAS-003)
- Cover
- Title Page
- Copyright Page
- Dedication
- About the Authors
- Contents at a Glance
- Contents
- Acknowledgments
- Introduction
- Exam CAS-003 Objective Map
- Part I Risk Management
- Chapter 1 Security Influences and Risk
- Chapter 2 Security Policies and Procedures
- Policy and Process Life Cycle Management
- Support Legal Compliance and Advocacy by Partnering with HR, Legal, Management, and Other Entities
- Understand Common Business Documents to Support Security
- Research Security Requirements for Contracts
- Understand General Privacy Principles for Sensitive Information
- Support the Development of Policies Containing Standard Security Practices
- Chapter Review
- Chapter 3 Risk Mitigation, Strategies, and Controls
- Categorize Data Types by Impact Levels Based on CIA
- Determine the Aggregate Score of CIA
- Incorporate Stakeholder Input into CIA Impact-Level Decisions
- Determine Minimum-Required Security Controls Based on Aggregate Score
- Select and Implement Controls Based on CIA Requirements and Organizational Policies
- Extreme Scenario Planning/Worst-Case Scenario
- Conduct System-Specific Risk Analysis
- Make Risk Determination Based on Known Metrics
- Translate Technical Risks in Business Terms
- Recommend Which Strategy Should Be Applied Based on Risk Appetite
- Risk Management Processes
- Continuous Improvement/Monitoring
- Business Continuity Planning
- IT Governance
- Enterprise Resilience
- Chapter Review
- Chapter 4 Risk Metrics
- Review Effectiveness of Existing Security Controls
- Reverse-Engineer/Deconstruct Existing Solutions
- Creation, Collection, and Analysis of Metrics
- Prototype and Test Multiple Solutions
- Create Benchmarks and Compare to Baselines
- Analyze and Interpret Trend Data to Anticipate Cyber Defense Needs
- Analyze Security Solution Metrics and Attributes to Ensure They Meet Business Needs
- Use Judgment to Solve Problems Where the Most Secure Solution Is Not Feasible
- Chapter Review
- Part II Enterprise Security Architecture
- Chapter 5 Network Security Components, Concepts, and Architectures
- Physical and Virtual Network and Security Devices
- Application and Protocol-Aware Technologies
- Advanced Network Design (Wired/Wireless)
- Complex Network Security Solutions for Data Flow
- Secure Configuration and Baselining of Networking and Security Components
- Software-Defined Networking
- Network Management and Monitoring Tools
- Advanced Configuration of Routers, Switches, and Other Network Devices
- Security Zones
- Network Access Control
- Network-Enabled Devices
- Critical Infrastructure
- Chapter Review
- Chapter 6 Security Controls for Host Devices
- Chapter 7 Mobile Security Controls
- Enterprise Mobility Management
- Containerization
- Configuration Profiles and Payloads
- Personally Owned, Corporate-Enabled (POCE)
- Application Wrapping
- Remote Assistance Access
- Application, Content, and Data Management
- Over-the-Air Updates (Software/Firmware)
- Remote Wiping
- SCEP
- BYOD
- COPE
- CYOD
- VPN
- Application Permissions
- Side Loading
- Unsigned Apps/System Apps
- Context-Aware Management
- Security Implications/Privacy Concerns
- Data Storage
- Device Loss/Theft
- Hardware Anti-Tampering
- TPM
- Rooting and Jailbreaking
- Push Notification Services
- Geotagging
- Encrypted Instant Messaging Apps
- Tokenization
- OEM/Carrier Android Fragmentation
- Mobile Payment
- Tethering
- Authentication
- Malware
- Unauthorized Domain Bridging
- Baseband Radio/SoC
- Augmented Reality
- SMS/MMS/Messaging
- Wearable Technology
- Chapter Review
- Enterprise Mobility Management
- Chapter 8 Software Vulnerabilities and Security Controls
- Application Security Design Considerations
- Specific Application Issues
- Insecure Direct Object References
- Cross-Site Scripting (XSS)
- Cross-Site Request Forgery (CSRF)
- Clickjacking
- Session Management
- Input Validation
- SQL Injection
- Improper Error and Exception Handling
- Privilege Escalation
- Improper Storage of Sensitive Data
- Fuzzing/Fault Injection
- Secure Cookie Storage and Transmission
- Buffer Overflow
- Memory Leaks
- Integer Overflows
- Race Conditions
- Resource Exhaustion
- Geotagging
- Data Remnants
- Use of Third-Party Libraries
- Code Reuse
- Application Sandboxing
- Secure Encrypted Enclaves
- Database Activity Monitors and Web Application Firewalls
- Client-Side Processing vs. Server-Side Processing
- Operating System Vulnerabilities
- Firmware Vulnerabilities
- Chapter Review
- Chapter 5 Network Security Components, Concepts, and Architectures
- Part III Enterprise Security Operations
- Chapter 9 Security Assessments
- Chapter 10 Security Assessment Tools
- Chapter 11 Incident Response and Recovery Procedures
- Part IV Technical Integration of Enterprise Security
- Chapter 12 Hosts, Storage, Networks, and Applications
- Adapt Data Flow Security to Meet Changing Business Needs
- Adhere to Standards (Popular, Open, De Facto)
- Interoperability Issues
- Resilience Issues
- Data Security Considerations
- Resources Provisioning and Deprovisioning
- Design Considerations During Mergers, Acquisitions, and Demergers/Divestitures
- Network Secure Segmentation and Delegation
- Logical Deployment Diagram and Corresponding Physical Deployment Diagram of All Relevant Devices
- Security and Privacy Considerations of Storage Integration
- Security Implications of Integrating Enterprise Applications
- Chapter Review
- Chapter 13 Cloud and Virtualization
- Cloud Computing Basics
- Virtualization Basics
- Technical Deployment Models (Outsourcing/Insourcing/Managed Services/Partnership)
- Security Advantages and Disadvantages of Virtualization
- Cloud-Augmented Security Services
- Vulnerabilities Associated with the Commingling of Hosts with Different Security Requirements
- Data Security Considerations
- Resources Provisioning and Deprovisioning
- Chapter Review
- Chapter 14 Authentication and Authorization
- Chapter 15 Cryptographic Techniques
- Cryptography Fundamentals
- Cryptographic Techniques
- Cryptography Techniques
- Cryptographic Implementations
- Cryptographic Modules
- Cryptoprocessors
- Cryptographic Service Providers
- Digital Rights Management (DRM)
- Watermarking
- GNU Privacy Guard (GPG)
- SSL/TLS
- Secure Shell (SSH)
- S/MIME
- Cryptographic Applications and Proper/Improper Implementations
- Stream vs. Block
- PKI
- Systems
- Cryptocurrency/Blockchain
- Mobile Device Encryption Considerations
- Elliptic Curve Cryptography
- Chapter Review
- Chapter 16 Securing Communications and Collaboration
- Chapter 12 Hosts, Storage, Networks, and Applications
- Part V Research, Development, and Collaboration
- Chapter 17 Research Methods and Industry Trends
- Chapter 18 Technology Life Cycles and Security Activities
- Chapter 19 Business Unit Interactions
- Appendix About the Online Content
- Glossary
- Index
CONTENTS AT A GLANCE
Chapter 1 Security Influences and Risk
Chapter 2 Security Policies and Procedures
Chapter 3 Risk Mitigation, Strategies, and Controls
Part II Enterprise Security Architecture
Chapter 5 Network Security Components, Concepts, and Architectures
Chapter 6 Security Controls for Host Devices
Chapter 7 Mobile Security Controls
Chapter 8 Software Vulnerabilities and Security Controls
Part III Enterprise Security Operations
Chapter 9 Security Assessments
Chapter 10 Security Assessment Tools
Chapter 11 Incident Response and Recovery Procedures
Part IV Technical Integration of Enterprise Security
Chapter 12 Hosts, Storage, Networks, and Applications
Chapter 13 Cloud and Virtualization
Chapter 14 Authentication and Authorization
Chapter 15 Cryptographic Techniques
Chapter 16 Securing Communications and Collaboration
Part V Research, Development, and Collaboration
Chapter 17 Research Methods and Industry Trends
Chapter 18 Technology Life Cycles and Security Activities
Chapter 19 Business Unit Interactions
-
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.