Contents

Introduction

Chapter 1: Accountability and Access Control

Access Control Overview

Identification and Authentication Techniques

Access Control Techniques

Access Control Methodologies and Implementation

Access Control Administration

Summary

Exam Essentials

Written Lab

Answers to Written Lab

Review Questions

Answers to Review Questions

Chapter 2: Attacks and Monitoring

Monitoring

Intrusion Detection

IDS-Related Tools

Penetration Testing

Methods of Attack

Access Control Compensations

Summary

Exam Essentials

Written Lab

Answers to Written Lab

Review Questions

Answers to Review Questions

Chapter 3: ISO Model, Protocols, Network Security, and Network Infrastructure

OSI Model

Communications and Network Security

Internet/Intranet/Extranet Components

Remote Access Security Management

Network and Protocol Security Mechanisms

Avoiding Single Points of Failure

Summary

Exam Essentials

Written Lab

Answers to Written Lab

Review Questions

Answers to Review Questions

Chapter 4: Communications Security and Countermeasures

Virtual Private Network (VPN)

Network Address Translation

Switching Technologies

WAN Technologies

Miscellaneous Security Control Characteristics

Managing Email Security

Securing Voice Communications

Security Boundaries

Network Attacks and Countermeasures

Summary

Exam Essentials

Written Lab

Answers to Written Lab

Review Questions

Answers to Review Questions

Chapter 5: Security Management Concepts and Principles

Security Management Concepts and Principles

Protection Mechanisms

Change Control/Management

Data Classification

Planning to Plan

Summary

Exam Essentials

Written Lab

Answers to Written Lab

Review Questions

Answers to Review Questions

Chapter 6: Asset Value, Policies, and Roles

Employment Policies and Practices

Security Roles

Security Management Planning

Policies, Standards, Baselines, Guidelines, and Procedures

Risk Management

Security Awareness Training

Summary

Exam Essentials

Written Lab

Answers to Written Lab

Review Questions

Answers to Review Questions

Chapter 7: Data and Application Security Issues

Application Issues

Databases and Data Warehousing

Data/Information Storage

Knowledge-Based Systems

Systems Development Controls

Summary

Exam Essentials

Written Lab

Answers to Written Lab

Review Questions

Answers to Review Questions

Chapter 8: Malicious Code and Application Attacks

Malicious Code

Password Attacks

Denial-of-Service Attacks

Application Attacks

Web Application Security

Reconnaissance Attacks

Masquerading Attacks

Decoy Techniques

Summary

Exam Essentials

Written Lab

Answers to Written Lab

Review Questions

Answers to Review Questions

Chapter 9: Cryptography and Symmetric Key Algorithms

Historical Milestones in Cryptography

Cryptographic Basics

Modern Cryptography

Symmetric Cryptography

Summary

Exam Essentials

Written Lab

Answers to Written Lab

Review Questions

Answers to Review Questions

Chapter 10: PKI and Cryptographic Applications

Asymmetric Cryptography

Hash Functions

Digital Signatures

Public Key Infrastructure

Applied Cryptography

Cryptographic Attacks

Summary

Exam Essentials

Written Lab

Answers to Written Lab

Review Questions

Answers to Review Questions

Chapter 11: Principles of Computer Design

Computer Architecture

Security Protection Mechanisms

Summary

Exam Essentials

Written Lab

Answers to Written Lab

Review Questions

Answers to Review Questions

Chapter 12: Principles of Security Models

Security Models

Objects and Subjects

Understanding System Security Evaluation

Common Flaws and Security Issues

Summary

Exam Essentials

Written Lab

Answers to Written Lab

Review Questions

Answers to Review Questions

Chapter 13: Administrative Management

Operations Security Concepts

Personnel Controls

Summary

Exam Essentials

Written Lab

Answers to Written Lab

Review Questions

Answers to Review Questions

Chapter 14: Auditing and Monitoring

Auditing

Monitoring

Monitoring Tools and Techniques

Penetration-Testing Techniques

Inappropriate Activities

Indistinct Threats and Countermeasures

Summary

Exam Essentials

Written Lab

Answers to Written Lab

Review Questions

Answers to Review Questions

Chapter 15: Business Continuity Planning

Business Continuity Planning

Project Scope and Planning

Business Impact Assessment

Continuity Planning

BCP Documentation

Summary

Exam Essentials

Written Lab

Answers to Written Lab

Review Questions

Answers to Review Questions

Chapter 16: Disaster Recovery Planning

The Nature of Disaster

Recovery Strategy

Recovery Plan Development

Training and Documentation

Testing and Maintenance

Summary

Exam Essentials

Written Lab

Answers to Written Lab

Review Questions

Answers to Review Questions

Chapter 17: Law and Investigations

Categories of Laws

Laws

Investigations

Summary

Exam Essentials

Written Lab

Answers to Written Lab

Review Questions

Answers to Review Questions

Chapter 18: Incidents and Ethics

Major Categories of Computer Crime

Incident Handling

Ethics

Summary

Exam Essentials

Written Lab

Answers to Written Lab

Review Questions

Answers to Review Questions

Chapter 19: Physical Security Requirements

Facility Requirements

Forms of Physical Access Controls

Technical Controls

Environment and Life Safety

Equipment Failure

Summary

Exam Essentials

Written Lab

Answers to Written Lab

Review Questions

Answers to Review Questions

Appendix: About the Companion CD

Index

Advertisement

Perf Card & Objectives Map

Glossary