CONTENTS
Acknowledgments
Introduction
Exam CAS-003 Objective Map
Part I Risk Management
Chapter 1 Security Influences and Risk
Risk Management of New Products, New Technologies, and User Behaviors
New or Changing Business Models and Strategies
Partnerships
Outsourcing
Cloud
Managed Security Services
Acquisitions, Mergers, Divestitures, and Demergers
Security Concerns of Interconnecting Diverse Industries
Rules, Policies, and Regulations
Export Controls and Legal Requirements
Geography, Data Sovereignty, and Jurisdictions
Internal and External Influences
Competitors
Audit Findings
Regulatory Entities
Client Requirements
Top-Level Management
Impact of Deperimeterization
Telecommuting
Cloud
Mobile and Bring Your Own Device (BYOD)
Outsourcing
Ensuring Third-Party Providers Have Requisite Levels of Information Security
Enterprise Standard Operating Environment
Personally Managed Devices
Merging SOE and Personal Device Networks
Chapter Review
Quick Tips
Questions
Answers
Chapter 2 Security Policies and Procedures
Policy and Process Life Cycle Management
Policies
Policy Types
Standards
Guidelines
Processes
Procedures
Baselines
New Business and Environmental Changes
Support Legal Compliance and Advocacy by Partnering with HR, Legal, Management, and Other Entities
Understand Common Business Documents to Support Security
Risk Assessment
Business Impact Analysis (BIA)
Interoperability Agreement (IA)
Operating Level Agreement (OLA)
Nondisclosure Agreement (NDA)
Master Service Agreement (MSA)
Research Security Requirements for Contracts
Request for Proposal (RFP)
Request for Quote (RFQ)
Request for Information (RFI)
Understand General Privacy Principles for Sensitive Information
Support the Development of Policies Containing Standard Security Practices
Separation of Duties
Job Rotation
Mandatory Vacation
Least Privilege
Incident Response
Forensic Tasks
Employment and Termination Procedures
Continuous Monitoring
Ongoing Security
Training and Awareness for Users
Auditing Requirements and Frequency
Information Classification
Chapter Review
Quick Tips
Questions
Answers
Chapter 3 Risk Mitigation, Strategies, and Controls
Categorize Data Types by Impact Levels Based on CIA
Confidentiality
Integrity
Availability
CIA Tradeoffs
Determine the Aggregate Score of CIA
Nomenclature
Incorporate Stakeholder Input into CIA Impact-Level Decisions
Determine Minimum-Required Security Controls Based on Aggregate Score
Select and Implement Controls Based on CIA Requirements and Organizational Policies
Extreme Scenario Planning/Worst-Case Scenario
Conduct System-Specific Risk Analysis
Qualitative Risk Analysis
Quantitative Risk Analysis
Make Risk Determination Based on Known Metrics
Magnitude of Impact Based on ALE and SLE
Likelihood of Threat
Return on Investment (ROI)
Total Cost of Ownership (TCO)
Translate Technical Risks in Business Terms
Recommend Which Strategy Should Be Applied Based on Risk Appetite
Avoid
Transfer
Mitigate
Accept
Risk Management Processes
Exemptions
Deterrence
Inherent
Residual
Continuous Improvement/Monitoring
Business Continuity Planning
IT Governance
Adherence to Risk Management Frameworks
Enterprise Resilience
Chapter Review
Quick Tips
Questions
Answers
Chapter 4 Risk Metrics
Review Effectiveness of Existing Security Controls
Gap Analysis
Conduct a Lessons-Learned/After-Action Review
Reverse-Engineer/Deconstruct Existing Solutions
Creation, Collection, and Analysis of Metrics
KPIs
KRIs
Prototype and Test Multiple Solutions
Create Benchmarks and Compare to Baselines
Analyze and Interpret Trend Data to Anticipate Cyber Defense Needs
Analyze Security Solution Metrics and Attributes to Ensure They Meet Business Needs
Performance
Latency
Scalability
Capability
Usability
Maintainability
Availability
Recoverability
Cost Benefit Analysis (ROI, TCO)
Use Judgment to Solve Problems Where the Most Secure Solution Is Not Feasible
Chapter Review
Quick Tips
Questions
Answers
Part II Enterprise Security Architecture
Chapter 5 Network Security Components, Concepts, and Architectures
Physical and Virtual Network and Security Devices
UTM
NIDS/NIPS
INE
NAC
SIEM
Switch
Firewall
Wireless Controller
Router
Proxy
Load Balancer
HSM
MicroSD HSM
Application and Protocol-Aware Technologies
WAF
Firewall
Passive Vulnerability Scanner
DAM
Advanced Network Design (Wired/Wireless)
Remote Access
VPN
SSH
RDP
VNC
VDI
Reverse Proxy
IPv4 and IPv6 Transitional Technologies
Network Authentication Methods
802.1x
Mesh Networks
Placement of Hardware, Applications, and Fixed/Mobile Devices
Complex Network Security Solutions for Data Flow
DLP
Deep Packet Inspection
Data Flow Enforcement
Network Flow
Data Flow Diagram
Secure Configuration and Baselining of Networking and Security Components
Network Baselining
Configuration Lockdown
Change Monitoring
Availability Controls
Network ACLs
Software-Defined Networking
Network Management and Monitoring Tools
Alerting
Alert Fatigue
Advanced Configuration of Routers, Switches, and Other Network Devices
Transport Security
Trunking Security
Port Security
Route Protection
DDoS Protection
Remotely Triggered Black Hole
Security Zones
DMZ
Separation of Critical Assets
Network Segmentation
Network Access Control
Quarantine/Remediation
Persistent/Volatile and Nonpersistent Agents
Agent vs. Agentless
Network-Enabled Devices
System on a Chip (SoC)
Building/Home Automation Systems
IP Video
HVAC Controllers
Sensors
Physical Access Control Systems
A/V Systems
Scientific/Industrial Equipment
Critical Infrastructure
Chapter Review
Quick Tips
Questions
Answers
Chapter 6 Security Controls for Host Devices
Trusted Operating System
SELinux
SEAndroid
Trusted Solaris
Least Functionality
Endpoint Security Software
Antimalware
Antivirus
Anti-Spyware
Spam Filters
Patch Management
HIPS/HIDS
Data Loss Prevention
Host-Based Firewalls
Log Monitoring
Endpoint Detection and Response
Host Hardening
Standard Operating Environment/Configuration Baselining
Security/Group Policy Implementation
Command Shell Restrictions
Patch Management
Configuring Dedicated Interfaces
External I/O Restrictions
File and Disk Encryption
Firmware Updates
Boot Loader Protections
Secure Boot
Measured Launch
Integrity Measurement Architecture
BIOS/UEFI
Attestation Services
TPM
Vulnerabilities Associated with Hardware
Terminal Services/Application Delivery Services
Chapter Review
Quick Tips
Questions
Answers
Chapter 7 Mobile Security Controls
Enterprise Mobility Management
Containerization
Configuration Profiles and Payloads
Personally Owned, Corporate-Enabled (POCE)
Application Wrapping
Remote Assistance Access
Application, Content, and Data Management
Over-the-Air Updates (Software/Firmware)
Remote Wiping
SCEP
BYOD
COPE
CYOD
VPN
Application Permissions
Side Loading
Unsigned Apps/System Apps
Context-Aware Management
Security Implications/Privacy Concerns
Data Storage
Device Loss/Theft
Hardware Anti-Tampering
TPM
Rooting and Jailbreaking
Push Notification Services
Geotagging
Encrypted Instant Messaging Apps
Tokenization
OEM/Carrier Android Fragmentation
Mobile Payment
Tethering
Authentication
Malware
Unauthorized Domain Bridging
Baseband Radio/SoC
Augmented Reality
SMS/MMS/Messaging
Wearable Technology
Cameras
Watches
Fitness Devices
Glasses
Medical Sensors/Devices
Headsets
Security Implications
Chapter Review
Quick Tips
Questions
Answers
Chapter 8 Software Vulnerabilities and Security Controls
Application Security Design Considerations
Secure by Design
Secure by Default
Secure by Deployment
Specific Application Issues
Insecure Direct Object References
Cross-Site Scripting (XSS)
Cross-Site Request Forgery (CSRF)
Clickjacking
Session Management
Input Validation
SQL Injection
Improper Error and Exception Handling
Privilege Escalation
Improper Storage of Sensitive Data
Fuzzing/Fault Injection
Secure Cookie Storage and Transmission
Buffer Overflow
Memory Leaks
Integer Overflows
Race Conditions
Resource Exhaustion
Geotagging
Data Remnants
Use of Third-Party Libraries
Code Reuse
Application Sandboxing
Secure Encrypted Enclaves
Database Activity Monitors and Web Application Firewalls
Client-Side Processing vs. Server-Side Processing
JSON/REST
Browser Extensions
HTML5
AJAX
SOAP
State Management
JavaScript
Operating System Vulnerabilities
Firmware Vulnerabilities
Chapter Review
Quick Tips
Questions
Answers
Part III Enterprise Security Operations
Chapter 9 Security Assessments
Security Assessment Methods
Malware Sandboxing
Memory Dumping
Runtime Debugging
Reconnaissance
Fingerprinting
Code Review
Social Engineering
Pivoting
Open Source Intelligence
Security Assessment Types
Penetration Testing
Vulnerability Assessment
Self-Assessment
Internal and External Audits
Color-Team Exercises
Chapter Review
Quick Tips
Questions
Answers
Chapter 10 Security Assessment Tools
Network Tool Types
Port Scanners
Vulnerability Scanners
Protocol Analyzers
SCAP Scanners
Network Enumerators
Fuzzers
HTTP Interceptors
Exploitation Tools/Frameworks
Visualization Tools
Log Reduction and Analysis Tools
Host Tool Types
Password Crackers
Vulnerability Scanners
Command-Line Tools
Local Exploitation Tools/Frameworks
SCAP Tools
File Integrity Monitoring
Log Analysis Tools
Antivirus
Reverse Engineering Tools
Physical Security Tools
Lock Picks
RFID Tools
IR Cameras
Chapter Review
Quick Tips
Questions
Answers
Chapter 11 Incident Response and Recovery Procedures
E-Discovery
Electronic Inventory and Asset Control
Data Retention Policies
Data Recovery and Storage
Data Ownership and Handling
Legal Holds
Data Breach
Detection and Collection
Mitigation and Response
Recovery/Reconstitution
Disclosure
Facilitate Incident Detection and Response
Internal and External
Criminal Actions
Hunt Teaming
Behavioral Analytics
Heuristic Analytics
Establish and Review System, Audit, and Security Logs
Incident and Emergency Response
Chain of Custody
Digital Forensics
Digital Forensics Process
Privacy Policy Violations
Continuity of Operations
Disaster Recovery
Incident Response Team
Order of Volatility
Incident Response Support Tools
dd
tcpdump
nbtstat
netstat
nc (Netcat)
memdump
tshark
Foremost
Severity of Incident or Breach
Scope
Impact
Cost
Downtime
Legal Ramifications
Post-Incident Response
Root-Cause Analysis
Lessons Learned
After-Action Report
Chapter Review
Quick Tips
Questions
Answers
Part IV Technical Integration of Enterprise Security
Chapter 12 Hosts, Storage, Networks, and Applications
Adapt Data Flow Security to Meet Changing Business Needs
Adhere to Standards (Popular, Open, De Facto)
Open Standards
Adherence to Standards
Competing Standards
Lack of Standards
De Facto Standards
Interoperability Issues
Legacy Systems and Software/Current Systems
Application Requirements
Software Types
Standard Data Formats
Protocols and APIs
Resilience Issues
Use of Heterogeneous Components
Course of Action Automation/Orchestration
Distribution of Critical Assets
Persistence and Nonpersistence of Data
Redundancy/High Availability
Assumed Likelihood of Attack
Data Security Considerations
Data Remnants
Data Aggregation
Data Isolation
Data Ownership
Data Sovereignty
Data Volume
Resources Provisioning and Deprovisioning
Users
Servers
Virtual Devices
Applications
Data Remnants
Design Considerations During Mergers, Acquisitions, and Demergers/Divestitures
Network Secure Segmentation and Delegation
Logical Deployment Diagram and Corresponding Physical Deployment Diagram of All Relevant Devices
Security and Privacy Considerations of Storage Integration
Security Implications of Integrating Enterprise Applications
CRM
ERP
CMDB
CMS
Integration Enablers
Chapter Review
Quick Tips
Questions
Answers
Chapter 13 Cloud and Virtualization
Cloud Computing Basics
Advantages Associated with Cloud Computing
Issues Associated with Cloud Computing
Virtualization Basics
Technical Deployment Models (Outsourcing/Insourcing/Managed Services/Partnership)
Cloud and Virtualization Considerations and Hosting Options
On-premises vs. Hosted
Cloud Service Models
Security Advantages and Disadvantages of Virtualization
Advantages of Virtualizing
Disadvantages of Virtualizing
Type 1 vs. Type 2 Hypervisors
Containers
vTPM
Hyper-Converged Infrastructure (HCI)
Virtual Desktop Infrastructure (VDI)
Terminal Services
Secure Enclaves and Volumes
Cloud-Augmented Security Services
Antimalware
Vulnerability Scanning
Sandboxing
Content Filtering
Cloud Security Broker
Security as a Service (SECaaS)
Vulnerabilities Associated with the Commingling of Hosts with Different Security Requirements
Data Security Considerations
Vulnerabilities Associated with a Single Server Hosting Multiple Data Types
Vulnerabilities Associated with a Single Platform Hosting Multiple Companies’ Virtual Machines
Resources Provisioning and Deprovisioning
Virtual Devices
Data Remnants
Chapter Review
Quick Tips
Questions
Answers
Chapter 14 Authentication and Authorization
Authentication
Authentication Factors
Certificate-Based Authentication
SSL/TLS Certificate-Based Authentication
Single Sign-On
802.1x
Context-Aware Authentication
Push-Based Authentication
Authorization
OAuth
XACML
SPML
Attestation
Identity Proofing
Identity Propagation
Federation
SAML
OpenID
Shibboleth
WAYF
Trust Models
Hierarchical Trust Model
Peer-to-Peer Trust Model
RADIUS Configurations
LDAP
AD
Chapter Review
Quick Tips
Questions
Answers
Chapter 15 Cryptographic Techniques
Cryptography Fundamentals
Goals of Cryptography
Cryptographic Techniques
Symmetric Key Encryption Methods
Asymmetric or Public Key Encryption Methods
Cryptography Techniques
Key Stretching
Hashing
Hashing Algorithms
Digital Signatures
Message Authentication
Code Signing
Pseudorandom Number Generation
Perfect Forward Secrecy
Data-in-Transit Encryption
Data-in-Memory/Processing Encryption
Data-at-Rest Encryption
Steganography
Cryptographic Implementations
Cryptographic Modules
Cryptoprocessors
Cryptographic Service Providers
Digital Rights Management (DRM)
Watermarking
GNU Privacy Guard (GPG)
SSL/TLS
Secure Shell (SSH)
S/MIME
Cryptographic Applications and Proper/Improper Implementations
Stream vs. Block
PKI
Systems
Cryptocurrency/Blockchain
Mobile Device Encryption Considerations
Elliptic Curve Cryptography
Chapter Review
Quick Tips
Questions
Answers
Chapter 16 Securing Communications and Collaboration
Remote Access
Dial-Up
VPN
DirectAccess
Resource and Services
Desktop and Application Sharing
Remote Assistance
Unified Collaboration Tools
Conferencing
Storage and Document Collaboration Tools
Unified Communications
Instant Messaging
Presence
E-mail
Telephony and VoIP Integration
Collaboration Sites
Chapter Review
Quick Tips
Questions
Answers
Part V Research, Development, and Collaboration
Chapter 17 Research Methods and Industry Trends
Performing Ongoing Research
Best Practices
New Technologies, Security Systems, and Services
Technology Evolution
Threat Intelligence
Latest Attacks, Vulnerabilities, and Threats
Zero-Day Mitigation Controls and Remediation
Threat Model
Researching Security Implications of Emerging Business Tools
Evolving Social Media Platforms
Integration Within the Business
Big Data
AI/Machine Learning
Global IA Industry/Community
Computer Emergency Response Team (CERT)
Conventions/Conferences
Research Consultants/Vendors
Threat Actor Activities
Emerging Threat Sources
Chapter Review
Quick Tips
Questions
Answers
Chapter 18 Technology Life Cycles and Security Activities
Systems Development Life Cycle
Requirements
Acquisition
Test and Evaluation
Commissioning/Decommissioning
Operational Activities
Asset Disposal
Asset/Object Reuse
Software Development Life Cycle
Requirements Gathering Phase
Design Phase
Development Phase
Testing Phase
Operations and Maintenance Phase
Application Security Frameworks
Software Assurance
Development Approaches
Secure Coding Standards
Documentation
Validation of the System Design
Adapting Solutions
Emerging Threats and Security Trends
Disruptive Technologies
Asset Management (Inventory Control)
Chapter Review
Quick Tips
Questions
Answers
Chapter 19 Business Unit Interactions
Security Requirements Across Various Roles
Sales Staff
Programmers
Database Administrators
Network Administrators
Management/Executive Management
Financial
Human Resources
Emergency Response Team
Facilities Manager
Physical Security Manager
Legal Counsel
Security Processes and Controls for Senior Management
Secure Collaboration Within Teams
Governance, Risk, and Compliance Committee
Chapter Review
Quick Tips
Questions
Answers
Appendix About the Online Content
System Requirements
Your Total Seminars Training Hub Account
Privacy Notice
Single User License Terms and Conditions
TotalTester Online
Pre-Assessment Test
Other Book Resources
Performance-Based Questions
Downloadable Content
Technical Support
Glossary
Index
