Numbers
3-D Secure protocol, 449
3DES (Triple DES), 313–315
5G wireless networks, 434–435
10BASE-2, 472
10BASE-5, 472
10BASE-T, 474
10GBASE-ER, 475
10GBASE-LR, 475
10GBASE-T, 474
100BASE-FX, 475
100BASE-T, 474
802.1Q, 511
802.1X, 442–443
802.11 wireless, 403, 432–433. See also WLANs (wireless LANs)
802.11 standard, 436
802.11a standard, 436
802.11ac (Wi-Fi 5) standard, 437
802.11ax (Wi-Fi 6) standard, 438
802.11b standard, 437
802.11be (Wi-Fi 7) standard, 438
802.11g standard, 437
802.11n (Wi-Fi 4) standard, 437
802.16 (WiMAX), 403
1000BaASE-SX, 475
1000BASE-LX, 475
1000BASE-T, 474
A
ABAC (attribute-based access control), 575–577
absolute addressing, 240
acceptability, biometric, 554
acceptable use policy (AUP), 638
acceptance, risk, 100
access aggregation, 590–591
access control, 719. See also IAM (identity and access management)
access control matrix, 579
ACLs (access control lists), 189, 538, 579
for applications, 541
authentication
behavioral characteristics, 553–554
biometric characteristics, 554–555
characteristic factor, 551–555
definition of, 541–542
device, 557–558
implementation of, 558–570
knowledge factor, 546–550
location factor, 556–557
multifactor, 557
ownership factor, 550–551
password management considerations, 548–550
physiological characteristics, 552–553
Shared Key Authentication, 440
single-factor, 557
SP 800–63 requirements, 542–546
time factor, 557
authorization
access control models, 572–579
definition of, 541
EAS (external authorization service), 578
implementation of, 558–570
permissions, 572
privileges, 572
rights, 572
centralized, 538
data, 198–199
databases, 186
decentralized, 539
default deny, 781
for devices, 540
for facilities, 540
IDaaS (Identity as a Service), 571
identification, 541
for information, 539
logical controls, 537–538
models, 572–579
ABAC (attribute-based access control), 575–577
access control matrix, 579
content-dependent access control, 578
context-dependent access control, 578
DAC (discretionary access control), 573
MAC (mandatory access control), 573–574
RBAC (role-based access control), 574
risk-based access control, 578–579
rule-based access control, 574–579
network access control devices, 491–493
physical controls, 537–538
policies, 580
process for, 534–537
provisioning, 580–582
resource identification, 536
services, 234
for systems, 539–540
third-party identity services integration, 571
threats, 584–591
access aggregation, 590–591
APT (advanced persistent threat), 591
backdoors, 590
buffer overflow, 588
DDoS (distributed DoS) attacks, 513, 515, 588
DoS (denial-of-service) attacks, 514, 588, 683
emanations, 590
malicious software, 589
mitigating, 591
mobile code, 588
overview of, 584–585
password threats, 585–586
preventing, 591
sniffing and eavesdropping, 589–590
social engineering threats, 42–43, 342, 517–518, 586–587
spoofing, 589
access points (APs). See APs (access points)
accessibility, facility, 351
accounting, 7–8
accounts
administrator, 665
power user, 665
review of, 582
revocation of, 583
service, 665
standard user, 665
transfers, 582–583
accuracy, biometric, 554
ACID test, 187
ACK flag, 456
ACLs (access control lists), 189, 538, 579
acoustical detection systems, 717
acquired software, security impact of, 775–776
Acquire/Develop phase, System Development Life Cycle, 744–745
acquisition viewpoint (AcV), 25
acquisitions, 15–16
acrylic glass, 356
Activate Product Wizard, 793
Active Directory Domain Services (AD DS), 560
active vulnerability scanners (AVSs), 607–608
ActiveX, 739–740
actual cost valuation (ACV), 704
AcV (acquisition viewpoint), 25
ACV (actual cost valuation), 704
AD DS (Active Directory Domain Services), 560
Ad Hoc mode, WLANs (wireless LANs), 436
Adams, Carlisle, 318
ADCs (application delivery controllers), 706
address buses, 236
Address Resolution Protocol (ARP), 387, 422–423, 512
addressing, IP (Internet Protocol), 392–399
absolute addressing, 240
implied addressing, 240
indirect addressing, 240
IP address spoofing, 520
IPv4, 392–399
APIPA (Automatic Private IP Addressing), 398–399
classful addressing, 393–394
IPv6 compared to, 403–416
MAC (mandatory access control), 399
NAT (Network Address Translation), 394–399, 426
PAT (Port Address Translation), 396
private addressing, 394
public addressing, 394
IPv6, 403–416
address format, 410–412
address notation, 412–413
address scope, 415–416
address types, 414–415
features of, 406–409
IPv4 compared to, 403–404, 409
threats, 409
logical, 240
network transmission, 399–403. See also transmission media
analog versus digital, 399–400
baseband, 401
broadband, 401
broadcast, 402
multicast, 402
synchronous/asynchronous, 400
unicast, 402
wired, 403
wireless, 403
overview of, 391–392
private, 394
relative, 240
ADEPT (Adobe Digital Experience Protection Technology), 348
Adleman, Leonard, 320
administrative controls, 103
administrative investigations, 63
administrative law, 45
administrators
accounts, 665
security, 19
system, 19
admissibility of evidence, 646
Adobe Digital Experience Protection Technology (ADEPT), 348
ADSL (Asymmetric DSL), 499
advanced distance vector protocols, 469
Advanced Encryption Standard (AES), 316–317, 441
advanced persistent threat (APT), 135, 591
advisory security policy, 72
adware, 769
AES (Advanced Encryption Standard), 316–317, 441
agent-based scanning, 608
agent-based SIEM (security information and event management), 614
agentless SIEM (security information and event management), 613–614
Agile model, 756–757
AHs (authentication headers), 407
AIK (Attestation Identity Key), 259
alarms, environmental, 362
ALE (annual loss expectancy), 96–97
Alexa, 277
algebraic attacks, 343
algorithms. See also ciphers
asymmetric, 319–322
definition of, 292
Diffie-Hellman, 320
ECC (Elliptic Curve Cryptosystem), 321
El Gamal, 321
Knapsack, 322
RSA, 320–321
strengths/weaknesses of, 310–311
zero-knowledge proof, 322
definition of, 293
DSA (Digital Security Algorithm), 340
Rijndael, 317
selection of, 304
3DES (Triple DES), 313–315
AES (Advanced Encryption Standard), 316–317
block ciphers, 310
Blowfish, 317
CAST, 318
comparison of, 319
definition of, 292
DES (Digital Encryption Standard), 313–316
IDEA (International Data Encryption Algorithm), 317
IVs (initialization vectors), 302, 309, 310
RC4/RC5/RC6/RC7, 318
Skipjack, 317
stream-based ciphers, 309
strengths/weaknesses of, 308–309
Twofish, 318
alignment, security function, 12–14
business case, 13
organizational mission/objectives, 12–13
organizational strategies/goals, 12–13
resources, 14
security budget, metrics, and efficacy, 13–14
all viewpoint (AV), 25
all viewpoint (required) (AV), 25
ALU (arithmetic logic unit), 235
Amazon, 192
CloudFront, 494
Kindle, 348
analog transmission, 399–400
analysts, security, 19
analytic attacks, 344
AND operations, 300–301
annual loss expectancy (ALE), 96–97
annualized rate of occurrence (ARO), 97
antennas
placement of, 444–445
types of, 445
anti-malware software, 494, 686, 772
antivirus software, 494, 686, 771
anycast, 415
APIPA (Automatic Private IP Addressing), 398–399
APIs (application programming interfaces)
security, 780
testing, 620
Apple Pay, 449
Apple Touch ID, 551–552
applets, Java, 739
application delivery controllers (ADCs), 706
Application layer
OSI model, 379
SDN (software-defined networking), 507
TCP/IP model, 383–384
application logs, 655
application owner, 19
application programming interfaces. See APIs (application programming interfaces)
application-centric threat modeling, 137
application-level proxies, 457
applications. See apps
applied cryptography, 340–341
apps
access control for, 541
application logs, 655
approval/rejection, 740–743
resource provisioning, 663
security, 287
testing, 740–743
vetting, 740–743
APs (access points), 420, 435, 444–445, 463
APT (advanced persistent threat), 135, 591
ARC (Authenticated Receive Chain), 517
architecture. See security architecture and engineering
archiving data, 199–200
arithmetic logic unit (ALU), 235
ARO (annualized rate of occurrence), 97
ARP (Address Resolution Protocol), 387, 422–423, 512
arp command, 423
artificial intelligence (AI), detection/prevention with, 689
assemblers, 734
assembly languages, 734
assessment and testing. See also DRPs (disaster recovery plans)
app testing, 740–743
controls, 108
DAST (Dynamic Application Security Testing), 750–751
design and validation of, 602–604
internal/external, 604
Red Team versus Blue Team exercises, 603–604
security assessments, 603
security auditing, 604
security testing, 602–603
third-party, 604
disaster recovery, 710
integration testing, 749
regression and acceptance testing, 749
report generation, 624
risk assessment, 95–100
asset value and costs, 95–96
identity threats and vulnerabilities, 96
inherent versus residual risk, 99
qualitative, 98
quantitative, 96–98
risk response, 99–100
SAST (Static Application Security Testing), 750
security audits
conducting, 624–626
definition of, 604
security control testing, 605–620
code review and testing, 616–619
interface testing, 620
log reviews, 611–616
misuse case testing, 619
penetration testing, 609–611
synthetic transaction monitoring, 616
test coverage analysis, 619–620
vulnerability assessments, 605–609
security process data collection, 620–624
account management, 621–622
backup verification data, 623
disaster recovery and business continuity plans, 624
information security continuous monitoring programs, 620–621
KPIs (key performance indicators), 622–623
KRIs (key risk indicators), 622–623
management review and approval, 622
SP 800–137, 620–621
training and awareness, 623
test outputs, analysis of, 624
unit testing, 748
validation testing, 748
verification testing, 748
asset-centric threat modeling, 137
backup and recovery systems, 672
big data, 169
classification of, 170–177
CIA (confidentiality, integrity, and availability), 6–7, 170, 220, 744
information life cycle, 170
military and government, 176–177
private sector, 175–176
sensitivity and criticality, 170–175
data audits, 194–195
data collection and limitation, 191
data contamination, 168
data documentation and organization, 168–169
data maintenance, 192–193
data policies, 166–167
data privacy, 167
data quality, 167–168
data remanence and destruction, 193–194
data retention, 193
data security controls, 197–204
baselines, 200–201
data access and sharing, 198–199
data protection methods, 202–204
data security, 197
data states, 197–198
data storage and archiving, 199–200
defense-in-depth strategy, 197, 781
scoping, 201
standards selection, 201–202
tailoring, 201
databases, 182–187
access control, 186
ACID test, 187
data mining, 185–186
data warehouses, 185–186
database interface languages, 185
DBMS (database management systems), 182–187
locks, 187
maintenance of, 186
normalization, 184
polyinstantiation, 187
threats to, 186–187
views, 187
vulnerabilities of, 264
destruction of, 178
fault tolerance, 671
identity and access management, 672
applications, 663
cloud assets, 663
physical assets, 662
virtual assets, 663
management of, 179–180
media management, 672–679
HSM (hierarchical storage management), 677
labeling and storage, 678
media history, 678
NAS (network-attached storage), 676
network and resource management, 679–680
RAID (Redundant Array of Independent Disks), 672–676
sanitization and disposal, 678–679
SANs (storage-area networks), 676
media marking, 178
recovery priorities, 691–692
redundancy, 671
resource provisioning, 179
retention of, 195–197
risk assessment of, 95–96
roles, 188–191
business/mission owners, 190
data controllers, 189
data custodians, 189
data owners, 188
data processors, 190–191
data subjects, 191
data users, 191
system custodians, 190
system owners, 189
associative memory, 240
assurance, 222
asymmetric algorithms, 319–322
definition of, 292
Diffie-Hellman, 320
ECC (Elliptic Curve Cryptosystem), 321
El Gamal, 321
Knapsack, 322
RSA, 320–321
strengths/weaknesses of, 310–311
zero-knowledge proof, 322
Asymmetric DSL (ADSL), 499
asymmetric services, 498–499
Asynchronous Transfer Mode (ATM), 488–489
asynchronous transmission, 292, 400
ATM (Asynchronous Transfer Mode), 488–489
atomicity, 187
attack vectors, 138
attacker-centric threat modeling, 137
attacks, 509–521. See also threats; vulnerabilities
cabling, 509–512
cryptanalytic, 341–346
definition of, 93
DNS (Domain Name System), 514–516
email, 516–518
ICMP (Internet Control Message Protocol), 512–514
IP address spoofing, 520
port scanning, 520
potential, 142–143
remote, 519
session hijacking, 519
SYN ACK, 519
teardrop, 520
wireless, 518–519
zero-day, 521
attenuation, 509–510
Attestation Identity Key (AIK), 259
attribute-based access control (ABAC), 575–577
attributes
database, 183
definition of, 735
attribute/value pairs (AVPs), 504
audit committee, 18
auditors, 20
audits, 7–8, 569–570, 604, 774
auditing and monitoring services, 234
conducting, 624–626
data, 193–194
definition of, 604
review and, 654–655
types of, 656
AUP (acceptable use policy), 638
Authenticated Receive Chain (ARC), 517
authenticating servers, 504
authentication, 197. See also authorization
characteristic factor, 551–555
cryptosystems, 298
definition of, 541–542
device, 557–558
implementation of, 558–570
accountability, 568–570
auditing and reporting, 569–570
credential management systems, 567–568
default deny, 560
directory services, 560
FIM (federated identity management), 564–565
JIT (Just-In-Time) access, 570
Kerberos, 562–563
need-to-know principle, 559
OAuth (Open Authorization), 564
OIDC (OpenID Connect), 564
principle of least privilege, 559
proof of identity process, 566–567
RADIUS, 568
SAML (Security Assertion Markup Language), 564, 565
security domains, 565
separation of duties, 558–559
SESAME, 564
session management, 566
SSO (single sign-on), 561–565
TACACS+568
knowledge factor, 546–550
location factor, 556–557
multifactor, 557
ownership factor, 550–551
memory cards, 550–551
smart cards, 551
synchronous versus asynchronous token devices, 550
password types, 546–550
physiological characteristics, 550–551
Shared Key Authentication, 440
single-factor, 557
SP 800–63 requirements, 542–546
time factor, 557
authentication headers (AHs), 407
authentication servers, 442
authenticators, 442
author identification, 650
authorization
access control models, 572–579
ABAC (attribute-based access control), 575–577
access control matrix, 579
content-dependent access control, 578
context-dependent access control, 578
DAC (discretionary access control), 573
MAC (mandatory access control), 573–574
network access control devices, 491–493
RBAC (role-based access control), 574
risk-based access control, 578–579
rule-based access control, 574–579
cryptosystems, 299
definition of, 541
EAS (external authorization service), 578
implementation of, 558–570
accountability, 568–570
auditing and reporting, 569–570
credential management systems, 567–568
default deny, 560
directory services, 560
FIM (federated identity management), 564–565
JIT (Just-In-Time) access, 570
Kerberos, 562–563
need-to-know principle, 559
OAuth (Open Authorization), 564
OIDC (OpenID Connect), 564
principle of least privilege, 559
proof of identity process, 566–567
RADIUS, 568
SAML (Security Assertion Markup Language), 564, 565
security domains, 565
separation of duties, 558–559
SESAME, 564
session management, 566
SSO (single sign-on), 561–565
TACACS+568
incident response, 681–682
permissions, 572
privileges, 572
rights, 572
Automatic Private IP Addressing (APIPA), 398–399
automation, 664
AV (all viewpoint), 25
availability, 6–7, 77, 170, 744
avalanche effect, 294
avoidance, risk, 100
AVPs (attribute/value pairs), 504
AVSs (active vulnerability scanners), 607–608
Azure CDN, 494
B
backfire antennas, 445
backup
backup and recovery systems, 672
backup storage strategies, 699
hardware, 693
software, 693–694
barriers, 714
base relations, 183
baseband, 401
Basel II, 58
basic input/output system (BIOS), 242–243
Basic Rate Interface (BRI), 498
bastion hosts, 458
BCPs (business continuity plans), 76, 77–78, 79, 624, 713
behavior, object, 735
behavioral biometric systems, 553–554
Bell-LaPadula model, 226–227
best evidence rule, 647
BGP (Border Gateway Protocol), 471
BIA (business impact analysis), 76, 81–85
Biba model, 228
big data, 169
biometric systems, 356
behavioral characteristics, 553–554
biometric characteristics, 554–555
physiological characteristics, 552–553
birthday attacks, 344
black hat, 42
black-box testing, 616–618
blacklisting, 685
blackouts, 360
blind spoofing, 511
blind tests, 609–610
block ciphers, 310
Blowfish, 317
Blue Team versus Red Team exercises, 603–604
bluejacking, 439
bluesnarfing, 439
Bluetooth, 438–439
Board Briefing on IT Governance, 11
boards of directors, 16–17
bombing, 137
Boolean mathematics, 300
boot sector malware, 768
Border Gateway Protocol (BGP), 471
botnets, 769–770
bottom-up security approach, 36
boundary control services, 234
bounds, 221
breaches, 93
Brewer-Nash (Chinese Wall) model, 229
BRI (Basic Rate Interface), 498
bridges, 452
bridging, transparent, 453
bring-your-own-device (BYOD), 287–289, 463–464
bring-your-own-device (BYOD) security policy, 463–464
British Ministry of Defence Architecture Framework (MODAF), 25
broadband, 401
brownouts, 360
BSI (Build Security In), 765
budget, security, 13–14
Build and Fix model, 752–753
Build Security In (BSI), 765
building and internal security, 719
burning media, 194
Burp Suite, 607–608
bus topology, 476
business automation, 277
business case, 13
business continuity, 73–85
availability, 77
BCPs (business continuity plans), 76, 77–78, 79, 624, 713
BIA (business impact analysis), 76, 81–85
continency planning, 76, 78–81
definition of, 73–85
disaster types, 74–75
disruptions, 74
DRPs (disaster recovery plans), 75–76, 79, 624, 711–713
checklist tests, 712
evacuation drills, 713
full-interruption tests, 712
functional drills, 713
parallel tests, 712
read-through tests, 711
simulation tests, 712
structured walk-through tests, 712
table-top exercises, 712
reliability, 77
business interruption insurance, 704
business process recovery, 692
business/mission owners, 190
BYOD (bring-your-own-device), 287–289, 463–464
C
C, 765
C++736, 765
cable locks, 356
cable modems, 499–500
cabling, 471–475
coaxial, 472–473
fiber optic, 474–475
network attacks, 509–510
selection of, 471–472
twisted pair, 473–474
cache, 240
cache poisoning, 514
Caesar, Julius, 295
Cain & Abel, 610
CALEA (Communications Assistance to Law Enforcement Act), 55, 56
California Consumer Privacy Act (CCPA), 56
campus-area networks (CANs), 421
candidate keys, 183
CANs (campus-area networks), 421
Capability Maturity Model (CMM), 261
Capability Maturity Model Integration (CMMI), 35, 261, 759
capability tables, 579
capability viewpoint (CV), 25
capacitance detectors, 717
CAPTCHA, 548
cardinality, 183
Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA), 482, 484–485
Carrier Sense Multiple Access with Collision Detection (CSMA/CD), 482, 484
cars, smart, 277
CAs (certificate authorities), 323
CASBs (cloud access security brokers), 204
CASE (Computer-Aided Software Engineering), 759
CAST, 318
CAT (Cyber Action Team), 50
CBC (Cipher Block Chaining), 313–315, 428
CBC-MAC (Cipher Block Chaining MAC), 338
CC (Common Criteria), 250–252
CCMP (Counter Cipher Mode with Block Chaining Message Authentication Code Protocol), 441
CCPA (California Consumer Privacy Act), 56
CCTA Risk Analysis and Management Method (CRAMM), 36
CCTV (closed-circuit TV), 649, 717–718
CD (continuous delivery), 757
CDMA (code-division multiple access), 433
CDNs (content-distribution networks), 494–495
CDP (Cisco Discovery Protocol), 468
cellular/mobile wireless techniques, 433
Center for Internet Security. See CIS (Center for Internet Security)
central processing units. See CPUs
centralized access control, 538
CEO (chief executive officer), 17
CER (crossover error rate), 554
certificate authorities (CAs), 323
certificate revocation lists (CRLs), 326, 327
certificates. See digital certificates
Certify/Accredit phase, Software Development Life Cycle, 749
CFAA (Computer Fraud and Abuse Act), 54
CFB (Cipher Feedback), 313–315
CFO (chief financial officer), 17
chain of custody, 644–645
Challenge Handshake Authentication Protocol (CHAP), 501, 505
change logs, 655
change management, 659–661, 745, 749–750
channel service unit/data service unit (CSU/DSU), 487
channels, covert, 688
CHAP (Challenge Handshake Authentication Protocol), 501, 505
characteristic factor authentication, 551–555
checklist tests, 712
checksum, 333
chief executive officer (CEO), 17
chief financial officer (CFO), 17
chief information officer (CIO), 17
chief information security officer (CISO), 13
chief privacy officer (CPO), 17
chief security officer (CSO), 13, 18
China, Personal Information Protection Law (PIPL), 58
choose-your-own-device (CYOD), 288
chosen ciphertext attacks, 342
chosen plaintext attacks, 342
CI (continuous integration), 757
CIA (confidentiality, integrity, and availability), 6–7, 170, 220, 744
CIFS (Common Internet File System), 427
CIO (chief information officer), 17
CIP (critical infrastructure protection) plan, 79
Cipher Block Chaining (CBC), 313–315, 428
Cipher Block Chaining MAC (CBC-MAC), 338
Cipher Feedback (CFB), 313–315
cipher locks, 354
Cipher-Based MAC (CMAC), 338
ciphers. See also algorithms
block, 310
concealment, 305
hybrid, 311
Kerckhoffs's principle, 297
mono-alphabetic substitution, 294
polyalphabetic substitution, 294
running key, 305
stream-based, 309
substitution, 305–307
transposition, 307–308
ciphertext-only attacks, 342
circuit switching, 488
circuit-level proxies, 457
circumstantial evidence, 648
CIS (Center for Internet Security), 31–32
CISA (Cybersecurity & Infrastructure Security Agency), 750–751
Cisco Discovery Protocol (CDP), 468
civil code law, 44
civil disobedience, 136
civil investigations, 64
Clark-Wilson integrity model, 228–229
classful IP (Internet Protocol) addressing, 393–394
classification, data/asset, 170–177
CIA (confidentiality, integrity, and availability), 6–7, 170, 220, 744
information life cycle, 170
military and government, 176–177
private sector, 175–176
sensitivity and criticality, 170–175
PHI (protected health information), 173–175
PII (personally identifiable information), 171–173
proprietary data, 175
Classless Inter-Domain Routing (CIDR), 393
client-based systems, 262–263
clients
DHCP (e Dynamic Host Configuration Protocol), 423
DNS (Domain Name System), 424
mainframe/thin, 232
closed systems, 215
closed-circuit television (CCTV), 540
closed-circuit TV (CCTV), 649, 717–718
CLOUD (Clarifying Lawful Overseas Use of Data) Act, 60
cloud access security brokers (CASBs), 204
cloud computing, 264–274, 438, 663
CloudFront, 494
clustering, 706
CMAC (Cipher-Based MAC), 338
CMI (copyright management information), 48
CMM (Capability Maturity Model), 261
CMMI (Capability Maturity Model Integration), 35, 261, 759
coaxial cabling, 472–473
COBIT (Control Objectives for Information and Related Technology), 27
COBO (company-owned, business only), 288
code repository security, 766
code-division multiple access (CDMA), 433
CodeSearchDiggity, 766
coding
code review and testing, 616–619
black-box, 616–618
dynamic testing, 618
fuzz testing, 619
goal of, 616
gray-box, 616–618
review process, 618
static testing, 618
white-box, 616–618
secure coding guidelines/standards, 776–781
APIs (application programming interfaces), 780
backdoors, 778
best practices, 780–781
buffer overflow, 776–778
covert channels, 779
mobile code, 779
object reuse, 779
privilege escalation, 778
rogue programmers, 778
TOC (time of check) attacks, 779
TOU (time of use) attacks, 779
trapdoors, 778
cognitive passwords, 547
cohesion, 737
cold sites, 702
collection of evidence. See evidence collection and handling
collision domains, 482–483
COM (Component Object Model), 738
combination locks, 355
combination passwords, 547
commercial software, 49
Committee of Sponsoring Organizations. See COSO (Committee of Sponsoring Organizations)
committees
audit, 18
governance, 16
common application service element (CASE), 380
Common Criteria (CC), 250–252
Common Criteria Recognition Arrangement (CCRA), 252
Common Internet File System (CIFS), 427
common law, 44
Common Object Request Broker Architecture (CORBA), 737–739
communication channels, secure, 495–521
communications. See also networks; individual protocols
analysis of, 651
cryptography, 445–450
ECC (elliptic curve cryptography), 428
email security, 446–448
end-to-end encryption, 446
Internet security, 448–450
link encryption, 445–446
disaster recovery, 709
overview of, 376–377
secure communication channels, 495–521
data communications, 507
multimedia collaboration, 495–496
remote access, 497–507
virtualized networks, 507–508
voice, 495
threats, 132
Communications Assistance for Law Enforcement Act (CALEA), 55, 56
companion viruses, 768
company-owned, business only (COBO), 288
company-owned, personally enabled (COPE), 288
compartmented security mode, 222
compensative controls, 101
compiler warnings, 780
Complex Instruction Set Computer (CISC) CPU, 236
complex passwords, 547
Component Object Model (COM), 738
Component-Based Development method, 759
computer crime, 41–43
Computer Ethics Institute, 68
Computer Fraud and Abuse Act (CFAA), 54
computer prevalence crime, 42
Computer Security Act, 55
Computer-Aided Software Engineering (CASE), 759
computer-assisted crime, 41
computer/equipment rooms, 353
computer-targeted crime, 41
computing platforms, 231–233
distributed systems, 232
embedded systems, 232
mainframe/thin clients, 232
middleware, 232
mobile code, 233
virtual computing, 233
concealment ciphers, 305
conclusive evidence, 648
confidentiality, 6–7, 170, 175–176, 298, 744. See also CIA (confidentiality, integrity, and availability)
configuration management, 659–661, 749–750
confinement, 220
consistency, 187
construction, facility, 352
contactless cards, 551
containerization, 280–281
contamination of data, 168
content analysis, 650
content-dependent access control, 186, 578
content-distribution networks (CDNs), 494–495
context analysis, 650
context-dependent access control, 187, 578
continency planning, 76, 78–81
continuity of operations plan (COOP), 79
continuous delivery (CD), 757
continuous improvement, 108–109
continuous integration (CI), 757
continuous lighting, 718
continuous monitoring, 657
contractual compliance, 40
Control and User Plane Separation (CUPS), 434
Control layer, SDN (software-defined networking), 507
Control Objectives for Information and Related Technology (COBIT), 27
Controlled Unclassified Information (CUI), 176
controllers, data, 189
assessment and monitoring, 108
categories of, 100–102
selection of, 256–257
site/facility, 353–364
biometric systems, 356
closets and intermediate distribution facilities, 357
doors, 353–354
environmental security and issues, 358–362
equipment physical security, 362–364
glass entryways, 356
locks, 355–356
restricted and work areas, 357–358
visitor control, 357
types of, 102–105
administrative controls, 103
logical controls, 105
physical controls, 105
converged protocols
FCoE (Fibre Channel over Ethernet), 429–430
IP conveyence, 429
iSCSI (Internet Small Computer System Interface), 431
MPLS (Multiprotocol Label Switching), 430–431
VoIP (Voice over Internet Protocol), 431
cookies, 449–450
COOP (continuity of operations plan), 79
COPE (company-owned, personally enabled), 288
copy backups, 697
copyright, 48
copyright management information (CMI), 48
CORBA (Common Object Request Broker Architecture), 737–739
corrective controls, 101
corroborative evidence, 648
COSO (Committee of Sponsoring Organizations), 32, 127
Counter Cipher Mode with Block Chaining Message Authentication Code Protocol (CCMP), 441
Counter Mode (CTR), 313–315
countermeasures, 92, 98–99, 255
coupling, 737
covert channels, 688, 773, 779
COVID-19, 506–507
CPO (chief privacy officer), 17
CPTED (Crime Prevention Through Environmental Design), 348
CPUs, 235–238
multitasking/multiprocessing, 236
multithreading, 237
overview of, 235–236
process states, 238
single-state versus multistate, 237
crackers, 42
CRAMM (CCTA Risk Analysis and Management Method), 36
CRCs (cyclic redundancy checks), 333, 400
credential management systems, 567–568
credit/debit card processing technology, 449
Crime Prevention Through Environmental Design (CPTED), 348
criminal investigations, 41–43, 63, 638, 643–644
criminal law, 44
crisis communications plan, 79
critical infrastructure protection (CIP) plan, 79
critical processes/resources, identification of, 82
Critical Security Controls (CIS), 31–32
criticality, 170–175
PHI (protected health information), 173–175
PII (personally identifiable information), 171–173
proprietary data, 175
CRLs (certificate revocation lists), 326, 327
cross-certification, 328
cross-certification federated identity model, 565
crossover error rate (CER), 554
cryptanalysis, 293
cryptanalytic attacks, 341–346
cryptograms, 293
cryptography, 202–203, 234, 292–312, 445–450
applied, 340–341
asymmetric algorithms, 319–322
definition of, 292
Diffie-Hellman, 320
ECC (Elliptic Curve Cryptosystem), 321
El Gamal, 321
Knapsack, 322
RSA, 320–321
strengths/weaknesses of, 310–311
zero-knowledge proof, 322
concealment ciphers, 305
cryptanalysis, 293
cryptanalytic attacks, 341–346
cryptographic life cycle, 302–304
cryptosystem features, 293, 298–299
digital signatures, 292, 339–340, 742
email security, 446–448
end-to-end encryption, 203, 446
history of, 294–298
hybrid ciphers, 311
Internet security, 448–450
key management practices, 303–304, 328–332
link encryption, 202–203, 445–446
mathematical concepts for, 300–302
NIST SP 800–175A and B guidelines, 299–300
PKI (public key infrastructure), 322–328
CAs (certificate authorities), 323
CRLs (certificate revocation lists), 327
cross-certification, 328
digital certificates, 293, 323–327
OCSP (Online Certificate Status Protocol), 327
RAs (registration authorities), 323
steps of, 327–328
quantum, 312
running key ciphers, 305
substitution ciphers, 305–307
symmetric algorithms, 308–309, 312–319
3DES (Triple DES), 313–315
AES (Advanced Encryption Standard), 316–317
block ciphers, 310
Blowfish, 317
CAST, 318
comparison of, 319
definition of, 292
DES (Digital Encryption Standard), 313–316
IDEA (International Data Encryption Algorithm), 317
IVs (initialization vectors), 302, 309, 310
RC4/RC5/RC6/RC7, 318
Skipjack, 317
stream-based ciphers, 309
strengths/weaknesses of, 308–309
Twofish, 318
terminology for, 292–294
transposition ciphers, 307–308
cryptology, 293
cryptoperiods, 329
cryptosystem features, 298–299
CSMA/CA (Carrier Sense Multiple Access with Collision Avoidance), 482, 484–485
CSMA/CD (Carrier Sense Multiple Access with Collision Detection), 482, 484
CSO (chief security officer), 13, 18
CSU/DSU (channel service unit/data service unit), 487
CTR (Counter Mode), 313–315
CUI (Controlled Unclassified Information), 176
CUPS (Control and User Plane Separation), 434
custodians
system, 190
custody, chain of, 644–645
customary law, 45
customer edge (CE) routers, 431
customizing Pearson Test Prep practice test exams, 793–794
CV (capability viewpoint), 25
Cyber Action Team (CAT), 50
cyber incident response plan, 79
cyber-physical systems, NIST framework for, 278–280
Cybersecurity & Infrastructure Security Agency (CISA), 750–751
Cybersecurity Framework, 622–623
cybersquatting, 516
cyclic redundancy checks (CRCs), 333, 400
CYOD (choose-your-own-device), 288
D
D2D (device-to-device) communication, 434
DAC (discretionary access control), 573, 664–665
DACK (DMA acknowledgment), 241–242
daily backups, 697
damage assessment teams, 708
DAP (Directory Access Protocol), 560
DAST (Dynamic Application Security Testing), 750–751
data. See also assets
audits, 194–195
classification of, 170–177
CIA (confidentiality, integrity, and availability), 170
information life cycle, 170
military and government, 176–177
private sector, 175–176
sensitivity and criticality, 170–175
collection and limitation, 191, 620–624
contamination of, 168
data security controls, 197–204
baselines, 200–201
data access and sharing, 198–199
data protection methods, 202–204
data security, 197
data states, 197–198
data storage and archiving, 199–200
defense-in-depth strategy, 197, 781
scoping, 201
standards selection, 201–202
tailoring, 201
databases, 182–187
ACID test, 187
data mining, 185–186
data warehouses, 185–186
database interface languages, 185
DBMS (database management systems), 182–187
locks, 187
maintenance of, 186
polyinstantiation, 187
threats to, 186–187
views, 187
vulnerabilities of, 264
documentation and organization, 168–169
information and asset handling requirements, 176–177
asset inventory, 179–180
asset life cycle, 179
asset management, 179–180
data life cycle, 180–182
destruction, 178
media marking, 178
libraries, 181
life cycle, 180–182
maintenance, 192–193
mining, 185–186
policies, 166–167
definition of, 52
laws/regulations for, 53–62
PII (personally identifiable information), 52
proprietary, 175
quality of, 167–168
recovery, 696–699
remanence and destruction, 178, 193–194, 679
resource provisioning, 179
retention, 193
security process data
account management, 621–622
backup verification data, 623
disaster recovery and business continuity plans, 624
information security continuous monitoring programs, 620–621
KPIs (key performance indicators), 622–623
KRIs (key risk indicators), 622–623
management review and approval, 622
SP 800–137, 620–621
training and awareness, 623
warehouses, 185–186
data and information viewpoint (DIV), 25
data breaches, 50
data communications, 507
data controllers, 189
data havens, 61
Data Link layer, OSI model, 381
data loss prevention (DLP), 204, 657
data processors, 190–191
Data Protection Impact Assessment (DPIA), 62
data protection officer (DPO), 17
data security controls, 197–204
baselines, 200–201
data access and sharing, 198–199
data protection methods, 202–204
CASBs (cloud access security brokers), 204
cryptography, 202–203
DLP (data loss prevention), 204
DRM (digital rights management), 203–204
data security, 197
data states, 197–198
data at rest, 198
data in transit, 198
data in use, 198
data storage and archiving, 199–200
defense-in-depth strategy, 197, 781
scoping, 201
standards selection, 201–202
tailoring, 201
data subjects, 191
data users, 191
database management systems (DBMS), 182–187
databases, 182–187
access control, 186
ACID test, 187
data mining, 185–186
data warehouses, 185–186
database interface languages, 185
DBMS (database management systems), 182–187
locks, 187
maintenance of, 186
normalization, 184
polyinstantiation, 187
relational, 183
threats to, 186–187
views, 187
vulnerabilities of, 264
Data-Over-Cable Service Interface Specifications (DOCSIS), 499
DBMS (database management systems), 182–187
DCOM (Distributed Component Object Model), 738
DDoS (distributed DoS) attacks, 513, 515, 588
DDR SDRAM (double data rate synchronous dynamic random-access memory), 238
decentralized access control, 539
decoding, 293
decryption, 260–261, 292. See also cryptography
dedicated security mode, 221
dedicated short-range communications (DSRC), 435
de-encapsulation, 388–389
default security posture, 8
defaults, secure, 216–217
defense-in-depth strategy, 9–10, 197, 216, 781
degrees, 183
deluge extinguishers, 360
demilitarized zone (DMZ), 195–196, 458
Deming's Plan-Do-Check-Act cycle, 34, 108
demultiplexers, 451
denial-of-service (DoS) attacks, 514, 588, 683
Department of Defense (DoD), 25, 201, 261
Department of Homeland Security (DHS), 765
deprovisioning, 583
DES (Digital Encryption Standard), 298, 313–316
design
security assessment and testing, 602–604
internal/external, 604
Red Team versus Blue Team exercises, 603–604
security assessments, 603
security auditing, 604
security testing, 602–603
third-party, 604
sites/facilities, 348–353
Design phase, Software Development Life Cycle, 747
destruction of data, 178, 193–194
DES-X, 313
anti-malware/antivirus, 494, 686
blacklisting, 685
clipping levels, 686
deviations from standards, 687
firewalls, 685
graylisting, 685
IDSs (intrusion detection systems), 461–463, 656, 685
input/output controls, 688
IPSs (intrusion prevention systems), 463, 656, 685
machine learning and artificial intelligence, 689
sandboxes, 686
system hardening, 688–689
third-party security services, 686
trusted paths, 688
trusted recovery, 688
unauthorized disclosure, 687
unusual/unexplained events, 687
vulnerability management systems, 689
whitelisting, 685
deterrent controls, 102
Develop phase, Software Development Life Cycle, 748
development, software. See software development
deviations from standards, 687
devices, network, 450–468
access control for, 540
bridges, 452
demultiplexers, 451
device authentication, 557–558
device firmware, 243
EDR (endpoint detection and response), 463
architecture of, 458–468
types of, 455–458
gateways, 455
honeypots/honeynets, 460
hubs, 451–452
IDSs (intrusion detection systems), 461–463, 656, 685
I/O (input/output), 241
IoT (Internet of Things), 277
IPSs (intrusion prevention systems), 463, 656, 685
mobile devices, 463–468
multiplexers, 451
patch panels, 451
PBX (private branch exchange), 460
repeaters, 452
routers, 454–455
switches, 453–454
telco concentrators, 451
tracking, 363
VLANs (virtual local-area networks), 454
VPN concentrators, 451
vulnerabilities
application security, 287
BYOD (bring-your-own-device) concerns, 287–289
device security, 287
WAPs (wireless access points), 463
device-to-device (D2D) communication, 434
DevSecOps, 750
DHCP (Dynamic Host Configuration Protocol), 379, 423
DHS (Department of Homeland Security), 765
dial-up connections, 497–498
differential backup, 697
differential cryptanalysis, 343
Diffie-Hellman, 320
diffusion, 294
digital certificates, 322–328
classes of, 324
definition of, 293
life cycle of, 324–327
enrollment, 325
renewal and modification, 327
revocation, 326
verification, 326
requesting, 327–328
X.509, 323
Digital Encryption Standard (DES), 298, 313–316
digital forensics standards, 64–67
Digital Millennium Copyright Act (DMCA), 50
digital rights management. See DRM (digital rights management)
Digital Security Algorithm (DSA), 340
Digital Signature Standard (DSS), 340
digital signatures, 292, 339–340, 742
Digital Subscriber Line (DSL), 401, 498–499
digital transmission, 399–400
direct evidence, 647
direct memory access (DMA), 239, 241
directional antennas, 445
directive controls, 102
directors, boards of, 16–17
Directory Access Protocol (DAP), 560
directory services, 560
direct-sequence spread spectrum (DSSS), 432
disaster recovery, 706–713
assessment, 710
BCPs (business continuity plans), 76, 77–78, 79, 624, 713
BIA (business impact analysis), 76, 81–85
communication, 709
continency planning, 76, 78–81
disaster types, 74–75
DRPs (disaster recovery plans), 75–76, 79, 624, 711–713
checklist tests, 712
evacuation drills, 713
full-interruption tests, 712
functional drills, 713
parallel tests, 712
read-through tests, 711
simulation tests, 712
structured walk-through tests, 712
table-top exercises, 712
lessons learned from, 710–711
personnel, 707–709
response, 707
restoration, 710
training and awareness, 710
discretionary access control (DAC), 573, 664–665
disk imaging, 650
disposal of media, 678–679
Dispose phase, System Development Life Cycle, 745
disruptions, 74
distance vector protocols, 469
Distributed Component Object Model (DCOM), 738
distributed DoS (DDoS) attacks, 513, 515, 588, 769
Distributed Network Protocol version 3 (DNP3), 429
distributed object-oriented systems, 737–739
COM (Component Object Model), 738
CORBA (Common Object Request Broker Architecture), 737–738
DCOM (Distributed Component Object Model), 738
Java Platform, Enterprise Edition, 738
OLE (Object Linking and Embedding), 738–739
SOA (service-oriented architecture), 739
DIV (data and information viewpoint), 25
divestitures, 15–16
DKIM (DomainKeys Identified Mail), 517
DLP (data loss prevention), 204, 657
DMA (direct memory access), 239, 241
DMA acknowledgment (DACK), 241–242
DMADV methodology, 34
DMAIC methodology, 34
DMARC (Domain-based Message Authentication, Reporting & Conformance), 517
DMCA (Digital Millennium Copyright Act), 50
DMZ (demilitarized zone), 458
DNP3 (Distributed Network Protocol version 3), 429
DNS (Domain Name System), 384, 424, 581
attacks, 514–516
cache poisoning, 514
DOCSIS (Data-Over-Cable Service Interface Specifications), 499
document DRM (digital rights management), 347
documentation, security, 69–73, 168–169
baselines, 73
document exchange/review, 145
guidelines, 73
investigation, 642
overview of, 69–70
policies, 70–72
procedures, 72
processes, 72
standards, 73
supply and technology recovery, 695
DoD (Department of Defense), 25, 201, 261
domain grabbing, 516
Domain Name System (DNS), 384, 424, 514–516, 581
Domain Name System Security Extensions (DNSSEC), 515
Domain-based Message Authentication, Reporting & Conformance (DMARC), 517
DomainKeys Identified Mail (DKIM), 517
domains, 183
protection, 565
security, 565
doors, 353–354
DoS (denial-of-service) attacks, 514, 588, 683
double data rate synchronous dynamic random-access memory (DDR SDRAM), 238
double-blind tests, 610
DPIA (Data Protection Impact Assessment), 62
DPO (data protection officer), 17
Dragonblood vulnerability, 442
Dragonfly, 441
drills
evacuation, 713
functional, 713
DRM (digital rights management), 50, 203–204, 346–348
DRPs (disaster recovery plans), 75–76, 79, 711–713
checklist tests, 712
evacuation drills, 713
full-interruption tests, 712
functional drills, 713
parallel tests, 712
read-through tests, 711
simulation tests, 712
structured walk-through tests, 712
table-top exercises, 712
dry pipe extinguishers, 359
DSA (Digital Security Algorithm), 340
DSL (Digital Subscriber Line), 498–499
DSS (Digital Signature Standard), 340
DSSS (direct-sequence spread spectrum), 432
DTP (Dynamic Trunking Protocol), 511
dual-homed firewalls, 458–459
due care/due diligence, 38
dumpster diving, 587
durability, 187
duress, employee, 720
duties, separation of, 89, 217–218, 558–559, 666
Dynamic Application Security Testing (DAST), 750–751
Dynamic Host Configuration Protocol (DHCP), 379, 423, 581
dynamic NAT (Network Address Translation), 398
dynamic packet filtering firewalls, 457
dynamic testing, 618
Dynamic Trunking Protocol (DTP), 511
E
E lines, 486–487
EAC (Electronic Access Control), 354
EALs (Evaluation Assurance Levels), 250–252
EAP (Extensible Authentication Protocol), 442–444, 501, 505
earthquakes, 130
EAS (external authorization service), 578
e-book DRM (digital rights management), 348
ECB (Electronic Code Book), 313–315
ECC (Elliptic Curve Cryptosystem), 312, 321, 428
Economic Espionage Act, 59
ECPA (Electronic Communications Privacy Act), 55
edge computing systems, vulnerabilities of, 282–283
eDiscovery, 67
EDR (endpoint detection and response), 463
education, 147–148
EF (exposure factor), 97
efficacy, 13–14
egress monitoring, 657–658
egress nodes, 430
EHT (Extremely High Throughput), 438
EIGRP (Enhanced IGRP), 470
EK (Endorsement Key), 259
El Gamal, 321
electrical threats, 131–132
electromagnetic interference (EMI), 360, 473–474
electromechanical systems, 716
Electronic Access Control (EAC), 354
electronic backups, 698–699
Electronic Code Book (ECB), 313–315
Electronic Communications Privacy Act (ECPA), 55
electronic protected health information (EPHI), 173–175
electronic vaulting, 698
Elliptic Curve Cryptosystem (ECC), 312, 321, 428
pass-around code review, 617
emanations, 590
embedded device analysis, 651
embedded IPv4 unicast addresses, 416
embedded SIM (eSIM), 433
embedding, OLE (Object Linking and Embedding), 738
emergency lighting, 718
emergency management, 721
EMI (electromagnetic interference), 360, 473–474
employment. See personnel
encapsulation, 379, 388–389, 407, 735, 736
encoding, 293
encryption, 194, 202–203, 260–261, 292, 363. See also cryptography
definition of, 10
email security, 446–448
Internet security, 448–450
end of life (EOL), 196
end of support (EOS), 196
end-of-service life (EOSL), 196
Endorsement Key (EK), 259
endpoint detection and response (EDR), 463
endpoint protection platforms (EPPs), 493–494
endpoint security, 493–494
endpoint-based DLP (data loss prevention), 204, 657
end-to-end encryption, 203, 446
engagement, rules of, 681–682
engineering. See security architecture and engineering
Enhanced IGRP (EIGRP), 470
Enhanced SMTP (ESMTP), 427
Enigma machine, 297
ENISA (European Network and Information Security Agency), 202
enrollment, digital certificates, 325
enrollment time, 554
Enterprise Risk Management (ERM) Integrated Framework, 127
environmental error, 362
environmental security, 358–362
EOL (end of life), 196
EOS (end of support), 196
EOSL (end-of-service life), 196
EPHI (electronic protected health information), 173–175
EPPs (endpoint protection platforms), 493–494
equipment physical security, 353, 362–364
Ericsson, 433
ERM (Enterprise Risk Management) Integrated Framework, 127
eSIM (embedded SIM), 433
ESMTP (Enhanced SMTP), 427
ESP (encapsulating security payload) headers, 407
/etc/passwd file, 549
/etc/shadow file, 549
ethics, security governance, 67–69
ETSI (European Telecommunications Standards Institute), 433
European Network and Information Security Agency (ENISA), 202
European Telecommunications Standards Institute (ETSI), 433
European Union (EU)
Electronic Security Directive, 61
EU-U.S. Privacy Shield, 61
GDPR (General Data Protection Regulation), 61–62, 187
standards, 202
evacuation drills, 713
Evaluation Assurance Levels (EALs), 250–252
evaluation models, 244–255
CC (Common Criteria), 250–252
controls and countermeasures, 92, 98–99, 255
ITSEC (Information Technology Security Evaluation Criteria), 248–250
security implementation standards, 252–255
ISO/IEC 27001, 253–254
ISO/IEC 27002, 254–255
PCI DSS (Payment Card Industry Data Security Standard), 255
TCSEC (Trusted Computer System Evaluation Criteria), 245–248
events, incidents versus, 680–681
evidence collection and handling, 191, 640–641, 646–651
admissibility of evidence, 646
evidence storage facilities, 358
examination and analysis, 641
hardware/embedded device analysis, 651
identification of evidence, 640
media analysis, 650
network analysis, 650–651
rules of evidence, 646
search and seizure, 649
software analysis, 650
surveillance, 649
types of evidence, 646
exam preparation, 795
final review/study plan, 795–796
memory tables, 795
Pearson Test Prep practice test software, 791–793
exam customizations, 793–794
exam updates, 794
offline access to, 792–793
online access to, 792
Premium Edition, 794–795
tools for, 795
EXCLUSIVE OR operations, 300–301
Executive order 13556, 176
expectation of privacy, 60
exploits, 91
Exploratory model, 759
explosions, 133
exposure, 92
exposure factor (EF), 97
Extensible Authentication Protocol (EAP), 442–444, 501, 505
Extensible Markup Language (XML), 185, 285
Extensible Messaging and Presence Protocol (XMPP), 496
external authorization service (EAS), 578
external security assessment and testing, 604
external threats, 129–130
extranets, 418
Extremely High Throughput (EHT), 438
F
facial scans, 553
facilities
access control for, 540
protection of, 669
redundancy, 703–704
factoring attacks, 344
factors, authentication, 550–551
characteristic factor, 551–555
knowledge factor, 546–550
location factor, 556–557
multifactor, 557
ownership factor, 550–551
memory cards, 550–551
smart cards, 551
synchronous versus asynchronous token devices, 550
single-factor, 557
time factor, 557
fail safe/fail secure, 217, 244
failover, 705
false acceptance rate (FAR), 554
false rejection rate (FRR), 554
Fast Ethernet, 480
fault injection, 345
fault tolerance, 85, 259, 671, 679, 704
faults, power, 360
FBI (Federal Bureau of Investigation), 50
FCoE (Fibre Channel over Ethernet), 429–430
FDDI (Fiber Distributed Data Interface), 418–419, 481
FDM (frequency-division multiplexing), 401, 451
FDMA (frequency-division multiple access), 433
feature extraction, 554
Federal Bureau of Investigation (FBI), 50
Federal Information Processing Standards. See FIPS (Federal Information Processing Standards)
Federal Information Security Management Act (FISMA), 55, 58, 406
Federal Intelligence Surveillance Act (FISA), 55
Federal Privacy Act, 55
federated identity management (FIM), 508, 564–565
Federation of European Risk Management Associations (FERMA), 128
FERMA (Federation of European Risk Management Associations), 128
fetching, 235
FHSS (frequency-hopping spread spectrum), 432
Fiber Distributed Data Interface (FDDI), 418–419, 481
fiber optic cabling, 474–475
Fibre Channel over Ethernet (FCoE), 429–430
field-programmable gate array (FPGA), 239
FIFO (first in, first out), 699
fifth-generation firewalls, 457
file infectors, 768
File Transfer Protocol. See FTP (File Transfer Protocol)
files
/etc/passwd, 549
/etc/shadow, 549
filters, MAC (mandatory access control), 444
FIM (federated identity management), 508, 564–565
FIN scans, 520
final review/study plan, 795–796
FindBugs, 766
finger scans, 552
fingerprint scans, 552
FIPS (Federal Information Processing Standards), 441
FIPS 199 impact levels, 80, 110–112
fire detection/suppression, 133–134, 359–360, 705
fire extinguishers, 133–134
architecture of, 458–468
logs, 655
personal, 494
types of, 455–458
first in, first out (FIFO), 699
FISA (Federal Intelligence Surveillance Act), 55
FISMA (Federal Information Security Management Act), 55, 58, 406
Flash Card exam mode, 793
flash memory, 239
Flow Label field, IPv6, 408
fluorescent lighting, 718
FOIA (Freedom of Information Act), 177
foreign keys, 183
forensic and digital investigations, 638–653
chain of custody, 644–645
crime scenes, 643–644
criminal investigations, 638
digital forensic tools and procedures, 651–653
evidence collection and handling, 646–651
admissibility of evidence, 646
hardware/embedded device analysis, 651
media analysis, 650
network analysis, 650–651
rules of evidence, 646
search and seizure, 649
software analysis, 650
surveillance, 649
types of evidence, 647–649
forensic procedures, 641–642
interviews, 645
investigative techniques, 645
IOCE (International Organization on Computer Evidence), 642–643
MOM (motive, opportunity, and means), 644
reporting and documentation, 642
steps of, 638–641
decision, 641
evidence collection, 640–641, 646–651
evidence examination and analysis, 641
evidence identification, 640
presentation of findings, 641
SWGDE (Scientific Working Group on Digital Evidence), 642–643
Forest Green Book, 678
FPGA (field-programmable gate array), 239
fraggle attacks, 513
Frame Relay, 488
framework for cyber-physical systems, 278–280
Framework for Improving Critical Infrastructure Cybersecurity (NIST), 124–126
frameworks
risk, 109–129
COSO Enterprise Risk Management (ERM) Integrated Framework, 127
ISO/IEC 27005:2018, 126–127
NIST (National Institute of Standards and Technology), 109–126
OSSTMM (Open Source Security Testing Methodology Manual), 127
A Risk Management Standard (FERMA), 128
security control, 20–37
bottom-up approach, 36
CIS Critical Security Controls, 31–32
CMMI (Capability Maturity Model Integration), 35
COBIT (Control Objectives for Information and Related Technology), 27
COSO (Committee of Sponsoring Organizations), 32
CRAMM (CCTA Risk Analysis and Management Method), 36
definition of, 20
DoDAF (Department of Defense Architecture Framework), 25
HITRUST CSF (Common Security Framework), 30–31
ISO/IEC 27000 series, 21–24
ITIL (Information Technology Infrastructure Library), 33
MODAF (British Ministry of Defence Architecture Framework), 25
NIST (National Institute of Standards and Technology) SP 800 series, 27–30
OCTAVE (Operationally Critical Threat, Asset, and Vulnerability Evaluation), 32
SABSA (Sherwood Applied Business Security Architecture), 25–26
security program life cycle, 37
Six Sigma, 34
standards compared to, 20
TOGAF (The Open Group Architecture Framework), 25
top-down approach, 36
Zachman Framework, 25
fraud, 135
Freedom of Information Act (FOIA), 177
freeware, 49
frequency analysis, 343
frequency-division multiple access (FDMA), 433
frequency-division multiplexing (FDM), 401, 451
frequency-hopping spread spectrum (FHSS), 432
FRR (false rejection rate), 554
FTP (File Transfer Protocol), 424–425, 581
FTPS (FTP Secure), 424–425
full backups, 696–697
full-interruption tests, 712
full-knowledge tests, 610
functional drills, 713
fuzz testing, 619
G
gates/fences, 714–716
gateways, 455
Gather Requirements phase, Software Development Life Cycle, 747
General Data Protection Regulation (GDPR), 17, 61–62, 189
General Packet Radio Service (GPRS), 503
geo-fences, 715
geographical threats, 129–137
human-caused, 133–135
internal/external, 129–130
natural, 130–131
politically motivated, 135–137
system, 131–133
GFI LanGuard, 605
GFS (grandfather/father/son), 699
Gigabit Ethernet, 480
glass entryways, 356
GLBA (Gramm-Leach-Bliley Act), 16–17
global IPv6 addresses, 416
Global System for Mobile communications (GSM), 433
Gmail, 609
goals, organizational, 12–13
Goguen-Meseguer model, 230
going dark, 51
Google, 192
Google Docs, 609
Google Pay, 449
governance, security. See security governance
government data classification, 176–177
GPRS (General Packet Radio Service), 503
Grabber, 609
Graham-Denning model, 230
Gramm-Leach-Bliley Act (GLBA), 16–17, 54
grandfather/father/son (GFS), 699
graphical passwords, 548
graphical user interfaces. See GUIs (graphical user interfaces), testing
gray hat, 42
gray-box testing, 616–618
graylisting, 685
Green Book, 248
grid computing, vulnerabilities of, 275
group management, 665
Group Policy, 201
guards, 540
guest operating systems, 508
guidelines, documentation for, 73
GUIs (graphical user interfaces), testing, 620
H
HA (high availability), 705–706
hackers, 42
hand geometry scans, 552
hand topography scans, 553
hardening, system, 688–689
hardware
backup, 693
protection of, 670
risks, 144
secure network components, 450–471
network devices, 450–468
network routing, 468–471
hardware security module (HSM), 677
Harrison-Ruzzo-Ullman model, 230
hashing, 333–337
CBC-MAC, 338
CMAC, 338
definition of, 293
HAVAL, 337
MD2/MD4/MD5/MD6, 335
one-way hash, 333–334
RIPEMD-160, 337
salting, 339
SHA/SHA-2/SHA-3, 336
Tiger, 337
HAVAL, 337
HDSL (High Bit-Rate DSL), 499
headers, packet
IPv4, 388–389
IPv6, 407
Health Care and Education Reconciliation Act, 54
Health Insurance Portability and Accountability Act (HIPAA), 39, 54, 173–175
hearsay evidence, 648
heating, ventilation, and air conditioning (HVAC), 361
heat-sensing sensors, 359
Herzog, Pete, 127
heuristic-based IDSs (intrusion detection systems), 462
HFC (hybrid fiber coaxial), 500
hiding URLs, 515
HIDPS (host-based intrusion detection and prevention system), 494
HIDSs (host-based IDSs), 461
hierarchical databases, 184
hierarchical storage management (HSM), 677, 698
high availability, 705–706
High Bit-Rate DSL (HDSL), 499
high cohesion, 737
higher-level recovery strategies, 691
high-level languages, 734
high-performance computing systems (HPCs), 282
High-Speed Serial Interface (HSSI), 490
hijacking, session, 519
HIPAA (Health Insurance Portability and Accountability Act), 39, 54, 173–175
hiring personnel
candidate screening/hiring. See personnel
compliance policy, 89
employee onboarding/offboarding, 88
employment agreements, 87
job rotation, 89
privacy policy, 89
separation of duties, 89
HITRUST CSF (Common Security Framework), 30–31
hop counts, 469
host-based IDSs (HIDSs), 461
host-based intrusion detection and prevention system (HIDPS), 494
hosts
bastion, 458
screened, 459
hot sites, 701
HPCs (high-performance computing systems), 282
HSM (hardware security module), 677
HSM (hierarchical storage management), 677, 698
HSSI (High-Speed Serial Interface), 490
HTTP (Hypertext Transfer Protocol), 379, 425, 581
HTTPS (Hypertext Transfer Protocol Secure), 425
hubs, 451–452
human resources, 694–695
human-caused threats, 133–135
humidity, 361
Hunt Project, 519–520
hurricanes, 130
HVAC (heating, ventilation, and air conditioning), 361
hybrid ciphers, 311
hybrid fiber coaxial (HFC), 500
hybrid routing protocols, 469
hybrid topology, 478
hygrometers, 362
Hypertext Transfer Protocol (HTTP), 379, 425, 581
Hypertext Transfer Protocol Secure (HTTPS), 425
I
IAB (Internet Architecture Board), 68
IAM (identity and access management), 581–582, 672. See also access control
authentication
behavioral characteristics, 553–554
biometric characteristics, 554–555
characteristic factor, 551–555
definition of, 541–542
device, 557–558
implementation of, 558–570
knowledge factor, 546–550
location factor, 556–557
multifactor, 557
ownership factor, 550–551
password management considerations, 548–550
password types, 546–550
physiological characteristics, 552–553
Shared Key Authentication, 440
single-factor, 557
SP 800–63 requirements, 542–546
time factor, 557
authorization
access control models, 572–579
definition of, 541
EAS (external authorization service), 578
implementation of, 558–570
permissions, 572
privileges, 572
rights, 572
IDaaS (Identity as a Service), 571
identification, 541
overview of, 534–535
provisioning life cycle, 580–584
account review, 582
account revocation, 583
account transfers, 582–583
identity and account management, 581–582
overview of, 580–581
privilege escalation, 583–584
provisioning policies, 581
role definition, 583
third-party identity services integration, 571
threats, 584–591
access aggregation, 590–591
APT (advanced persistent threat), 591
backdoors, 590
buffer overflow, 588
DDoS (distributed DoS) attacks, 513, 515, 588
DoS (denial-of-service) attacks, 514, 588, 683
emanations, 590
malicious software, 589
mitigating, 591
mobile code, 588
overview of, 584–585
password threats, 585–586
preventing, 591
sniffing and eavesdropping, 589–590
social engineering threats, 42–43, 342, 517–518, 586–587
spoofing, 589
IBM Lucifer project, 298
IBM Security QRadar, 607–608
ICCs (integrated circuit cards), 551
ICMP (Internet Control Message Protocol), 387, 425
attacks, 512–514
ECHO REPLY, 512–513
ECHO REQUEST, 512–513
ICMP redirect, 513
ICSs (industrial control systems), 265–268, 428–429, 540
IDaaS (Identity as a Service), 571
IDEA (International Data Encryption Algorithm), 317, 447
IDEAL model, 761
identity and access management. See IAM (identity and access management)
Identity as a Service (IDaaS), 571
identity theft, 587
Identity Theft Enforcement and Restitution Act, 54
identity threats and vulnerabilities, 96
IDSs (intrusion detection systems), 461–463, 656, 685
IEC (International Electrotechnical Commission), 202, 218
ISO/IEC 15288:2015, 214–215
ISO/IEC 27000 series, 11, 21–24, 126–127, 765
ISO/IEC 27001, 253–254
ISO/IEC 27002, 254–255
ISO/IEC 42010:2011, 231
ISO/IEC 90003:2014, 760–761
IGMP (Internet Group Management Protocol), 387, 426
IGRP (Interior Gateway Routing Protocol), 470
IIPT (integrating integrated product team), 763–764
IKE (Internet Key Exchange), 407
IMAP (Internet Message Access Protocol), 426
Implement phase, System Development Life Cycle, 745
implementation attacks, 345
implied addressing, 240
import/export controls, 51
incident response, 680–684, 751
authorization and scope, 681–682
detection, 683
events versus incidents, 680–681
incident response teams, 681
mitigation, 683
procedures for, 682–684
recovery, 684
reporting, 684
response methods, 683
rules of engagement, 681–682
incidental computer crime, 42
incremental backup, 697
Incremental model, 755
India, Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 57–58
indirect addressing, 240
industrial control systems (ICSs), 265–268, 428–429, 540
industry standards compliance, 40
inference, 186
information. See assets; data
information flow models, 224–225
information life cycle, 170, 668
information security continuous monitoring (ISCM) programs, 620–621
information security governance. See security governance
information security management system (ISMS), 253
information system contingency plan (ISCP), 80
information systems, 257–261. See also cryptography
fault tolerance, 85, 259, 671, 679, 704
interfaces, 259
memory protection, 257–258
TPM (Trusted Platform Module), 258–259
Information Technology Infrastructure Library (ITIL), 11, 33
Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 57–58
Information Technology Security Evaluation Criteria (ITSEC), 248–250
informative security policy, 72
Infrared Transfer Picture (IrTran-P), 439
Infrastructure layer, SDN (software-defined networking), 507
Infrastructure mode, WLANs (wireless LANs), 436
inherent risk, 99
inheritance, 735
initialization vectors (IVs), 302, 309, 310
Initiate phase, System Development Life Cycle, 744
input/output controls, 688
instant messaging, 496
Institute for Security and Open Methodologies (ISECOM), 127
insurance, 704–705
intangible assets, 90, 165, 669–671
integrated circuit cards (ICCs), 551
Integrated Product and Process Development (IPPD), 763–764
integrated product teams (IPTs), 763–764
Integrated Services Digital Network (ISDN), 498
integrating integrated product team (IIPT), 763–764
integration testing, 749
CIA (confidentiality, integrity, and availability), 6–7, 170, 220, 744
cryptosystems, 298
integrity services, 234
message, 332–339
hashing, 333–337
overview of, 332–333
referential, 183
intellectual property, 46–50
copyright, 48
license types, 49
patents, 46
software piracy, 49
trade secrets, 47
trademarks, 47–48
interface testing, 620
interface-local IPv6 addresses, 415
interfaces, 259
Interior Gateway Routing Protocol (IGRP), 470
intermediate distribution facilities, 357
Intermediate System to Intermediate System (IS-IS), 471
internal protection, 49
internal security assessment and testing, 604
internal threats, 129–130
Internal Traffic in Arms Regulations (ITAR), 56
International Data Encryption Algorithm (IDEA), 317, 447
International Electrotechnical Commission (IEC), 202, 218
International Information Systems Security Certification Consortium (ISC)2 Code of Ethics, 67–68
International Organization for Standardization. See ISO (International Organization for Standardization)
International Organization on Computer Evidence (IOCE), 642–643
Internet Architecture Board (IAB), 68
Internet Control Message Protocol. See ICMP (Internet Control Message Protocol)
Internet Crime Complaint Center (IC3), 50
Internet Group Management Protocol (IGMP), 387, 426
Internet Key Exchange (IKE), 407
Internet layer, TCP/IP model, 386–387
Internet Message Access Protocol (IMAP), 426
Internet of Things. See IoT (Internet of Things)
Internet Protocol. See IP (Internet Protocol) networking
Internet Relay Chat (IRC), 496
Internet security, 341, 448–450
Internet Small Computer System Interface (iSCSI), 429, 431
interprocess communication (IPC), 738
interrupt requests (IRQs), 241
Inter-Switch Link Protocol (ISL) tagging attacks, 512
interviews, 645
intranets, 417–418
intrusion detection systems (IDSs), 461–463, 656, 685
intrusion prevention systems (IPSs), 463, 656, 685
inventory, asset, 179–180, 363
investigations, 62–67, 638–653
administrative, 63
chain of custody, 644–645
civil, 64
crime scenes, 643–644
criminal, 41–43, 63, 638, 643–644
criminal investigations, 638
digital forensic tools and procedures, 651–653
eDiscovery, 67
evidence collection and handling, 646–651
admissibility of evidence, 646
hardware/embedded device analysis, 651
media analysis, 650
network analysis, 650–651
rules of evidence, 646
search and seizure, 649
software analysis, 650
surveillance, 649
types of evidence, 647–649
forensic procedures, 641–642
industry standards for, 64–67
interviews, 645
investigative techniques, 645
IOCE (International Organization on Computer Evidence), 642–643
MOM (motive, opportunity, and means), 644
operations, 63
regulatory, 64
reporting and documentation, 642
steps of, 638–641
decision, 641
evidence collection, 640–641, 646–651
evidence examination and analysis, 641
evidence identification, 640
presentation of findings, 641
SWGDE (Scientific Working Group on Digital Evidence), 642–643
Investigatory Powers Act, 57
Investigatory Powers Commissioner's Office (IPCO), 57
I/O (input/output) devices, 241
I/O (input/output) structures, 241–242
IOCE (International Organization on Computer Evidence), 642–643
IoT (Internet of Things), 276–280, 540, 780
definition of, 276
device security for, 277
examples of, 277
NIST framework for cyber-physical systems, 278–280
IP (Internet Protocol) networking, 378–421. See also transmission media
absolute addressing, 240
common TCP/UDP ports, 389–391
implied addressing, 240
indirect addressing, 240
IP address spoofing, 520
IP conveyence, 429
IPsec (IP Security), 501–503
IPv6 support for, 407
NAT (Network Address Translation) and, 396
IPv4, 392–399
APIPA (Automatic Private IP Addressing), 398–399
classful addressing, 393–394
IPv6 compared to, 403–416
MAC (mandatory access control), 399
NAT (Network Address Translation), 394–399
private addressing, 394
public addressing, 394
IPv6, 403–416
address format, 410–412
address notation, 412–413
address scope, 415–416
address types, 414–415
features of, 406–409
IPv4 compared to, 403–404, 409
threats, 409
logical controls, 240
logical/physical addressing, 391–399
network transmission, 399–403
analog versus digital, 399–400
baseband, 401
broadband, 401
broadcast, 402
synchronous/asynchronous, 400
wired, 403
wireless, 403
private addressing, 394
relative addressing, 240
IPC (interprocess communication), 738
IPCO (Investigatory Powers Commissioner's Office), 57
IPPD (Integrated Product and Process Development), 763–764
IPsec (IP Security), 501–503
IPv6 support for, 407
NAT (Network Address Translation) and, 396
IPSs (intrusion prevention systems), 463, 656, 685
IPTs (integrated product teams), 763–764
IR. See incident response
IRC (Internet Relay Chat), 496
iris scans, 553
IRQs (interrupt requests), 241
IrTran-P (Infrared Transfer Picture), 439
(ISC)2 Code of Ethics, 67–68
ISCM (information security continuous monitoring) programs, 620–621
ISCP (information system contingency plan), 80
iSCSI (Internet Small Computer System Interface), 431
ISDN (Integrated Services Digital Network), 498
ISECOM (Institute for Security and Open Methodologies), 127
iSIM, 433
IS-IS (Intermediate System to Intermediate System), 471
ISL (Inter-Switch Link Protocol) tagging attacks, 512
ISMS (information security management system), 253
ISO (International Organization for Standardization), 201, 218
ISO 9001:2015, 760–761
ISO/IEC 15288:2015, 214–215
ISO/IEC 27000 series, 11, 21–24, 126–127, 765
ISO/IEC 27001, 253–254
ISO/IEC 27002, 254–255
ISO/IEC 42010:2011, 231
ISO/IEC 90003:2014, 760–761
OSI model, 378–382
PCI DSS (Payment Card Industry Data Security Standard), 255
Isochronous Channels (ISOC), 438–439
issue-specific security policy, 72
IT Governance Institute (ITGI), 11
ITAR (Internal Traffic in Arms Regulations), 56
ITIL (Information Technology Infrastructure Library), 11, 33
ITSEC (Information Technology Security Evaluation Criteria), 248–250
IVs (initialization vectors), 302, 309, 310
J
JAD (Joint Analysis Development) model, 758
Java, 736
applets, 739
Java Platform, Enterprise Edition, 738
JCL (Java Class Library), 765
JDBC (Java Database Connectivity), 185
JSM (Java Security Model), 739
JVM (Java virtual machine), 739
JIT (Just-In-Time) access, 570
John the Ripper, 610
Joint Analysis Development (JAD) model, 758
journaling, remote, 698
J/Secure, 449
JSM (Java Security Model), 739
Juggernaut, 519–520
Just-In-Time (JIT) access, 570
JVM (Java virtual machine), 739
K
Kali Linux, 610
KDC (Key Distribution Center), 562
Kennedy-Kassebaum Act. See HIPAA (Health Insurance Portability and Accountability Act)
Kerberos, 562–563
Kerckhoffs, Auguste, 297
Kerckhoffs's principle, 297
kernel mode, 235
kernel proxy firewalls, 457
Key Distribution Center (KDC), 562
key performance indicators (KPIs), 622–623
key risk indicators (KRIs), 622–623
keyloggers, 771
keys, 292
AIK (Attestation Identity Key), 259
candidate, 183
EK (Endorsement Key), 259
foreign, 183
key clustering, 293
management of, 303–304, 328–332
PCR (Platform Configuration Register) hashes, 259
primary, 183
SRK (Storage Root Key), 259
storage, 259
keyspace, 293
Kindle, 348
Knapsack, 322
knowledge factor authentication, 546–550
known plaintext attacks, 342
KPIs (key performance indicators), 622–623
KRIs (key risk indicators), 622–623
L
L2TP (Layer 2 Tunneling Protocol), 501
Label Distribution Protocol (LDP), 426, 431
label edge routers (LERs), 430
Label Switched Path (LSP), 430
label switching routers (LSRs), 430
labeling media, 678
laminated glass, 356
languages, 565
assembly, 734
database interface, 185
high-level, 734
machine, 734
natural, 735
very-high-level, 734
LANs (local-area networks), 417
PVLAN (private VLAN), 508
VLANs (virtual local-area networks), 454
laptop memory, 239
large-scale parallel data systems, 264–274
Layer 2 Tunneling Protocol (L2TP), 501
layered defense model, 348
LDAP (Lightweight Directory Access Protocol), 184, 426, 560
LDP (Label Distribution Protocol), 426, 431
leaks, memory, 240
Lean, 109
LEAP (Lightweight EAP), 443
least privilege, principle of, 216, 559, 664–665, 781
legal teams, 708
legal/regulatory issues
computer crime, 41–43
cyber crimes, 50
data breaches, 50
import/export controls, 51
investigations, 64
legal systems, 43–45
legally permissible evidence, 646
liability, 167
licensing and intellectual property, 46–50
copyright, 48
DRM (digital rights management), 50
internal protection, 49
license types, 49
patents, 46
software piracy, 49
trade secrets, 47
trademarks, 47–48
privacy, 52–62
definition of, 52
laws/regulations for, 53–62
PII (personally identifiable information), 52
regulatory security policy, 72
trans-border data flow, 51–52
LERs (label edge routers), 430
liability, 167
libraries, data, 181
licensing, 46–50
copyright, 48
DRM (digital rights management), 50
internal protection, 49
patents, 46
software piracy, 49
trade secrets, 47
trademarks, 47–48
types of, 49
life of passwords, 548
life cycle
assets, 179
cryptographic, 302–304, 331–332
data, 180–182
digital certificates, 324–327
enrollment, 325
renewal and modification, 327
revocation, 326
verification, 326
information, 668
provisioning, 580–584
account review, 582
account revocation, 583
account transfers, 582–583
identity and account management, 581–582
overview of, 580–581
privilege escalation, 583–584
provisioning policies, 581
role definition, 583
security program, 37
System Development Life Cycle, 743–745
Acquire/Develop phase, 744–745
Dispose phase, 745
Implement phase, 745
Initiate phase, 744
Operate/Maintain phase, 745
overview of, 743–744
lighting, 718–719
Lightweight Directory Access Protocol (LDAP), 184, 426, 560
Lightweight EAP (LEAP), 443
linear cryptanalysis, 343
link encryption, 202–203, 340, 445–446
Link layer, TCP/IP model, 388
link state advertisements (LSAs), 470
link state protocols, 469
linking, OLE (Object Linking and Embedding), 185, 738–739
link-local IPv6 addresses, 415
Linux, password management for, 549
Lipner model, 229
LLC (logical link control), 381
load balancing, 706
local-area networks (LANs), 417
location factor authentication, 556–557
locks, 187, 354, 355–356, 364, 540
logging/monitoring, 654–659, 774–775
analysis of, 651
audit and review, 569, 611–616, 654–655, 656
definition of, 611
logging configuration, 615–616
SP 800–92 recommendations, 612–616
SP 800–137 recommendations, 620–621
continuous monitoring, 657
egress monitoring, 657–658
intrusion detection and prevention, 656
management of, 658
SIEM (security information and event management), 656
threat intelligence, 658–659
types of, 655
UEBA (user and entity behavior analytics), 659
logic bombs, 769
logical addressing, 240. See also addressing, IP (Internet Protocol)
logical controls, 105, 537–538
logical link control (LLC), 381
logical operations, 300–301
LSAs (link state advertisements), 470
LSP (Label Switched Path), 430
LSRs (label switching routers), 430
Lucifer project, 298
M
MAC (media access control), 381, 399, 444, 573–574
MAC (message authentication code), 334
CBC-MAC (Cipher Block Chaining MAC), 338
CMAC (Cipher-Based MAC), 338
machine languages, 734
macro viruses, 768
mainframe/thin clients, 232
maintenance
data, 192–193
database, 186
security architecture, 261
software development, 762
maintenance hooks, 284
malicious software (malware), 589, 766–772
adware, 769
botnets, 769–770
keyloggers, 771
logic bombs, 769
mobile malware, 771
overview of, 767–772
protection against, 771–772
rootkits, 770
scanning for, 772
scareware, 43
security policies for, 772
viruses, 767–768
MAM (mobile applicationmanagement), 286
management, asset, 179–180
management controls, 103
management review and approval, 622
mandatory vacations, 666–667
man-in-the-middle (MITM) attacks, 511
MANs (metropolitan-area networks), 418–419
mantraps, 354
marking, media, 178
masking, password, 548
masquerading, 589
massive multiple input multiple output (MIMO), 433
master boot record (MBR), 242
mathematical concepts, cryptography, 300–302
matrix-based models, 223–224
maturity models, software development, 261, 751–761
Agile model, 756–757
Build and Fix model, 752–753
CASE (Computer-Aided Software Engineering), 759
CD (continuous delivery), 757
CI (continuous integration), 757
CMMI (Capability Maturity Model Integration), 759
Component-Based Development method, 759
Exploratory model, 759
IDEAL model, 761
Incremental model, 755
ISO 9001:2015, 760–761
ISO/IEC 90003:2014, 760–761
JAD (Joint Analysis Development) model, 758
MPM (Modified Prototype Model), 755
overview of, 751–752
prototyping, 754
Spiral model, 756
Structured Programming Development mode, 759
V-shaped model, 754
Waterfall model, 753–754
maximum tolerable downtime (MTD), 82
maximum transmission units (MTUs), 409, 520
MBR (master boot record), 242
MD2/MD4/MD5/MD6, 335
MDM (mobile device management), 286
mean time between failure (MTBF), 82, 680
mean time to repair (MTTR), 82, 680
means, 644
MEC (Multi-access Edge Computing), 434
media, transmission. See transmission media
media access control. See MAC (media access control)
media access control (MAC), 381
media analysis, 650
Media Gateway Control Protocol (MGCP), 431
media management, 672–679
HSM (hierarchical storage management), 677
media history, 678
media labeling and storage, 678
media marking, 178
media storage facilities, 358
NAS (network-attached storage), 676
network and resource management, 679–680
RAID (Redundant Array of Independent Disks), 672–676
sanitization and disposal, 678–679
SANs (storage-area networks), 676
media relations teams, 708
meet-in-the middle attacks, 345
memory, 238–241
leaks, 240
memory cards, 550–551
memory tables, 795
memory-mapped I/O, 241
protection, 257–258
TPM (Trusted Platform Module), 258–259
mercury vapor lighting, 718
mesh topology, 477
message authentication code. See MAC (message authentication code)
message integrity, 332–339
hashing, 333–337
CBC-MAC, 338
CMAC, 338
definition of, 293
HAVAL, 337
HMAC, 337–338
MD2/MD4/MD5/MD6, 335
one-way hash, 333–334
RIPEMD-160, 337
salting, 339
SHA/SHA-2/SHA-3, 336
Tiger, 337
overview of, 332–333
Message-ID, 517
Metasploit, 610
methods and maturity models, software development, 184, 735, 751–761
Agile model, 756–757
Build and Fix model, 752–753
CASE (Computer-Aided Software Engineering), 759
CD (continuous delivery), 757
CI (continuous integration), 757
CMMI (Capability Maturity Model Integration), 759
Component-Based Development method, 759
Exploratory model, 759
IDEAL model, 761
Incremental model, 755
ISO 9001:2015, 760–761
ISO/IEC 90003:2014, 760–761
JAD (Joint Analysis Development) model, 758
MPM (Modified Prototype Model), 755
overview of, 751–752
prototyping, 754
Spiral model, 756
Structured Programming Development mode, 759
V-shaped model, 754
Waterfall model, 753–754
metrics, security, 13–14
Metro Ethernet, 418–419
metropolitan-area networks (MANs), 418–419
MFA (multifactor authentication), 557
MGCP (Media Gateway Control Protocol), 431
microservices, 280–281
Microsoft Azure CDN, 494
Microsoft Point-to-Point Encryption (MPPE), 501
middleware, 232
military data classification, 176–177
MIME (Multipurpose Internet Mail Extensions), 447
MIMO (massive multiple input multiple output), 433
mining, data, 185–186
MIPv6 (Mobile IPv6), 408
mission, organizational, 12–13
misuse case testing, 619
access control threats, 591
anti-malware/antivirus, 494, 686
blacklisting, 685
clipping levels, 686
deviations from standards, 687
firewalls, 685
graylisting, 685
IDSs (intrusion detection systems), 461–463, 656, 685
input/output controls, 688
IPSs (intrusion prevention systems), 463, 656, 685
machine learning and artificial intelligence, 689
sandboxes, 686
system hardening, 688–689
third-party security services, 686
trusted paths, 688
trusted recovery, 688
unauthorized disclosure, 687
unusual/unexplained events, 687
vulnerability management systems, 689
whitelisting, 685
MITM (man-in-the-middle) attacks, 511
mixed law, 45
ML (machine learning), 751
MLAT (mutual legal assistance treaty), 41
MLD (Multicast Listener Discovery), 406
MNOs (mobile network operators), 434
mobile application management (MAM), 286
mobile code, 233, 494, 588, 739–743, 779
ActiveX, 739–740
definition of, 739
Java applets, 739
Mobile Connect, 435
mobile device management (MDM), 286
mobile devices, 463–468
Mobile IPv6 (MIPv6), 408
mobile malware, 771
mobile network operators (MNOs), 434
mobile system vulnerabilities, 286–291
application security, 287
BYOD (bring-your-own-device) concerns, 287–289
device security, 287
mobile wireless techniques, 433
MODAF (British Ministry of Defence Architecture Framework), 25
models
access control, 572–579
ABAC (attribute-based access control), 575–577
access control matrix, 579
content-dependent access control, 578
context-dependent access control, 578
DAC (discretionary access control), 573
MAC (mandatory access control), 573–574
RBAC (role-based access control), 574
risk-based access control, 578–579
rule-based access control, 574–579
layered defense model, 348
OSI, 378–382
Application layer, 379
Data Link layer, 381
overview of, 378–379
Physical layer, 381–382
Presentation layer, 379–380
Session layer, 380
Transport layer, 380–381
security. See security models
TCP/IP, 383–389
Application layer, 383–384
encapsulation/de-encapsulation, 388–389
Internet layer, 386–387
Link layer, 388
overview of, 383
Transport layer, 384–386
concepts for, 138
methodologies for, 138–141
potential attacks, 142–143
remediation, 143
threat identification for, 141–142
modified Waterfall model, 754
modulo function, 302
MOM (motive, opportunity, and means), 644
monitoring, 654–659
audit and review, 654–655
audit types, 656
continuous monitoring, 657
egress monitoring, 657–658
intrusion detection and prevention, 656
log management, 658
log types, 655
SIEM (security information and event management), 656
synthetic transaction, 616
threat intelligence, 658–659
UEBA (user and entity behavior analytics), 659
mono-alphabetic substitution cipher, 294
motive, opportunity, and means (MOM), 644
movable lighting, 718
movie DRM (digital rights management), 347
MPLS (Multiprotocol Label Switching), 430–431
MPM (Modified Prototype Model), 755
MPPE (Microsoft Point-to-Point Encryption), 501
MS-CHAP, 501
MTBF (mean time between failure), 82, 680
MTD (maximum tolerable downtime), 82
MTTR (mean time to repair), 82, 680
MTUs (maximum transmission units), 409, 520
Multi-access Edge Computing (MEC), 434
Multicast Listener Discovery (MLD), 406
multifactor authentication (MFA), 557
multilayer protocols, 428–429
multilevel lattice models, 223
multilevel security mode, 222
multimedia collaboration, 495–496
multimode fiber, 475
multipartite viruses, 768
multiple site recovery strategies, 700–703
cold sites, 702
hot sites, 701
overview of, 700–701
reciprocal agreements, 703
redundant sites, 703
tertiary sites, 702–703
multiplexers, 451
multiprocessing, 236
Multiprotocol Label Switching (MPLS), 430–431
Multipurpose Internet Mail Extensions (MIME), 447
multistate systems, 237
multitasking, 236
multithreading, 237
multi-user multiple-input, multiple-output (MU MIMO), 437
music DRM (digital rights management), 347
mutual legal assistance treaty (MLAT), 41
mutual-aid agreements, 703
N
NAP (Network Access Protection), 491–493
NAS (network-attached storage), 181, 676
NASs (network access servers), 455
NAT (Network Address Translation), 394–399, 426
definition of, 394
dynamic, 398
how it works, 395–397
SNAT (stateful NAT), 397
static, 398
National Cyber-Forensics & Training Alliance (NCFTA), 50
National Information Assurance Certification and Accreditation Process (NIACAP), 256
National Institute of Standards and Technology. See NIST (National Institute of Standards and Technology)
National Security Agency (NSA), 202, 313
natural access control, 349
natural languages, 735
natural surveillance, 349
natural territorials reinforcement, 349
natural threats, 130–131
ND (neighbor discovery), 415
NDAs (nondisclosure agreements), 47
Near Field Communication (NFC), 439
need-to-know principle, 559, 664–665
negative testing, 619
neighbor discovery (ND), 415
Nest Thermostat, 277
.NET analyzers for Microsoft, 766
NetBIOS, 426
NetScanTools Pro, 607
network access control devices, 491–493
Network Access Protection (NAP), 491–493
network access server (NAS), 455
Network Address Translation. See NAT (Network Address Translation)
network discovery scans, 606–607
network DLP (data loss prevention), 657
Network File System (NFS), 427
Network Node Intrusion Detection System (NNIDS), 461
Network Policy Server (NPS), 491
network-attached storage (NAS), 181, 676
network-based DLP (data loss prevention), 204
network-based IDS (NIDS), 461
networks. See also communication channels, secure; cryptography; IP (Internet Protocol) networking; individual protocols
analysis of, 650–651
attacks, 509–521
cabling, 509–510
DNS (Domain Name System), 514–516
email, 516–518
ICMP (Internet Control Message Protocol), 512–514
IP address spoofing, 520
network component attacks, 510–512
port scanning, 520
ransomware, 521
remote, 519
session hijacking, 519
SYN ACK, 519
teardrop, 520
wireless, 518–519
zero-day, 521
CANs (campus-area networks), 421
CDNs (content-distribution networks), 494–495
intranets, 417–418
management of, 679–680
MANs (metropolitan-area networks), 418–419
network devices, 450–468
access control devices, 491–493
bridges, 452
demultiplexers, 451
EDR (endpoint detection and response), 463
gateways, 455
honeypots/honeynets, 460
hubs, 451–452
IDSs (intrusion detection systems), 461–463, 656, 685
IPSs (intrusion prevention systems), 463, 656, 685
mobile devices, 463–468
multiplexers, 451
patch panels, 451
PBX (private branch exchange), 460
repeaters, 452
routers, 454–455
switches, 453–454
telco concentrators, 451
VLANs (virtual local-area networks), 454
VPN concentrators, 451
WAPs (wireless access points), 463
network transmission, 399–403
analog versus digital, 399–400
baseband, 401
broadband, 401
broadcast, 402
synchronous/asynchronous, 400
wired, 403
wireless, 403
NICs (network interface cards), 398–399
Application layer, 379
Data Link layer, 381
overview of, 378–379
Physical layer, 381–382
Presentation layer, 379–380
Session layer, 380
Transport layer, 380–381
overview of, 376–377
PVLAN (private VLAN), 508
routing, 468–471
BGP (Border Gateway Protocol), 471
distance vector protocols, 469
EIGRP (Enhanced IGRP), 470
hybrid protocols, 469
IGRP (Interior Gateway Routing Protocol), 470
IS-IS (Intermediate System to Intermediate System), 471
link state protocols, 469
OSPF (Open Shortest Path First), 470
RIP (Routing Information Protocol), 469–470
VRRP (Virtual Router Redundancy Protocol), 470
SANs (storage-area networks), 420
secure components, 450–495
TCP/IP model, 383–389
Application layer, 383–384
encapsulation/de-encapsulation, 388–389
Internet layer, 386–387
Link layer, 388
overview of, 383
Transport layer, 384–386
technologies, 479–485
collision domains, 482–483
CSMA/CA (Carrier Sense Multiple Access with Collision Avoidance), 482, 484–485
CSMA/CD (Carrier Sense Multiple Access with Collision Detection), 482, 484
FDDI (Fiber Distributed Data Interface), 481
polling, 485
token passing, 485
testing, 605
topologies, 475–478
bus, 476
hybrid, 478
mesh, 477
ring, 476
star, 477
transmission media
cabling, 471–475
network technologies, 479–485
network topologies, 475–478
WAN technologies, 486–491
types of, 417–421
virtualized, 507–508
vulnerability scans, 607–608
WANs (wide-area networks), 383, 419
wireless, 431–445
5G, 434–435
802.11 techniques, 432–433
cellular/mobile techniques, 433
satellite, 435
WLANs (wireless LANs), 432–433, 435–445
Nexpose, 605
NFC (Near Field Communication), 439
NFS (Network File System), 427
NFS (Number Field Sieve), 321
NIACAP (National Information Assurance Certification and Accreditation Process), 256
NICs (network interface cards), 398–399
NIDS (network-based IDS), 461
NIST (National Institute of Standards and Technology), 11
asset life cycle, 179
framework for cyber-physical systems, 278–280
Framework for Improving Critical Infrastructure Cybersecurity, 124–126
Interagency Report (NISTIR) 7924, 324
RMF (Risk Management Framework), 109–126, 175
Framework for Improving Critical Infrastructure Cybersecurity, 124–126
SP 800–30 Rev. 1, 121–122
SP 800–39, 122–123
SP 800–53 Rev. 5, 114–115
SP 800–60 Vol. 1 Rev. 1, 112–114
SP 800–160, 115–118
security audits defined by, 604
SHA (Secure Hash Algorithm), 336
Special Publications
SP 800 series, 27–30
SP 800–12 Rev. 1, 27
SP 800–16 Rev. 1, 27
SP 800–18 Rev. 1, 28
SP 800–34, 78–80
SP 800–34 Rev. 1, 28
SP 800–35, 28
SP 800–37 Rev. 2, 28, 118–121, 743
SP 800–50, 28
SP 800–53 Rev. 5, 28, 38, 114–115, 143
SP 800–55 Rev. 1, 28
SP 800–57, 328–332
SP 800–60 Vol. 1 Rev. 1, 28, 112–114
SP 800–63, 542–546
SP 800–66, 173
SP 800–79–2, 567
SP 800–84, 28
SP 800–88 Rev. 1, 29
SP 800–101 Rev. 1, 29
SP 800–111, 494
SP 800–115, 29
SP 800–119, 404–406
SP 800–123, 29
SP 800–124 Rev. 1, 464–468
SP 800–128, 493–494
SP 800–144, 29
SP 800–146, 29
SP 800–150, 29
SP 800–153, 29
SP 800–160 Vol. 1, 29
SP 800–161 Rev. 1, 29
SP 800–163, 740–743
SP 800–163 Rev. 1, 29
SP 800–167, 30
SP 800–175A and B, 30, 299–300
SP 800–181 Rev. 1, 30
SP 800–183, 30
Nmap, 520
NNIDS (Network Node Intrusion Detection System), 461
noise, 509
Nokia, 433
non-blind spoofing, 510
nonce, 302
nondisclosure agreements (NDAs), 47
noninterference models, 224, 230
nonvolatile memory, 240
Nook, 348
no-operation instructions (NOPs), 776
normalization, 184
NOT operations, 300–301
NPS (Network Policy Server), 491
NSA (National Security Agency), 313
NULL scans, 520
Number Field Sieve (NFS), 321
numbers, port, 389–391
numeric passwords, 548
O
OAuth (Open Authorization), 564
Object Linking and Embedding (OLE), 185, 738–739
Object Management Group (OMG), 737–738
Object Request Broker (ORB), 737–738
object reuse, 779
objectives, organizational, 12–13
object-oriented databases (OODBs), 184
object-oriented programming. See OOP (object-oriented programming)
object-relational databases, 184
objects, 215
OC lines (SONET), 487
occupant emergency plan (OEP), 80, 720
OCSP (Online Certificate Status Protocol), 322, 326, 327
OCTAVE (Operationally Critical Threat, Asset, and Vulnerability Evaluation), 32
ODBC (Open Database Connectivity), 185
OEP (occupant emergency plan), 80, 720
OFB (Output Feedback), 313–315
OFDM (orthogonal frequency-division multiplexing), 432–433
OFDMA (orthogonal frequency-division multiple access), 433
offboarding, 88
Office of Management and Budget (OMB), 58
OIDC (OpenID Connect), 564
OLE (Object Linking and Embedding), 185, 738–739
OMB (Office of Management and Budget), 58
OMG (Object Management Group), 737–738
omnidirectional antennas, 445
onboarding, 88
one-time pads, 306–307
one-time passwords, 547
one-way hash, 333–334
Online Certificate Status Protocol (OCSP), 322, 326, 327
onsite assessment, 144
OOP (object-oriented programming), 184, 735–737
cohesion, 737
coupling, 737
data structures, 737
encapsulation, 736
overview of, 735–736
polyinstantiation, 736
polymorphism, 736
Open Authorization (OAuth), 564
Open Database Connectivity (ODBC), 185
Open Group Security Forum, 561–565
Open Shortest Path First (OSPF), 470
Open Source Security Testing Methodology Manual (OSSTMM), 127
Open System Authentication, 440
Open Systems Interconnection model. See OSI (Open Systems Interconnection) model
Open Vulnerability Assessment System (OpenVAS), 605
Open Web Application Security Project (OWASP), 286, 750–751, 765
OpenID Connect (OIDC), 564
open-source intelligence (OSINT), 658–659
Operate/Maintain phase, System Development Life Cycle, 745
operating system fingerprinting, 606
operating systems, 243–244
operation and maintenance, 762
operational viewpoint (OV), 25
Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE), 32
operations, security. See security operations
operations investigations, 63
opinion evidence, 648
opportunity, 644
optical jukebox, 698
OR operations, 300–301
Orange Book, 245–248, 688, 772
ORB (Object Request Broker), 737–738
organization, data, 168–169
organizational processes, 14–16
acquisitions and divestitures, 15–16
governance committees, 16
organizational roles/responsibilities, 16–20, 188–191, 193, 665
application owner, 19
audit committee, 18
auditor, 20
board of directors, 16–17
business/mission owner, 190
data controller, 189
data processor, 190–191
data subject, 191
data user, 191
definition of, 583
management, 17–18
security administrator, 19
security analyst, 19
supervisor, 20
system administrator, 19
system custodian, 190
organizational security policy, 71
organizationally unique identifier (OUI), 399
orthogonal frequency-division multiple access (OFDMA), 433
orthogonal frequency-division multiplexing (OFDM), 432–433
OSI (Open Systems Interconnection) model, 378–382
Application layer, 379
Data Link layer, 381
overview of, 378–379
Physical layer, 381–382
Presentation layer, 379–380
Session layer, 380
Transport layer, 380–381
OSINT (open-source intelligence), 658–659
OSPF (Open Shortest Path First), 470
OSSTMM (Open Source Security Testing Methodology Manual), 127
OUI (organizationally unique identifier), 399
outage impact, identification of, 82–83
Output Feedback (OFB), 313–315
OV (operational viewpoint), 25
overflow, buffer, 776–778
over-the-shoulder code review, 617
OWASP (Open Web Application Security Project), 286, 750–751, 765
owners
application, 19
business/mission, 190
ownership factor authentication, 550–551
memory cards, 550–551
physiological characteristics, 550–551
smart cards, 551
synchronous versus asynchronous token devices, 550
P
P2P (peer-to-peer) applications, 496
P2P (peer-to-peer) computing, 275, 496
packet creation. See encapsulation
packet filtering firewalls, 456
packet switching, 488
PACs (Privileged Attribute Certificates), 564
pair programming, 617
palm scans, 553
PANs (personal-area networks), 421
PAP (Password Authentication Protocol), 504
parabolic antennas, 445
parallel tests, 712
parasitic viruses, 768
partial-knowledge tests, 610
PAS (Privileged Attribute Server), 564
passive infrared (PIR) systems, 716
passive vulnerability scanners (PVSs), 607
passphrase passwords, 547
pass-the-hash attacks, 346
Password Authentication Protocol (PAP), 504
passwords
management of, 548–550
threats, 585–586
brute-force attacks, 586
dictionary attacks, 585
dumpster diving, 587
rainbow table attacks, 586
sniffer attacks, 586
types of, 546–550
PASTA (Process for Attack Simulation and Threat Analysis), 139
PAT (Port Address Translation), 396, 427
patches, 451, 689–690, 774–775
patents, 46
Path Maximum Transmission Unit Discovery (PMTUD), 409
path tracing, 651
paths, trusted, 688
patrol force, 719
pattern-matching IDSs (intrusion detection systems), 461
payload, 388–389
Payment Card Industry Data Security Standard (PCI DSS), 255
PBX (private branch exchange), 460
PCBs (printed circuit boards), 433
PCI DSS (Payment Card Industry Data Security Standard), 255
PCR (Platform Configuration Register) hashes, 259
PDPA (Personal Data Protection Act) in Singapore, 58
Peach Fuzzer, 619
PEAP (Protected EAP), 443
Pearson Test Prep practice test software, 791–793
offline access to, 792–793
online access to, 792
PearsonITCertification.com, 792
PearsonTestPrep.com, 792
peer-to-peer computing, 275, 496
PEnE (Policy Enforcement Engine), 290–291
penetration testing, 609–611
perimeter security, 713–719
access control, 719
gates/fences, 714–716
lighting, 718–719
patrol force, 719
perimeter intrusion detection systems, 716–718
Personal Data Protection Act (PDPA) in Singapore, 58
personal firewalls, 494
personal identification numbers (PINs), 542
Personal Information Protection and Electronic Documents Act (PIPEDA), 56
Personal Information Protection Law (PIPL) in China, 58
personal-area networks (PANs), 421
personally identifiable information (PII), 40, 52, 171–173, 449
personnel. See also teams
disaster recovery, 707–709
policies/procedures, 85–90
candidate screening/hiring, 85–87
compliance policy, 89
employee onboarding/offboarding, 88
employment agreements, 87
job rotation, 89
privacy policy, 89
separation of duties, 89
privacy issues, 60
safety and security, 719–721
testing, 605
training, 699
PGP (Pretty Good Privacy), 446–447
pharming, 586–587
PHI (protected health information), 173–175
phishing/pharming, 449, 517, 586–587
photoelectric systems, 717
photometric systems, 717
physical addressing. See addressing, IP (Internet Protocol)
physical controls, 105, 537–538
Physical layer, OSI model, 383–389
physical security, 350, 713–721
building and internal security, 719
equipment, 362–364
perimeter security, 713–719
access control, 719
gates/fences, 714–716
lighting, 718–719
patrol force, 719
perimeter intrusion detection systems, 716–718
personnel safety and security, 719–721
physical testing, 605
physiological biometric systems, 550–551
PII (personally identifiable information), 40, 52, 171–173, 449
ping command, 387, 425, 512, 513
PINs (personal identification numbers), 542
PIPEDA (Personal Information Protection and Electronic Documents Act), 56
pipelined processors, 243
PIPL (Personal Information Protection Law) in China, 58
PIR (passive infrared) systems, 716
piracy, software, 49
PKCS (Public Key Cryptography Standards), 447
PKI (public key infrastructure), 322–328, 501
CAs (certificate authorities), 323
CRLs (certificate revocation lists), 327
cross-certification, 328
digital certificates, 323–327
classes of, 324
definition of, 293
life cycle of, 324–327
requesting, 327–328
X.509, 323
OCSP (Online Certificate Status Protocol), 327
RAs (registration authorities), 323
steps of, 327–328
plain old telephone service (POTS), 490
Plan-Do-Check-Act cycle, 34, 108
Plan/Initiate Project phase, Software Development Life Cycle, 746–747
plans
BCPs (business continuity plans), 76, 77–78, 79, 624, 713
BIA (business impact analysis), 76, 81–85
CIP (critical infrastructure protection) plan, 79
continency planning, 76, 78–81
COOP (continuity of operations plan), 79
crisis communications plan, 79
cyber incident response plan, 79
DRPs (disaster recovery plans), 75–76, 79, 624, 711–713
checklist tests, 712
evacuation drills, 713
full-interruption tests, 712
functional drills, 713
parallel tests, 712
read-through tests, 711
simulation tests, 712
structured walk-through tests, 712
table-top exercises, 712
ISCP (information system contingency plan), 80
OEP (occupant emergency plan), 80, 720
Platform Configuration Register (PCR) hashes, 259
PLD (programmable logic device), 239
PMTUD (Path Maximum Transmission Unit Discovery), 409
point of presence (POP), 495
Point-to-Point-Protocol (PPP), 489
Point-to-Point-Tunneling Protocol (PPTP), 501
policies
access control, 580
advisory, 72
AUP (acceptable use policy), 638
data, 166–167
documentation for, 70–72
informative, 72
issue-specific, 72
malware, 772
organizational, 71
personnel, 85–90
candidate screening/hiring, 85–87
compliance policy, 89
employee onboarding/offboarding, 88
employment agreements, 87
job rotation, 89
privacy policy, 89
separation of duties, 89
provisioning, 581
regulatory, 72
risk management, 94
system-specific, 72
Windows Group Policy, 201
Policy Enforcement Engine (PEnE), 290–291
politically motivated threats, 135–137
polling, 485
polyalphabetic substitution cipher, 294
polymorphic viruses, 768
polymorphism, 736
POP (point of presence), 495
POP (Post Office Protocol), 427
Port Address Translation (PAT), 396, 427
ports. See also individual protocols
port isolation, 508
TCP/UDP, 389–391
Post Office Protocol (POP), 427
potential attacks, 142–143
POTS (plain old telephone service), 490
power levels, WLANs (wireless LANs), 444–445
power supply, 360–361, 703–704
power user accounts, 665
PPP (Point-to-Point-Protocol), 489
PPTP (Point-to-Point-Tunneling Protocol), 501
practice exams, 791–793
preaction extinguishers, 359
preliminary risk assessment, 744
Premium Edition, Pearson Test Prep practice test, 794–795
preparation, exam
final review/study plan, 795–796
memory tables, 795
Pearson Test Prep practice test software, 791–793
exam customizations, 793–794
exam updates, 794
offline access to, 792–793
online access to, 792
Premium Edition, 794–795
tools for, 795
Presentation layer, OSI model, 379–380
preservation of evidence. See evidence collection and handling
Pretty Good Privacy (PGP), 446–447
preventing access control threats, 591
prevention, 684–689
anti-malware/antivirus, 494, 686
blacklisting, 685
clipping levels, 686
deviations from standards, 687
firewalls, 685
graylisting, 685
IDSs (intrusion detection systems), 461–463, 656, 685
input/output controls, 688
IPSs (intrusion prevention systems), 463, 656, 685
machine learning and artificial intelligence, 689
sandboxes, 686
system hardening, 688–689
third-party security services, 686
trusted paths, 688
trusted recovery, 688
unauthorized disclosure, 687
unusual/unexplained events, 687
vulnerability management systems, 689
whitelisting, 685
preventive controls, 102
PRFs (pseudorandom functions), 428
PRI (Primary Rate Interface), 498
primary keys, 183
primary memory, 239
Primary Rate Interface (PRI), 498
principle of least privilege, 216, 559, 664–665, 781
printed circuit boards (PCBs), 433
priorities, asset recovery, 691–692
definition of, 52
laws/regulations for, 53–62
personnel policies, 89
PII (personally identifiable information), 52
privacy by design, 218–219
privacy requirements compliance, 40
private data, 175–176
private branch exchange (PBX), 460
private IP (Internet Protocol) addressing, 394
private key encryption. See symmetric algorithms
private sector data classification, 175–176
private VLAN (PVLAN), 508
Privileged Attribute Certificates (PACs), 564
Privileged Attribute Server (PAS), 564
privileges, 572
principle of least privilege, 559, 664–665, 781
privilege account management, 666
privilege creep, 582–584
separation of, 260
procedures, documentation for, 72
Process for Attack Simulation and Threat Analysis (PASTA), 139
processes
critical processes/resources, identification of, 82
definition of, 243
documentation for, 72
states, 238
systems engineering, 214–215
processors, data, 190–191
process/policy review, 145
professional ethics, 67–69
programmable logic device (PLD), 239
project viewpoint (PV), 25
proof of identity process, 566–567
properly identified evidence, 646
proprietary data, 175
Protected EAP (PEAP), 443
protected health information (PHI), 173–175
protection domains, 565
Protection Profile (PP) evaluation, 251–252
protocol anomaly-based IDSs (intrusion detection systems), 462
protocols. See individual protocols
prototyping, 754
provider edge (PE) routers, 431
provider routers, 431
provisioning life cycle, 580–584. See also resource provisioning
account review, 582
account revocation, 583
account transfers, 582–583
identity and account management, 581–582
overview of, 580–581
privilege escalation, 583–584
provisioning policies, 581
role definition, 583
proxies, 493
proximity authentication devices, 354
proximity cards, 551
proxy firewalls, 456
proxy logs, 655
pseudorandom functions (PRFs), 428
PSTN (public switched telephone network), 490
Public Company Accounting Reform and Investor Protection Act, 54
public data, 175–176
public IP (Internet Protocol)addressing, 394
Public Key Cryptography Standards (PKCS), 447
public key encryption. See asymmetric algorithms
public key infrastructure (PKI), 501
public switched telephone network (PSTN), 490
pulping, 194
pulverizing, 194
PV (project viewpoint), 25
PVLAN (private VLAN), 508
PVSs (passive vulnerability scanners), 607
Q
QAM (quadrature amplitude modulation), 438
QoS (quality of service), 408, 706
quadrature amplitude modulation (QAM), 438
qualitative risk assessment, 98
quantitative risk assessment, 96–98
quantum cryptography, 312, 448
quarantine, 492
quartz lamps, 718
R
radio frequency interference (RFI), 360, 473–474
RADIUS (Remote Authentication Dial-In User Service), 503–504, 568
RAID (Redundant Array of Independent Disks), 672–676, 705
Rainbow Series, 678
Green Book, 248
Orange Book, 245–248
Red Book, 245
rainbow table attacks, 586
RAM (random-access memory), 238
random access devices, 241
random-access memory (RAM), 238
RAs (registration authorities), 323
RBAC (role-based access control), 574, 664–665
RC4/RC5/RC6/RC7 algorithms, 318
RCA (root-cause analysis), 63
rcp, 505
RDBMSs (relational database management systems), 183
RDC (Remote Desktop Connection), 448–449
RDP (Remote Desktop Protocol), 448–449
read-only memory (ROM), 238–239
read-through tests, 711
real user monitoring (RUM), 616
Real-time Transport Protocol (RTP), 431
reciprocal agreements, 703
recoverability, 84
recovery, 684
controls, 102
priorities, 84–85
recovery strategies. See also disaster recovery
backup storage strategies, 699
fault tolerance, 704
fire detection/suppression, 705
high availability, 705–706
insurance, 704–705
multiple site strategies, 700–703
QoS (quality of service), 706
redundancy, 703–704
system resilience, 706
RPO (recovery point objective), 83, 691–692
RTO (recovery time objective), 83, 691–692
strategies for, 690–706
asset recovery priorities, 691–692
business process recovery, 692
creating, 691–699
data recovery, 696–699
personnel training, 699
supply and technology recovery, 692–695
user environment recovery, 695
trusted, 688
recovery teams, 708
Red Book, 245
Red Team/Blue Team exercises, 603–604
Reduced Instruction Set Computer (RISC), 236
redundancy, 671, 679, 703–704. See also RAID (Redundant Array of Independent Disks)
reference monitors, 773
referential integrity, 183
registration, 566–567
registration authorities (RAs), 323
regression and acceptance testing, 749, 775
regulations. See legal/regulatory issues
regulatory law, 45
relational databases, 183
relations, 183
relative addressing, 240
Release/Maintenance phase, Software Development Life Cycle, 749
relevant evidence, 646
religious law, 45
relocation teams, 709
remote access, 448–449
remote connection technologies, 497–506
cable, 499–500
dial-up, 497–498
DSL, 498–499
ISDN, 498
RADIUS, 503–504
rlogin/rsh/rcp, 505
TACACS+503–504
Telnet, 505
TLS/SSL, 505–506
VPNs, 500–503
telecommuting/telework, 506–507
virtual application/desktop, 506
VPN screen scrapers, 506
remote attacks, 519
Remote Authentication Dial-In User Service (RADIUS), 503–504, 568
remote connection technologies, 497–506
cable, 499–500
dial-up, 497–498
DSL, 498–499
ISDN, 498
RADIUS, 503–504
remote meeting technology, 496
rlogin/rsh/rcp, 505
TACACS+503–504
Telnet, 505
TLS/SSL, 505–506
VPNs, 500–503
Remote Desktop Connection (RDC), 448–449
Remote Desktop Protocol (RDP), 448–449
remote journaling, 698
remote wipe feature, 363
renewal of digital certificates, 327
repeaters, 452
replay attacks, 344
replication, 698
generating, 624
investigation, 642
risk management, 108–109
SOC (Service Organization Control), 625–626
repositories, code repository security, 766
requests for comments. See RFCs (requests for comments)
Reservation Protocol with Traffic Engineering (RSVP-TE), 431
reset policies, password, 549
residual risk, 99
resilience, system, 706
resource protection, 13–14,669–680
asset management, 671–680
backup and recovery systems, 672
fault tolerance, 671
identity and access management, 672
media management, 672–679
redundancy, 671
critical processes/resources, 82
facilities, 669
hardware, 670
information assets, 671
resource identification, 536
resource requirements, 84
software, 670
tangible/intangible assets, 669–671
resource provisioning, 179, 661–663
applications, 663
cloud assets, 663
definition of, 661
physical assets, 662
virtual assets, 663
responsibility, shared, 219–220
rest, data at, 198
restricted and work areas, 357–358
retention, asset, 193, 195–197
retina scans, 553
reuse, object, 779
Reverse ARP (RARP), 423
reviews
account, 582
code, 616–619
black-box, 616–618
dynamic testing, 618
fuzz testing, 619
goal of, 616
gray-box, 616–618
review process, 618
static testing, 618
white-box, 616–618
log, 611–616
definition of, 611
logging configuration, 615–616
SP 800–92 recommendations, 612–616
SP 800–137 recommendations, 620–621
security process, 622
revocation, 621
accounts, 583
digital certificates, 326
RFCs (requests for comments)
RFC 1087, 69
RFC 1918, 394
RFC 2460, 407
RFC 2822, 517
RFC 3195, 613
RFC 3775, 408
RFC 4449, 408
RFC 4861, 408
RFC 6335, 390
RFC 6376, 517
RFC 7208, 517
RFI (radio frequency interference), 360, 473–474
rights, 572
Rijndael algorithm, 317
ring topology, 476
riots, 136
RIP (Routing Information Protocol), 469–470
RIPEMD-160, 337
RISC (Reduced Instruction Set Computer), 236
risk analysis team, 94
risk management, 90–128
analysis and mitigation, 744, 774–775
controls, 100–108
assessment and monitoring, 108
categories of, 100–102
types of, 102–105
implementation of, 100
KRIs (key risk indicators), 622–623
overview of, 2–5
policies, 94
reporting and continuous improvement, 108–109
risk analysis team, 94
risk appetite, 92
risk assessment, 95–100
asset value and costs, 95–96
identity threats and vulnerabilities, 96
inherent versus residual risk, 99
qualitative, 98
quantitative, 96–98
risk response, 99–100
risk frameworks, 109–129
COSO Enterprise Risk Management (ERM) Integrated Framework, 127
ISO/IEC 27005:2018, 126–127
NIST (National Institute of Standards and Technology), 109–126
OSSTMM (Open Source Security Testing Methodology Manual), 127
A Risk Management Standard (FERMA), 128
risk response, 99–100
risk-based access control, 578–579
supply chain risks, 143–146
hardware, software, and services, 144
service-level requirements, 145–146
SLAs (service-level agreements), 146
third-party assessment, 144–145
team for, 94
terminology for, 90–93
Risk Management Framework (RMF), 175
A Risk Management Standard (FERMA), 128
risk management team, 94
rlogin, 505
RMF (Risk Management Framework), 175
rogue programmers, 778
role-based access control (RBAC), 574, 664–665
application owner, 19
audit committee, 18
auditor, 20
board of directors, 16–17
business/mission owner, 190
data controller, 189
data processor, 190–191
data subject, 191
data user, 191
definition of, 583
management, 17–18
security administrator, 19
security analyst, 19
supervisor, 20
system administrator, 19
system custodian, 190
ROM (read-only memory), 238–239
Ronen, Eyal, 442
root-cause analysis (RCA), 63
rootkits, 770
Roots of Trust (RoTs), 290–291
rotation of duties, 666
RoTs (Roots of Trust), 290–291
route aggregation, IPv6, 408
routers/routing, 380–381, 454–455, 468–471
attacks, 498
BGP (Border Gateway Protocol), 471
customer edge, 431
distance vector protocols, 469
EIGRP (Enhanced IGRP), 470
hybrid protocols, 469
IGRP (Interior Gateway Routing Protocol), 470
IS-IS (Intermediate System to Intermediate System), 471
LERs (label edge routers), 430
link state protocols, 469
LSRs (label switching routers), 430
OSPF (Open Shortest Path First), 470
provider, 431
provider edge, 431
RIP (Routing Information Protocol), 469–470
VRRP (Virtual Router Redundancy Protocol), 470
Routing Information Protocol (RIP), 469–470
RPO (recovery point objective), 83, 691–692
RSA, 320–321
rsh, 505
RSVP-TE (Reservation Protocol with Traffic Engineering), 431
RTO (recovery time objective), 83, 691–692
RTP (Real-time Transport Protocol), 431
Ruby, 765
rules
of engagement, 681–682
of evidence, 646
rule-based access control, 574–579
rule-based IDSs (intrusion detection systems), 462
RUM (real user monitoring), 616
running key ciphers, 305
S
SABSA (Sherwood Applied Business Security Architecture), 25–26
safe harbor, 61
SafeKey, 449
safes, 364
sag, power, 360
salting, 339
salvage teams, 709
SAM (Security Accounts Manager), 549–550
SAML (Security Assertion Markup Language), 564, 565
sanitization, 193–194, 678–679, 781
SANs (storage-area networks), 181, 420, 676, 705
Sarbanes-Oxley (SOX) Act, 16–17, 54
SAs (security associations), 502
SAS (Statement on Auditing Standards) 70, 625
SASE (specific application service element), 380
SAST (Static Application Security Testing), 750
satellite networks, 435
SBU (Sensitive but Unclassified) data, 176
scans, 772
network discovery, 606–607
network vulnerability, 607–608
ping, 513
server-based versus agent-based, 608
web application vulnerability, 609
scareware, 43
SCAs (security control assessments), 105–108
schemas, 183
Scientific Working Group on Digital Evidence, 642–643
scope, 201
BCPs (business continuity plans), 78
incident response, 681–682
IPv6 addresses, 415–416
screen scrapers, 506
screened hosts, 459
screened subnet, 459
script malware, 768
scrubbing, 569
scytale cipher, 294
SDLC. See Software Development Life Cycle; System Development Life Cycle
SDN (software-defined networking), 507–508
SDRAM (synchronous dynamic random-access memory), 238
SDSL (Symmetric DSL), 499
searching for evidence, 649
secondary evidence, 647
secondary memory, 240
Secret data, 176
secret key encryption. See symmetric algorithms
Secure Boot, 242
secure coding guidelines/standards, 776–781
APIs (application programming interfaces), 780
backdoors, 778
best practices, 780–781
buffer overflow, 776–778
covert channels, 779
mobile code, 779
object reuse, 779
privilege escalation, 778
rogue programmers, 778
TOC (time of check) attacks, 779
TOU (time of use) attacks, 779
trapdoors, 778
secure communication channels, 495–521
data communications, 507
multimedia collaboration, 495–496
remote access
remote connection technologies, 497–506
telecommuting/telework, 506–507
virtual application/desktop, 506
VPN screen scrapers, 506
virtualized networks, 507–508
voice, 495
secure data centers, 357
secure defaults, 216–217
secure design principles, engineering using, 214–220
closed versus open systems, 215
defense-in-depth strategy, 216
fail safe/fail secure, 217
objects/subjects, 215
principle of least privilege, 216
privacy by design, 218–219
secure defaults, 216–217
separation of duties, 217–218
shared responsibility, 219–220
simplicity, 218
systems engineering processes, 214–215
threat modeling, 215
trust but verify approach, 219
zero trust, 218
Secure Electronic Transaction (SET), 449
Secure European System for Applications in a Multi-vendor Environment (SESAME), 564
Secure Hash Algorithm (SHA), 336
secure HTTP (S-HTTP), 425
Secure MIME (S/MIME), 447
secure network components, 450–495
CDNs (content-distribution networks), 494–495
endpoint security, 493–494
hardware, 450–471
network devices, 450–468
network routing, 468–471
network access control devices, 491–493
transmission media
cabling, 471–475
network topologies, 475–478, 479–485
WAN technologies, 486–491
Secure Shell (SSH), 450
Secure Sockets Layer (SSL), 428
Security Accounts Manager (SAM), 549–550
security administrators, 19
security analysts, 19
security architecture and engineering. See also cryptography
asymmetric algorithms, 319–322
certification and accreditation, 256
containerization, 280–281
cryptography, 292–312
digital signatures, 292, 339–340, 742
DRM (digital rights management), 346–348
embedded system vulnerabilities, 291
engineering using secure design principles, 214–220
closed versus open systems, 215
defense-in-depth strategy, 216
fail safe/fail secure, 217
objects/subjects, 215
principle of least privilege, 216
privacy by design, 218–219
secure defaults, 216–217
separation of duties, 217–218
shared responsibility, 219–220
simplicity, 218
systems engineering processes, 214–215
threat modeling, 215
trust but verify approach, 219
zero trust, 218
information systems, 257–261. See also cryptography
fault tolerance, 85, 259, 671, 679, 704
interfaces, 259
memory protection, 257–258
TPM (Trusted Platform Module), 258–259
message integrity, 332–339
hashing, 333–337
overview of, 332–333
mobile system vulnerabilities, 286–291
application security, 287
BYOD (bring-your-own-device) concerns, 287–289
device security, 287
non-repudiation, 340
overview of, 210–213
security architecture, 261–283
client-based systems, 262–263
cloud-based systems, 264–274
cryptographic systems, 265
database systems, 264
edge computing systems, 282–283
grid computing, 275
HPC (high-performance computing systems), 282
ICSs (industrial control systems), 265–268
IoT (Internet of Things), 276
large-scale parallel data systems, 274–275
microservices, 280–281
peer-to-peer computing, 275
server-based systems, 263
serverless systems, 281–282
virtualized systems, 283
security control selection, 256–257
security models, 220–244
Bell-LaPadula model, 226–227
Biba model, 228
bounds, 221
Brewer-Nash (Chinese Wall) model, 229
CIA (confidentiality, integrity, and availability), 6–7, 170, 220, 744
Clark-Wilson integrity model, 228–229
computing platforms, 231–233
confinement, 220
Goguen-Meseguer model, 230
Graham-Denning model, 230
Harrison-Ruzzo-Ullman model, 230
information flow models, 224–225
ISO/IEC 42010:2011, 231
isolation, 221
Lipner model, 229
matrix-based models, 223–224
model types, 222–225
multilevel lattice models, 223
noninterference models, 224, 230
security modes, 221–222
security services, 234–235
state machine models, 223
Sutherland model, 230
system architecture steps, 230–231
system components, 235–244
Take-Grant model, 225
sites/facilities
design, 348–353
security controls, 353–364
system security evaluation models, 244–255
CC (Common Criteria), 250–252
controls and countermeasures, 92, 98–99, 255
ITSEC (Information Technology Security Evaluation Criteria), 248–250
security implementation standards, 252–255
TCSEC (Trusted Computer System Evaluation Criteria), 245–248
web-based system vulnerabilities, 283–286
maintenance hooks, 284
OWASP (Open Web Application Security Project), 286
time-of-check/time-of-use attacks, 284–285
web-based attacks, 285
XML (Extensible Markup Language), 285
Security Assertion Markup Language (SAML), 564, 565
security assessment and testing. See assessment and testing
security associations (SAs), 502
security audits. See audits
security control frameworks, 20–37
bottom-up approach, 36
CIS Critical Security Controls, 31–32
CMMI (Capability Maturity Model Integration), 35
COBIT (Control Objectives for Information and Related Technology), 27
COSO (Committee of Sponsoring Organizations), 32
CRAMM (CCTA Risk Analysis and Management Method), 36
definition of, 20
DoDAF (Department of Defense Architecture Framework), 25
HITRUST CSF (Common Security Framework), 30–31
ISO/IEC 27000 series, 21–24
ITIL (Information Technology Infrastructure Library), 33
MODAF (British Ministry of Defence Architecture Framework), 25
NIST (National Institute of Standards and Technology) SP 800 series, 27–30
OCTAVE (Operationally Critical Threat, Asset, and Vulnerability Evaluation), 32
SABSA (Sherwood Applied Business Security Architecture), 25–26
security program life cycle, 37
Six Sigma, 34
standards compared to, 20
TOGAF (The Open Group Architecture Framework), 25
top-down approach, 36
Zachman Framework, 25
security control testing, conducting, 605–620
code review and testing, 616–619
black-box, 616–618
dynamic testing, 618
fuzz testing, 619
goal of, 616
gray-box, 616–618
review process, 618
static testing, 618
white-box, 616–618
interface testing, 620
log reviews, 611–616
definition of, 611
logging configuration, 615–616
SP 800–92 recommendations, 612–616
SP 800–137 recommendations, 620–621
misuse case testing, 619
penetration testing, 609–611
in software development, 764–772
best practices, 764–765
code repository security, 766
malicious software, 766–772
overview of, 764
software environment security, 765
software protection mechanisms, 772–773
source code analysis tools, 766
synthetic transaction monitoring, 616
test coverage analysis, 619–620
vulnerability assessments, 605–609
definition of, 605
network discovery scans, 606–607
network vulnerability scans, 607–608
server-based versus agent-based, 608
tools for, 605–606
types of, 605
web application vulnerability scans, 609
security documentation, 69–73
baselines, 73
guidelines, 73
overview of, 69–70
policies, 70–72
procedures, 72
processes, 72
standards, 73
security domains, 565
security education, training, and awareness, 147–148
security function alignment, 12–14
business case, 13
organizational mission/objectives, 12–13
organizational strategies/goals, 12–13
resources, 14
security budget, metrics, and efficacy, 13–14
security governance, 39
business continuity, 73–85
availability, 77
BCPs (business continuity plans), 76, 77–78, 79
BIA (business impact analysis), 76, 81–85
continency planning, 76, 78–81
definition of, 73
disaster types, 74–75
disruptions, 74
DRPs (disaster recovery plans), 75–76, 79, 624, 711–713
reliability, 77
compliance, 38–40
geographical threats, 129–137
human-caused, 133–135
internal/external, 129–130
natural, 130–131
politically motivated, 135–137
system, 131–133
governance committees, 16
investigations, 62–67
administrative, 63
civil, 64
criminal, 63
eDiscovery, 67
industry standards for, 64–67
operations, 63
regulatory, 64
legal/regulatory issues
computer crime, 41–43
cyber crimes, 50
data breaches, 50
import/export controls, 51
legal systems, 43–45
licensing and intellectual property, 46–50
privacy, 52–62
trans-border data flow, 51–52
overview of, 2–5
personnel security policies/procedures, 85–90
candidate screening/hiring, 85–87
compliance policy, 89
employee onboarding/offboarding, 88
employment agreements, 87
job rotation, 89
privacy policy, 89
separation of duties, 89
principles of, 10–38
due care/due diligence, 38
organizational processes, 14–16
organizational roles/responsibilities, 16–20
overview of, 10–11
security control frameworks, 20–37
security function alignment, 12–14
professional ethics, 67–69
risk management, 90–128
controls, 100–108
implementation of, 100
policies, 94
reporting and continuous improvement, 108–109
risk analysis team, 94
risk assessment, 95–100
risk frameworks, 109–129
risk management team, 94
supply chain risks, 143–146
terminology for, 90–93
security documentation, 69–73
baselines, 73
guidelines, 73
overview of, 69–70
policies, 70–72
procedures, 72
processes, 72
standards, 73
security education, training, and awareness, 147–148
security terminology for, 6–10
supply chain risks, 143–146
hardware, software, and services, 144
service-level requirements, 145–146
SLAs (service-level agreements), 146
third-party assessment, 144–145
threat modeling, 137–143
concepts for, 138
methodologies for, 138–141
potential attacks, 142–143
remediation, 143
threat identification for, 141–142
security implementation standards, 252–255
ISO/IEC 27001, 253–254
ISO/IEC 27002, 254–255
PCI DSS (Payment Card Industry Data Security Standard), 255
security information and event management (SIEM), 613–614, 656
security kernels, 773
security logs, 655
security models, 220–244
Bell-LaPadula model, 226–227
Biba model, 228
bounds, 221
Brewer-Nash (Chinese Wall) model, 229
CIA (confidentiality, integrity, and availability), 6–7, 170, 220, 744
Clark-Wilson integrity model, 228–229
computing platforms, 231–233
distributed systems, 232
embedded systems, 232
mainframe/thin clients, 232
middleware, 232
mobile code, 233
virtual computing, 233
confinement, 220
Goguen-Meseguer model, 230
Graham-Denning model, 230
Harrison-Ruzzo-Ullman model, 230
information flow models, 224–225
ISO/IEC 42010:2011, 231
isolation, 221
Lipner model, 229
matrix-based models, 223–224
model types, 222–225
multilevel lattice models, 223
noninterference models, 224, 230
security modes, 221–222
security services, 234–235
state machine models, 223
Sutherland model, 230
system architecture steps, 230–231
system components, 235–244
CPUs, 235–238
firmware, 242–243
I/O (input/output) devices, 241
I/O (input/output) structures, 241–242
memory, 238–241
operating systems, 243–244
storage, 238–241
Take-Grant model, 225
security modes, 221–222
security operations. See also disaster recovery
automation, 664
baselining, 664
configuration and change management, 659–661
detection/prevention, 684–689
anti-malware/antivirus, 494, 686
blacklisting, 685
clipping levels, 686
deviations from standards, 687
firewalls, 685
graylisting, 685
IDSs (intrusion detection systems), 461–463, 656, 685
input/output controls, 688
IPSs (intrusion prevention systems), 463, 656, 685
machine learning and artificial intelligence, 689
sandboxes, 686
system hardening, 688–689
third-party security services, 686
trusted paths, 688
trusted recovery, 688
unauthorized disclosure, 687
unusual/unexplained events, 687
vulnerability management systems, 689
whitelisting, 685
disaster recovery, 706–713
assessment, 710
BCPs (business continuity plans), 713
communication, 709
lessons learned from, 710–711
personnel, 707–709
response, 707
restoration, 710
training and awareness, 710
emergency management, 721
forensic and digital investigations, 638–653
chain of custody, 644–645
crime scenes, 643–644
criminal investigations, 638
digital forensic tools and procedures, 651–653
evidence collection and handling, 646–651
forensic procedures, 641–642
interviewing, 645
investigative techniques, 645
IOCE (International Organization on Computer Evidence), 642–643
MOM (motive, opportunity, and means), 644
reporting and documentation, 642
steps of, 638–641
SWGDE (Scientific Working Group on Digital Evidence), 642–643
incident response, 680–684
authorization and scope, 681–682
detection, 683
events versus incidents, 680–681
incident response teams, 681
mitigation, 683
procedures for, 682–684
recovery, 684
reporting, 684
response methods, 683
rules of engagement, 681–682
logging/monitoring, 654–659
audit and review, 654–655
audit types, 656
continuous monitoring, 657
egress monitoring, 657–658
intrusion detection and prevention, 656
log management, 658
log types, 655
SIEM (security information and event management), 656
threat intelligence, 658–659
UEBA (user and entity behavior analytics), 659
overview of, 634–637
patch and vulnerability management, 689–690
physical security, 713–721
building and internal security, 719
perimeter security, 713–719
personnel safety and security, 719–721
policies and principles for, 664–667
account management, 665
group management, 665
information life cycle, 668
job rotation, 666–667
mandatory vacations, 666–667
need-to-know principle, 664–665
principle of least privilege, 664–665
privilege account management, 666
record retention, 667–668
sensitive information procedures, 667
separation of duties, 666
SLAs (service-level agreements), 668
two-person control, 667
recovery strategies, 690–706
asset recovery priorities, 691–692
backup storage strategies, 699
business process recovery, 692
creating, 691–699
data recovery, 696–699
fault tolerance, 704
fire detection/suppression, 705
high availability, 705–706
insurance, 704–705
multiple site strategies, 700–703
personnel training, 699
QoS (quality of service), 706
redundancy, 703–704
supply and technology recovery, 692–695
system resilience, 706
user environment recovery, 695
resource protection, 669–680
asset management, 671–680
facilities, 669
hardware, 670
information assets, 671
software, 670
tangible/intangible assets, 669–671
resource provisioning, 661–663
applications, 663
cloud assets, 663
definition of, 661
physical assets, 662
virtual assets, 663
security training and awareness, 721
security operations center (SOC), 751
Security Orchestration and Automated Response (SOAR), 751
security parameter index (SPI), 502
security perimeter, 773
security process data collection, 620–624
account management, 621–622
backup verification data, 623
disaster recovery and business continuity plans, 624
information security continuous monitoring programs, 620–621
KPIs (key performance indicators), 622–623
KRIs (key risk indicators), 622–623
management review and approval, 622
training and awareness, 623
security program life cycle, 37
security services, 234–235
Security Target (ST)/TOE evaluation, 251
security teams, 709
SEI (Software Engineering Institute), 261
seizure of evidence, 649
Sender Policy Framework (SPF), 516–517
Sensitive but Unclassified (SBU) data, 176
sensitivity, 170–175
PHI (protected health information), 173–175
PII (personally identifiable information), 171–173
proprietary data, 175
sensitive data, 175–176
sensitive information procedures, 667
separation of duties, 89, 217–218, 558–559, 666
separation of privilege, 260
sequential access devices, 241
Serial Line Internet Protocol (SLIP), 497
Server Message Block (SMB), 427
server-based scanning, 608
serverless systems, vulnerabilities of, 281–282
servers
DHCP (Dynamic Host Configuration Protocol), 423
DNS (Domain Name System), 424
equipment rooms for, 358
NASs (network access servers), 455
NPS (Network Policy Server), 491
vulnerabilities of, 263
Service Organization Control (SOC) reports, 625–626
Service Set Identifiers (SSIDs), 436
service-level agreements (SLAs), 146, 668, 679, 743
service-level requirements, 145–146
service-oriented architecture (SOA), 739
service-oriented viewpoint (SOV), 25
services. See individual services
SESAME (Secure European System for Applications in a Multi-vendor Environment), 564
session hijacking, 519
Session Initiation Protocol (SIP), 431
Session layer, OSI model, 380
session management, 566
SET (Secure Electronic Transaction), 449
SFTP (SSH File Transfer Protocol), 425
SHA (Secure Hash Algorithm), 336
Shamir, Adi, 320
Shared Key Authentication, 440
shared responsibility, 219–220
shareware, 49
sharing data, 198–199
shells, trusted, 688
Sherwood Applied Business Security Architecture (SABSA), 25–26
shielded twisted pair (STP) cabling, 473–474
shoulder surfing, 587
shredding, 194
S-HTTP (secure HTTP), 425
side-channel attacks, 345
SIEM (security information and event management), 613–614, 656
signature-based IDSs (intrusion detection systems), 461
signatures, digital, 292, 339–340, 742
SIM (subscriber identity module) cards, 433
Simple Mail Transfer Protocol (SMTP), 427, 560
Simple Network Management Protocol (SNMP), 614
simple passwords, 547
simplicity, design, 218
simulation tests, 712
Singapore, PDPA (Personal Data Protection Act) in Singapore, 58
single loss expectancy (SLE), 96–97
single point of failure (SPOF), 680
single sign-on. See SSO (single sign-on)
single-factor authentication, 557
single-mode fiber, 475
single-state systems, 237
SIP (Session Initiation Protocol), 431
site-local IPv6 addresses, 416
sites/facilities
design, 348–353
security controls, 353–364
biometric systems, 356
closets and intermediate distribution facilities, 357
doors, 353–354
environmental security and issues, 358–362
equipment physical security, 362–364
glass entryways, 356
locks, 355–356
restricted and work areas, 357–358
visitor control, 357
Skipjack, 317
slack space analysis, 650
SLAs (service-level agreements), 146, 668, 679
SLE (single loss expectancy), 96–97
small outline DIMM (SODIMM), 239
Smalltalk, 736
smart cards, 551
smart homes, 277
SMB (Server Message Block), 427
SMDS (Switched Multimegabit Data Service), 489
SMEs (subject matter experts), 13
S/MIME (Secure MIME), 447
SMTP (Simple Mail Transfer Protocol), 427, 560
smurf attacks, 512–513
SNAT (stateful NAT), 397
sniffer attacks, 586
sniffing and eavesdropping, 589–590
SNMP (Simple Network Management Protocol), 427, 614
SOA (service-oriented architecture), 739
SOAR (Security Orchestration and Automated Response), 751
SOC (security operations center), 751
SOC (Service Organization Control) reports, 625–626
social engineering threats, 42–43, 342, 496, 517–518, 586–587
identity theft, 587
phishing/pharming, 517, 586–587
shoulder surfing, 587
spam, 518
vishing, 586–587
Socket Secure (SOCKS) firewall, 457
SOCKS (Socket Secure) firewall, 457
SoD. See separation of duties
SODIMM (small outline DIMM), 239
sodium vapor lighting, 718
software, Pearson Test Prep practice test, 791–793
offline access to, 792–793
online access to, 792
software analysis, 650
software backup, 693–694
software development, 772–773
acquired software, security impact of, 775–776
assemblers, 734
assembly languages, 734
DAST (Dynamic Application Security Testing), 750–751
definition of, 733
DevSecOps, 750
distributed object-oriented systems, 737–739
COM (Component Object Model), 738
CORBA (Common Object Request Broker Architecture), 737–738
DCOM (Distributed Component Object Model), 738
Java, 738
OLE (Object Linking and Embedding), 738–739
SOA (service-oriented architecture), 739
high-level languages, 734
IPTs (integrated product teams), 763–764
machine languages, 734
malicious software, 766–772
adware, 769
botnets, 769–770
keyloggers, 771
logic bombs, 769
mobile malware, 771
overview of, 767–772
protection against, 771–772
rootkits, 770
scanning for, 772
scareware, 43
security policies for, 772
methods and maturity models, 751–761
Agile model, 756–757
Build and Fix model, 752–753
CASE (Computer-Aided Software Engineering), 759
CD (continuous delivery), 757
CI (continuous integration), 757
CMMI (Capability Maturity Model Integration), 759
Component-Based Development method, 759
Exploratory model, 759
IDEAL model, 761
Incremental model, 755
ISO 9001:2015, 760–761
ISO/IEC 90003:2014, 760–761
JAD (Joint Analysis Development) model, 758
MPM (Modified Prototype Model), 755
overview of, 751–752
prototyping, 754
Spiral model, 756
Structured Programming Development mode, 759
V-shaped model, 754
Waterfall model, 753–754
mobile code, 739–743
ActiveX, 739–740
definition of, 739
Java applets, 739
SP 800–163, 740–743
OOP (object-oriented programming), 735–737
cohesion, 737
coupling, 737
data structures, 737
encapsulation, 736
overview of, 735–736
polyinstantiation, 736
polymorphism, 736
operation and maintenance, 761
overview of, 732–733
SAST (Static Application Security Testing), 750
secure coding guidelines/standards, 776–781
APIs (application programming interfaces), 780
backdoors, 778
best practices, 780–781
buffer overflow, 776–778
covert channels, 779
mobile code, 779
object reuse, 779
privilege escalation, 778
rogue programmers, 778
TOC (time of check) attacks, 779
TOU (time of use) attacks, 779
trapdoors, 778
security controls, 764–772
best practices, 764–765
code repository security, 766
malicious software, 766–772
overview of, 764
software environment security, 765
software protection mechanisms, 772–773
source code analysis tools, 766
SOAR (Security Orchestration and Automated Response), 751
Software Development Life Cycle, 746–750
Certify/Accredit phase, 749
change management, 749–750
configuration management, 749–750
Design phase, 747
Develop phase, 748
Gather Requirements phase, 747
overview of, 746
Plan/Initiate Project phase, 746–747
Release/Maintenance phase, 749
Test/Validate phase, 748–749
software protection mechanisms, 772–773
software security effectiveness, assessment of, 774–775
auditing and logging, 774
regression and acceptance testing, 775
risk analysis and mitigation, 774–775
System Development Life Cycle, 743–745
Acquire/Develop phase, 744–745
Dispose phase, 745
Implement phase, 745
Initiate phase, 744
Operate/Maintain phase, 745
overview of, 743–744
very-high-level languages, 734
Software Development Life Cycle, 746–750
Certify/Accredit phase, 749
change management, 749–750
configuration management, 749–750
Design phase, 747
Develop phase, 748
Gather Requirements phase, 747
overview of, 746
Plan/Initiate Project phase, 746–747
Release/Maintenance phase, 749
Test/Validate phase, 748–749
Software Engineering Institute (SEI), 261
software environment security, 765
software libraries, 660
software patches, 689–690
software piracy, 49
software protection, 670, 772–773
software risks, 144
software security effectiveness, assessment of, 774–775
auditing and logging, 774
regression and acceptance testing, 775
risk analysis and mitigation, 774–775
software-defined networking (SDN), 507–508
SONET (Synchronous Optical Networking), 418–419, 487
source code analysis tools, 766
SOV (service-oriented viewpoint), 25
SOX (Sarbanes-Oxley) Act, 16–17, 54
spam, 518
spam over instant messaging (SPIM), 496
Spartans, scytale cipher, 294
spear phishing, 517
Special Publications, NIST. See NIST (National Institute of Standards and Technology)
specific application service element (SASE), 380
SPF (Sender Policy Framework), 516–517
SPI (security parameter index), 502
SPIM (spam over instant messaging), 496
Spiral model, 756
SPOF (single point of failure), 680
spoofing, 589
blind, 511
email, 516
IP address, 520–521
non-blind, 510
SRK (Storage Root Key), 259
SSAE (Statement on Standards for Attestation Engagements), 625
SSH File Transfer Protocol (SFTP), 425
SSIDs (Service Set Identifiers), 436, 443
SSL (Secure Sockets Layer), 428
SSO (single sign-on), 435, 508, 561–565
FIM (federated identity management), 564–565
Kerberos, 562–563
OAuth (Open Authorization), 564
OIDC (OpenID Connect), 564
protection domains, 565
SAML (Security Assertion Markup Language), 564
security domains, 565
SESAME (Secure European System for Applications in a Multi-vendor Environment), 564
standard user accounts, 665
standard word passwords, 547
standby lighting, 718
star topology, 477
start bits, 400
state machine models, 223
stateful firewalls, 456
stateful NAT (SNAT), 397
stateful-matching IDSs (intrusion detection systems), 461
Statement on Auditing Standards (SAS) 70, 625
Statement on Standards for Attestation Engagements (SSAE), 625
states
data, 197–198
data at rest, 198
data in transit, 198
data in use, 198
key, 330–331
Static Application Security Testing (SAST), 750
static electricity, 361
static NAT (Network Address Translation), 398
static passwords, 547
static testing, 618
statistical anomaly-based IDSs (intrusion detection systems), 462
statistical attacks, 344
stealth viruses, 768
stop bits, 400
storage, 238–241
data, 199–200
storage keys, 259
Storage Root Key (SRK), 259
storage-area networks (SANs), 181, 420, 676
STP (shielded twisted pair) cabling, 473–474
strategic viewpoint (StV), 25
strategies, organizational, 12–13
stream-based ciphers, 309
STRIDE model, 139
strikes, 136
Structured Programming Development model, 759
structured walk-through tests, 712
structures, data, 178
Study exam mode, 793
su command, 584
subject matter experts (SMEs), 13
subnets, screened, 459
subscriber identity module (SIM) cards, 433
substitution, 293
substitution ciphers, 305–307
sudo command, 584
superscalar architecture, 243
supervisor mode, 235
supervisors, 20
supplicants, 442
supply and technology recovery, 692–695
documentation, 695
hardware backup, 693
human resources, 694–695
software backup, 693–694
supplies, 695
supply chain risks, 143–146
hardware, software, and services, 144
service-level requirements, 145–146
SLAs (service-level agreements), 146
third-party assessment, 144–145
surges, power, 360
surveillance, 349
Sutherland model, 230
SV (systems viewpoint), 25
SWGDE (Scientific Working Group on Digital Evidence), 642–643
Switched Multimegabit Data Service (SMDS), 489
switches, 453–454
symmetric algorithms, 308–309, 312–319
AES (Advanced Encryption Standard), 316–317
block ciphers, 310
Blowfish, 317
CAST, 318
comparison of, 319
definition of, 292
DES (Digital Encryption Standard), 313–316
IDEA (International Data Encryption Algorithm), 317
IVs (initialization vectors), 302, 309, 310
RC4/RC5/RC6/RC7, 318
Skipjack, 317
stream-based ciphers, 309
strengths/weaknesses of, 308–309
Twofish, 318
Symmetric DSL (SDSL), 499
symmetric service, 498–499
SYN ACK attack, 519
SYN flag, 456
synchronous dynamic random-access memory (SDRAM), 238
Synchronous Optical Networking (SONET), 418–419, 487
synchronous token devices, 550
synchronous transmission, 292, 400
synthetic transaction monitoring, 616
Syslog, 613
system account review, 582
system administrators, 19
system components, 235–244
CPUs, 235–238
multitasking/multiprocessing, 236
multithreading, 237
overview of, 235–236
process states, 238
single-state versus multistate, 237
firmware, 242–243
I/O (input/output) devices, 241
I/O (input/output) structures, 241–242
memory, 238–241
operating systems, 243–244
storage, 238–241
system custodians, 190
System Development Life Cycle, 743–745
Acquire/Develop phase, 744–745
Dispose phase, 745
Implement phase, 745
Initiate phase, 744
Operate/Maintain phase, 745
overview of, 743–744
system infectors, 768
system security evaluation models, 244–255
controls and countermeasures, 92, 98–99, 255
ITSEC (Information Technology Security Evaluation Criteria), 248–250
security implementation standards, 252–255
ISO/IEC 27001, 253–254
ISO/IEC 27002, 254–255
PCI DSS (Payment Card Industry Data Security Standard), 255
system components, 250–252
TCSEC (Trusted Computer System Evaluation Criteria), 245–248
system-level recovery strategies, 691
systems
access control for, 539–540
hardening, 688–689
high security mode, 221
redundancy, 703–704
resilience, 706
system logs, 655
testing, 605
threats, 131–133
systems viewpoint (SV), 25
system-specific security policy, 72
T
T lines, 486
tables
capability, 579
memory, 795
table-top exercises, 712
TACACS+ (Terminal Access Controller Access Control System Plus), 503–504, 568
tailoring, 201
Take-Grant model, 225
tamper protection, 362
tangible assets, 90, 165, 669–671
tape vaulting, 698
Target of Evaluation (TOE), 251
target tests, 610
Tavares, Stafford, 318
TCB (trusted computer base), 688, 773
TCP (Transmission Control Protocol). See also TCP/IP model
ports, 389–391
TCP ACK scans, 607
TCP SYN scans, 607
three-way handshake, 385
TCP/IP model, 383–389
Application layer, 383–384
encapsulation/de-encapsulation, 388–389
Internet layer, 386–387
Link layer, 388
overview of, 383
Transport layer, 384–386
TCSEC (Trusted Computer System Evaluation Criteria), 245–248, 772
TDM (time-division multiplexing), 401, 433
teams. See also personnel
disaster recovery, 707–709
incident response, 681
risk analysis, 94
risk management, 94
teardrop attacks, 520
technical controls, 105
technical viewpoint (TV), 25
telco concentrators, 451
telecommuting/telework, 506–507
Telnet, 505
tempered glass, 356
TEMPEST program, 590
Temporal Key Integrity Protocol (TKIP), 440–441
Terminal Access Controller Access Control System Plus (TACACS+), 503–504, 568
terrestrial transmission, 435
terrorist acts, 136
tertiary sites, 702–703
test coverage analysis, 619–620
test data method, 748
test outputs, analysis of, 624
testing, security. See assessment and testing
Test/Validate phase, Software Development Life Cycle, 748–749
TFTP (Trivial FTP), 425
TGS (ticket-granting service), 562
TGT (ticket-granting ticket), 562
theft, 135
Thicknet, 472
Thinnet, 472
third-party identity services integration, 571
third-party security assessment and testing, 604
third-party security services, 686
threads, 243
threat intelligence feed (TI feed), 658–659
threats. See also attacks
access control, 584–591
access aggregation, 590–591
APT (advanced persistent threat), 591
backdoors, 590
buffer overflow, 588
DDoS (distributed DoS) attacks, 588
DoS (denial-of-service) attacks, 588
emanations, 590
malicious software, 589
mitigating, 591
mobile code, 588
overview of, 584–585
password threats, 585–586
preventing, 591
sniffing and eavesdropping, 589–590
social engineering threats, 42–43, 342, 517–518, 586–587
spoofing, 589
APIs (application programming interfaces), 135
database, 186–187
definition of, 91
geographical, 129–137
human-caused, 133–135
internal/external, 129–130
natural, 130–131
politically motivated, 135–137
system, 131–133
hunting, 658–659
identification of, 141–142
identity, 96
intelligence for, 658–659
malicious software, 766–772
adware, 769
botnets, 769–770
keyloggers, 771
logic bombs, 769
mobile malware, 771
overview of, 767–772
protection against, 771–772
rootkits, 770
scanning for, 772
scareware, 43
security policies for, 772
modeling, 137–143
concepts for, 138
methodologies for, 138–141
potential attacks, 142–143
remediation, 143
threat identification for, 141–142
threat agents, 91
threat modeling, 215
three-legged firewalls, 459
three-way handshake, 385
throughput rate, 554
TI (threat intelligence), 658–659
ticket-granting service (TGS), 562
ticket-granting ticket (TGT), 562
Tiger, 337
time factor authentication, 557
time of check (TOC) attacks, 779
time of use (TOU) attacks, 779
time-division multiplexing (TDM), 401, 433
time-of-check attacks, 284–285
time-of-use attacks, 284–285
timing attacks, 346
TKIP (Temporal Key Integrity Protocol), 440–441
TLS (Transport Layer Security), 428
TLS/SSL (Transport Layer Security/Secure Sockets Layer), 505–506
TNI (Trusted Network Interpretation), 245
TOC (time of check) attacks, 779
TOE (Target of Evaluation), 251
TOGAF (The Open Group Architecture Framework), 25
token passing, 485
tool-assisted code review, 617
tools, exam preparation
chapter-ending review tools, 795
Pearson Test Prep practice test software, 791–793
exam customizations, 793–794
exam updates, 794
offline access to, 792–793
online access to, 792
Premium Edition, 794–795
Top Secret data, 176
top-down security approach, 36
topologies, network, 475–478
bus, 476
hybrid, 478
mesh, 477
ring, 476
star, 477
topology discovery, 606
tornadoes, 130
Total Quality Management, 109
TOU (time of use) attacks, 779
TPM (Trusted Platform Module), 258–259
traceroute command, 387, 425, 512, 513
tracert command, 387
tracking devices, 363
trade secrets, 47
trademarks, 47–48
traffic anomaly-based IDSs (intrusion detection systems), 462
Traffic Class field, IPv6, 408
trailers, packet, 388–389
training and awareness, 147–148, 623
disaster recovery, 710
personnel, 699
security training and awareness, 721
transaction log backups, 698
trans-border data flow, 51–52
transfer, of risk, 100
transfers, account, 582–583
transit, data in, 198
transmission, network, 399–403. See also transmission media
analog versus digital, 399–400
baseband, 401
broadband, 401
broadcast, 402
synchronous/asynchronous, 400
wired, 403
wireless, 403
Transmission Control Protocol. See TCP (Transmission Control Protocol)
transmission media
cabling, 471–475
coaxial, 472–473
fiber optic, 474–475
selection of, 471–472
twisted pair, 473–474
network technologies, 479–485
collision domains, 482–483
CSMA/CA (Carrier Sense Multiple Access with Collision Avoidance), 482, 484–485
CSMA/CD (Carrier Sense Multiple Access with Collision Detection), 482, 484
FDDI (Fiber Distributed Data Interface), 481
polling, 485
token passing, 485
network topologies, 475–478
bus, 476
hybrid, 478
mesh, 477
ring, 476
star, 477
WAN technologies, 486–491
ARM (Asynchronous Transfer Mode), 488–489
circuit switching, 488
CSU/DSU (channel service unit/data service unit), 487
E lines, 486–487
Frame Relay, 488
HSSI (High-Speed Serial Interface), 490
OC lines (SONET), 487
packet switching, 488
PPP (Point-to-Point-Protocol), 489
PSTN (public switched telephone network), 490
SMDS (Switched Multimegabit Data Service), 489
T lines, 486
VoIP (Voice over Internet Protocol), 490–491
X.25, 489
transparent bridging, 453
Transport layer
OSI model, 380–381
TCP/IP model, 383–384
Transport Layer Security (TLS), 428
Transport Layer Security/Secure Sockets Layer (TLS/SSL), 505–506
transposition, 293
transposition ciphers, 307–308
travel, employee, 720
Treadway Commission Framework, 32
Trike, 139–140
Triple DES (3DES), 313–315
Tripwire IP360, 608
Trivial FTP (TFTP), 425
tropical storms, 130
trust but verify approach, 219
trusted computer base (TCB), 688, 769
Trusted Computer System Evaluation Criteria (TCSEC), 245–248, 772
Trusted Network Interpretation (TNI), 245
trusted paths, 688
Trusted Platform Module (TPM), 258–259
trusted recovery, 688
trusted shells, 688
TT&E (testing, training, and exercises), 81
tumbler locks, 355
tuples, 183
turnstiles, 354
TV (technical viewpoint), 25
twisted pair cabling, 473–474
Twofish, 318
two-person control, 667
U
UDP (User Datagram Protocol), 384, 389–391
UEBA (user and entity behavior analytics), 659
UEFI (Unified Extensible Firmware Interface), 242–243
ULAs (unique local addresses), 416
unauthorized disclosure, 687
Unclassified data, 176
unexplained events, 687
Unified Extensible Firmware Interface (UEFI), 242–243
unified threat management (UTM), 457–458
uninterruptible power supplies (UPSs), 361, 704
unique local addresses (ULAs), 416
unique local unicast IPv6 addresses, 416
unit testing, 748
United States Copyright Office, 48
United States Federal Sentencing Guidelines, 56
United States Government Configuration Baseline (USGCB), 494
unshielded twisted pair (UTP) cabling, 473–474
Untidy, 619
unusual events, 687
updates, exam, 14
updating Pearson Test Prep practice test exams, 794
UPSs (uninterruptible power supplies), 361, 704
URL hiding, 515
use, data in, 198
user account review, 582
user and entity behavior analytics (UEBA), 659
user behavior analytics (UBA), 659
User Datagram Protocol. See UDP (User Datagram Protocol)
user environment recovery, 695
user identification, 536–537
USGCB (United States Government Configuration Baseline), 494
utilities threats, 133
UTM (unified threat management), 457–458
UTP (unshielded twisted pair) cabling, 473–474
V
vacations, mandatory, 666–667
validation
asset, 90–91
of input, 780
input, 778
security assessment and testing, 602–604
internal/external, 604
Red Team versus Blue Team exercises, 603–604
security assessments, 603
security auditing, 604
security testing, 602–603
third-party, 604
testing, 748
values, 735
vandalism, 134
Vanhoef, Mathy, 442
vascular scans, 553
VAST (Visual, Agile, and Simple Threat), 140
vaults, 364
VDSL (Very High Bit-Rate DSL), 499
vectored orthogonal frequency-division multiplexing (VOFDM), 433
Vega, 609
verification of digital certificates, 326
verification testing, 748
Verified, 449
Vernam, Gilbert, 306
Very High Bit-Rate DSL (VDSL), 499
Very Long Instruction Word (VLIW) processor, 243
very-high-level languages, 734
vetting, app, 740–743
Vigenere, Blaise de, 295–296
virtual application/desktop, 506
virtual assets, 663
virtual computing, 233
virtual local-area networks (VLANs), 454
virtual memory, 240
virtual private networks. See VPNs (virtual private networks)
Virtual Router Redundancy Protocol (VRRP), 470
virtual SAN (VSAN), 430
virtual storage area networks (VSANs), 508
virtualized networks, 507–508
virtualized systems, vulnerabilities of, 283
vishing, 586–587
visibility, in facility selection, 351
visitor control, 357
Visual, Agile, and Simple Threat (VAST), 140
VLANs (virtual local-area networks), 454
VLIW (Very Long Instruction Word) processor, 243
VOFDM (vectored orthogonal frequency-division multiplexing), 433
voice communication channels, 495
Voice over Internet Protocol (VoIP), 431
Voice over IP (VoIP), 490–491
Voice over LTE (VoLTE), 435
Voice over New Radio (VoNR), 435
VoIP (Voice over Internet Protocol), 431, 490–491
volatile memory, 240
volcanoes, 131
VoLTE (Voice over LTE), 435
VoNR (Voice over New Radio), 435
VPNs (virtual private networks), 500–503
VPN concentrators, 451
VPN screen scrapers, 506
VRRP (Virtual Router Redundancy Protocol), 470
VSANs (virtual storage area networks), 430, 508
V-shaped model, 754
vulnerabilities, 91
assessments of, 605–609
definition of, 605
network discovery scans, 606–607
network vulnerability scans, 607–608
server-based versus agent-based, 608
tools for, 605–606
types of, 605
web application vulnerability scans, 609
containerization, 280–281
embedded systems, 291
management of, 689–690
mobile systems, 286–291
application security, 287
BYOD (bring-your-own-device) concerns, 287–289
device security, 287
security architectures, 261–283
client-based systems, 262–263
cloud-based systems, 264–274
cryptographic systems, 265
database systems, 264
edge computing systems, 282–283
grid computing, 275
HPC (high-performance computing systems), 282
ICSs (industrial control systems), 265–268
IoT (Internet of Things), 276
large-scale parallel data systems, 274–275
microservices, 280–281
peer-to-peer computing, 275
server-based systems, 263
serverless systems, 281–282
virtualized systems, 283
web-based systems, 283–286
maintenance hooks, 284
OWASP (Open Web Application Security Project), 286
time-of-check/time-of-use attacks, 284–285
web-based attacks, 285
XML (Extensible Markup Language), 285
W
walls, 716
WANs (wide-area networks), 383, 419, 486–491. See also networks
ARM (Asynchronous Transfer Mode), 488–489
circuit switching, 488
CSU/DSU (channel service unit/data service unit), 487
E lines, 486–487
Frame Relay, 488
HSSI (High-Speed Serial Interface), 490
OC lines (SONET), 487
packet switching, 488
PPP (Point-to-Point-Protocol), 489
PSTN (public switched telephone network), 490
SMDS (Switched Multimegabit Data Service), 489
T lines, 486
VoIP (Voice over Internet Protocol), 490–491
X.25, 489
WAPs (wireless access points), 420, 435, 444–445, 463
warchalking, 519
warded locks, 354
wardialing, 519
wardriving, 518
warehouses, data, 185–186
WASC (Web Application Security Consortium), 764
water leakage and flooding, 362
Waterfall model, 753–754
watermarking, 658
WAVE (wireless access in vehicle environments), 435
wave motion detectors, 717
wearables, 277
Web Application Security Consortium (WASC), 764
web application vulnerability scans, 609
web caching, 459
web-based attacks, 285
web-based system vulnerabilities, 283–286
maintenance hooks, 284
OWASP (Open Web Application Security Project), 286
time-of-check/time-of-use attacks, 284–285
web-based attacks, 285
XML (Extensible Markup Language), 285
weighted random early detection (WRED), 408
WEP (Wired Equivalent Privacy), 440
wet pipe extinguishers, 359
white hat, 42
white-box testing, 616–618
whitelisting, 685
wide-area networks. See WANs (wide-area networks)
Wi-Fi Protected Access. See WPA (Wi-Fi Protected Access)
WiMAX, 403
Windows
Group Policy, 201
password management considerations, 549–550
Windows Hello, 551–552
WIPO (World Intellectual Property Organization), 48
WIPT (working-level integrated product team), 763–764
Wired Equivalent Privacy (WEP), 440
wired transmission, 403
wireless access in vehicle environments (WAVE), 435
wireless access points. See WAPs (wireless access points)
wireless attacks, 518–519
wireless LANs (WLANs), 403
wireless networks, 431–445. See also WLANs (wireless LANs)
5G, 434–435
cellular/mobile techniques, 433
satellite, 435
wireless site surveys, 444
wireless transmission, 403
Wireshark, 610
WLANs (wireless LANs), 403, 435–445. See also networks
802.11 techniques, 432–433
security, 439–445
802.1X, 442–443
antenna placement and power levels, 444–445
antenna types, 445
MAC filters, 444
Open System Authentication, 440
Shared Key Authentication, 440
SSID broadcast, 443
WEP (Wired Equivalent Privacy), 440
wireless site surveys, 444
WPA (Wi-Fi Protected Access), 440–442
standards for, 436–439
structure of, 435–436
work areas, 357–358
work factor, 294
work recovery time (WRT), 83, 691–692
working-level integrated product team (WIPT), 763–764
World Intellectual Property Organization (WIPO), 48
World War II Enigma, 297
WPA (Wi-Fi Protected Access), 440–441
Personal versus Enterprise editions, 441
WPA2, 441
WPA3, 441–442
WRED (weighted random early detection), 408
WRT (work recovery time), 83, 691–692
X
X.25 standard, 489
X.400 standard, 560
X.500 standard, 560
XMAS scans, 520
Xmas scans, 607
XML (Extensible Markup Language), 185, 285
XMPP (Extensible Messaging and Presence Protocol), 496
Y-Z
Yagi antennas, 445
Zachman Framework, 25
zero trust, 218
zero-day vulnerability, 521, 749
zero-knowledge proof, 322, 610
Zigbee, 439
18.189.178.237