INDEX
Please note that index links point to page beginnings from the print edition. Locations are approximate in e-readers, and you may need to page down one or more times after clicking a link to get to the indexed material.
Numbers
3DES (Triple DES), 588
3G/4G signals, 287
3-way handshake, 172
6to4 tunneling, 171
A
acceptable use policy (AUP), 44
access control
considerations, 552
discretionary, 45
mandatory, 45–46
remote access, 165–166, 269, 630–635
role-based, 45
rule-based, 46
access control lists (ACLs), 45, 182, 238
access control policy, 45–46
ACK flag, 379
ACLs (access control lists), 45, 182, 238
acquisition assessment policy, 46
acquisitions, 12, 13, 481–482, 692
Active Directory (AD), 28, 509, 572–573
ActiveX controls, 329
AD (Active Directory), 28, 509, 572–573
add-ons, 329
address space layout randomization (ASLR), 669, 670, 704
AddressSanitizer tool, 349
administrative controls, 734
administrators
Active Directory domain, 28
alerts, 184–185
database, 728–729
local, 28–29
network, 729–730
new technology and, 661
Windows, 29
Advanced Encryption Standard (AES), 587, 588–589
advisory policies, 43
adware, 218
AES (Advanced Encryption Standard), 587, 588–589
AFRINIC (African Network Information Center), 360
after-action report, 447–448
agile software development, 706–707
AH (Authentication Header), 167, 186
AI (artificial intelligence), 666, 673–674, 714
AirPcap adapter, 184
AJAX (Asynchronous JavaScript and XML), 330
alarms, 122, 292. See also alerts
ALE (annualized loss expectancy), 92, 95, 96
Amazon Web Services (AWS), 509
American Recovery and Reinvestment Act of 2009 (ARRA), 23
analysis tools, 393–394
Android devices
fragmentation, 284–285
rooting, 280–282
versions, 284–285
Android OS, 216
Angry IP Scanner, 399
annualized loss expectancy (ALE), 92, 95, 96
annualized rate of occurrence (ARO), 92, 96
anomaly-based detection, 223–224
ANSI standard, 464
antimalware, 56, 217–218, 290, 406, 530
anti-spyware, 220
antivirus (AV) software, 166, 219, 348, 406
API (application programming interface), 472–473
app stores, 269
Apple App Store, 705
Apple Pay, 283–284
application development, 700, 709
application firewalls, 159, 228
application programming interface (API), 472–473
application scanners, 384–385
application security frameworks, 700, 709
application sharing, 632–634
application wrapping, 268
application-aware technologies, 163–164
applications. See also software
API/protocol issues, 467–473
blacklisting, 234–235
commercial, 471
considerations, 312
COTS, 471
data formats, 472
direct object references, 313
enterprise, 486–491
in-house developed, 470–471
input validation. See input validation
integration enablers, 488–491
interoperability issues, 467–473
isolating, 519
mobile. See mobile applications
open source, 471–472
privileges, 320
provisioning, 480
public keys and, 613
remote access, 480
requirements, 468–469
sandboxing, 327
secure encrypted enclaves, 327
sensitive data and, 320–321
tailored commercial, 471
vulnerabilities, 312–326
web. See web applications
whitelisting, 234–235
AppLocker, 235
arithmetic overflows, 323
ARO (annualized rate of occurrence), 92, 96
ARP spoofing, 239
ARRA (American Recovery and Reinvestment Act of 2009), 23
artificial intelligence (AI), 666, 673–674, 714
AS (autonomous system), 189
AS number (ASN), 189
ASBRs (autonomous system boundary routers), 189
ASLR (address space layout randomization), 669, 670, 704
ASN (AS number), 189
asset control, 418–419
asset management, 418–419, 715–716
asset value (AV), 96
assets
defined, 418
disposal of, 696
examples of, 58
reusing, 697
separation of, 193–194
asymmetric algorithms, 591–592
asymmetric encryption, 596
asymmetric/public key cryptography, 590–592
Asynchronous JavaScript and XML (AJAX), 330
attack signatures, 224
attack surface, 311
attack tools/frameworks, 391–393
attackers. See hackers
attacks. See also specific attacks
assumed likelihood of, 476
Bluetooth, 241–242
clickjacking, 315–316
CSRF, 314–315
DOM-based, 314
failure of, 678
hybrid, 395
latest trends, 665–667
nation, 667
reflected, 313
session hijacking, 316–317
state-sponsored, 667
stored, 314
structured, 679
SYN flood, 324
targets of opportunity, 677–678, 680
transitive, 357–358
unstructured, 678
using public sources, 358–359
VLAN-hopping, 187–188
VM escape, 534–535
website, 313–316
XSS, 314–315
zero-day, 667–670
attestation, 563
attestation services, 252
audio conferencing, 638
audio/video (A/V) systems, 199
audits/auditing
cloud computing and, 506
external audits, 367
findings, 22–23
frequency, 68–69
overview, 183
requirements, 68–69
security issues identified, 128
Windows systems, 231–232
augmented reality, 291
AUP (acceptable use policy), 44
authentication, 552–561
802.1x, 173
attestation and, 563
vs. authorization, 561
context-aware, 560–561
described, 553
digital certificates. See digital certificates
federation identity management, 564–569
vs. identity proofing, 563–564
identity propagation and, 564
mobile devices, 288–290
overview, 585–586
password-based, 189
plaintext, 361
push-based, 561
simple, 703
single sign-on, 559
SSL/TLS, 558–559
two-factor, 553
username/password, 553
WS-Security, 703
authentication, authorization, and accounting. See AAA
authentication factors, 553–557
Authentication Header (AH), 167, 186
authentication server, 173, 560
authorization, 561–563
vs. authentication, 561
OAuth standard, 562
overview, 561
SPML, 563
XACML, 562
automation, 67–68, 102–103, 474
autonomous system (AS), 189
autonomous system boundary routers (ASBRs), 189
AV (asset value), 96
AV (antivirus) software, 166, 219, 348, 406
A/V (audio/video) systems, 199
availability
cloud computing and, 505
high availability, 475
potential impact definitions, 85
presence, 641
availability controls, 83–84, 180–182
availability failures, 83
AWS (Amazon Web Services), 509
B
backups, 100, 271, 278, 422, 434
BACnet/IP (B/IP), 198
banner grabbing, 351
barcode tags, 715
BAS networks, 198
baseband processors, 291
baselines, 52–53, 127, 130–132
baselining, 180–181
Basic Input/Output System (BIOS), 248–252
BASs (building automation systems), 197
BCP (business continuity plan), 103–105, 434
Bcrypt, 593
behavioral analytics, 428–429
behavioral characteristics, 556–557
behavioral model, 698
BES (BlackBerry Enterprise Server), 27
BGP (Border Gateway Protocol), 189
BIA (business impact analysis), 58–59, 104
bidirectional, 631
big data, 673
biometric locks, 409
biometric readers, 199
biometric systems, 289–290, 556
BIOS (Basic Input/Output System), 248–252
B/IP (BACnet/IP), 198
Bitcoin, 616
BitLocker, 600
black box testing, 365
Black Hat conference, 676
black hat hackers, 368, 481, 679
black hole routing, 191
BlackBerry Enterprise Server (BES), 27
black-box testing, 692
blockchain cryptography, 616–617, 714
block-level encryption, 602
blocks, 616
Blowfish algorithm, 590
Blue Screen of Death, 348–349
blue team, 368
Bluetooth attacks, 241–242
Bluetooth locks, 409
Bluetooth technology, 241–242, 288
Bluetooth tethering, 288
boot loader protections, 249–253
Border Gateway Protocol (BGP), 189
bounds checking, 322
BPA (business partnership agreement), 60
Bring Your Own Device (BYOD), 26–27, 272–273, 561, 617
browser extensions, 329
brute-force attacks, 395, 396, 593
buffer overflows, 322–323, 391
building automation systems (BASs), 197
business continuity plan (BCP), 103–105, 434
business continuity team, 104
business contracts, 61–62
business desktop, 28
business documents, 58–62
business impact analysis (BIA), 58–59, 104
business objective, 6
business partnership agreement (BPA), 60
business partnerships, 9, 48, 60
business unit interactions, 725–743
governance, risk, and compliance, 736
roles, 725–734
security requirements, 725–734
security within teams, 735–736
senior management and, 730–731, 734–735
businesses/organizations
acquisitions, 12, 13, 481–482, 692
changes to, 53–57
demergers/divestitures, 12, 13, 481–482
resiliency of, 108
BYOD (Bring Your Own Device), 26–27, 272–273, 561, 617
C
CA (Certificate Authority), 557, 570, 610–612
CACs (common access cards), 615
canary values, 322
CanSecWest, 677
capability, 136
CAPTCHAs, 364
CAST-128 algorithm, 589
CAST-256 algorithm, 589
casting, 269
CC (Common Criteria), 214, 215
C&C (command and control) server, 190
CCB (Change Control Board) process, 690–691, 695, 696
CCE (Common Configuration Enumeration), 389
CCTVs (closed-circuit televisions), 733
cell phones. See smartphones
Center for Internet Security (CIS), 660
centralized computing, 501–502, 503
centralized virtual desktops, 526, 527
CERT (computer emergency response team), 675
Certificate Authority. See CA
certificate pinning, 616
certificate revocation list (CRL), 614
certificates. See digital certificates
Certification and Accreditation Process, 691
certification practices statement (CPS), 612
Certified in Governance of Enterprise IT (CGEIT), 23
Certified Information Security Manager (CISM), 23
CGEIT (Certified in Governance of Enterprise IT), 23
chain letters, 356
Challenge Handshake Authentication Protocol (CHAP), 172
Change Control Board (CCB) process, 690–691, 695, 696
change management, 46, 694, 695–696
change monitoring, 180
change-of-state (CoS) events, 200
CHAP (Challenge Handshake Authentication Protocol), 172
chief information officer (CIO), 98
chief security officer (CSO), 98–99
choose your own device (CYOD), 26, 273, 561
CI (continuous integration), 708
CIA triad, 81–87, 180–181, 726
CIDR (Classless Inter-Domain Routing), 171
CIO (chief information officer), 98
cipher locks, 408
ciphertext, 583
CIS (Center for Internet Security), 660
CIs (converged infrastructures), 525–526
Cisco routers/switches, 182, 188, 190
CISM (Certified Information Security Manager), 23
classified information, 69
Classless Inter-Domain Routing (CIDR), 171
clear box testing, 365
cleartext, 583
CLI (command-line interface), 168, 239, 397
clickjacking, 315–316
client/server architecture, 501, 502
client-side processing, 328–333
closed-circuit televisions (CCTVs), 733
Cloud Act, 21
cloud bursting, 512
cloud computing
advantages of, 505
availability and, 137–138, 505
basics, 504–507
community, 512–513
considerations, 26, 504, 508–509, 629, 667
content filtering, 532
data security and, 506–507, 534–538
deployment models, 508–515
encryption and, 534
hosting options, 508–513
hybrid, 511–512
issues associated with, 10–11, 26, 506–507
mobile devices and, 278–279
multitenancy, 513
network separation and, 534, 535
on-premises, 509, 510, 514, 530, 539
overview, 501–504
password cracking and, 395
private clouds, 505, 510–511, 513
provisioning and, 479
public, 509–510
redundancy and, 181
sandboxing and, 531–532
scalability and, 135–136
SECaaS, 533
security services for, 530–533
separating critical assets, 194
single tenancy, 513
vulnerabilities, 530–531, 533–538
cloud providers, 10, 26, 278, 505–514, 532
cloud security brokers, 532–533
cloud service models, 515
cloud-based collaboration, 647
cloud-based tools, 25–26, 530–533
CMDB (configuration management database), 487–488
COBIT (Control Objectives for Information and Related Technologies), 22
COBIT 5 (Control Objectives for Information and Related Technology 5), 105–106
code signing, 598
code/coding. See also software development
analysis of, 705
best practices, 702
code reuse, 326
code reviews, 351
continuous integration, 708
dynamic code, 705
error handling, 319–320
exception handling, 319–320
forbidden coding techniques, 703
NX (no-execute) bit use, 704
peer reviews, 712
quality of, 704
security and, 310–312, 709, 728
software programmers, 727–728
static code, 705
testing plans/methods, 711–712
verification/validation, 711–712
versioning, 708
XN (never-execute) bit use, 704
cognitive dynamics, 557
Cold War era, 679
collaboration, 635–647, 735–736. See also communications
collaboration sites/tools, 635–647
collisions, 595
color-team exercises, 367–368
command and control (C&C) server, 190
command shell restrictions, 235–236
command-line interface (CLI), 168, 239, 397
command-line tools, 397–404
commercial off-the-shelf (COTS) applications, 471
commissioning, 692–693
common access cards (CACs), 615
Common Configuration Enumeration (CCE), 389
Common Criteria (CC), 214, 215
Common Object Request Broker Architecture (CORBA), 473
Common Platform Enumeration (CPE), 389
Common Vulnerabilities and Exposures (CVE), 389, 531
Common Vulnerability Scoring System (CVSS), 389
communication plan, 104
communications, 629–647. See also collaboration
conferencing, 635–638
e-mail. See e-mail
instant messaging, 283, 356, 357, 640–641
overview, 629
presence, 641
remote access, 630–635
telephony/VoIP, 643–644
unified, 635–647
community cloud computing, 512–513
company devices, 281–282
complexity, 28
compliance controls, 734
compliance laws, 698
compliance policies, 270
computer emergency response team (CERT), 675
computer security incident response teams (CSIRT), 675
computer-based social engineering, 355–357
conditional access policies, 270
confidential information, 13, 69–70, 584
confidentiality, 13, 82, 85, 584
confidentiality, integrity, and availability. See CIA triad
configuration files, 321
configuration lockdowns, 180
configuration management, 694–695
configuration management database (CMDB), 487–488
containerization, 266
containers, 523–525
content filtering, 532
content screening, 317–318
context-aware authentication, 560–561
context-aware management, 275–277
continuity of operations, 434
continuity of operations planning (COOP), 103–105
continuous integration (CI), 708
continuous monitoring, 67–68, 102–103
contracts, business, 61–62
Control Objectives for Information and Related Technologies (COBIT), 22
Control Objectives for Information and Related Technology 5 (COBIT 5), 105–106
controls. See security controls
conventions, 676–677
converged infrastructures (CIs), 525–526
COOP (continuity of operations planning), 103–105
COPE (Corporate Owned Personally Enabled), 26, 28, 273
copyrights, 604–605
CORBA (Common Object Request Broker Architecture), 473
Corporate Owned Personally Enabled (COPE), 26, 28, 273
CoS (change-of-state) events, 200
cost benefit analysis, 138–139
COTS (commercial off-the-shelf) applications, 471
CPE (Common Platform Enumeration), 389
CPS (certification practices statement), 612
CPU utilization, 131, 132, 517
credentials, 563–564
credit card readers, 286–287
credit cards, 18, 242, 283–284, 680
criminal actions, 428
critical infrastructure, 200–201
CRL (certificate revocation list), 614
CRM (customer relationship management), 486
cross-certificates, 611
cross-site request forgery (CSRF), 314–315
cross-site scripting (XSS), 313–314
CRR (Cyber Resilience Review), 108
cryptocurrency, 616–617
cryptographic algorithms, 44
cryptographic key, 583
cryptographic modules, 603–604
cryptographic service providers, 604
cryptography, 583–627. See also encryption
asymmetric/public key, 590–592
considerations, 609
fundamentals, 583–586
goals of, 584
implementations, 603–618
vs. steganography, 602–603
symmetric key encryption, 586–590
terminology, 583–584
tools/techniques, 586–603
cryptojacking, 667
cryptoprocessors, 604
CSIRT (computer security incident response teams), 675
CSO (chief security officer), 98–99
CSRF (cross-site request forgery), 314–315
customer demand, 54
customer relationship management (CRM), 486
customer requirements, 24
customers, 9, 24, 54, 486, 509, 513
CVE (Common Vulnerabilities and Exposures), 389, 531
CVSS (Common Vulnerability Scoring System), 389
Cyber Resilience Review (CRR), 108
cyber superpowers, 679
cybersecurity. See security
cyberwarfare, 57
CYOD (choose your own device), 26, 273, 561
D
DAC (Discretionary Access Control), 45
daisy chaining, 357–358
DAMs (database activity monitors), 164, 327
data. See also information
analyzing, 424–425
backups, 100, 271, 278, 422, 434
big data, 673
breaches. See data breaches
cloud considerations, 506–507, 534, 535–538
commingling, 533–534
consolidating, 514
corporate-owned, 270
cross-border flow of, 20–21
deleting, 325–326, 507, 531, 538–539
destruction/disposal of, 49, 419, 420
dispersing, 505
equipment disposal and, 693
evidence. See evidence
handling, 421
integrity, 13
legal holds, 421
on mobile devices, 269–270, 277–279
overwriting, 325
persistent/nonpersistent, 474–475
personal, 62, 266, 271, 295–296
protecting, 506–507, 534, 535–538
replicating, 505
retention of, 46
sensitive. See sensitive data
standard formats, 472
states, 599
storing. See data storage
trend, 132–133
volatility, 437
data aggregation, 477
data at rest, 295
data breaches, 421–426. See also incidents
after-action report, 447–448
considerations, 477
cost of incidents, 445
detection, 422–424
disclosure of, 426
downtime, 445
evidence. See evidence
external communications, 426
incident detection/response, 426–429
internal/external, 427
isolation techniques, 425, 477
legal ramifications, 445–446
lessons learned, 447
mitigation/response, 424–425
notification laws, 422
overview, 421–422
post-incident response, 446–448
recovery/reconstitution, 425–426
root-cause analysis, 446–447
severity of, 444–446
Data Encryption Standard (DES), 588
Data Execution Prevention (DEP), 669, 670
data formats, 472
data interfaces, 239
data leakage, 358
data length, 317
data loss prevention (DLP), 175–176, 225–226
data minimization, 424–425
data privacy laws, 21
data recovery, 248, 420, 425–426
data recovery agent (DRA), 248
data remnants
considerations, 49, 476, 507, 534
eradicating data, 480
storage and, 538–539
vulnerabilities, 325–326
data retention laws, 478
data retention policies, 46, 419–420
data security
cloud computing and, 506–507, 534–538
considerations, 476
data flow, 462–463
mobile devices. See mobile security
remnants. See data remnants
virtualization and, 535–538
data storage
considerations, 311
data remnants and, 538–539
mobile devices, 277–279
NAS, 484–485
privacy/security and, 484–485
SAN, 484–485
sensitive data, 320–321
data types, 20, 175–177, 179, 475
data volume, 478
data-at-rest encryption, 600–602
database activity monitors (DAMs), 164, 327
database administrators, 728–729
database scanners, 385
databases
CMDB, 487–488
encryption, 729
NVD, 531
security tips, 728–729
software/hardware inventory, 716
data-in-memory/processing encryption, 600
dd tool, 438–439
DDoS (distributed denial-of-service) attacks, 190–191, 505
debugging tools, 349
decision-making authority, 104
decommissioning, 692–693
dedicated interfaces, 237
deep learning, 674
deep packet inspection (DPI), 176–177
DEFCON conference, 676–677
Defense Information Systems Agency. See DISA
defense-in-depth, 194, 195, 482, 483
Deleaker tool, 349
demergers/divestitures, 12, 13, 481–482
demilitarized zone (DMZ), 191, 192–193
denial-of-service, 190–191, 324–325, 505
denial-of-service (DoS) attacks, 190–191, 324–325
DEP (Data Execution Prevention), 669, 670
Department of Homeland Security (DHS), 108
deperimeterization, 25–26
deployment diagrams, 483–484
DES (Data Encryption Standard), 588
design models, 698
design phase, 698
desktop sharing, 632–634
desktops, virtual, 169–170, 526–528
detection, 422–424
development environment. See software development
development phase, 699
development/acquisition phase, 690
device circumstances, 275–277
devices
external, 239–247
firmware, 175
healthcare, 200
mobile. See mobile devices
network. See network devices
personally managed, 28–29
SCADA, 201
software, 175
USB, 240–241
UTM, 152
wearable, 292–296
wireless, 26
DevOps units, 706
DHCP snooping, 239
DHS (Department of Homeland Security), 108
dial-up communications, 630–631
DIAMETER standard, 560
dictionary attacks, 395
Diffie-Hellman algorithm, 591
dig tool, 403
digital certificates
as authentication, 557–559
basics, 610–616
SCEP services and, 271–272
validating, 613
digital evidence. See evidence
digital forensics, 66, 296, 431–433
digital privacy, 21
Digital Rights Management (DRM), 604–605
Digital Signature Algorithm (DSA), 591–592, 596
digital signatures, 274–275, 585, 595–597
direct object references, 313
DirectAccess, 631–632
Directive 2009/136/EC, 63
directory services, 488–489
DISA (Defense Information Systems Agency), 660
DISA Approved Products List, 671, 672
disaster recovery, 47, 434–435, 518–519
Disaster Recovery Plan (DRP) Policy, 47
disaster recovery plans, 47, 103–105, 434
disclosure, 426
Discretionary Access Control (DAC), 45
disintegrating drives, 696
disk encryption, 247–248, 600–601
disruptive technologies, 714–715
Distinguished Name (DN), 557
distributed denial-of-service (DDoS) attacks, 190–191, 505
DLP (data loss prevention), 175–176, 225–226
DMZ (demilitarized zone), 191, 192–193
DN (Distinguished Name), 557
DNA scan, 556
DNS (Domain Name System), 489–490
DNS records, 362–363
DNS reverse lookup, 362
DNS zone transfers, 362–363, 403
documents. See also files
business documents, 58–62
collaboration tools, 638–639
sharing, 638–639
software development life cycle, 709–711
storage of, 638–639
DocuSign, 562
domain bridging, 290–291
domain controllers, 573
Domain Name System. See DNS entries
domain names/details, 359–360
DOM-based attacks, 314
DoS (denial-of-service) attacks, 190–191, 324–325
double tagging, 187–188
DPI (deep packet inspection), 176–177
DRA (data recovery agent), 248
drives
destroying, 326, 476, 539, 696
erasing/sanitizing, 696
mapping/mounting, 246
redundant, 181
reusing, 697
DRM (Digital Rights Management), 604–605
dronejacking, 667
DRP (Disaster Recovery Plan) Policy, 47
DSA (Digital Signature Algorithm), 591–592, 596
DTP (Dynamic Trunking Protocol), 187
due care, 64
dumpster diving, 353
dynamic code analysis, 705
dynamic routing, 361
Dynamic Trunking Protocol (DTP), 187
E
EALs (Evaluation Assurance Levels), 215
EAP (Extensible Authentication Protocol), 172
ease of use, 55
eavesdropping, 353
ECC (Elliptic Curve Cryptography), 592, 618
EDR (endpoint detection and response), 233
EF (exposure factor), 96
EFS (Encrypting File System), 248, 601–602
eFuse technology, 280
EHRs (electronic health records), 200
EK (endorsement key), 252
electronic health records (EHRs), 200
electronic inventory, 418–419
ELGamal algorithm, 591–592
Elliptic Curve Cryptography (ECC), 592, 618
attachments, 47
chain letters, 356
considerations, 640
handling of, 47
hoax letters, 356
IMAP, 642
MIME, 608
overview, 641–642
POP, 642
protocols, 642
security, 642
SMTP, 642
social engineering via, 352, 355
spam. See spam
e-mail policies, 47
e-mail servers, 408
emergency response, 104, 429–430
emergency response team, 732
EMET (Enhanced Mitigation Experience Toolkit), 670
employees. See also users
administrators. See administrators
database administrators, 728–729
disgruntled, 680
emergency response team, 732
ethics, 48
facilities manager, 733
financial personnel, 731–732
human resources, 732
ID badges, 353
job rotation, 64–65
legal counsel, 733–734
mandatory vacation, 65
mobile, 165–166
network administrators, 729–730
personal information, 68
physical security manager, 733
piggybacking, 353
programmers, 727–728
recruitment/hiring process, 66
resignation/termination, 66, 271
sales staff, 726–727
security challenges, 729, 735–736
security training/awareness, 122, 713–714
shoulder surfing, 354
social engineering and. See social engineering
social media and, 671–673
tailgating, 353
telecommuters, 25–26
teleworkers, 26
total cost of ownership and, 139
training/awareness, 68
vishing, 354–355
Encapsulated Security Payload (ESP), 167, 186
Encrypting File System (EFS), 248, 601–602
encryption. See also cryptography
block-level, 602
cloud computing and, 534
data-at-rest, 600–602
databases, 729
data-in-transit, 599
data-in-use, 600
described, 583
full memory, 600
homomorphic, 600
mobile devices, 617–618
passwords, 554
records, 602
symmetric key, 586–590
wearable technology, 295
XML, 566
end-entity certificates, 610
endorsement key (EK), 252
endpoint detection, 232–233
endpoint detection and response (EDR), 233
endpoint security software, 217–233
Enhanced Mitigation Experience Toolkit (EMET), 670
enterprise applications, 486–491
enterprise mobility management, 265–277
enterprise resilience, 107–108
enterprise resource planning (ERP), 487
Enterprise Service Bus (ESB), 491
enterprise standard operating environment, 28
enterprise wired networks, 290
enumeration tools, 390
equipment. See hardware
erasing, 696
error handling, 319–320
error messages, 319–320
ESB (Enterprise Service Bus), 491
ESP (Encapsulated Security Payload), 167, 186
Ethernet switches, 560
ethics policy, 48
EU (European Union), 63
European Union. See EU
evaluation, 692
Evaluation Assurance Levels (EALs), 215
evidence
admission of, 431
analyzing, 424–425
criminal, 428
destruction of, 421
e-discovery, 418–421
legal holds, 421
evil twin attack, 359
exception handling, 319–320
executive management. See senior management
expert witnesses, 431
exploitation tools/frameworks, 391–393, 405
exploits, 666
export controls, 20–21
exposure, 666
exposure factor (EF), 96
eXtensible Access Control Markup Language (XACML), 562
Extensible Authentication Protocol (EAP), 172
Extensible Configuration Checklist Description Format (XCCDF), 389
Extensible Markup Language. See XML
Extensible Messaging and Presence Protocol (XMPP), 641
external I/O restrictions, 239–247
extranet policy, 48
F
Facebook, 282
facilities management, 197, 733
failure mode effects analysis (FMEA), 93
false negatives/positives, 122, 385
fault injection, 321
FDE (full disk encryption), 600
features, 55
Federal Information Processing Standard (FIPS), 82
Federal Information Security Management Act (FISMA), 18, 63, 82
federation identity management, 564–569
file carving, 444
file integrity monitoring (FIM), 405
files. See also documents
classifications, 69–70
configuration, 321
log. See log files
permissions, 247–248
printer, 321
sharing, 638–639
storage of, 638–639
FIM (file integrity monitoring), 405
FIN scans, 381
financial data, 176
financial institutions, 17
financial personnel, 731–732
fingerprinting, 290, 350–351, 556
FIPS (Federal Information Processing Standard), 82
firewall policy, 48
firewalls
characteristics, 158
host-based, 226–229
latency and, 134–135
Linux systems, 227–228
network ingress/egress, 158
NGFW, 159
physical, 158–159
requirements, 48
scenarios, 229
stateful, 159
Windows systems, 220, 226–227, 659
firmware updates, 248–249, 270
FISMA (Federal Information Security Management Act), 18, 63, 82
fitness devices, 293
flash drives, 50
flood guards, 157
FMEA (failure mode effects analysis), 93
footprinting, 349–350
foremost tool, 444
forgery, 315
formal proofs, 711
Foursquare, 282
FTP services, 311
full disk encryption (FDE), 600
functional model, 698
fuzzers/fuzzing, 321, 390, 705
G
G Suite products, 278
gap analysis, 122–123
GDPR (General Data Protection Regulation), 9, 20–21, 63, 667
General Data Protection Regulation (GDPR), 9, 20–21, 63, 667
generators, 181
geofencing, 276
geographic bundaries, 21
geolocation, 276
gestures, 288–289
glasses, smart, 293–294
GLBA (Gramm-Leach-Bliley Act), 17, 63
global IA industry, 674–675
Global System for Mobile Communications (GSM), 587
GNU Privacy Guard (GPG), 592, 605–606
Google Drive, 278
Google Glass, 293
Google Play, 705
governance, 736
governance, risk, and compliance (GRC), 736
GPG (GNU Privacy Guard), 592, 605–606
GPMC (Group Policy Management Console), 235
Gramm-Leach-Bliley Act (GLBA), 17, 63
graphical user interface (GUI), 397
gray box testing, 365
gray hats, 679
grayware, 218
GRC (governance, risk, and compliance), 736
GRE tunneling, 171
Group Policy, 235
Group Policy Management Console (GPMC), 235
GSM (Global System for Mobile Communications), 587
GUI (graphical user interface), 397
guidelines, 51
H
Hackers On Planet Earth (HOPE), 677
hackers/hacking
Anonymous, 680
government-sponsored, 57
identifying, 678–679
military-sponsored, 57
state-sponsored, 57
threat actors, 677–679
white hats, 365
hacking groups, 678
hacktivism, 678
Hadoop framework, 673
HAIPE (High Assurance Internet Protocol Encryptor), 155
hard drives. See drives
hardware
anti-tampering, 280
disposal of, 693
failures, 537
inventory control, 716
repair/replacement, 693
vulnerabilities, 253–254
hardware abstraction, 518
hardware security modules (HSMs), 162
hash ciphers, 585
hash functions, 593, 594–595, 609
hash values, 585
HCI (hyper-converged infrastructure), 525–526
HDMI (High-Definition Multimedia Interface), 247
headsets, 294
Health Information Technology for Economic and Clinical Health Act (HITECH), 23
Health Insurance Portability and Accountability Act. See HIPAA
healthcare devices, 200
Heartbleed Bug, 666
heating, ventilation, and air conditioning. See HVAC
heuristic analytics, 429
heuristic-based detection, 219
HIDS (host-based intrusion detection system), 225
hierarchical trust model, 570
hierarchies of trust, 557
High Assurance Internet Protocol Encryptor (HAIPE), 155
High-Definition Multimedia Interface (HDMI), 247
HIPAA Security Rule, 15–16
HIPAA standard, 14, 63, 296, 464
HIPS (host-based intrusion prevention system), 225
HITECH (Health Information Technology for Economic and Clinical Health Act), 23
HMACs, 598
hoax letters, 356
home automation systems, 197
honeynets/honeypots, 668
HOPE (Hackers On Planet Earth), 677
host hardening, 233–249
host tools, 394–408
anitvirus software, 406
command-line tools, 397–404
file integrity monitoring, 405
local exploitation, 405
log analysis tools, 406
password crackers, 394–396
reverse engineering tools, 406–408
SCAP tools, 405
vulnerability scanners, 396–397
host-based firewalls, 226–229
host-based intrusion detection system (HIDS), 225
host-based intrusion prevention system (HIPS), 225
hosted cloud computing, 508–513
hosted virtual desktops, 526
hosts, compromising, 357–358
hotfix, 222
HR (human resources), 732
HSMs (hardware security modules), 162
HTML (Hypertext Markup Language), 47, 221
HTML5, 330
HTTP (Hypertext Transfer Protocol), 168, 316, 566, 606
HTTP interceptors, 391
human resources (HR), 732
human-based social engineering, 352–355
hunt teaming, 428
HVAC controllers/systems, 198
hybrid attacks, 395
hybrid cloud computing, 511–512
hyper-converged infrastructure (HCI), 525–526
Hypertext Markup Language. See HTML
Hypertext Transfer Protocol. See HTTP
hypervisors, 522–523
I
IA (information assurance), 674–675
IaaS (infrastructure as a service), 515
IAs (interoperability agreements), 59–60
IASE (Information Assurance Support Environment), 660
ICSs (industrial control systems), 200
ID badges, 353
IDEA (International Data Encryption Algorithm), 589
identification, 552
identity management systems, 564–569
identity proofing, 563–564
identity propagation, 564
Identity Provider (IdP), 566
identity theft, 62
IdP (Identity Provider), 566
IDS (intrusion detection system), 175, 223–225
IDS/IPS alarms, 122
IEEE (Institute of Electrical and Electronic Engineers), 243, 465
IETF (Internet Engineering Task Force), 663, 664
IKE (Internet Key Exchange) protocol, 167
IM (instant messaging), 283, 356, 357, 640–641
IMA (Integrity Measurement Architecture), 251
IMAP (Internet Message Access Protocol), 642
impersonation, 353
implementation phase, 690
incident response
behavoral analytics, 428–429
criminal actions, 428
data breaches. See data breaches
digital forensics, 431–433
e-discovery, 418–421
heuristic analytics, 429
hunt teaming, 428
overview, 65–66, 417, 418, 429–430
post-incident response, 446–448
tools for, 437–444
incident response cycle, 436
incident response teams (IRTs), 423, 426–427, 435–437
incidents. See also data breaches
cost of, 445
detection of, 426–429
downtime, 445
legal ramifications, 445–446
levels of impact, 430
response to. See incident response
root-cause analysis, 446–447
severity of, 444–446
inductance-enabled transactions, 286
industrial control systems (ICSs), 200
industrial equipment, 200
industry-accepted approaches, 701–702
INEs (inline network encryptors), 155
information. See also data
classification of, 69–70
evidence. See evidence
personally identifiable, 62–63
sensitive. See sensitive data
visuals, 99
information assurance (IA), 674–675
Information Assurance Support Environment (IASE), 660
information criticality, 430
Information Systems Audit and Control Association (ISACA), 22
Information Technology Infrastructure Library (ITIL) framework, 107
informational model, 698
informative policies, 43
Infrared Data Association (IrDA), 243
infrared radiation (IR) cameras, 409
infrastructure as a service (IaaS), 515
infrastructure, critical, 200–201
inherent factors, 555–557
initiation phase, 690
injection attacks, 318–319, 321
inline network encryptors (INEs), 155
input validation
application issues, 312–313
client-side vs. server-side, 328–332
fuzzing and, 321
overview, 317–318
SQL injection and, 319
inSSIDer Office, 665
Instagram, 282
instant messaging (IM), 283, 356, 357, 640–641
Institute of Electrical and Electronic Engineers (IEEE), 243, 465
integer overflows, 323
integration enablers, 488–491
integration testing, 712
integrity, 13, 82–85, 275, 584–585
Integrity Measurement Architecture (IMA), 251
integrity violations/failures, 82, 83
interceptors, 391
interconnected environment, 13–21
interconnection security agreement (ISA), 59
interference, 287
International Data Encryption Algorithm (IDEA), 589
International Organization for Standardization. See ISO
International Software Testing Qualifications Board (ISTQB), 711
Internet DMZ, 191
Internet Engineering Task Force (IETF), 663, 664
Internet Key Exchange (IKE) protocol, 167
Internet Message Access Protocol (IMAP), 642
Internet of Things. See IoT
Internet Protocol Security (IPSec), 166–167, 186–187
Internet security requirements, 48
Internet service providers (ISPs), 19, 181, 191
Internet usage policy, 48–49
internetworks, 360–361
interoperability agreements (IAs), 59–60
interoperability issues, 467–473
intrusion detection system (IDS), 175, 223–225
intrusion prevention system (IPS), 175, 223–225
inventory control, 715–716
inventory, electronic, 418–419
IoT (Internet of Things), 57, 667, 714
IP configuration, 401–402
IP identification (IPID) probes, 238
IP video, 197
ipchains, 227–228
ipconfig tool, 401–402
iPhones/iPads
Apple Pay, 283–284
jailbreaking, 280–282
upgrades, 285
IPID (IP identification) probes, 238
IPS (intrusion prevention system), 175, 223–225
IPSec (Internet Protocol Security), 166–167, 186–187
iptables, 227–228
IR (infrared radiation) cameras, 409
IrDA (Infrared Data Association), 243
IRTs (incident response teams), 423, 426–427, 435–437
ISA (interconnection security agreement), 59
ISACA (Information Systems Audit and Control Association), 22
ISATAP tunneling, 171
ISO (International Organization for Standardization), 7, 55, 465, 664
ISO/IEC 38500 standard, 106–107
isolation techniques, 425
ISPs (Internet service providers), 19, 181, 191
ISTQB (International Software Testing Qualifications Board), 711
IT Governance Institute (ITGI), 22
IT projects, 129
ITGI (IT Governance Institute), 22
ITIL (Information Technology Infrastructure Library) framework, 107
J
jailbreaking, 280–282
Java applets, 329
JavaScript, 332–333
JavaScript Object Notation (JSON), 328–329
job rotation, 64–65
John the Ripper, 395–396
JSON (JavaScript Object Notation), 328–329
K
Kali Linux, 393
Kerberos systems, 559
key escrow, 615
key lengths, 609
key performance indicators (KPIs), 128, 129
key recovery, 615
key risk indicators (KRIs), 128–129
key stretching, 593
key-pair, 590–591
keystroke biometrics, 556
knowledge factors, 553–555
KPIs (key performance indicators), 128, 129
KRIs (key risk indicators), 128–129
L
L2TP (Layer 2 Tunneling Protoco), 167
latency, 134–135
Layer 2 Tunneling Protoco (L2TP), 167
LDAP (Lightweight Directory Access Protocol), 571–572
LEAP (Lightweight Extensible Authentication Protocol), 173
least connections algorithm, 162
legacy systems/software, 467–468
legal counsel, 733–734
legal holds, 421
legal issues
cross-border data flow, 20–21
digital evidence, 421
incidents/breaches, 445–446
lessons-learned/after-action review, 123–124
life cycles
software development life cycle, 697–712
systems development life cycle, 689–697
Lightweight Directory Access Protocol (LDAP), 571–572
Lightweight Extensible Authentication Protocol (LEAP), 173
Linux systems
best practices, 659–660
firewalls, 227–228
Kali Linux, 393
SELinux, 216
sudo command, 29
Lizard Squad, 665
local administrator accounts, 28–29
location contexts, 276
lock alternatives, 408–409
lock picks, 408–409
log analysis tools, 406
log files
formats, 230
instant message logs, 640
security logs, 429
system logs, 429
types of, 230
Windows Event Viewer, 229, 230–231
log monitoring, 229–232
log reduction tools, 393–394
log sources, 157
logic bombs, 218
logical deployment diagrams, 483–484
loop protection, 157
loss, impact of, 5
M
M&A (mergers and acquisitions), 12, 13
MAC (mandatory access control), 45–46, 214
MAC (message authentication code), 598
MAC filtering, 245
machine learning, 673–674
maintainability, 137
maintenance phase, 690–691, 694, 699
malware
administrator privileges and, 29
antimalware packages, 217–218
described, 217
“hall-of-fame,” 666
mobile apps, 357
mobile devices, 290
social media and, 359
Stuxnet, 200
types of, 217–218
via IM, 640–641
managed security service provider (MSSP), 11
managed security services, 11–12
management, 730–731, 734–735. See also senior management
management interfaces, 238–239
management zone, 191
mandatory access control. See MAC
master service agreement (MSA), 60
maximum tolerable downtime (MTD), 105
MBSA (Microsoft Baseline Security Analyzer), 396–397
MD5 algorithm, 594
MD5 authentication, 189, 190, 361
MDM (mobile device management), 25, 29, 419
MDM tools
application management, 269–270
configuration profiles, 266–268
context-aware management, 275–277
data management, 269–270
remote assistance access, 269
remote wiping, 271
VPN connections, 273–274
MDT (Microsoft Deployment Toolkit), 234
mean time between failure (MTBF), 105, 129, 137, 138
mean time to repair (MTTR), 105, 129, 137, 138
Measured Launch, 250–251
media
geotagging, 325
removable, 50
sanitizing, 696
medical data, 176
medical sensors/devices, 294
melting, 696
memorandum of understanding (MOU), 59
memory dumping, 348–349, 442–443
memory/runtime debugging tools, 349
mergers and acquisitions (M&A), 12, 13
mesh networks, 173
message authentication, 598
message digest, 595
messaging, 291
Metasploit, 405
metrics. See risk metrics
microphones, 246–247
microSD cards, 278
microSD HSMs, 162
Microsoft, 21
Microsoft Azure, 135–136, 278, 509
Microsoft Baseline Security Analyzer (MBSA), 396–397
Microsoft Challenge Authentication Protocol (MS-CHAP), 172
Microsoft Deployment Toolkit (MDT), 234
Microsoft initiative, 215
Microsoft Intune, 155, 267–268, 269
Microsoft OneDrive, 278
Microsoft Point-to-Point Encryption (MPPE), 167
Microsoft SharePoint, 644, 647
Microsoft Web Protection Library, 701
MIME e-mail, 608
MIMO (multiple-input multiple-output), 244
mirroring, screen, 269
mitigation strategies, 366
MMS (multimedia messaging service), 291
MobiControl, 267
mobile applications
application wrapping, 268
integrity, 274–275
malicious apps, 357
managing, 269–270
nonrepudiation, 275
permissions, 274
privacy issues, 358
repackaged apps, 357
side loading, 274
system apps, 274–275
unsigned apps, 274–275
mobile device management. See MDM
mobile devices. See also smartphones
applications. See mobile applications
authentication, 288–290
backups, 278
biometrics, 289–290
BYOD, 26–27, 272–273, 561, 617
challenges, 266
cloud storage, 278–279
configuration profiles, 266–268
considerations, 265–266
containerization, 266
data storage, 277–279
employee resignation/termination, 271
encryption, 617–618
geofencing, 276
geolocation, 276
geotagging, 282–283
hardware anti-tampering, 280
ingress/egress, 26
malware, 290
managing, 265
networks, 29
onboarding, 268
overview, 265
personal data on, 266, 271, 295–296
POCE, 268
push notifications, 282
remote access, 269
remote wiping, 271
screen mirroring, 269
security. See mobile security
social engineering and, 357
system apps, 275
tethering, 287–288
time-based restrictions, 277
tracking, 419
USB port, 279
user behavior, 276
mobile hotspots, 287
mobile payments, 285–287
mobile security, 277–292
authentication, 288–290
biometrics, 289–290
BYOD and, 26–27
data storage, 277–279
domain bridging, 290–291
malware, 290
mobile payments, 285–287
personal data and, 266, 271, 295–296
tethering, 287–288
wearable technology, 294–296
mobile security controls, 265–307
enterprise mobility management, 265–277
privacy concerns, 277–292
security implications, 277–292
wearable technology, 292–296
mobile wallets, 286
MobileIron, 267
modems, 630
monitoring functions, 67–68, 102–103, 694
Moore’s Law, 53
motivation, 95–96, 679, 728, 735, 736
MOU (memorandum of understanding), 59
mouse dynamics, 557
MPPE (Microsoft Point-to-Point Encryption), 167
MSA (master service agreement), 60
MS-CHAP (Microsoft Challenge Authentication Protocol), 172
MSSP (managed security service provider), 11
MTBF (mean time between failure), 105, 129, 137, 138
MTD (maximum tolerable downtime), 105
Mtrace tool, 349
MTTR (mean time to repair), 105, 129, 137, 138
multimedia messaging service (MMS), 291
multiple-input multiple-output (MIMO), 244
multitenancy, 513