INDEX
Please note that index links point to page beginnings from the print edition. Locations are approximate in e-readers, and you may need to page down one or more times after clicking a link to get to the indexed material.
Numbers
1G (first generation) networks, 548, 550–551
10Base-T (Ethernet), 560–561
10G Ethernet (10GBase-T), 562
10GBase-T (10G Ethernet), 562
100-VG-AnyLAN, 562
100Base-TX (Fast Ethernet), 561, 562, 663
1000Base-T (Gigabit Ethernet), 562
2.4-GHz frequency range, 539–541, 544
2FA (two-factor authentication), 735, 844
2G networks. See second generation (2G) networks
3DES (Triple-DES)
CMAC approved for, 396–397
modes of, 382–383
reasons for creating, 375
3G (third generation) networks, 549–551
3GPP (Third Generation Partnership Project), 549–550
4G (fourth generation) networks, 550–551
5 GHz frequency range, 539–541
64-bit address and data buses, 260
6to4 tunneling method, intersite tunneling, 512
802.11, 532–534
802.11a, 539–540
802.11ac, 541
802.11b, 539
802.11e, 540
802.11f, 540
802.11g, 540–541
802.11h, 541
802.11j, 541
802.11n, 541
802.11X, 536–538
802.15.4, 543
802.16, 541–542
802.1AE, 514
802.1AR, 514
802.1Q, VLANs, 605
802.1X
802.11i using, 534–535
NAT authentication, 643
overview, 536–538
port authentication on new device, 515
WLANs, 544
802.5, 562
A
AAA (authentication, authorization, and accounting/audit) protocols, 810–814
ABAC (attribute-based access control), 806
ABR (adjustable bit rate), ATM QoS, 663
absolute addresses, CPUs, 266, 268
abstraction
high-level languages, 1124–1125
layered operating systems, 297
memory management, 285
OOP, 1132
task-level parallelism as higher-level, 329
academic software, licensing as, 68
acceptable risk
baselines, countermeasures and, 424
defined, 124
holistic risk management, 94
SDLC requirements gathering, 1092
site planning process, 421
acceptable use policy. See AUP (acceptable use policy)
acceptance testing, SDLC, 1099
access cards, 941
access control
administrative, 820–821
content- and context-dependent, 331, 815–816, 1175–1176
CPTED using natural, 427–430
data classification levels and, 198
data owner responsibilities for, 208
database roles for, 1160–1161
facility. See facility access control
implementing for each piece of media, 226
intellectual property, 67
layers of, 819–820
managing identity and, 817–818
markup languages and, 787–792
media, 223
monitoring with IDS. See IDSs (intrusion detection systems)
monitoring with IPS, 837–840
Network Access Control (NAC), 643
operating system, via APIs, 294
personnel, 940–941
physical. See physical access control
PKI providing, 406
practices for, 825–828
reference monitor enforces, 310
security models for. See security models
technical, 822–825
threats to, 840–846
web security and, 1153
access control, identity and
access control mechanisms, 798–807
accountability, 733–734, 779–784
authentication, 732–736
authentication methods. See authentication methods
authorization, 733–734, 766–779
identity management and, 737–742
overview, 729–730
race conditions and, 734
review of basic concepts, 783–784
security principles, 731–732
web access management, 742–745
access control lists. See ACLs (access control lists)
access control matrix, 814–815
access control mechanisms
attribute-based access control (ABAC), 806
discretionary access control (DAC), 798–800
main characteristics of each type of, 807
mandatory access control (MAC), 800–802
overview of, 798
role-based access control (RBAC), 802–805
rule-based access control (RB-RBAC), 805–806
security administrator and, 930
access control techniques/technologies
access control matrix, 814–815
constrained user interfaces, 807–808
content-dependent access control, 815–816
context-dependent access control, 816
Diameter, 812–814
RADIUS, 808–809
TACAS, 809–812
access criteria, authorization, 766–767
access, defined, 730
access points. See APs (access points)
accessibility, of retained data, 212
accountability
access control review, 784
access management for, 733
administrative management controls, 931–932
audit logs and, 781–783
identity/access management and, 779–781
keystroke monitoring and, 783
accounts receivable insurance, 1061
accreditation, system security and, 323–325
ACID test, database software implementing, 1178–1179
ACK packet
SIP three-way handshake, 672–673
ACLs (access control lists)
access control matrix and, 814
capability tables vs., 814
default to no access and, 767–768
discretionary access control (DAC) and, 799
of dynamic packet-filtering firewalls, 623–624
enforcing at network interface, 613
enforcing packet filtering, 614
in mitigation phase of incident response, 1007
routers filtering traffic based on, 599
acoustical detection systems, IDSs, 952
acquired software, mitigating risk of, 1198
acquisition phase
asset management life cycle, 958
information life cycle, 194–195
acronyms, overlapping technology terms, 736
Actions on the Objective stage, cyber kill chain, 1004–1005
active monitor, Token Ring, 563
ActiveX controls, 1150–1151
ActiveX Data Objects (ADO), 1168
AD (architecture description), 252, 254–255
address buses, CPUs, 259–260
Address Resolution Protocol (ARP), 567–569
address space layout randomization (ASLR), memory protection, 273
adhoc WLANs, 532
adjustable bit rate (ABR), ATM QoS, 663
ADM (Architecture Development Method), TOGAF, 24
administrative controls
as access control layer, 819
defined, 891
facility locks, 938–939
mapping control functionalities to, 11–13
media access and, 226
remote access, 970–971
as soft controls, 8
types of, 820–821
administrative controls, auditing
account management, 891
adding accounts, 892
backup verification, 894–896
disaster recovery/business continuity, 897–902
key performance/risk indicators, 907–909
modifying accounts, 892–893
overview of, 891
running as root (admin), 893
security awareness training, 902–907
suspending accounts, 893–894
administrative interfaces, web security and, 1152–1153
administrative investigations, policy violations, 1014
administrative management, operational security
accountability, 931–932
clipping levels, 932
job rotation, 928
least privilege, 928–929
lock maintenance/procedures, 938–939
need to know, 929
networks, 929–931
separation of duties, 927–928
administrative/regulatory law, 62
ADO (ActiveX Data Objects), 1168
ADSL (Asymmetric DSL), 681
Advanced Micro Devices (AMD), trade secret law, 65
advanced persistent threats (APTs), 50–52
advisory policies, 89
adware, as malware, 1188
AES (Advanced Encryption Standard)
CCM using, 397
CMAC using, 396–397
not backward compatible with 802.11, 538
RSA using, 389
WPA2 using, 535–536
agent based centralized patch management, 994
agentless centralized patch management, 994
agents, SNMP, 574–575
aggregation, database security issue, 329–330, 1174–1175
Agile methodologies, 1108–1111
aging, password, 758
AH (Authentication Header), IPSec suite, 685
AIC (availability, integrity, and confidentiality) triad, 3–6
AIK (Attestation Identity Key), TPM, 414
AirSnort, cracking WEP encryption, 535
ALE (annual loss expectancy), quantitative risk analysis, 113–115, 119
algebraic attacks, on cryptography, 419
algorithms
broken, 376
cipher as another term for, 341
defined, 346
encryption strength from, 349–350
functions of different, 409
Kerckhoffs’ principle and, 349
keyspaces of, 347–348
public vs. secret, 417
in substitution cipher, 356
in transposition cipher, 356–358
ALU (arithmetic logic unit), CPU, 256–257
AMD (Advanced Micro Devices), trade secret law, 65
American National Standards Institute. See ANSI (American National Standards Institute)
American Society for Testing and Materials (ASTM), fire resistance ratings, 455
“An Introduction to Virtualization” (Singh), 303–304
analog signals, physical data transmission, 516–518
analysis phase, of forensic investigations, 1016, 1021
analytic attacks, on cryptography, 419
Android Data company, trademark law and, 65
annual loss expectancy (ALE), quantitative risk analysis, 113–115, 119
annualized rate of occurrence (ARO), quantitative risk analysis, 113–115
annunciator system, CCTV cameras, 951
anomaly detection, and sessions termination, 785
anonymity, proxy servers for online, 637
ANSI (American National Standards Institute)
FCoE, 515
FDDI, 564
Lucifer, 375
antennas, satellite, 544
antimalware
on mobile systems, 333
policy, 1195
prevention with, 990
programs, 1196–1197
software, 1191–1194
stealth viruses tricking, 1185
tunneling viruses intercepting, 1186
any-to-any connection, X.25, 662
anycast address, IPv6, 511
APIs (application programming interfaces)
application/protocol communication via, 487–488
function at security perimeter, 308
operating system access control, 294
overview of, 1137–1138
software-defined networking, 641
appendices, of technical audit reports, 912
Apple’s Face ID, facial scan, 755
appliances, firewalls as, 625
application layer (layer 7), OSI
application-level proxy firewalls, 620
characteristics of, 621
functions and protocols in, 496
overview of, 487–488
application-level proxy firewalls
circuit-level proxy firewalls vs., 623
kernel proxy firewalls vs., 624–625
other firewall types vs., 626
overview of, 620–621
application objects, CORBA, 1140
application programming interfaces. See APIs (application programming interfaces)
application-specific integrated circuit (ASIC), multilayered switches, 602
application suites, 304
applications
asset inventory of, 957
auditing events, 781
classifying, 201
client-based systems and, 326
functionality vs. security of, 1087–1088
lines and lines of instructions in, 257
memory mapping, 265–268
OS software controls vs., 1087
session layer protocols connecting, 490–491
system owner responsibilities, 208
XSS attacks on, 1157
APs (access points)
during roaming with 802.11f, 540
secure physical location for, 544
WEP authentication to, 533
WLANs and, 532
APTs (advanced persistent threats), 50–52
architecture
analyzing website security, 332
architecture frameworks vs., 18–19
computer. See computer architecture
defined, 252
enterprise. See enterprise architecture
enterprise security. See enterprise security architecture
firewall, 626–632
IDS vs. IPS, 838–839
MANs, 649
OS integration with CPU, 291–295
principles of network, 482–483
security. See security architecture and engineering
SIP, 673–674
technical controls for network, 823–824
terms and relationships for, 253–255
views, 254–255
web application security principles, 1159
architecture description (AD), 252, 254–255
Architecture Development Method (ADM), TOGAF, 24
archival phase, information life cycle, 195–196
archive bits, tracking modified files, 1041
archiving log events, 884–885
arithmetic logic unit (ALU), CPU, 256–257
Arnold, Benedict, 345
ARO (annualized rate of occurrence), quantitative risk analysis, 113–115
ARP (Address Resolution Protocol), 567–569
artificial intelligence
data mining using, 1179
for natural programming languages, 1125
in rule-based IDS, 834–835, 836
artistic works
copyright law for, 63–64
as copyrighted property, 62
software piracy of, 67–70
ASIC (application-specific integrated circuit), multilayered switches, 602
ASLR (address space layout randomization), memory protection, 273
ASOR (authoritative system of record), credentials, 746
ASs (autonomous systems), Internet and, 591–592
assembly languages, 1123–1124, 1126
assessment
of damage in disaster recovery, 1063–1064
defined, 864
risk. See risk assessment
risk management process, 96–101
social engineering, 993
training, 162
asset security
classification, 197–203
configuration management, 960–963
data leakage, 231–240
data security controls, 219–223
defense-in-depth for, 10
defined, 193
electronic, 49
information life cycle, 194–197
inventory of, 956–957
layers of responsibility, 203–210
management of, 957–960
media controls, 223–228
mobile device protection, 229
overview of, 193
paper records, 229–230
privacy protections, 214–219
retention policies, 210–214
review answers, 247–249
review questions, 243–247
review quick tips, 241–243
review summary, 241
safes for, 230
selecting standards for, 231
valuation report, 102
assisted password reset, 749–750
assurance evaluation, systems
Common Criteria, 319–322
overview of, 318
submitting products to, 322–323
ASTM (American Society for Testing and Materials), fire resistance ratings, 455
asymmetric algorithms
Diffie-Hellman, 385–388
ECC, 391
El Gamal, 391
encryption using, 361–363
examples of, 363
knapsack, 391–392
overview of, 385
RSA, 388–391
symmetric algorithms vs., 359
various functions of different, 409
Asymmetric DSL (ADSL), 681
asymmetric keys (public and private keys)
asymmetric cryptography using, 361–363
defined, 359
TPM storing/processing, 414–416
asymmetric mode of multiprocessing, 261
asynchronous attacks, 340–341
asynchronous cryptosystems, 382
asynchronous replication, 1045–1046
asynchronous token device, 759–761
asynchronous transmission, 518–520
atbash (Hebrew cryptographic method), 341
ATM (Asynchronous Transfer Mode)
characteristics, 668
encryption using CTR mode of DES, 382
Voice over ATM, 670–671
WANs using, 662–664
atomic transactions, I/O controls, 966
Atomicity, ACID test, 1178
attack surface analysis, 1093–1094
attack surface, reducing, 1198
attack trees, threat modeling via, 100–101
attackers
complexities of cybercrime, 47–48
employees/contractors as risks, 53
evolution of, 49–53
international issues, 53–58
log tampering and, 885
malware. See malware
outnumbering law enforcement in the U.S., 48
as source of threat, 99
thwarting confidentiality, 5
attacks
access control, 840–846
bastion host, 627
Bluetooth wireless, 543–544
cable modems and DSL, 682
cryptography, 415–419
DAC, 799
firewall, 632
firewall technology to mitigate, 626, 632–635
ICMP, 572
IPv4/IPv6, 513
keystroke monitoring, 783
measuring strength of cryptosystem, 349
one-way hash function, 399–400
packet-filtering firewall, 614–615
password, 756
PBX system, 608–609
penetration testing to measure resistance to, 875–876
routing protocol, 595–596
smart card, 764–765
source routing, 599
stateful firewall, 618
switched network, 602
TCP session hijacking, 506
TCP SYN flood, 506
VLAN, 605
VoIP, 675–677
attenuation
cabling issues with, 525–526
fiber-optic cabling and, 524
Attestation Identity Key (AIK), TPM, 414
attribute-based access control (ABAC), 806
attribute-value pairs (AVPs), 812–814
attributes (columns), relational database model, 1162–1163
audit, defined, 864
audit-reduction tool, 782
audit trails, 779–782
auditing
accountability/review of events, 931–932
accountability via, 779–780
administrative controls. See administrative controls, auditing
change control, 1117–1118
data and log information, 782–783
data processors, 215
events, 780–781
external, 868–869
intellectual property, 67
internal, 866–868
keystroke monitoring, 783
physical access, 954–955
preventing backdoors, 339
results in management review, 915
reviewing information, 781–782
role in asset security, 210
security administrator reviews logs, 931
strategies for conducting, 864–866
technical controls. See technical controls, auditing
third-party, 869–870
AUP (acceptable use policy)
adding new user accounts, 892
admissibility in court and, 1022–1023
unauthorized software and, 969
authentication
802.1X user, 536–537
and access control for web security, 1153
access control review, 783–784
access management using, 732–733
ActiveX, 1151
CAs and, 401–402
client-based systems weak in, 326
cryptosystems providing, 407
Diffie-Hellman and, 386–388
digital signatures for, 409
e-mail, 586
encrypting, 1153
federation and. See federation
and identification, 734–736
identity verified during, 733
IoT vulnerabilities, 335
IPSec system, 685
IPv6, 511
by knowledge, by ownership, by characteristic, 734–735
mitigating DNS threats, 581
NAC device, 643
personnel access controls, 940–941
PGP providing, 696
PKI, 401
protecting administrative interfaces with strong, 1153
protocols for remote, 690–692
protocols for remote access, 808
race conditions and, 734
RADIUS for simplistic, 812
RPC security issues, 491
session management and, 784
sharing data in federation, 785–787
SMTP, 588
strong (multifactor), 735
TACACS+ for more sophisticated, 812
technical controls for system access, 823
two-factor, 844
user vs. system, 736
VoIP, 676
web access management (WAM), 742–744
web application security principles, 1159
web security and, 1153
Authentication Header (AH), IPSec suite, 685
authentication methods
biometrics, 750–755
credential management systems, 745–750
cryptographic keys, 761–762
memory cards, 762
passphrases, 762
passwords, 755–761
smart cards, 763–765
authoritative name server, 577
authoritative system of record (ASOR), credentials, 746
authority, disaster recovery and, 1061
authorization
access control review, 784
code flow, OIDC, 795–796
cryptosystems and, 407
default to no access and, 767–768
defined, 733
e-mail, 586
need-to-know principle in, 768–769
OAuth standard for, 793–794
overview of, 766
before penetration testing, 876–877
race conditions and, 733
single sign-on (SSO), 769–771
single sign-on (SSO) technologies, 771–779
in two-step process of authentication, 766
using RMF, 132
before vulnerability testing, 871
authorization server role, OAuth, 793–794
auto iris lenses, CCTVs, 949
automated workflow, credential management, 745–750
automatic tunneling, IPv6, 512
automation
backups, checking integrity of, 982
BCP and task, 134
key distribution/maintenance using, 411
malware attacks using, 1183
network administration challenges, 640
risk analysis using, 112–113
scanning software inventory with, 957
smart grids for power, 447
software tools for developing BCP, 156
testing data backups using, 896
vulnerabilty testing using, 872–873
automobiles, CAN bus for, 500–501
autonomous systems (ASs), Internet and, 591–592
availability. See also network and resource availability
BCP and, 134
clustering for, 980
as critical principle of security, 3–4
disaster recovery and, 1051–1053
media control to protect, 223–228
security controls for, 5–6, 731
in use phase of information life cycle, 195
availability, integrity, and confidentiality (AIC) triad, 3–6
avalanche effect, block ciphers, 365
avoidance
malware, 1186
risk, 124
AVPs (attribute-value pairs), 812–814
B
B2B (business-to-business) communication, extranets, 646
backbone networks
FDDI, 564–566
gateways on, 606
replacing with ATM, 663
using BISDN in, 680
using ring topology, 554
backdoors
countermeasures against, 339
maintenance hooks as, 338–339
pirated software and, 957
placed by developers/removing before production, 1100
tracking hardware to mitigate, 956
Trojan horses installing, 1190
uploading rootkits through, 1187
backend devices, SCADA systems, 337
background checks, hiring personnel, 158–159
background noise, analog vs. digital signals and, 518
backup storage strategies
choosing software backup facility, 1046–1047
documentation, 1047–1048
electronic backups, 1044–1046
human resources, 1048–1050
overview of, 1040–1041
backups
in archival phase of information life cycle, 196
archives vs., 196
classified data, 200
data custodian responsibilities for, 208
data leak prevention and, 235
electric power, 446
external lighting, 946
HSM for continuous online, 983–984
as key management principle, 411
mobile device protections, 229
network availability via, 982–985
recovery sites. See recovery site strategies
restoring data from, 982
SANs providing, 979–980
supply and technology recovery, 1036–1040
testing administrative controls, 894–896
testing tapes at hot/warm sites, 1032–1033
virtual machines managing, 304
backward-compatibility
802.11a does not have, 539
802.11ac has, 541
802.11b has, 539
802.11n has, 541
Diameter and, 813
perpetuating vulnerabilities in older protocols, 548
TACAS+ and, 809
badges, as internal security control, 955
bait, honeypot success and, 998
balanced scorecards, 31, 165–166
bandwidth
ATM guaranteed, 662
bridges ensuring better, 597
cabling and, 522
data throughput vs., 518
DSL, 680
FHSS, 529
FHSS vs. DSSS, 530
frame relay sharing, 660
ISDN and, 679
OFDM and, 531
PVC guaranteed, 661–662
satellites and, 545
unmanaged patching as risk to, 994
barbed wire, fence security, 943
base protocol, Diameter, 813
base registers, CPUs, 286–287
baseband technology, 520–521
baselines
clipping levels. See clipping level (threshold)
configuration management, 960–963
defined, 989
IDSs/IPSs, 989
implementation, 92–93
ISMS, 908
mobile device protection, 229
procedures, 92
security effectiveness and, 31, 90–91
Basic Rate Interface (BRI) ISDN, 679–680
Basic Service Set (BSS), infrastructure WLANs, 532
batch processing, databases, 1173–1174
Bayes, Thomas, 1194–1195
Bayesian filtering, spam detection, 1194–1196
BCM (business continuity management)
defined, 132
in enterprise security program, 138–141
standards and best practices, 136–138
BCP (business continuity plan)
backup storage. See backup storage strategies
benefits of, 135
business process recovery, 1028–1029
choosing where to store, 1049
components. See BCP project components
contingency planning vs., 985
defined, 897
disaster recovery metrics, 1025–1028
integrating into enterprise security program, 138–141
life cycle, 902–903
maintaining, 901–902
management support for, 140–141
overview of, 132–134
recovery sites. See recovery site strategies
standards and best practices, 135–138
supply and technology recovery, 1036–1040
testing and revising, 897–901
types of disruptions in, 1029
using BCM. See BCM (business continuity management)
BCP committee, 141, 148–149, 151
BCP project components
BCP policy, 144
BCP requirements, 147–148
business impact analysis, 148–154
initiation process, 142
interdependencies, 154–156
overview of, 141–142
policy, 143
project management, 145–146
scope, 143–144
beaconing mechanism, Token Ring, 563
BEDO DRAM (burst EDO DRAM), 263
behavior
antimalware blocking, 1193–1194
SDLC design phase, 1092–1093
behavioral-based IDS, 831–832
behavioral category, biometrics, 751
behavioral model, software requirements, 1092–1093
Bell-LaPadula security model, 312–314, 317–318
benches, natural surveillance via, 430
best-effort service, QoS, 663
best practices
BCP, 135–138
electric power, 451
ITIL for IT service management, 37–38
security frameworks, 15–16
security metric system, 166–167
as standards, 90
WLANs, 544
BGP (Border Gateway Protocol), 595
BIA (business impact analysis)
assigning values to assets, 151–155
BCP development, 135
BCP project component, 148–149
BCP-related risk assessment, 149–151
steps in, 151
Biba security model, 313–314, 318
bicycle paths, natural surveillance via, 430
big data, data warehousing/data mining and, 1181–1182
binary compatibility, with virtual machines, 304
binary data
biometric data turned into, 752–753
digital signals as, 516–517
machine language using, 1123
biometrics
authentication via, 750–753
types of systems, 753–755
BIOS, mobile device protection, 229
birthday attacks, 398–400
BISDN (Broadband ISDN), 679
bit-level parallelism, 329
bit-oriented link layer protocol, HDLC, 664–665
bit-oriented synchronous protocol, SDLC, 664
bits
address/data buses for CPUs, 260
in asynchronous transmission, 519–520
synchronous transmission using, 519–520
transmission at physical layer and, 495
bits per second, bandwidth/data throughput, 518
BitTorrent protocol, 63
black box testing, 873
black holes
honeynets vs., 997
and routers, 592
routing protocol attacks, 595
blacklisting, 989–990
blackouts, electric power voltage and, 449–450
blind tests, penetration testing, 878
block ciphers
AES, 383
Blowfish, 384
CBC mode of DES, 378–379
CFB mode of DES, 379–380
CTR mode of DES, 381–382
defined, 363
ECB mode of DES, 377–378
encryption/decryption via, 364–366
IDEA, 383–384
RC5, 384
RC6, 384
block devices, as I/O devices, 289
Blowfish, 384
Bluejacking, 543
blueprints, security/business requirements, 42–43
Bluesnarfing, 544
Bluetooth, 543–544
bollards, access control via, 428, 944
boot sector viruses, 1185
boot up, after system crash, 964–965
BOOTP (Bootstrap Protocol), for diskless workstations, 572
Border Gateway Protocol (BGP), 595
bot herder, 1189
botnets
DDoS attacks and, 704
defined, 48
life cycle of, 1189–1190
as malware, 1188–1189
bots, defined, 48
bottom-up approach, security program development, 40
boundary devices, incident response, 1007
bounds checking, buffer overflow prevention, 270
BPI/SEC (Baseline Privacy Interface/Security), DOCSIS, 681–682
brain, CPU as computer, 256
BranchScope attacks, on data in use, 223
brands, poorly managed incidents and, 1062
breaches. See data breaches
Brewer and Nash security model, 316, 318
BRI (Basic Rate Interface) ISDN, 679–680
bridges
forwarding tables and, 598–599
as network component, 597
switches combining repeaters and, 601–605
British Standard 7799 (BS7799), 16–18
broadband
satellite, 545–546
vs. baseband, 520–521
Broadband ISDN (BISDN), 679
broadcast domains, routers, 600
broadcast storms, bridges, 597
broadcast transmission method, 566–567
brownouts, electric power and, 449–450
brute-force attacks
countermeasures, 842
defeating algorithms via, 349, 375–376
against one-way hash functions, 400
as password checker tool, 757–758
on PBX systems, 608
BS7799 (British Standard 7799), 16–18
BSA (Business Software Alliance), on software piracy, 68
BSS (Basic Service Set), infrastructure WLANs, 532
buffer, defined, 269
buffer overflows
input validation and, 1097
overview, 269–273
penetration testing, 880
building codes, physical security and, 435
bulk licenses, software, 68
bulletproof doors, physical security, 439
bump key, circumventing locks, 940
burst EDO DRAM (BEDO DRAM), 263
business case
asset management life cycle, 957–958
enterprise architecture frameworks, 21–22
enterprise security architecture, 30
business continuity
management. See BCM (business continuity management)
planning. See BCP (business continuity plan)
business impact analysis. See BIA (business impact analysis)
business interruption insurance policy, 1061
business partners, external audits on behalf of, 868–869
business process tier, risk management, 94
business processes
BCP exercises and, 897–898
change management and, 961
conducting BIA. See BIA (business impact analysis)
data backup plan and, 896
recovery of, 1028–1029
risk/likelihood of exploiting, 7–8
vulnerabilities in, 992
business records exception, exceptions to hearsay evidence, 1022
Business Software Alliance (BSA), software piracy, 68
business-to-business (B2B) communication, extranets, 646
business value, data mining for, 1180–1182
BYE message, SIP, 672–673
C
C programming language, vulnerabilities, 272, 1126–1127
C&C (command-and-control)
botnets, 1189
cyber kill chain, 1004–1005
cable modems
analog telecommunications using, 518
data transmission in, 521
remote access via, 681–682
security issues of being always connected, 682
cable traps, device locks as, 938
cable TV (CATV), DOCSIS and, 681
cabling
bandwidth values, 522
coaxial, 522
Ethenet, 561
fiber-optic, 524–525
fire rating of, 526–527
overview of, 522
as physical control, 822
problems, 525–526
as transmission media, 516
twisted-pair, 522–524
cache memory, 265
call-processing manager, VoIP, 669–670
call tree, disaster recovery, 1066
camouflage, physical security for facility, 434
CAN bus (Controller Area Network bus) protocol, 500–501
capability maturity model integration. See CMMI (capability maturity model integration)
capability maturity models (CMMs), 1115
capability tables, bound to subjects, 814–815
capacitance (or proximity) detector, IDSs, 952–953
capacitors, RAM, 262
carrier signals, 516
carriers
deploying SONET networks, 647
in steganography, 354
CAs (certificate authorities), 401–403
cascading errors, threats causing, 106
cascading goals, COBIT, 33
case (common) law system, 58–59, 62
CASE (computer-aided software engineering) tools, SDLC development phase, 1095–1096
catastrophes, defined, 1029
categories
biometric system, 751
civil law, 59–60
computer crime law, 45
information system, 130
sensitivity label, 801–802
UTP cabling, 523
CATV (cable TV), DOCSIS and, 681
CBC (Cipher Block Chaining) mode, DES, 378–379
CBC-MAC (Cipher Block Chaining Message Authentication Code) function, 395–397
CBK (Common Body of Knowledge), CISSP exam, 139
CBR (constant bit rate), ATM QoS, 663
CCDs (charged-coupled devices), CCTV cameras, 948
CCM (CTR and CBC-MAC), 396–397
CCMP ( Counter Mode Cipher Block Chaining Message Authentication Code Protocol), 535–538
CCTV (closed-circuit TV) systems, 946–951
CDDI (Copper Distributed Data Interface), FDDI for UDP, 564
CDIs (constrained data items), Clark-Wilson model, 314–315
CDMA (code division multiple access), mobile wireless, 548
CDMA2000, 3GPP, 550
ceilings, facility
company entry points, 439
construction materials, 436
smoke detector installation, 456
cell suppression, preventing inference attacks, 331, 1176
cell-switching method, ATM, 662–664
cellular networks, mobile phones connected to, 545–546
Central Computing and Telecommunications Agency Risk Analysis and Management Method (CRAMM), 111
central processing units. See CPUs (central processing units)
centralized patch management, 994–995
CEO (chief executive officer), role, 205
CER (crossover error rate), biometrics, 751
CERT/CC (Computer Emergency Response Team Coordination Center), vulnerability disclosure, 991
CERT (Computer Emergency Response Team), 1003, 1005
certificate authorities (CAs), 401–403
certificate revocation lists (CRLs), PKI, 403
certificates, overview of, 403–406
certification
personnel security and, 162–163
system security and, 323–325
CFB (Cipher Feedback) mode, DES, 379–380
CFO (chief financial officer), role of, 205
chain-link fencing, sizes in, 943
chain of custody
after search and seizure, 1025
forensic investigation process, 1019–1020
what is admissible in court, 1022
Challenge Handshake Authentication Protocol. See CHAP (Challenge Handshake Authentication Protocol)
challenge/response authentication, 759–761
change control analyst, role of, 209
change control process, 961–963, 1117–1118
change management
asset management life cycle and, 958, 960
BCP maintenance in, 897
change control documentation, 962–963
change control process, 961–962, 1117–1118
configuration management vs., 961
development platforms and, 1119
software development and, 1116–1117
channel service unit/data service unit (CSU/DSU), WANs (wide area networks), 656–657
channels
communications. See communications channels
ISDN, 679–680
wireless//AP communications over same, 532
CHAP (Challenge Handshake Authentication Protocol)
PPP user authentication via, 665
remote access via, 808–812
supported by PAP, 690–691
character devices, as I/O devices, 289
characteristic, authentication by, 735
charged-coupled devices (CCDs), CCTV cameras, 948
checklist test, DRP or BCP, 898
checkpoints, database, 1173
chemical combustion, 458
chief executive officer (CEO), role, 205
chief information officer (CIO), role of, 205–206
chief information security officer (CISO), role, 207
chief privacy officer (CPO), 73, 206
chief security officer (CSO) role, 207
children processes, Unix/Linux, 276
Chinese Wall model, 316
chipping code, DSSS, 530
chips, DSSS, 530
chosen-ciphertext attacks, 416, 417
chosen-plaintext attacks, 416
CIA (confidentiality, integrity, and availability) triad, 3–6
CIDR (classless interdomain routing), 509
CIO (chief information officer), role of, 205–206
cipher
attributes, 364–365
locks, 936–938
overview of, 356
substitution, 356
as term for algorithm, 341
transposition, 356–358
Cipher-Based Message Authentication Code (CMAC), 396–397
Cipher Block Chaining (CBC) mode, DES, 378–379
Cipher Block Chaining Message Authentication Code (CBC-MAC) function, 395–397
ciphertext
chosen-ciphertext attacks, 416
ciphertext-only attacks, 415
defined, 346
how DES works, 376
plaintext vs., 343
CIR (committed information rate), 660–661, 671
circuit-level proxy firewalls
application-level proxy firewalls vs., 623
overview of, 620–622
vs. other firewall types, 626
circuit switching
packet switching vs., 659
PSTN, 668
WANs, 657–658
CIS (computer information system), threat modeling, 98
CISO (chief information security officer), role, 207
civil (code) law, 58
civil investigations, 1015
Clark-Wilson security model, 314–315, 318
classes
IP addressing and, 507
OOP and, 1128–1129
classful (classical) IP addresses, 509
classification
of fire, 457–459
of gates, 944
classification, levels of data
and accessing retained data, 212
in data mining, 1181
data owner responsibility for, 208
I/O controls using, 966
implementing controls and, 201–203
levels, 198–201
mandatory access control (MAC) and, 800–801
overview of, 197–198
security architecture requirements, 307
classless interdomain routing (CIDR), 509
cleanroom methodology, software development, 1112
cleanup rule, firewalls, 634
cleartext, never send anything in
passwords, 841
remote access, 970
session management and, 1159
client-based systems, security issues, 326
client role, OAuth, 793–794
client/server model
CORBA and, 1139–1141
DCE as, 1138–1139
distributed computing and, 1138
overview of, 326
proxy servers controlling traffic in, 635–637
RADIUS/TACACS+ protocols for, 813
client-side validation, 1155
clients, workstations vs. web-based, 645
climate control, 451
Clinger-Cohen Act, 22
clipping level (threshold)
administrative management and, 932
after failed password logon, 757
clock synchronization
DCE time service and, 1138
NTP and, 883–884
synchronous transmission and, 519–520
closed-circuit TV (CCTV) systems, 946–951
closed-loop connection, ring topology, 552–553, 555
closed systems, vs. open systems, 325
cloud computing
frame relay and, 660
integrating IDaaS, 796–798
provisioning assets, 971
security and, 326–327
SOA vs., 1147
clustering
grid computing vs., 981
network/resource availability via, 980–981
OLTP used in database, 1178
CM (configuration management), 960–963
CMAC (Cipher-Based Message Authentication Code), 396–397
CMMI (capability maturity model integration)
overview of, 1114–1116
process management development, 16
for security program, 39–40
CMMs (capability maturity models), 1115
coaxial cabling, 522
COBIT (Control Objectives for Information and related Technology) framework
derived from COSO IC framework, 36
overview of, 32–34
security controls development, 15
code
countering memory leaks, 274
repositories, 1118–1120
code, building good
ensuring software quality, 1083–1084
environment vs. application, 1087
functionality vs. security, 1087–1088
implementation and default issues, 1088–1089
secure coding practices, 1122–1123
security for different environments, 1086–1087
source code vulnerabilities, 1121–1123
where to place security, 1084–1086
code (civil) law, 58
code division multiple access (CDMA), mobile wireless, 548
Code of Ethics, ISC, 169
code reviews
security assessment/testing with, 888–890
for software quality, 1084
XP using continuous, 1110
code testing, technical controls, 890
CoE (Council of Europe) Convention on Cybercrime, 54
cognitive passwords, 758–759
cohesion, software development and, 1135–1136
cold sites, offsite backup facility, 1031–1032
collection phase, forensic investigations, 1016
collision attacks, 398–400, 528
collision avoidance (CSMA/CA), 528
collision detection (CSMA/CD), 528, 562
collision domains, routers and, 600
collision free, hashing algorithms, 398
columns (attributes), relational databases, 1162–1163
COM (Component Object Model), 1141–1144
combi contactless smart cards, 763
combination locks, 230, 936–938
combustible metals, suppression method, 457
command-and-control (C&C)
botnets, 1189
cyber kill chain, 1004–1005
commercial business, classifying data sensitivity, 200
commercial off-the-shelf (COTS) products, 1039
commercial software, licensing as, 68
commit operations, databases, 1173
committed information rate (CIR), 660–661, 671
Committee of Sponsoring Organizations (COSO), 15, 36
Common Body of Knowledge (CBK), CISSP exam, 139
common (case) law system, 58–59, 62
common combustibles, suppression, 457
Common Criteria, 319–322
Common Object Request Broker Architecture (CORBA), 1139–1141
Common Weakness Enumeration (CWE), MITRE, 1096–1097
communications
implementing disaster recovery, 1066–1067
incident response policy on, 1003
between IPv4 and IPv6 networks, 512
multiservice access technologies, 668–670
network security and. See network security
security audit results, 866
using alternate forms during BCP exercises, 898
communications channels
creating platform independent of organization, 1066
H.323 gateways, 670–671
IP telephony issues, 675–676
network security, 668–677
overview of, 668
protocol for city-wide disaster, 1048
SIP, 671–674
VoiP security measures, 676–677
wireless, 528–531
communities, SNMP, 575
community strings, SNMP, 575–576
compensating controls, 10–13
compiled code, defined, 1121
complexity
layered operating systems and, 297
security vs., 538
compliance
audits, using third parties for, 870
regulatory investigations for organizational, 1015
component container, ActiveX, 1151
Component Object Model (COM), 1141–1144
compression
digital signal, 518
presentation layer, 489
VoIP, 669
computer-aided software engineering (CASE) tools, SDLC, 1095–1096
computer architecture
buffer overflows, 269–273
cache memory, 265
central processing unit (CPU), 256–260
memory leaks, 274
memory mapping, 265–269
memory protection techniques, 273
memory types, overview, 261–262
multiprocessing, 261
overview of, 256
random access memory (RAM), 262–263
read-only memory (ROM), 264–265
computer-assisted crimes, 45–46
computer controls, as physical controls, 822
computer crime laws
common schemes of, 52
complexities in cybercrime, 47–48
definition of property to include data, 49
electronic asset protection, 49
evolution of attacks, 49–53
international issues, 53–58
laws, 45–47
computer crimes
search and seizure activities, 1024–1025
surveillance when identifying, 1023–1024
computer criminals, 1012–1013
Computer Emergency Response Team (CERT), 1003, 1005
Computer Emergency Response Team Coordination Center (CERT/CC), vulnerability disclosure, 991
Computer Ethics Institute, 170
computer forensics, 1010
computer information system (CIS), threat modeling, 98
computer is incidental, crime, 45–47
computer surveillance, 1024
computer-targeted crimes, 45–46
computers
transport layer protocol connections between, 492
working in binary and digital, 518
concentrators, as hubs, 596
concurrency problems, databases, 1171–1172
confidential information, classification level, 199–200
confidentiality
Bell-LaPadula model and, 312–313
as critical principle of security, 5
cryptosystems for, 406
data and log information, 782–783
database views for, 807
disaster recovery and, 134
encrypted messages providing, 408
intellectual property, 67
IPv6 and, 511
mandatory access control (MAC) for, 801
media control to protect, 223–228
security controls for, 6, 731–732
use phase of information life cycle and, 195
via cryptography. See cryptography
configuration management
of firewall rules, 988
secure resource provisioning and, 960–963
software, 1120–1121
unmanaged patching as risk to, 994
conflicts of interest, internal audits, 867
confusion, strong ciphers and, 364–365
congestion controls, TCP vs. UDP, 504
connection-oriented switching
ATM, 662–664
frame relay, 659–661
TCP, 662
connectionless switching, IP as, 662
connectivity
IDaaS integration issues, 797
of NGFWs to external data sources, 625
proxy firewalls break, 619
repeaters provide simple, 596
TCP vs. UDP, 504
consequences vs. likelihood, qualitative risk analysis, 116–117
Consistency, ACID test, 1178
consistency, information life cycle, 195
constant bit rate (CBR), ATM QoS, 663
constrained data items (CDIs), Clark-Wilson, 314–315
constrained user interfaces, access control, 807–808
construction materials, physical security, 435–438
contact smart cards, 763
contactless smart cards, 763
contamination
crime scene, 1018
principles of criminalistics, 1016
content- and context- dependent access control
database systems, 331–332
overview of, 815–816
preventing inference attacks, 1175–1176
content filtering, web proxy servers for, 637
contingency planning, 135, 984–985
continuity planning, 132–133
continuous lighting, external boundaries, 946
continuous monitoring, prevention/detection via, 986–987
contracts
external audits tied to, 868, 869
recovery site, 1030
security considerations, 1059
control, change, 961–963, 1117–1118
control environment, COSO IC framework, 36
Control Objectives for Information and related Technology. See COBIT (Control Objectives for Information and related Technology) framework
control plane, SDN, 639–641
control unit, CPU, 258
control zones
as electrical transmission countermeasure, 828
as physical controls, 822
Controller Area Network bus (CAN bus) protocol, 500–501
controls
assessing, 121–122
classification of, 201–203
continuous monitoring of, 986–987
data, 219–223
data custodian responsibilities for, 208
data owner responsibilities for, 208
defined, 7–8
development of security, 32–37
development of software, 1084
diversifying physical security, 953–954
functionalities of, 10–13
identifying preventive, in developing BCP, 135
industrial control systems (ICS), 336
information life cycle, 195
internal security, 955
media, 223–228
mitigating risks with right, 986
Network Access Control (NAC), 643
operating system vs. application software, 1087
placing/configuring, 986
reducing overall risk, 122
risk management framework for, 130–132
security principles for, 731–732
selecting, 119–121
web access management for user, 742–745
converged protocols, 515–516
conversations, as TDMA in action, 548
cookies
Internet security and, 700–702
parameter validation and, 1157
session management and, 1159
web access management (WAM) and, 744
cooperative multitasking, 276
copper cable, 522–524
Copper Distributed Data Interface (CDDI), FDDI for UDP, 564
copyright law
Digital Millennium Copyright Act, 69–70
overview of, 63–64
copyrighted data, DRM for, 414–415
CORBA (Common Object Request Broker Architecture), 1139–1141
core RBAC (role-based access control), 803–804
corporate espionage, 84–85
corporate ethics program, 172
corporate governance, with COSO IC, 36–37
corrective controls, defined, 10–13
COSO (Committee of Sponsoring Organizations), 15, 36
COSO IC (Internal Control)—Integrated Framework
COBIT derived from, 36
defined, 15
Enterprise Risk Management—Integrated Framework, 129
Sarbanes-Oxley Act and, 37
cost/benefit analysis
control selection, 119–121
risk analysis, 102
costs
as approach to executive summaries, 912
evaluating security, 1054–1055
of frame relay, 660
of hiring MSSPs, 999
resistance to biometrics due to, 752
saving with hierarchical storage management, 984
of smart cards, 764
of third-party audits, 869
COTS (commercial off-the-shelf) products, 1039
Council of Europe (CoE) Convention on Cybercrime, 54
Counter (CTR) mode, DES, 381–382
Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP), 535–538
counter-synchronization token device, one-time passwords, 759–760
coupling, low and high, 1136–1137
covert channels, 315–316
covert storage channels, 315–316
covert timing channels, 316
CPO (chief privacy officer), 73, 206
CPTED (Crime Prevention Through Environmental Design), 426–431
CPUs (central processing units)
architecture integration with OS, 291–295
interrupts, 289–291
memory mapping, 265–268
multiprocessing, 261
multitasking optimizing, 275
operation modes, 294
process activity, 282–283
process interaction with, 277–279
process scheduling and, 281–282
protecting data in use, 222–223
thread management, 279–281
understanding, 256–260
CRAMM (Central Computing and Telecommunications Agency Risk Analysis and Management Method), 111
CRC (cyclic redundancy checks), message integrity and, 393
credential management systems
assisted password reset, 749–750
authentication via, 745–746
legacy SSO for, 750
password managers, 748
password synchronization, 748–749
profile update, 748
registration, 746–747
self-service password reset, 749
SSO for. See SSO (single sign-on)
credentials
authentication, 733
brute-force attacks, 842
dictionary attacks, 841–842
PAP authentication limitations, 690
spoofing at logon attacks, 842–843
unmanaged patching as risk to, 994
web access management (WAM), 742–743
credit cards, PCI DSS protection, 79–81
creep, authorization, 769, 931
crime
computer. See computer crime laws
controlling scene of, 1017–1018
predeveloped malware crimeware toolkits, 1191
Crime Prevention Through Environmental Design (CPTED), 426–431
criminals
advanced persistent threat (APT) and, 50–53
evolution of attacks by organized, 49–53
investigations, 1014–1015
principles of criminalistics, 1016
criticality, data classification and, 197
CRLs (certificate revocation lists), PKI, 403
CRM (customer relationship management), 748
cross certification, CAs, 402
cross-site scripting (XSS) attacks, on input validation, 1155–1156
crossover error rate (CER), biometrics, 751
crosstalk, cable issues, 526
cryptanalysis, defined, 345–346
cryptographic hash chaining, 885
cryptographic keys, authentication, 761–762
cryptographic life cycle, 406
cryptographic transformation, encryption and, 368–369
cryptography
applying, 406
asymmetric systems, 385–392
attacks on, 415–419
ciphers, 356–358
definitions and concepts, 346–348
Digital Rights Management (DRM) and, 414–415
Digital Signature Standard (DSS) and, 409–410
digital signatures, 407–409
encryption. See encryption
I/O controls using, 966
international import/export laws, 57
Kerckhoffs’ principle, 349
key management, 410–412
message integrity, 393–400
notation, 385
one-time pad, 350–352
public key infrastructure (PKI), 400–406
running and concealment ciphers, 352–353
services of cryptosystems, 406–407
steganography, 353–355
strength of cryptosystems, 349–350
symmetric systems, 374–385
Trusted Platform Module (TPM), 412–414
zero knowledge proof and, 392
cryptography, history of
atbash scheme, 341
Caesar cipher, 342–343
cryptanalysis, 345–346
Germany’s Enigma machine in WWII, 344–345
in government and military, 344–345
hieroglyphics, 341–346
invention of computers, 345
invention of microprocessors, 345–346
Mary, Queen of Scots, and, 345
polyalphabetic substitution cipher, 343–344
ROT13 method, 343
scytale cipher, 342
substitution cipher, 341–342
cryptosystems
asynchronous vs. synchronous, 382
components of, 347
defined, 346
services of, 406–407
side-channel attacks exploiting data leaks in, 222
strength of, 349–350
symmetric cryptography used by, 359–361
CSMA/CA (collision avoidance), 528
CSMA/CD (collision detection), 528, 562
CSO (chief security officer) role, 207
CSU/DSU (channel service unit/data service unit), WANs (wide area networks), 656–657
CTR and CBC-MAC (CCM), 396–397
CTR (Counter) mode, DES, 381–382
customary law system, 60
customer feedback, management review, 915
customer focused, Agile methodologies as, 1109
customer relationship management (CRM), 748
CWE (Common Weakness Enumeration), MITRE, 1096–1097
CWE/SANS Top 25 Most Dangerous Software Errors list, 1096–1097
cyber insurance, 1060
cyber kill chain, 1004–1005
cyber-physical systems
defined, 334
distributed control system (DCS), 337
embedded systems, 335
industrial control systems (ICS), 336
industrial control systems (ICS) security, 338
Internet of Things (IoT), 335–336
overview of, 334
programmable logic controllers (PLC), 336
supervisory control and data acquisition (SCADA), 337–338
system security architecture, 334–338
cyber squatting, domain name registration, 583
cybercrime. See also incident management process
complexities in, 47–48
with crimeware toolkits, 1191
cyberlaw, defined, 45
cyclic redundancy checks (CRC), message integrity and, 393
D
DAC (discretionary access control)
access control matrix and, 814
characteristics of, 806
overview of, 798–800
RBAC and, 805
DAC (dual-attached concentrator), FDDI rings, 565
damage assessment, disaster recovery, 1063
DAS (data acquisition servers), SCADA, 337
DAS (dual-attachment station), FDDI rings, 565
DASD (direct access storage device), 977–978
dashboards, and security effectiveness, 31
data
backup types, 894–895
backups. See backup storage strategies; backups
classifying. See classification, levels of data
encrypting for confidentiality. See encryption
gathering in incident response, 1005–1006
information life cycle, 194–197
integrity protection for, 4
international cybercrime issues, 53–56
OSI model for. See OSI (Open Systems Interconnection) model
property includes electronic, 49
security metric system for, 165–167
security principles, 731–732
threat modeling vulnerabilities of, 98
data acquisition servers (DAS), SCADA, 337
data analyst, role of, 209
data at rest
endpoint DLP protection policies, 238–239
security controls, 220–221
vulnerabilities of, 98
data breaches
evaluating cost of security, 1055
most organizations do not have to report, 48
other nations’ laws pertaining to, 85
overview of, 83–84
of personal health information, 220
U.S. laws pertaining to, 84–85
data buses, CPUs, 259–260
data circuit-terminating equipment (DCE), 657, 660
data control language (DCL), databases, 1169
data custodian, role of, 208
data definition language (DDL), databases, 1169
data dictionary, 1169–1170
data diode, 885
data encapsulation, 282–283, 485–486, 506–507
Data Encryption Algorithm (DEA), and DES, 375
data execution prevention (DEP), memory protection technique, 273
data flows, data leak prevention, 234–235
data hiding
in layered operating systems, 296–297
OOP, 1131
via encapsulation, 283
data in motion
network DLP protection policies, 237–239
security controls, 221–222
vulnerabilities of, 98
data in use
endpoint DLP protection policies, 238–239
security controls, 222–223
vulnerabilities of, 98
data leak prevention. See DLP (data leak prevention)
data leakage
asset security, 231–240
common cause of data breach, 232
costs of, 231–232
data leak prevention (DLP), 232–237
data loss vs., 233
endpoint DLP, 239–240
hybrid DLP, 240
mobile devices as means of, 333
network DLP, 237–239
data link layer (layer 2), OSI
basic switches working at, 601
bridges working at, 597–599
frame relay working at, 660
functions and protocols in, 497
overview of, 494–495
protocols, 666–667
security standards, 513–515
synchronization rules, 519
data loss, vs. data leakage, 233
data manipulation language (DML), 1169
data mining, 1179–1182
data modeling, 1135
Data-Over-Cable Service Interface Specifications (DOCSIS), CATV, 681
data parallelism, 329
data processors, 215
data protection, 906–907
Data Protection Directive (DPP), EU, 55
Data Protection Officer (DPO), GDPR, 56
data remanence, privacy, 215–218
data security controls, asset security, 219–223
data structures, 506–507, 1135–1136
data terminal equipment (DTE), 657, 660
data throughput, 518
data transfer rates, 540–541, 544
data warehousing, 1179–1182
database
backup process, 895
characteristics of, 1161–1162
integrity protection, 4
security issues, 329–332
system security architecture, 329–332
database administrators, 1161
database management
data warehousing and data mining, 1179–1182
database models, 1162–1166
database views, 1176–1177
integrity, 1171–1174
key terms, 1165–1166
OLTP, 1178–1179
overview of, 1160
polyinstantiation, 1177–1178
programming interface languages, 1167–1169
relational database components, 1169–1171
restricting access with roles, 1160–1161
security issues, 1174–1176
software, 1160–1162
database management systems (DBMSs), 895, 1161
database models
hierarchical data model, 1162–1164
network database model, 1164–1165
object-oriented database, 1165
object-relational database (ORD), 1166–1167
relational database model, 1162
datagrams, UDP, 507
DBMSs (database management systems), 895, 1161
DCE (data circuit-terminating equipment), 657, 660
DCE (Distributed Computing Environment), 1138–1139
DCL (data control language), databases, 1169
DCOM (Distributed Component Object Model), 1138–1139, 1142–1143
DCS (distributed control system), 337
dd Unix utility, collecting digital forensic data, 1016
DDL (data definition language), databases, 1169
DDoS (distributed denial-of-service) attacks
countermeasures, 705
life cycle of botnets, 1189–1190
network-based, 704–705
on packets, 633
using CDNs to mitigate, 639
DDR SDRAM (double data rate SDRAM), 263
DEA (Data Encryption Algorithm), and DES, 375
debugging, with virtual machines, 304
“Declaration of Use,” U.S. Patent and Trademark Office, 65
dedicated lines
characteristics of, 667
dedicated links as, 652–653
drawbacks of, 654
T-carrier lines as, 653–654, 663
using frame relay vs., 659–661
voice data multiplexed in PBX onto, 607
default deny, secure coding practices, 1122
default settings, software implementation issues, 1088–1089
default to no access, access control and, 767–768
defense-in-depth
multihomed firewalls lacking, 628
multiple security controls for, 9–10
secure coding practices, 1122
deferred commitment, OOP, 1130
Defined Terms, BCP project documents, 146
degaussing
clearing media via, 225
eliminating data remanence via, 218
delayed loss, risk assessment, 106
deleting data securely, 215–218
delivery stage, cyber kill chain, 1004–1005
Delphi technique, risk analysis, 117
deluge water sprinkler systems, 459
demilitarized zones. See DMZs (demilitarized zones)
denial-of-service. See DoS (denial-of-service) attacks
DEP (data execution prevention), memory protection technique, 273
Department of Defense Architecture Framework (DoDAF), 15, 24–25
Department of Defense (DoD), 24, 39
Department of Veterans Affairs (VA) Information Security Protection Act, privacy, 76
deprovisioning accounts, 818
depth of field, CCTVs, 949
DES (Data Encryption Standard)
3DES vs., 382–383
AES replacing, 383
CBC mode, 378–379
CFB mode, 379–380
CTR mode, 381–382
Double-DES issues, 382
ECBmode, 377–378
history of, 375–376
how it works, 376
modes of, 377
OFB mode, 380–381
RSA algorithm used with, 389
as symmetric algorithm, 375
when algorithm is broken, 376
design phase, defined, 253
design phase, SDLC, 1092–1095
destruction
eliminating data remanence via physical, 218
information life cycle, 196–197
detection. See also IDSs (intrusion detection systems)
detective controls, 10–13
fire, 453–457
incident response process, 1005
types of, 454–457
deterrent controls, functionality of, 10–13
development, defined, 253
development environments, security of
code repositories, 1119–1120
development platforms, 1118–1119
isolating from production environments, 1119
overview of, 1118
software configuration management, 1120–1121
development phase, SDLC, 1095–1098
device locks, facility access control, 938
device-to-device communications, HDLC for serial, 664–665
devices
connecting to FDDI rings, 565
emanation security, 827
as endpoints, 641–642
role of security administrator, 930
security of development platforms and, 1118–1119
DevID (per-device identifiers) IEEE 802.1AR, 514
DevOps, 1112–1113
DevOps Maturity Model, 1116
DFRWS (Digital Forensic Research Workshop), 1011
DHCP (Dynamic Host Configuration Protocol), 569–572
dial-up modems
remote access via, 677–678
war dialing using, 878–879
Diameter, remote access control via, 812–814
dictionary attacks
countermeasures, 841–842
as password checker tool, 757–758
on passwords, 756
on user credentials, 841
differential backups, data storage, 1042–1043
differential cryptanalysis attack, 417
differential power analysis, side-channel attacks on smart cards, 764
differentiated service, QoS, 664
Diffie-Hellman algorithm
El Gamal algorithm extending, 391
man-in-the-middle attacks and, 402
MQV authentication key agreement and, 388
diffusion, in strong ciphers, 364–365
digital certificates, TLS reliance on, 221–222
digital evidence. See also evidence
defined, 1010
proper collection of, 1010–1011
Digital Forensic Research Workshop (DFRWS), 1011
digital forensics. See also forensic investigation process, 1010
digital identity, 785
Digital Millennium Copyright Act (DMCA), 69–70
Digital Rights Management (DRM), cryptography, 414–415
digital signals, physical data transmission via, 516–518
Digital Signature Algorithm (DSA), 363, 410
Digital Signature Standard (DSS), 399, 409–410
digital signatures
authentication, 409
biometric signature dynamics vs., 754
certificate authorities and, 401–402
defined, 407
El Gamal algorithm used for, 391
knapsack algorithms, 391
RSA algorithm used for, 388
TPM storing/processing, 414–416
via cryptographic keys, 761–762
digital subscriber line. See DSL (digital subscriber line)
digital zoom, CCTVs, 949
dips, electric power voltage fluctuations, 449–450
direct access storage device (DASD), 977–978
direct memory access (DMA), I/O using, 290–291
direct sequence spread spectrum (DSSS), 529–530, 539
directives, privacy, 73–74
directories
identity management (IdM), 739–742
penetration testing of permissions, 881
directory services
managing objects, 744
SSO technology, 776–779
directory tree structure, DACs applied to, 799
disaster recovery. See also DRP (disaster recovery plan)
availability, 1051–1053
backup storage strategies, 1040–1050
business process recovery, 1028–1029
end-user environment, 1050–1051
goal of, 132
high availability and, 1053
overview of, 1025–1028
reciprocal agreements, 1034–1035
recovery site strategies, 1029–1033
redundant sites, 1035–1036
supply and technology recovery, 1036–1038
disaster recovery, implementing
assessment, 1063–1064
communications, 1066–1067
goals and, 1061–1062
personnel, 1062–1063
preventive measures vs. recovery strategies, 1028
restoration, 1064–1065
training, 1067
disaster recovery plan. See DRP (disaster recovery plan)
disasters, defined, 1029
disc drives, RAID using, 975–978
discrete logarithms, El Gamal, 391
discretionary access control. See DAC (discretionary access control)
disk duplexing, defined, 1044
disk mirroring, defined, 1044
disk shadowing, electronic backups, 1044
disposal
data classification and, 198
information life cycle phase, 196–197
secure activities for media, 227–228
disruptions, recovery site strategies for, 1029–1033
distance-vector routing protocols, 593, 595
distinguished names (DNs), 739, 741
Distributed Component Object Model (DCOM), 1138–1139, 1142–1143
distributed computing
adds layers of complexity to security, 1147–1148
COM and DCOM, 1141–1142
CORBA and ORBs, 1139–1141
DCE, 1138–1139
Java Platform, Enterprise Edition (Java EE), 1144
overview of, 1138
security and, 326
SOAP providing via web applications, 1146–1147
Distributed Computing Environment (DCE), 1138–1139
distributed control system (DCS), 337
distributed denial-of-service (DDoS) attacks
countermeasures, 705
life cycle of botnets, 1189–1190
network-based, 704–705
on packets, 633
using CDNs to mitigate, 639
distributed interprocess communication (IPC), 1142
Distributed Network Protocol 3 (DNP3), SCADA, 500
distribution facilities, physical security, 444–445
DKIM (DomainKeys Identified Mail) standard, 588–589
DLL (dynamic link library), defined, 286
DLP (data leak prevention)
egress monitoring and, 998
endpoint DLP, 239–240
general approaches to, 233–237
hybrid DLP, 240
network DLP, 237–239
overview of, 232–233
resiliency, 238
DMA (direct memory access), I/O using, 290–291
DMARC (Domain-based Message Authentication, Reporting and Conformance), 588
DMCA (Digital Millennium Copyright Act), 69–70
DML (data manipulation language), 1169
DMZs (demilitarized zones)
creating with firewalls, 611–612
creating with screened subnet firewalls, 629–632
e-mail spam using, 586–587
honeypots usually sitting in, 642
multihomed firewall architecture and, 627
securing WLANs by putting APs in, 544
technology recovery and, 1038
DNP3 (Distributed Network Protocol 3), SCADA, 500
DNs (distinguished names), 739, 741
DNS (Domain Name System)
domain name registration issues, 583
Internet DNS and domains, 578–579
network-based hijacking attacks, 706–707
overview of, 576–578
resolution components, 579–580
splitting, 582
threats to, 581–583
DNS poisoning, in pharming attacks, 844–845
DNS proxy servers, 637
DNS security (DNSSEC), 581–582
DNSSEC (DNS security), 581–582
DOCSIS (Data-Over-Cable Service Interface Specifications), CATV, 681
Document Object Model (DOM), XSS vulnerabilities and, 1156
documentation
acceptable use policy, 1022–1023
backup storage strategies, 1047–1048
change control, 962–963
continuity planning, 146
controlling crime scene, 1017–1018
damage assessment in disaster recovery, 1063
hardware/software backup to offsite facility, 1047–1048
history of changes to media, 226
by incident response team, 1002
internal audits, 868
penetration testing authorization, 876–877
restoration phase of disaster recovery, 1064
security audit process, 866
security controls, 132
testing data backups, 896
vulnerability assessment, 992
vulnerability testing authorization, 871
documents
macroviruses infect/replicate in, 1184
using OLE to embed/link objects and, 1143–1144
DoD (Department of Defense), 24, 39
DoDAF (Department of Defense Architecture Framework), 15, 24–25
dogs, physical security operations, 954
DOM (Document Object Model), XSS vulnerabilities and, 1156
Domain-based Message Authentication, Reporting and Conformance (DMARC), 588
domain grabbing, 583
Domain Name System. See DNS (Domain Name System)
DomainKeys Identified Mail (DKIM) standard, 588–589
domains
defined, 295
domain name registration issues, 583
Internet DNS and, 578–579
network, 776–777
overview of, 775–776
process, 295
security, 776
doors, facility
company entry points, 438–439
construction materials, 436
panic bars, 439
server rooms, 441
types of, 439
DoS (denial-of-service) attacks
DDoS attacks, 704–705
malformed packets, 703
memory leaks and, 273
on packets, 633
process scheduling and, 282
on routing protocols, 595
on stateful firewalls, 618
VoIP and, 675
“dot dot dot slash” (path traversal) attacks, on input validation, 1154
double-blind tests, penetration testing, 878
double data rate SDRAM (DDR SDRAM), 263
Double-DES, 382
double tagging attacks, VLANs, 605
downstream suppliers, supply chain risk management, 127–128
DPO (Data Protection Officer), GDPR, 56
DRAM (dynamic RAM), 262–263
DRI International Institute’s Professional Practices for business continuity planners, 137
drive-by downloads
malware installed during, 1183
network security and, 707
security awareness training in, 905, 906
DRM (Digital Rights Management), cryptography for copyrighted data, 414–415
dropped ceilings, physical security, 440–441
DRP (disaster recovery plan). See also BCP (business continuity plan)
BCP incorporating, 897
defined, 897
goal of, 132
incident handling as part of, 1002–1003
keep copies in others locations, 1066
storage of, 1049
testing and revising, 897–901
dry pipe water sprinkler systems, 459
DSA (Digital Signature Algorithm), 363, 410
DSD (Dynamic Separation of Duties) Relations through RBAC, 804
DSL (digital subscriber line)
being always connected, security issues, 682
data transmission in, 521
many flavors of, 681
remote access via, 680
DSS (Digital Signature Standard), 399, 409–410
DSSS (direct sequence spread spectrum), 529–530, 539
DTE (data terminal equipment), 657, 660
dual-attached concentrator (DAC), FDDI rings, 565
dual-attachment station (DAS), FDDI rings, 565
dual control, as separation of duties, 157
dual-homed architecture, firewalls, 627–628, 631–632
due care
data owner responsibilities for, 207–208
defined, 147
disaster recovery training as, 1066–1067
due diligence vs., 1054–1055
liability from failure to exercise, 1053–1054
overview of, 1054–1055
role of operations department in, 926–927
due diligence
defined, 147
due care vs., 1054–1055
overview of, 1054–1055
role of operations department in, 926–927
dumpster diving, 225
Durability, ACID test, 1179
duress (or duress codes), personnel safety, 1068–1069
dynamic analysis, SDLC testing phase, 1100
Dynamic Host Configuration Protocol (DHCP), 569–572
dynamic link library (DLL), defined, 286
dynamic mapping, NAT, 590
dynamic packet-filtering firewalls, 623–624, 626
dynamic passwords, 759–761
dynamic ports, 505
dynamic RAM (DRAM), 262–263
dynamic routing protocols, 592–593
Dynamic Separation of Duties (DSD) Relations through RBAC, 804
E
e-discovery, 213–214
informing employees about monitoring of, 81–82
issue-specific security policy for, 88
malware-infected address books, 1183
meme viruses using, 1185
not opening attachments from unknown source, 1182
phishing attacks using, 843–844
standards, 695–697
viruses using, 1184
e-mail services
authorization, 586
IMAP, 585
overview of, 583–584
POP, 585
relaying, 586–587
threats, 587–589
EAC (electronic access control) tokens, 941
EAL (Evaluation Assurance Level), Common Criteria, 319, 321, 323
EAP (Extensible Authentication Protocol)
802.1X using, 536–538
extending authentication via, 691
PPP user authentication via, 665
remote access via, 808–812
variants of, 691–692
working with WPA, 534–535
EAP-TLS (Extensible Authentication Protocol-Transport Layer Security), 514–515, 537
EAP-TTLS (EAP-Tunneled Transport Layer Security), 802.1X, 537
eavesdropping
FHSS hop sequences reducing, 529
locating facility to guard against, 434
network-based, 706
VoIP security threats, 675
ECB (Electronic Code Book) mode, DES, 377–378
ECC (elliptic curve cryptosystem), 363, 388, 391
ECDSA (elliptic curve digital signature algorithm), 410
Economic Espionage Act of 1996, 84–85
Edge browser, ActiveX no longer supported, 1151
EDGE (Enhanced Data Rates for GSM Evolution), 3GPP, 550
EDI (electronic data interchange) network, 646–647
EDLP (endpoint DLP), 239–240
EDO DRAM (extended data out DRAM), 263
EDRM (Electronic Discovery Reference Model), 213–214
EEPROM (electrically erasable programmable read-only memory), 264
EER (equal error rate), biometrics, 751
EF (exposure factor), quantitative risk analysis, 113–115
EGPs (exterior gateway protocols), 595
egress monitoring, prevention and detection operations, 998
EIGRP (Enhanced Interior Gateway Routing Protocol), 594
EK (Endorsement Key), TPM persistent memory, 413
electric combustibles, suppressing, 457
electric monitoring attack, on passwords, 756
electric power
cabling for, 522–527
issues with, 448–450
overview of, 446
preventive measures/good practices, 451
protection of, 447–448
smart grids and, 446–447
electric power supplies, physical security, 437, 444
electrical equipment, and water sprinklers, 458
electrical pulses
bandwidth and, 518
measuring digital signals, 516
electrical signals, TEMPEST shielding for emanations, 827–828
electrically erasable programmable read-only memory (EEPROM), 264
electromagnetic analysis (examining frequencies), 764–765
electromagnetic interference. See EMI (electromagnetic interference)
electromechanical systems, IDSs, 952
electronic access control (EAC) tokens, 941
electronic assets, protection of, 49
electronic backup solutions, 1044–1046
Electronic Code Book (ECB) mode, DES, 377–378
electronic data interchange (EDI) network, 646–647
Electronic Discovery Reference Model (EDRM), 213–214
electronic mail gateways, 606
electronic vaulting, 1044
elliptic curve cryptosystem (ECC), 363, 388, 391
elliptic curve digital signature algorithm (ECDSA), 410
emanation security
overview of, 827
TEMPEST shielding, 827–828
using white noise, 828
embedded systems, securing, 335–336
embedding
defined, 1143
Object Linking and Embedding (OLE), 1143–1144
emergency management, safety of personnel, 1068
emergency responders, managing, 1068
emergency response procedures, disaster recovery, 900–901
emergency system restart, 964
EMI (electromagnetic interference)
BCP project components. See BCP project components
coaxial cable more resistant to, 522
electric power issues, 448–449
fiber-optic cabling unaffected by, 524
shielded twisted pair cable protection, 523
employees. See personnel
emulation buffers, antimalware, 1193
emulation of services, honeypots, 642
Encapsulating Security Payload (ESP), IPSec suite, 685
encapsulation, OOP, 1130–1131, 1134
EnCase Forensic, collecting digital forensic data, 1016–1017
encryption
802.1AE providing, 514
of all stored data, 220
as authentication best practice, 1153
of data for transmission on mobile systems, 333
El Gamal algorithm used for, 391
eliminating data remanence via, 218
Internet security and, 697–702
IoT vulnerabilities, 336
knapsack algorithms, 391
knowing where your data could end up, 221
network. See network encryption
polymorphic viruses using, 1185
at presentation layer, 489
preventing backdoors, 339
protecting data at rest, 220
protecting data in motion, 221–222
providing confidentiality, 5, 408
RSA algorithm for, 388
of some cookies, 701
technical controls for, 825
web application security principles, 1159
web-based systems, 332
encryption methods
asymmetric cryptography, 361–363
block ciphers, 364–366
cryptographic transformation techniques, 368–369
evolution of, 341
hybrid methods, 369–374
initialization vectors (IVs), 368
overview of, 358
stream ciphers, 366–367
symmetric cryptography, 359–361
symmetric vs. asymmetric algorithms, 359
transforming plaintext to ciphertext, 346
end-to-end encryption, vs. link encryption, 692–694
end-user environment, disaster recovery, 1050–1051
End User License Agreement (EULA), software licensing, 68
end users, privacy rights, 82–83
Endorsement Key (EK), TPM persistent memory, 413
endpoint DLP (EDLP), 239–240
endpoints
NAC authentication for, 643
for SCADA devices, 337
securing, 641–642
engineering, security and, 305
Enhanced Data Rates for GSM Evolution (EDGE), 3GPP, 550
Enhanced Interior Gateway Routing Protocol (EIGRP), 594
Enhanced Performance Architecture (EPA), SCADA, 500
enrollment process
biometrics, 752
password registration, 746–747, 758–759
enterprise architecture
development, 18–21
military-oriented frameworks, 25–26
security architecture, 26–31
standards, best practices, and frameworks, 15
system architectures vs., 31–32
TOGAF, 24–25
why we need frameworks, 21–22
Zachman Framework, 22–24
enterprise security architecture
business enablement and, 30
defining information security strategy, 26–27
ISMS vs., 29–30
making BCM part of, 138–141
process enhancement, 31
SABSA architecture framework, 27–29
security effectiveness, 31
strategic alignment, 29
enticement
honeypots and, 839
as legal and ethical, 1025
entity integrity, databases, 1172
entrapment
honeypots and, 839
as neither legal nor ethical, 1025–1026
entry points, physical security, 438–440
environments
availability protection for, 4
ensuring conditions do not damage media, 226–227
security architecture issues, 451–453
security for different, 1086–1089
EPA (Enhanced Performance Architecture), SCADA, 500
EPROM (erasable programmable read-only memory), 264
equal error rate (EER), biometrics, 751
eradication, malware, 1186
erasable programmable read-only memory (EPROM), 264
error-recovery, DSSS, 530
errors, reducing number of IDS/IPS, 989
escalation of privileges, buffer overflows and illicit, 1097–1098
ESP (Encapsulating Security Payload), IPSec suite, 685
espionage, Economic Espionage Act of 1996, 84–85
Ethernet
bus/star topologies used by, 553
characteristics of, 560
at data link layer, 494–495
evolution of, 560–562
Metro Ethernet, 649
ethics
licensing issues, 969
role of operations department, 926
security governance and, 169–172
EU (European Union)
Data Protection Directive (DPP), 55
General Data Protection Regulation (GDPR), EU, 55–56
EULA (End User License Agreement), software licensing, 68
European wireless rules, 802.11h for, 541
Evaluation Assurance Level (EAL), Common Criteria, 319, 321, 323
evaluation process, TCB, 308–309
events
incidents vs., 1000
log reviews and storage of, 883–884
evidence
computer forensics/proper collection of, 1010–1011
forensics as art of preserving. See forensic investigation process
life cycle of, 1023
physical security for storage facilities, 445
what is admissible in court, 1021–1023
evolutionary prototypes, software development, 1105
examination phase, forensic investigations, 1016
exclusive OR. See XOR (exclusive OR) encryption
execution domain, 307–309
execution modes, CPUs, 259
executive management, 204–207
executive succession planning, 1049–1050
executive summaries
technical audit reports as, 911
writing, 912–913
exercises, testing vs., 897
exigent circumstances, seizure of evidence, 1024
expert systems, data mining using, 1179
exploitation stage, cyber kill chain, 1004–1005
exploratory methodology, software development, 1111
exports, international laws for, 56–58
exposure, defined, 7–8
exposure factor (EF), quantitative risk analysis, 113–115
extended data out DRAM (EDO DRAM), 263
Extended TACACS (XTACACS), 809
Extensible Access Control Markup Language (XACML), 791–792
Extensible Authentication Protocol. See EAP (Extensible Authentication Protocol)
Extensible Markup Language (XML), 787–788
extensions, Diameter, 813
exterior gateway protocols (EGPs), 595
exterior routing protocols, 591–592, 595
external boundary protection
bollards, 944
fencing, 942–944
lighting, 944–946
overview of, 941–942
physical security operations, 941–951
surveillance devices, 946
visual recording devices, 946–951
external parties, data leak prevention to, 232
external (second-party) audits, 868–869
extranets, network security and, 646–647
Extreme Programming (XP), Agile, 1110