Contents

Search in book...
Toggle Font Controls
Create new playlist

Name your new playlist

Playlist description (optional)
Sign In

Email address

Password

Forgot Password?

or

Continue with Facebook

Continue with Google
Sign Up

Full Name

Email address

Confirm Email Address

Password

or

Continue with Facebook

Continue with Google

Previous Chapter

Contents at a Glance

In Memory of Shon Harris

CONTENTS

In Memory of Shon Harris

From the Author

Acknowledgments

Why Become a CISSP?

Chapter 1 Security and Risk Management

Fundamental Principles of Security

Confidentiality

Balanced Security

Security Definitions

Security Frameworks

ISO/IEC 27000 Series

Enterprise Architecture Development

Security Controls Development

Process Management Development

Functionality vs. Security

The Crux of Computer Crime Laws

Complexities in Cybercrime

Electronic Assets

The Evolution of Attacks

International Issues

Types of Legal Systems

Intellectual Property Laws

Internal Protection of Intellectual Property

Software Piracy

The Increasing Need for Privacy Laws

Laws, Directives, and Regulations

Employee Privacy Issues

U.S. Laws Pertaining to Data Breaches

Other Nations’ Laws Pertaining to Data Breaches

Policies, Standards, Baselines, Guidelines, and Procedures

Security Policy

Risk Management

Holistic Risk Management

Information Systems Risk Management Policy

The Risk Management Team

The Risk Management Process

Threat Modeling

Threat Modeling Concepts

Threat Modeling Methodologies

Risk Assessment and Analysis

Risk Assessment Team

The Value of Information and Assets

Costs That Make Up the Value

Identifying Vulnerabilities and Threats

Methodologies for Risk Assessment

Risk Analysis Approaches

Qualitative Risk Analysis

Protection Mechanisms

Total Risk vs. Residual Risk

Supply Chain Risk Management

Upstream and Downstream Suppliers

Service Level Agreements

Risk Management Frameworks

Categorize Information System

Select Security Controls

Implement Security Controls

Assess Security Controls

Authorize Information System

Monitor Security Controls

Business Continuity and Disaster Recovery

Standards and Best Practices

Making BCM Part of the Enterprise Security Program

BCP Project Components

Personnel Security

Hiring Practices

Security Awareness Training

Degree or Certification?

Security Governance

The Computer Ethics Institute

The Internet Architecture Board

Corporate Ethics Programs

Chapter 2 Asset Security

Information Life Cycle

Classifications Levels

Classification Controls

Layers of Responsibility

Executive Management

Security Administrator

Change Control Analyst

Why So Many Roles?

Retention Policies

Developing a Retention Policy

Protecting Privacy

Data Processers

Limits on Collection

Protecting Assets

Data Security Controls

Protecting Mobile Devices

Selecting Standards

Data Leak Prevention

Chapter 3 Security Architecture and Engineering

System Architecture

Computer Architecture

The Central Processing Unit

Multiprocessing

Operating Systems

Process Management

Memory Management

Input/Output Device Management

CPU Architecture Integration

Operating System Architectures

Virtual Machines

System Security Architecture

Security Policy

Security Architecture Requirements

Security Models

Bell-LaPadula Model

Clark-Wilson Model

Noninterference Model

Brewer and Nash Model

Graham-Denning Model

Harrison-Ruzzo-Ullman Model

Systems Evaluation

Common Criteria

Why Put a Product Through Evaluation?

Certification vs. Accreditation

Open vs. Closed Systems

Systems Security

Client-Based Systems

Client-Server Systems

Distributed Systems

Cloud Computing

Parallel Computing

Database Systems

Web-Based Systems

Cyber-Physical Systems

A Few Threats to Review

Maintenance Hooks

Time-of-Check/Time-of-Use Attacks

Cryptography in Context

The History of Cryptography

Cryptography Definitions and Concepts

Kerckhoffs’ Principle

The Strength of the Cryptosystem

Running and Concealment Ciphers

Types of Ciphers

Substitution Ciphers

Transposition Ciphers

Methods of Encryption

Symmetric vs. Asymmetric Algorithms

Symmetric Cryptography

Block and Stream Ciphers

Hybrid Encryption Methods

Types of Symmetric Systems

Data Encryption Standard

Advanced Encryption Standard

International Data Encryption Algorithm

Types of Asymmetric Systems

Diffie-Hellman Algorithm

Elliptic Curve Cryptosystems

Zero Knowledge Proof

Message Integrity

The One-Way Hash

Various Hashing Algorithms

Attacks Against One-Way Hash Functions

Public Key Infrastructure

Certificate Authorities

The Registration Authority

Applying Cryptography

Services of Cryptosystems

Digital Signatures

Digital Signature Standard

Trusted Platform Module

Digital Rights Management

Attacks on Cryptography

Ciphertext-Only Attacks

Known-Plaintext Attacks

Chosen-Plaintext Attacks

Chosen-Ciphertext Attacks

Differential Cryptanalysis

Linear Cryptanalysis

Side-Channel Attacks

Algebraic Attacks

Analytic Attacks

Statistical Attacks

Social Engineering Attacks

Meet-in-the-Middle Attacks

Site and Facility Security

The Site Planning Process

Crime Prevention Through Environmental Design

Designing a Physical Security Program

Internal Support Systems

Environmental Issues

Fire Prevention, Detection, and Suppression

Chapter 4 Communication and Network Security

Principles of Network Architectures

Open Systems Interconnection Reference Model

Application Layer

Presentation Layer

Transport Layer

Data Link Layer

Functions and Protocols in the OSI Model

Tying the Layers Together

Multilayer Protocols

Layer 2 Security Standards

Converged Protocols

Transmission Media

Types of Transmission

Wireless Networks

Wireless Communications Techniques

WLAN Components

Evolution of WLAN Security

Wireless Standards

Best Practices for Securing WLANs

Mobile Wireless Communication

Networking Foundations

Network Topology

Media Access Technologies

Transmission Methods

Network Protocols and Services

Address Resolution Protocol

Dynamic Host Configuration Protocol

Internet Control Message Protocol

Simple Network Management Protocol

Domain Name Service

E-mail Services

Network Address Translation

Routing Protocols

Network Components

Unified Threat Management

Content Distribution Networks

Software Defined Networking

Network Access Control

Virtualized Networks

Intranets and Extranets

Metropolitan Area Networks

Wide Area Networks

Telecommunications Evolution

Dedicated Links

WAN Technologies

Communications Channels

Multiservice Access Technologies

Digging Deeper into SIP

IP Telephony Issues

Dial-up Connections

Authentication Protocols

Network Encryption

Link Encryption vs. End-to-End Encryption

E-mail Encryption Standards

Internet Security

Network Attacks

Denial of Service

Drive-by Download

Chapter 5 Identity and Access Management

Access Controls Overview

Security Principles

Confidentiality

Identification, Authentication, Authorization, and Accountability

Identification and Authentication

Authentication Methods

Session Management

Integrating Identity as a Service

Integration Issues

Access Control Mechanisms

Discretionary Access Control

Mandatory Access Control

Role-Based Access Control

Rule-Based Access Control

Attribute-Based Access Control

Access Control Techniques and Technologies

Constrained User Interfaces

Remote Access Control Technologies

Access Control Matrix

Content-Dependent Access Control

Context-Dependent Access Control

Managing the Identity and Access Provisioning Life Cycle

User Access Review

System Account Access Review

Controlling Physical and Logical Access

Access Control Layers

Administrative Controls

Physical Controls

Technical Controls

Access Control Practices

Unauthorized Disclosure of Information

Access Control Monitoring

Intrusion Detection Systems

Intrusion Prevention Systems

Threats to Access Control

Dictionary Attack

Brute-Force Attacks

Spoofing at Logon

Phishing and Pharming

Chapter 6 Security Assessment and Testing

Assessment, Test, and Audit Strategies

Internal Audits

External Audits

Third-Party Audits

Auditing Technical Controls

Vulnerability Testing

Penetration Testing

Other Vulnerability Types

Synthetic Transactions

Misuse Case Testing

Interface Testing

Auditing Administrative Controls

Account Management

Backup Verification

Disaster Recovery and Business Continuity

Security Training and Security Awareness Training

Key Performance and Risk Indicators

Analyzing Results

Writing Technical Reports

Executive Summaries

Management Review and Approval

Before the Management Review

Reviewing Inputs

Management Approval

Chapter 7 Security Operations

The Role of the Operations Department

Administrative Management

Security and Network Personnel

Clipping Levels

Physical Security

Facility Access Control

Personnel Access Controls

External Boundary Protection Mechanisms

Intrusion Detection Systems

Patrol Force and Guards

Auditing Physical Access

Internal Security Controls

Secure Resource Provisioning

Asset Inventory

Asset Management

Configuration Management

Trusted Recovery

Input and Output Controls

System Hardening

Remote Access Security

Provisioning Cloud Assets

Network and Resource Availability

Mean Time Between Failures

Mean Time to Repair

Single Points of Failure

Contingency Planning

Preventing and Detecting

Continuous Monitoring

Intrusion Detection and Prevention Systems

Whitelisting and Blacklisting

Vulnerability Management

Patch Management

Honeypots and Honeynets

Egress Monitoring

Security Information and Event Management

Outsourced Services

The Incident Management Process

Computer Forensics and Proper Collection of Evidence

Motive, Opportunity, and Means

Computer Criminal Behavior

Incident Investigators

Types of Investigations

The Forensic Investigation Process

What Is Admissible in Court?

Surveillance, Search, and Seizure

Disaster Recovery

Business Process Recovery

Recovery Site Strategies

Supply and Technology Recovery

Backup Storage Strategies

End-User Environment

Liability and Its Ramifications

Liability Scenarios

Third-Party Risk

Contractual Agreements

Procurement and Vendor Processes

Implementing Disaster Recovery

Personal Safety Concerns

Emergency Management

Chapter 8 Software Development Security

Building Good Code

Where Do We Place Security?

Different Environments Demand Different Security

Environment vs. Application

Functionality vs. Security

Implementation and Default Issues

Software Development Life Cycle

Project Management

Requirements Gathering Phase

Development Phase

Operations and Maintenance Phase

Software Development Methodologies

Waterfall Methodology

V-Shaped Methodology

Incremental Methodology

Spiral Methodology

Rapid Application Development

Agile Methodologies

Integrated Product Team

Capability Maturity Model Integration

Change Management

Security of Development Environments

Security of Development Platforms

Security of Code Repositories

Software Configuration Management

Source Code Vulnerabilities

Secure Coding Practices

Programming Languages and Concepts

Assemblers, Compilers, Interpreters

Object-Oriented Concepts

Other Software Development Concepts

Application Programming Interfaces

Distributed Computing

Distributed Computing Environment

Java Platform, Enterprise Edition

Service-Oriented Architecture

ActiveX Controls

Specific Threats for Web Environments

Web Application Security Principles

Database Management

Database Management Software

Database Models

Database Programming Interfaces

Relational Database Components

Database Security Issues

Data Warehousing and Data Mining

Malicious Software (Malware)

Spyware and Adware

Antimalware Software

Antimalware Programs

Assessing the Security of Acquired Software

Appendix A Comprehensive Questions

Appendix B About the Online Content

System Requirements

Your Total Seminars Training Hub Account

Single User License Terms and Conditions

TotalTester Online

Hotspot and Drag-and-Drop Questions

Online Flash Cards

Single User License Terms and Conditions

Technical Support

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.

18.118.100.48