Symbols
3-D Secure, 580
3DES (Triple Digital Encryption Standard), 583-585, 602
6to4, 223
A
A (Availability) metric, CVSS, 417
A records (DNS), 395
AAAA records (DNS), 395
AC (Access Complexity) metric, CVSS, 417
accept risk reduction strategy, 137
acceptability (biometrics), 546
accepting/monitoring phase (software acquisitions), 679
access
DAP, 564
EAC, 442
physical access control systems, 277
SCAP scanners, 418
access control
access control matrices, 552
access control models, 550-553
access control policies, 553
ACL, 54, 210, 246-247, 304-305, 488, 553, 658
administrative (management) controls, 104-105
compensative controls, 103
content-dependent access control, 498
context-dependent access control, 498
corrective controls, 103
DAC, 81
data flow enforcement, 243
detective controls, 103
deterrent controls, 103
directive controls, 103
IP-based access control, 277
logical (technical) controls, 106-107
preventive controls, 104
RBAC, 81
recovery controls, 104
selecting/implementing based on CIA requirements, 102
accountability and audits, 52
accounts
lockout policies, passwords, 543
policies (Group Policy), 300
accuracy (biometrics), 546
ACL (Access Control Lists), 54, 210, 246-247, 304-305, 488, 553, 658
acquisition/development stage (SDLC), 666-668
acquisitions
integrated solutions, 501
software, 679
action factor authentication, 538
activation/deactivation (unauthorized), wearable technology security/privacy, 349
Active Directory, IPsec policies (Group Policy), 301
active fingerprinting tools, 386
ActiveX, 373
AD (Active Directory), 565-566
Ad Hoc mode (WLAN), 309
Adams and CAST, Carlisle, 585
ADC (Application Delivery Controllers), 211
add-ons (browser extensions), 373-374
AddressSanitizer, runtime debugging, 385
Adleman and RSA, Leonard, 586-587
administration
database administration, 719-720
executive administration, 104-105, 720-726
management controls, 104-105, 720-726
network administration, 720
remote administration, 618
AES (Advanced Encryption Standard), 583-585, 620
after-action reports (incident response/recovery), 177, 481
agent-based log collection (SIEM), 425
agentless log collection (SIEM), 425
agentless NAC (Network Access Control), 271
aggregate CIA scoring, 101-102
aggregating data, data security in integrated solutions, 498
Agile model, software development, 694-697
AH (Authentication Headers), 216, 580
AI (Artificial Intelligence)
identity management, 708
security trends/threats, researching, 653
AIK (Attestation Identity Keys), TPM chips, 320, 558
air gaps, 269
AJAX (Asynchronous JavaScript and XML), 374
ALE (Annualized Loss Expectancy), magnitude of risk (risk impact), 128
analyzing
behavioral analytics, 460, 708
communications analysis, 464
content analysis, 464
context analysis, 464
cost/benefits, 186
data flow security for changing business needs, 487-488
forensic analysis (incident response/recovery), 464
log reduction/analysis tools, 425-426, 438-439, 464
media, 464
Microsoft Baseline Security Analyzer, 428
network analysis, 464
root-cause analysis (incident response/recovery), 480
slack space analysis, 464
software, 464
steganography analysis, 464
test coverage analysis, 687
Android
APK format, 334
fragmentation, mobile device security/privacy, 340
Lost Android app, 332
remote wiping, 332
SEAndroid, trusted OS, 289
anomaly-based IDS/IPS, 196
anti-tamper technology, 338
antispam services, clouds, 523
antispyware, 291
AP (Access Points), 208-209, 239, 308
API (Application Programming Interfaces), 337, 494, 581
APK (Android Package) format, 334
Apktool, 441
applications
API, interoperability issues with integrated solutions, 494
client-based application virtualization (application streaming), 322-323
client-side processing versus server-side processing, 371-376
Compatibility tab, 492
DAM, 371
deploying, secure design, 356
digital certificates, 606
geofencing, 335
in-house developed applications/software, 493
integration solutions, 487-507
mobile applications, social media attacks, 390
permissions, mobile devices, 333
requirements, interoperability issues with integrated solutions, 492
resource provisioning/deprovisioning, 501
sandboxing, 370
secure design, 355
secure enclaves, 371
security frameworks, SDLC, 677
server-based application virtualization (terminal services), 322-323
side loading, 334
standard libraries, 679
system applications, 334
unsigned applications, 334
updates, 670
WAF, 371
wrapping, 330
AR (Augmented Reality), mobile device security/privacy, 345
ARAT (Active Reader/Active Tag) RFID systems, 710
ARC4. See RC4
architectures
architecture design (SDD), 701
SOA, integration solutions, 506
ARO (Annualized Rate of Occurrence), 128, 130
ARPT (Active Reader/Passive Tag) RFID systems, 710
ASLR (Address Space Layout Randomization), 682
assertion tickets, 560
assessments
onsite assessments, 53
risk assessments, 125-126, 137-140
security assessments, 383-405, 411-444
self-assessments (security-based), 402
vulnerability assessments, 401-402, 647, 667, 670, 675
assets
commissioning/decommissioning, 668-669
critical asset distribution, 495
managing (inventory control), 709
reusing, 673
tangible/intangible value/costs (risk assessments), 138-139
assigning system ports, 264
assurance (software)
acquiring software, 679
auditing, 677
development best practices, 680-688
logging, 677
risk analysis/mitigation, 678
standard libraries, 679
asymmetric cryptography, 585-591, 602-603, 610
attacks
assumed likelihood of attacks, 496
authentication attacks, 258
Bluejacking, 307
Bluesnarfing, 307
brute force attacks, 427
buffer overflow attacks, 364-366
click-jacking, 358
client-side attacks, 644
CSRF, application vulnerabilities, 357
DDoS attacks, 266
dictionary attacks, 427
DNS harvesting, 395
DoS attacks, 266, 621, 626, 630-631
drive-by download attacks, 377
dronejacking, 647
dumpster diving, 389
eavesdropping, 414. See also packets, sniffing
fault injection attacks, 363-364, 684
firewall attacks, 258
honenets, 647
honeypots, 647
identity theft, 389
integer overflow attacks, 367
IPS/IDS, 258
latest attacks, researching, 644-645
live migration, 529
LPE attacks, 377
man-in-the-middle attacks, 218
pharming, 389
poisoning DNS caches, 506
privilege elevation, 528
reconnaissance (information-gathering), 385
resource exhaustion, 368
session hijacking, 359
shoulder surfing, 389
snooping, VoIP, 631
social engineering attacks, 388-389, 626, 659
spyware, 291
SQL injection attacks, 360-362
switch spoofing, 261
time of check/time of use attacks, 367-368
viruses, 291
VMEscape, 527
whaling, 629
XSS, application vulnerabilities, 356
zero-day attacks, 647
attestation, 557
boot loaders, 319
TPM chips, 558
Au (Authentication) metric, CVSS, 417
audio
conferencing, 623
output, host security, 314
auditing, 719
audit logs, 255
auditing/monitoring services, data flow enforcement, 243
auditors, risk management, 52
code audits, 718
incident response/recovery, 461
internal/external audits, 403, 404
ISO, 52
scrubbing, 296
security audits, 88
SOC reports, 404
software assurance, 677
SSAE 16 audits, 404
Windows audit policies, 297
authentication
802.1x, 549
action factor authentication, 538
AH, 216
authentication attacks, 258
biometrics, 343-344, 539, 546-547
certificate-based authentication, 548
characteristic factor authentication, 538-539, 544-547
context-aware authentication/management, 334, 550
dual-factor authentication, 548
geolocation, 335
gestures, 343
HOTP algorithm, 540
identification and the authentication process, 537
identity management, 540, 559-563
identity proofing, 558
identity propagation, 558
IKE, 581
Kerberos, 565
knowledge factor authentication, 538
location factor authentication, 538
MD5 authentication, 266
message authentication, 577-578
multi-factor authentication, 548
network authentication, 224-226, 235
OSA, 312
ownership factor authentication, 538-539
PIN, 343
proximity authentication devices, 442
push-based authentication, 550
single-factor authentication, 538
SKA, 313
SSO, 540, 548-549, 558-560, 563-565
swipe patterns, 343
system failures, cloud storage, 337
TACACS+, 226
TOTP algorithm, 540
Type III authentication. See characteristic factor authentication
user behavior, 335
WPA-PSK, 313
author identification, software analysis, 464
authorization
access control models, 550-553
attestation, 557
OAuth, 553
SPML, 556
automation
BACnet, 276
building automation systems, 274
patch management, 302
resiliency issues with integrated solutions, 495
SCAP, 437
AV (Access Vector) metric, CVSS, 417
availability
availability controls, 248-253
CIA triad, categorizing data, 99
high availability, resiliency issues with integrated solutions, 496
security solutions, analyzing, 185
virtualization, 513
avoid risk reduction strategy, 135
AVS (Active Vulnerability Scanners), 214
awareness training, 86-87, 105
B
backups, 338, 453, 465-469, 719
BACnet (Building Automation and Control Network), 276
base metric group (CVSS), 416
baseband radio/SOC, mobile device security/privacy, 345
Basel II, 48
baselines
benchmark comparisons, 181-182
clipping levels, 543
host security, 298
Microsoft Baseline Security Analyzer, 428
performance baselines, 669
BCP (Business Continuity Planning), 141-148
behavioral analytics, 460, 708
behavioral characteristics (authentication), 539, 545-546
benchmarks, capturing, 181-182
benefit/cost analysis, analyzing security solutions, 186
best practices, researching security trends/threats, 640-641
BGP (Border Gateway Protocol), RTBH routing, 267
BIA (Business Impact Analysis), 72, 145
bidding (RFQ), 76
big data, researching security trends/threats, 652-653
biometrics, 343-344, 539, 546-547
BitLocker, 320
BitLocker Drive Encryption, 719
BitLocker to Go, 320
black box (zero-knowledge) testing, 400-401
blind penetration testing, 399
block ciphers, 582-585, 597-602
block-level encryption, 589
blue team exercises, security assessments, 405
Bluetooth
Bluejacking, 307
Bluesnarfing, 307
host security, 306
tethering, 342
wearable technology security/technology, 349
booting (secure) and SoC, 271
boundaries (networks)
boundary control services, data flow enforcement, 243
BPA (Business Partnership Agreements), 74
breaches (data)
central security breach response, SoC, 274
cloud storage, 337
defined, 454
incident response process, 454-457, 461-463, 470-471
internal/external violations, 458-459
bridge (trusted third-party) model (federated identities), 560
bridges
transparent bridging, 201
unauthorized domain bridging, 344
browser extensions (add-ons), 373-374
brute force attacks, 427
BSI (Build Security In), software development best practices, 680
buffer overflow attacks, 364-366
build and fix software development method, 689
Burp Suite, 422
business models/strategies, 40-44
business units
collaboration in security solutions, 725-726
security controls/processes, 724-725
security requirements/goals, 717-724
BYOD (Bring Your Own Device) policies, 56-57, 68, 332
C
C (Confidentiality) metric, CVSS, 417
CA (Certificate Authorities), 548, 604-607
cable locks, 444
Cain and Abel, 427
cameras
IR cameras, 444
wearable cameras, 346
CANVAS, 423
CAPTCHA passwords, 542
capturing
data, web conferences, 621
email messages, 629
packets, 657
CASB (Cloud Security Broker), 526
CAST, 585
CBC (Cipher Block Chaining) mode (DES), 599
CBC-MAC (Cipher Block Chaining MAC), 577
CC (Common Criteria), 287-289. See also TCSEC
CCE (Common Configuration Enumeration), SCAP scanners, 416
central security breach response, SoC, 274
CEO (Chief Executive Officers), 720, 726
CER (Crossover Error Rates), biometrics, 546-547
CERT (Computer Emergency Readiness Teams), 654, 700
certificates
accreditation process, 666
applications, 606
authentication, 548
certification/accreditation phase (SDLC), 676
classes, 607
CRL, 604
defined, 666
issuance of, 604
RA, 605
SCEP, 332
tokens, 607
user credentials, 605
wildcard certificates, 603-604
X.509 certificates, 606
CFAA (Computer Fraud and Abuse Act), 47
CFB (Cipher Feedback) mode (DES), 600
CFO (Chief Financial Officers), security requirements/goals, 721
chain of custody (incident response/recovery), 461-463, 470-471
change control process, 481
change management, 670-672, 677
CHAP (Challenge Handshake Authentication Protocol), 224-225, 394
characteristic factor authentication, 538-539, 544-547
CI (Configuration Items), 672
CI (Continuous Integration), software development, 698
CIA (Confidentiality, Integrity, Availability) triad, 98-102, 571
CIO (Chief Information Officers), security requirements/goals, 721
CIP (Critical Infrastructure Protection) plans, 144
cipher locks, 442
circles of trust, SAML, 560
circuit-level proxies, 203-204, 233, 236
CIS (Center for Internet Security), Critical Security Controls, 118-119
classifying information, 89-90
Cleanroom model, software development, 695
click-jacking, 358
clients
application virtualization (application streaming), 322-323
client-side attacks, 644
risk management, client requirements, 53
server-side processing versus client-side processing, 371-376
clipping levels, 543
cloud computing
antimalware, 522
antispam services, 523
backups, 469
CASB, 526
content filtering, 525
critical assets, separating, 268
data storage, 337
de-perimeterization, 55
elasticity, 42
end-user cloud storage, 650
hash matching, 522
hosted solution, 515
latest attacks, researching, 645
MSSP, 527
on-premise solution, 515
private clouds, 42, 513-514, 651
public clouds, 41, 513-516, 651
resource provisioning/deprovisioning, 531
sandboxing, 525
SecaaS, 527
single-tenancy model, 515
SLA, 531
vulnerability scanning, 523-524
clustering, 253
CMAC (Cipher MAC), 578
CMDB (Configuration Management Database), 505
CMMI (Capability Maturity Model Integration), 123
CMS (Content Management System), 505
CNAME records (DNS), 395
COBIT (Control Objectives for Information and Related Technology), 114-115
coding
audits, 718
dynamic testing, 686
forbidden coding techniques, 681-682
formal code reviews, 686
interface testing, 688
lightweight code reviews, 686
misuse case (negative) testing, 687
quality of, 683
reusing code, application vulnerabilities, 370
secure coding standards, 700
signing, 578
software development best practices, 681-688
static testing, 686
test coverage analysis, 687
cognitive passwords, 542
collaboration
audio conferencing, 623
cloud-based collaboration, 633-634
color teams, security assessments, 405
document collaboration tools, 624-625
presence (user availability), 626-627
security risks, 625
social media, 632
storage collaboration tools, 624-625
combination locks, 443
combination passwords, 541
command shell, host security, 301
comments, RFC, 643
commercial business classifications (information classification), 89-90
commercial customized (tailored commercial) software, 493
commissioning/decommissioning assets, 668-669
communications
analysis, 464
crisis communications plans, 144
encrypted/unencrypted communication, 349
wearable technology security/privacy, 349
compartmentalization, 81
Compatibility tab (applications), 492
compensative controls, 103
competing standards, integration solutions, 490
competitors, risk management, 52
complex passwords, 542
Computer Security Act, 47
confidentiality (CIA), categorizing data, 98-100
configuration profiles (MDM), payloads, 329
configuring
configuration lockdown, 248
managing configurations, 671-672, 677
misconfigurations/nonmalicious threats, 459
containers
containerization, defined, 329
Group Policy (Windows), 300
virtualization, 520
containment technologies, 709-711
content analysis, 464
content-aware authentication/management, 334
content-dependent access control, 498, 552
content filtering, clouds, 525
content management, mobile devices, 331
context analysis, 464
context-aware (context-dependent) authentication, 550
context-dependent access control, 498
contingency planning, 144, 148
continuity planning, 141-148, 465
continuous monitoring, 86, 141
contracting phase (software acquisitions), 679
control plane (networks), 254
conventions/conferences, 654-655
cookies, storing/transmitting, 364
COOP (Continuity of Operations Plan), 144, 465
COPE (Corporate-Owned, Personally Enabled) policies, 332
copy backups, 467
corrective controls, 103
COSO (Committee of Sponsoring Organizations), 119, 163
costs
analysis of (security solutions), 186
asset value/costs (tangible/intangible), risk assessments, 138-139
information value/costs (tangible/intangible), risk assessments, 138-139
repair costs, 131
severity of data breaches, 479
COTS (Commercial-Off-The-Shelf) software, 493-494
coverage gap detection, wireless controllers, 209
CPE (Common Platform Enumeration), SCAP scanners, 416
CPO (Chief Privacy Officers), security requirements/goals, 721
crackers, 656
CRAMM (CCTA Risk Analysis and Management Method), 123
credential breaches, 624
credit card readers (peripheral-enabled mobile payments), 341
credit card security, 580, 590
CredSSP (Credential Security Support Provider), identity propagation, 559
crisis communications plans, 144
Critical Security Controls (CIS), 118-119
critical systems, 479
criticality (system process), severity of data breaches, 479
CRL (Certificate Revocation Lists), 604
CRM (Customer Relationship Management), 504
cross-certification model (federated identities), 559
CRR (Cyber Resilience Review) assessments, 168-169
crypto processing, HSM, 211-212, 233
cryptography
asymmetric cryptography, 586-591, 610
blockchain, 609
CIA triad, 571
code signing, 578
cryptocurrencies, 609
crypto modules, 592
crypto processors, 593
CSP, 593
data flow enforcement, 243
data-at-rest encryption, 581-591, 602-603
data-in-memory/processing, 581
data-in-transit encryption, 579-580, 595
digital watermarking, 591, 594
GPG, 594
implementing algorithms, 596-597
interoperability of algorithms, 596-597
key stretching, 572
message authentication, 577-578
performance of algorithms, 596-597
PFS, 578
PGP, 594
PKI/digital certificates, 603-608
PRNG, 578
public key cryptography, digital signatures, 577
S/MIME, 596
SSH, 595
steganography, 591
strength of algorithms, 596-597
symmetric cryptography, 588, 602
CSO (Chief Security Officers), security requirements/goals, 721
CSP (Cryptographic Service Providers), 593
CSRF (Cross-Site Request Forgery), application vulnerabilities, 357
CTR (Counter) mode (DES), 601
Cuckoo malware sandboxing tool, 383
custody, chain of (incident response/recovery), 461-463, 471
customer requirements, risk management, 53
CVE (Common Vulnerabilities and Exposures), SCAP scanners, 416
CVSS (Common Vulnerability Scoring System), 416-418
CWE (Common Weakness Enumeration), SCAP scanners, 416
cyber incident response plans, 144
D
DAC (Discretionary Access Control), 81, 551
daily backups, 467
DAM (Database Activity Monitoring), 214, 240, 371, 634
DAP (Directory Access Protocol), 564
data
aggregation, data security in integrated solutions, 498
breaches, 337, 454-463, 470-471, 478-480
capturing, web conferencing, 621
compromise, ROI, 131
design (SDD), 701
forensic data, 350
havens, 50
inference, 498
interfaces, host security, 305
isolation, data security in integrated solutions, 498
jurisdiction, public clouds, 516
loss, ROI, 131
management, mobile devices, 331
normalization, 494
reclassification of, 44
remnants, 369, 497-498, 501, 529-531, 673
security, integrated solutions, 497-500
storage, 336-338, 362, 451-452
theft (personal), wearable technology security/privacy, 350
warehouses, 494
data plane (networks), 254
Data Protection Directive (EU), 49
data-at-rest encryption, 581-591, 599-603, 610
data-in-memory/processing, 581
data-in-transit encryption, 579-581, 595
databases
administration, 719
CMDB, 505
heterogeneous databases, 494
permissions, granting, 719
RDBMS, 558
security requirements/goals, 719
dcfldd command, 471
dd command, 471
DDoS (Distributed Denial-of-Service) attacks, 266
de facto standards, integrated solutions, 490
deactivation/activation (unauthorized), wearable technology security/privacy, 349
debugging (runtime), 385
deception technology, 708
decommissioning/commissioning assets, 668-669
deconstructing/reverse engineering security solutions, 177
dedicated interfaces, host security, 303-305
deep packet inspection, 242
default to no access (authorization), 553
DEFCON conference, 655
Deleaker, runtime debugging, 385
delegation in networks, integrated solutions, 502
Delphi technique, 126
demergers/divestitures, 42-44, 501
deploying
applications, secure design, 356
deployment diagrams, integrated solutions, 502-504
deprovisioning/provisioning resources, integrated solutions, 500-501, 531
DES (Digital Encryption Standard), 582, 585, 599-601
DES-X (Digital Encryption Standard X), 583
design phase (SDLC), 675
designing
applications, secure design, 355
integration solutions, 501
desktops
VDI, 521
Destination Unreachable code (ping command), 432
destruction/disposal
remanence, 454
storage media, 453
detective controls, 103
deterrence
deterrent controls, 103
risk assessment, 140
develop phase (SDLC), 675
developing software
acceptance testing, 704
CI, 698
integration testing, 705
peer reviews, 706
regression testing, 706
secure coding standards, 700
unit testing, 704
user acceptance testing, 705
validation testing, 704
versioning, 698
development life cycles, 665-677
development/acquisition stage (SDLC), 666-668
device fingerprinting, 420
DevOps, software development, 695
dex2jar, 441
DFD (Data Flow Diagrams), 245
dictionary attacks, 427
differential backups, 466
Diffie-Hellman, 586
dig command, 435
digital forensics, 350
digital keys, HSM, 211-212, 233
digital watermarking, 591, 594
direct objects references (unsecure), application vulnerabilities, 356
directive controls, 103
Directory Services, 505, 564-565
disaster recovery, 144, 465-469
disclosure policies, 630
disk encryption, 315, 320, 718
disk imaging, 464
disk-level encryption, 588-591
disk mirroring. See RAID
disk striping. See RAID
disposal stage (SDLC), 667
disposal/destruction
data clearing, 454
data purging, 453
remanence, 454
storage media, 453
disruptive technologies, addressing, 707-708
diStorm3, 441
diverse industries, integrating, 44-51
divestitures/demergers, 42-44, 501
DLP (Data Loss Prevention), 241-242, 293
DMADV (Six Sigma), 121
DMAIC (Six Sigma), 121
DMZ (Demilitarized Zones), 207, 268
DNS (Domain Name System), 394-397, 506
DNSSEC (Domain Name System Security Extensions), 506
documentation
after-action reports (incident response/recovery), 481
bidding-process documents, 76-77
exchanges/reviews, 53
lessons learned reports (incident response/recovery), 480
maintenance, 671
outsourcing, 41
PIPEDA, 48
SLA, 249
SOC reports, 404
software development documentation, 700-704
TCA, 40
trend data, 183
DoDAF (Department of Defense Architecture Framework), 113
domain bridging (unauthorized), mobile device security/privacy, 344
door locks, 442
DoS (Denial of Service) attacks, 266, 621, 626, 630-631
double-blind penetration testing, 399
Double-DES (Digital Encryption Standard), 583
double tagging, 261
downloading, drive-by download attacks, 377
downstream liability, 58
DPAPI (Data-Protection API), 581
drive mapping, host security, 314
drive mounting, host security, 313
drive-by download attacks, 377
DRM (Digital Rights Management), 593-594
dronejacking, 647
Dropbox, hash matching, 522
DRP (Disaster Recovery Plans), 144
DSA (Digital Security Algorithm), 577
DSS (Digital Signature Standard), 577
DTP (Dynamic Trunking Protocol), 261
dual-factor authentication, 548
dual-homed firewalls, 206, 238
dual stack solutions, 223
due care, risk management, 59
dumpster diving, 389
duties, separation of (security policies), 78-79
dwell time, keystroke dynamics (authentication), 546
dynamic packet filtering, 203
dynamic passwords, 542
dynamic testing, 686
E
EAC (Electronic Access Control), 442
EAL (Evaluation Assurance Levels), CC, 287
EAP (Extensible Authentication Protocol), 225-226
eavesdropping, 414. See also packets, sniffing
ECB (Electronic Code Book) mode (DES), 599
ECC (Elliptic Curve Cryptography), 587, 610
ECPA (Electronic Communications Privacy Act), 49
edb-debugger, 441
EDR (Endpoint Detection Response), endpoint security, 297
EFS (Encrypting File Systems), 719
eFuse, finding lost/stolen devices, 338
egress filters (DLP), 242
EK (Endorsement Keys), TPM chips, 319, 558
Elastic Sandbox, 383
elasticity (clouds), 42
electric locks, 442
electronic backups, 469
Electronic Security Directive (EU), 50
electronic signatures, 50
electronic vaulting, 469
El Gamal, 587
emergency response teams, security requirements/goals, 723
emerging risks, updating policies/procedures, 70
employment, hiring personnel, 85-86
encapsulation PPP command, 394
encryption
3-D Secure, 580
3ES, modes of, 602
benefits of, 571
BitLocker Drive Encryption, 719
block-level encryption, 589
CAST, 585
data-at-rest encryption, 581-591, 602-603
data-in-memory/processing, 581
data-in-transit encryption, 579-580, 595
DES-X, 583
Diffie-Hellman, 586
disk encryption, 315, 320, 588-591
document collaboration, 624
Double-DES, 583
DPAPI, 581
EFS, 719
El Gamal, 587
email, 629
enclaves, 371
full disk encryption, 718
hard drives, 673
HTTP, 579
HTTPS, 580
hybrid ciphers, 588
IM, 340
Knapsack, 588
mobile devices, 610
PGP, 594
port-level encryption, 591
record-level encryption, 589-591
S/MIME, 596
SET, 580
SGX, 581
SHTTP, 580
storage collaboration, 624
TDE, 719
wearable technology security/privacy, 349
Zero Knowledge Proof, 588
endpoint DLP (Data Loss Prevention), 242
engagement, rules of (incident response), 83
enrollment time (biometrics), 546
enterprise resilience, 168-169
enticement, incident response, 83
entrapment, incident response, 83
environmental changes, updating policies/procedures, 69
environmental metric group (CVSS), 416
EPA (U.S. Environmental Protection Agency), exemptions to risk assessment, 139
ERM (Enterprise Risk Management), COSO, 163
ERP (Enterprise Resource Planning), 505
error handling, application vulnerabilities, 362
ESB (Enterprise Service Buses), integration solutions, 507
ESP (Encapsulating Security Payloads), 217, 580
EU (European Union), laws/regulations, 49-50
evaluation/testing phase (SDLC), 668
event handlers, 376
event log policies (Group Policy), 300
events
incidents versus, 83
evidence (data breaches), 455, 461-463, 470-471
evolving technologies, researching security trends/threats, 642
exception handling, application vulnerabilities, 362
executive management, 720-721, 724-726
exemptions, risk assessment, 139
exploitation frameworks, 422-423, 436
export controls, integrating diverse industries, 45
external I/O, host security, 305-313
external/internal audits, 403-404
extranets, 268
extreme (worst-case) scenario planning, 123-125
eye (iris) scanning (biometrics), 344
F
facial scanning (biometrics), 344, 545
facilities managers, security requirements/goals, 723
Failover, 253
Failsoft, 253
failures
MTBF, 146
SPOF, 253
FAR (False Acceptance Rates), biometrics, 546-547
FATKit, 385
fault injection attacks, 363-364, 684
feature extraction (biometrics), 546
Federal Privacy Act, 47
federation, 560
FERMA (Federation of European Risk Management Associations), 164-166
Fiddler, 422
FIFO (First-In, First-Out) rotation scheme, backups, 467
File Fuzzer, 685
file integrity monitoring, 437
file system policies (Group Policy), 301
financial staff, security requirements/goals, 722
finding lost/stolen devices, 338
fingerprinting
authentication, 544
biometrics, 344
device fingerprinting, 420
OS fingerprinting, 657
FIPS 199 (Federal Information Processing Standard), 99-102
firewalls
ACL reviews, 658
dual-homed firewalls, 206, 238
dynamic packet filtering, 203
firewall attacks, 258
host-based firewalls, endpoint security, 294
multihomed firewalls, 207, 239
network segmentation, 269
packet-filtering firewalls, 202-204, 236
proxy firewalls, 203-204, 233, 236
remote access networks, 236
screen host firewalls, 207-208, 239
three-legged firewalls, 207, 239
firing personnel, 86
firmware
FOTA updates, 331
threats to, 647
UEFI, boot loaders, 318
vulnerabilities, 377
FISA (Foreign Intelligence Surveillance Act), 49
FISMA (Federal Information Security Management Act), 47-48
flashing BIOS, 316
flight time, keystroke dynamics (authentication), 546
follow-on phase (software acquisitions), 679
foremost command, 477
forensic analysis (incident response/recovery), 464
forensic data, 350
forensic investigations, 84
forensic recovery, hard drives, 673
forward proxies, 203
forwarding plane. See data plane (networks)
FOTA (Firmware-Over-The-Air) updates, 331
fragmentation (Android), mobile device security/privacy, 340
frameworks
application security frameworks, SDLC, 677
exploitation frameworks, 422-423, 436
NIST Framework for Improving Critical Infrastructure Cybersecurity, 160
risk management frameworks, 149-158
security control, 110-123, 137, 143, 150-163, 280, 673
frequencies (radio)
restrictions, mobile device security, 336
spectrum management, 342
FRR (False Rejection Rates), biometrics, 546-547
full backups, 466
full disk encryption, mobile devices, 718
full-knowledge testing, 400
fuzzing, 363-364, 421-422, 683-685
G
gap analysis, 176
gather requirements (SDLC), 674
generation-based fuzzing, 363, 684
geography, integrating diverse industries, 50-51
geolocation/GPS location devices, 335, 709-711
gestures, mobile device authentication, 343
GFS (Grandfather/Father/Son) rotation scheme, backups, 468
glasses (wearable technology), 347
GLBA (Gramm-Leach-Bliley Act), 47
global IA industry/community, researching security trends/threats, 653-659
GoAccess, 438
goals/requirements (security), 717-724
Google Glass, 347
governance (IT), 148-166, 726-727
government/military classifications (information classification), 90
GPG (GNU Privacy Guard), 594
GPMC (Group Policy Management Console), 296, 300
GPO (Group Policy Objects), 300
GPS (Global Positioning System) devices, 709-711
graphical passwords, 542
gray hats, 656
Graylog, 439
GRE tunnels, 223
Group Policy (Windows), 299-301, 306
guidelines, 167
GUI testing, 688
H
hackers/hacking
CFAA, 47
hacktivists, 656
Hadoop, 652
hand geometry scans, authentication, 545
hand topography scans, authentication, 545
hand/palm scans, authentication, 545
hard drives, 673
hardware
anti-tamper technology, 338
redundant hardware, 248
threats to, 647
updates, 670
vulnerabilities, host security, 322
harvesting email, 658
hash matching (hash spoofing), clouds, 522
HAVAL, 576
HC1 headset computer (Zebra), 348
HDMI ports, host security, 315
headsets (wearable technology), 348
Health Care and Education Reconciliation Act, 49
health privacy, wearable technology security/privacy, 350
Herzog and OSSTMM, Pete, 163
heterogeneous components, resiliency issues with integrate solutions, 494
heterogeneous computing, 495
heterogeneous databases, 494
heuristic (rule-based) IDS/IPS, 196
heuristics/behavioral analytics, 460
HIDS/HIPS (Host-based IDS/IPS), 197, 230, 293
hijacked user accounts, 626
HIPAA (Health Insurance Portability and Accountability Act), 46
HITRUST CSF (Common Security Framework), 118
HMAC (Hash MAC), 577
honeynets, 647
honeypots, 647
hopping attacks (VLAN), 261-262
horizontal privilege escalation, 362
hosts
cloud computing, 515
firewalls, endpoint security, 294
integration solutions, 487-504
security, 287-297, 302-323, 520
single platform hosts, 530
single server hosts, 530
virtualization and data security, 530
vulnerability scanners, 428
hot fixes, 292
HOTP (HMAC-Based One-Time Password) algorithm, authentication, 540
HR (Human Resources), security requirements/goals, 722
HSM (Hardware Security Modules), 211-212, 233-234
HSM (Hierarchical Storage Management), 469
HTML5 (Hypertext Markup Language 5), 374
HTTP (Hypertext Transfer Protocol), 579
HTTP interceptors, 422
HTTPS (HTTP Secure), 580
human resources, legal advocacy/compliance, 70
hunt teaming, 460
HVAC controllers, 276
hybrid ciphers, 588
hyperconverged infrastructures, virtualization, 521
I
I (Integrity) metric, CVSS, 418
I/O (external), host security, 305-313
IA (Interoperability Agreements), 72
IaaS (Infrastructure as a Service), public clouds, 516
ICS (Industrial Control Systems), SCADA, 279-280
ID-FF (Identity Federation Framework), SAML, 560
IDEA (International Data Encryption Algorithm), 583-585
identifying
attack surfaces, 675
threats, risk assessments, 139
identity/identification
authentication process, 537
configuration identification, 672
proofing, 558
propagation, 558
IDS/IPS (Intrusion Detection Systems/Intrusion Prevention Systems)
anomaly-based IDS/IPS, 196
endpoint security, 293
IPS/IDS attacks, 258
remote access networks, 230
rule-based (heuristic) IDS/IPS, 196
signature-based IDS/IPS, 195
Snort IDS, writing rules, 259
IETF (Internet Engineering Task Force), RFC, 643
IFB (Invitations For Bids). See RFQ
ifconfig command, 435
IKE (Internet Key Exchange), 217, 581
IM (Instant Messaging), 340, 345, 349, 625-627
IMA (Integrity Measurement Architecture), boot loaders, 318
imaging disks, 464
IMAP (Internet Message Access Protocol) and email, 627
IMPACT, 423
impact, severity of data breaches, 478
implementation stage (SDLC), 666
in-house developed applications/software, 493
incident response/recovery, 449
audits, 461
chain of custody, 461-463, 470-471
continuity planning, 465
COOP, 465
cyber incident response plans, 144
data breaches, 454-463, 470-471, 478-480
dcfldd command, 471
dd command, 471
enticement, 83
entrapment, 83
events, 83
foremost command, 477
forensic analysis, 464
heuristics/behavioral analytics, 460
hunt teaming, 460
incident detection/response, 458
incident response teams, 454-455, 469
memcpy command, 476
nbstat command, 473
nc command, 475
netstat command, 474
post-incident response, 480-481
process of, 81, 454-457, 461-463, 470-471
review systems, 461
rules of engagement, 83
search/seizure, 463
security logs, 461
surveillance, 463
tcpdump command, 472
incremental backups, 466
incremental software development method, 691
inductance-enabled mobile payments, 341
industrial/scientific equipment, 279
INE (In-line Network Encryptors), 198, 231
inference, 498
information
disclosure policies, 630
gathering (reconnaissance), 385
ISCP, 144
tangible/intangible value/costs (risk assessments), 138-139
Infrastructure mode (WLAN), 308
infrastuctures, CIP plans, 144
ingress filters (DLP), 242
inherent risk, risk assessment, 140
initiate/plan phase (SDLC), 674
initiation phase (SDLC), 665
input validation, application vulnerabilities, 360-362, 366
insider threats, incident response/recovery, 459
insurance, HIPAA, 46
integer overflow attacks, 367
integration
acquisitions, 501
application integration, 504-507, 564-565
CI, software development, 698
data flow analysis for changing business needs, 487, 488
delegating, networks, 502
demergers/divestitures, 501
design considerations, 501
interoperability issues, 491-494
mergers, 501
resource provisioning/deprovisioning, 500-501
segmenting, networks, 502
storage integration, 504
testing, 705
integrity
CIA triad, categorizing data, 99-100
file integrity monitoring, 437
integrity services, data flow enforcement, 243
interfaces
data, host security, 305
dedicated interfaces, host security, 303-305
design (SDD), 701
loopback interfaces, 305
management interfaces, host security, 304
OOB interfaces, 303
testing, 688
weak interfaces, cloud storage, 337
interference detection/avoidance, wireless controllers, 209
internal/external audits, 403-404
interoperability issues with integrated solutions, 491-494
inventory control, 450-451, 709
investments (ROI/TCO), 131-134
IoT (Internet of Things), deception technology, 708
IP video, 275
IP-based access control, 277
ipconfig command, 434
IPsec (Internet Protocol Security), 216-218, 260, 301, 580-581
IPS (Intrusion Prevention Systems). See IDS/IPS
IPv4 (Internet Protocol version 4), 222-224
IPv6 (Internet Protocol version 6), 222-224
IR (Infrared) cameras, 444
IrDA (Infrared Data Association), host security, 307
iris scanning (biometrics), 344, 545
IriusRisk, threat modeling, 648
ISA (Interconnection Security Agreements), 72
ISAKMP (Internet Security Association and Key Management Protocol), 217, 581
ISCP (Information System Contingency Plans), 144
ISECOM (Institute for Security and Open Methodologies), OSSTMM, 163
ISMS (Information Security Management Systems), 110-112
ISO (International Organization for Standardization), 52, 110-112, 162, 680
isolating data, data security in integrated solutions, 498
issue-specific security policies (FERMA Risk Management Standard), 166
IT governance, 148-166, 726-727
ITIL (Information Technology Infrastructure Library), 120
J
JAD (Joint Analysis Development) model, software development, 694
Jad Debugger, 441
jailbreaking mobile devices, 339
Javasnoop, 441
job rotation, security policies, 79
John the Ripper, 428
journaling (remote), 469
JSM (Java Security Model), 374
JSON (JavaScript Object Notation), 372-373
judgment in problem-solving, 187
JVM (Java Virtual Machines), 373
K
Kali Linux, Metasploit, 423
Kennedy-Kassebaum Act. See HIPAA
Kerberos authentication, 565
kernel proxy firewalls, 204, 233, 236
key escrow, 606
key management, ISAKMP, 581
key recovery, 606
key stretching (key strengthening), 572
keystroke dynamics, authentication, 545
Knapsack, 588
knowledge factor authentication, 538
KnTTools, 384
KPI (Key Performance Indicators), 178-180
KRI (Key Risk Indicators), 178-180
L
L2TP (Layer 2 Tunneling Protocol), 216
laptops
cable locks, 444
TPM chips, 339
latency, analyzing security solutions, 184
launches (measured), 317
laws
Basel II, 48
CFAA, 47
Computer Security Act, 47
diverse industries, integrating, 46-50
ECPA, 49
Federal Privacy Act, 47
FISA, 49
GLBA, 47
Health Care and Education Reconciliation Act, 49
HIPAA, 46
Identity Theft Enforcement and Restitution Act, 47
PCI DSS, 48
PIPEDA, 48
Sarbanes-Oxley (SOX) Act, 46
LDAP (Lightweight Directory Access Protocol), 564-565
leaking data, web conferencing, 621
least functionality, principle of, 290
least privilege, principle of, 80-81
legacy systems, interoperability issues with integrated solutions, 491
legal advocacy, 70
legal compliance, 70
legal counsel, security requirements/goals, 724
legal holds, 454
legal ramifications of data breaches, 480
legal requirements, integrating diverse industries, 46-50
lessons learned reports (incident response/recovery), 480
liabilities (downstream), 58
libraries
software libraries, 672
standard libraries, 679
third-party libraries, 369
life cycle of information, 89-90
lightweight code reviews, 388, 686
likelihood of threats, 128-130
Linux
command shell, host security, 301
Kali Linux, Metasploit, 423
passwords, 544
Perl, swatch script, 425
SELinux, trusted OS, 289
live migration, cloud computing virtualization vulnerabilities, 529
load balancers, 209-211, 233, 253
local exploitation frameworks, 436
local policies (Group Policy), 300
location factor authentication, 538
lockout policies, passwords, 543
Logentries, 438
Loggly, 438
logical (technical) controls, 106-107, 725
logical deployment diagrams, integrated solutions, 502-504
logins, credential breaches, 624
logs
analyzing425-426, 438-439, 464
audits, incident response/recovery, 461
collecting, SIEM, 425
event log policies (Group Policy), 300
log reduction/analysis tools, 425-426, 438-439
monitoring, endpoint security, 295-297
security logs, incident response/recovery, 461
SIEM, log collection, 425
software assurance, 677
transaction log backups, 467, 719
loopback interfaces, 305
Lost Android app, 332
lost/stolen devices, 388
LPE (Local Privilege Escalation) attacks, 377
Lpogz.io, 438
M
MAC (Mandatory Access Control), 551
MAC addresses, port security, 263
MAC filters, host security, 312
Sticky Mac, 263
MAC (Message Authentication Code), 577-578
machine learning/AI (Artificial Intelligence), researching security trends, 653
magnitude of impact (risk impact), 128
maintenance
analyzing security solutions, 185
BCP, 148
documenting, 671
maintenance/operational stage (SDLC), 666
release/maintenance phase (SDLC), 676
SDLC, 670
temporary roll backs, 670
updates, 670
malware
document collaboration, 624
email, 630
IM, 626
mobile device security/privacy, 344
sandboxing, 383
social media, 391
storage collaboration, 624
MAM (Mobile Application Management), 56
man-in-the-middle attacks, 218
management interfaces, host security, 304
management plane (networks), 254
management/administration (executive)
administrative controls, 104-105
CFO, 721
CIO, 721
CPO, 721
CSO, 721
facilities managers, 723
physical security managers, 723-724
security controls/processes, 724-725
security requirements/goals, 720-721
managing
assets (inventory control), 709
content, mobile devices, 331
context-aware authentication/management, 334
data, mobile devices, 331
keys, ISAKMP, 581
network management/monitoring tools, 255-260
OOB interfaces, 303
passwords, 543
risk. See risk management
spectrum management and tethering, 342
state, 376
storage, HSM, 469
top-level management, risk, 54
user behaviors, 39
vendors, 41
mandatory vacations, security policies, 80
mantraps, 277
mapping/deployment diagrams, integrated solutions, 502-504
master test plans, 702
MD2 (Message Digest 2) algorithm, hashing, 574
MD4 (Message Digest 4) algorithm, 574
MD5 (Message Digest 5) algorithm, 266, 574
MD6 (Message Digest 6) algorithm, 574
MDM (Mobile Device Management), 56-57, 329
Measured Boot, 318
measured launches, 317
media
analyzing, 464
backup media, 467
libraries, archiving data, 453
medical sensors/devices (wearable technology), 348-350
memcpy command, 476
memory
data-in-memory processing, 581
FATKit, 385
KnTTools, 384
leaks, application vulnerabilities, 367
Memdump memory-reading tool, 384
memory cards, ownership factor authentication, 539
secure memory and SoC, 272
mergers/acquisitions, 42-44, 501
mesh networks, 228
message authentication, 577-578
Metasploit, 423
metrics (security), 177
availability, 185
capability, 185
cost/benefit analysis, 186
latency, 184
maintainability, 185
performance, 183
recoverability, 186
scalability, 184
usability, 185
Microsoft Baseline Security Analyzer, 428
Microsoft SDL File/Regex Fuzzer, 685
mics (recording), host security, 314
migration (live), cloud computing virtualization vulnerabilities, 529
MIL, CRR assessments, 169
military/government classifications (information classification), 90
MIME (Multipurpose Internet Mail Extensions), 596
mirroring (screen), mobile devices, 330
misconfigurations/nonmalicious threats, incident response/recovery, 459
misuse case (negative) testing, 687
mitigating risk. See risk management
MMS (Multimedia Messaging Service), mobile device security/privacy, 345
mobile applications, social media attacks, 390
mobile devices. See also wearable technology
BYOD, 332
configuration profiles (MDM), 329
containerization, 329
content management, 331
COPE, 332
data management, 331
encryption, 610
full disk encryption, 718
geolocation, 335
latest attacks, researching, 645
lost/stolen devices, 338
personally owned, corporate-enabled mobile device policies, 330
remote assistance, 330
SCEP, 332
security/privacy, 336-341, 344-345, 350
TPM chips, 339
tracking, 718
updates, 331
user behavior and authentication, 335
VPN, 333
Mobile Wallet, 341
MODAF (British Ministry of Defense Architecture Framework), 113
monitoring
auditing/monitoring services, data flow enforcement, 243
continuous monitoring/improvement, 86, 141
file integrity monitoring, 437
logs, endpoint security, 295-297
monitoring/accepting phase (software acquisitions), 679
network management/monitoring tools, 256-260
RUM, 687
synthetic transaction monitoring, 686
user behaviors, 40
motivation (likelihood of threat), 129
MOU (Memorandums Of Understanding), 73
MPTD (Maximum Period Time of Disruption), 146
MSA (Master Service Agreements), 75
MS-CHAP v1 (Microsoft Challenge Handshake Authentication Protocol v1), 224-225
MS-CHAP v2 (Microsoft Challenge Handshake Authentication Protocol v2), 225
MSRD (Microsoft’s Security Risk Detection), 685
MSSP (Managed Security Service Providers), 527
MTBF (Mean Time Between Failures), 146, 249
MTD (Maximum Tolerable Downtime), 146
MTTR (Mean Time To Repair), 146, 249
multi-factor authentication, 548
multihomed firewalls, 207, 239
multitenancy cloud computing model, public clouds, 515-516
MX (Mail Exchange) records, 395, 506
MyAppSecurity, threat modeling, 648
N
NAC (Network Access Control), 55, 199, 232, 269-271, 644
NAP (Network Access Protection), 269
nbstat command, 473
nc (Netcat) command, 475
NDA (Non-Disclosure Agreements), 74
negative (misuse case) testing, 687
NetBIOS, nbstat command, 473
netstat (network status) command, 429-430, 474
NetworkMiner fingerprinting tool, 386
networks
administrators, security requirements/goals, 720
analyzing, 464
automation systems, 274
configuring components, 246-253
control plane, 254
data flow enforcement, 244-245
data plane, 254
de-perimeterization of boundaries, 54-59
delegation, integrated solutions, 502
DLP, 242
enumerators, 420
HVAC controllers, 276
integration solutions, 487-504
IP video, 275
management plane, 254
management/monitoring tools, 255-260
mesh networks, 228
physical access control systems, 277
SAN, 253
scientific/industrial equipment, 279
SDN, 254
security assessment tools, 411-426
sensors, 277
testing, 646
virtual networks, researching latest attacks, 645
vulnerability scanners, 413, 419
new technologies/systems/services, security trends/threats, researching, 641-642
NFC (Near Field Communication), 307, 340-341
NFS (Number Field Sieve), 587
NGFW (Next-Generation Firewalls), 205, 236
NIST (National Institute of Standards and Technology)
Framework for Improving Critical Infrastructure Cybersecurity, 160
risk management frameworks, 149-158
SP 800 Series, 115-117, 137, 143, 150-158, 280, 673
Nmap (Network Mapper), 411
no access (authorization), default to, 553
non-removable data storage, 337
nonmalicious threats/misconfigurations, incident response/recovery, 459
nonpersistent agents (NAC), 270
nonpersistent/persistent data, resiliency issues with integrated solutions, 495
NOP (No-Operation) slides, 365-366
notifications (push), mobile device security/privacy, 339
NPV (Net Present Value), ROI, 132
NS records (DNS), 395
nslookup command, 396-397, 435
numeric passwords, 542
NX (No Execute) bits (processors), 682
O
OAKLEY, 581
OAuth (Open Authorization), 553
object tracking technologies, 709-711
occupant emergency plans, 144
OCSP (Online Certificate Status Protocol), 604, 608
OCTAVE (Operationally Critical Threat, Asset and Vulnerability Evaluation), 120
OEM/carrier Android fragmentation, 340
OFB (Output Feedback) mode (DES), 601
OLA (Operating-Level Agreements), 73
OllyDbg, 441
on-premise cloud computing, 515
onsite assessments, 53
OOB (Out-of-Band) interfaces, host security, 303
OpenID, 561
open message format, asymmetric cryptography, 586
open source software, interoperability issues with integrated solutions, 493
open standards, 489
OpenSSL, 436
operating system (container-based) virtualization, 520
operational activities (SDLC), 669-673
operational/maintenance stage (SDLC), 666
optical jukeboxes, 469
Orange Book (TCSEC), 287
order of volatility (evidence collection), 470-471
organizational security policies (FERMA Risk Management Standard), 165
OS (Operating Systems)
fingerprinting, 657
secure enclaves, 371
vulnerabilities, 377
OSA (Open Source Authentication), host security, 312
OSINT (Open Source Intelligence), 390-397
OSSTMM (Open Source Security Testing Methodology Manual), 163
OTP (One-Time Passwords), 542
outages
BCP outage impacts/downtime, 146
revenue loss during outages, ROI, 131
over-the-air updates, 331
over the shoulder code reviews, 388
overwriting hard drives, 673
OWASP (Open Web Application Security Project), 355, 362, 648, 680
ownership
factor authentication, 538-539
P
PaaS (Platform as a Service), public clouds, 516
packets
capturing, 657
deep packet inspection, 242
NOP slides, 365
sniffing, 414-415. See also eavesdropping
pair programming, 388
palm/hand scans, authentication, 545
PAP (Password Authentication Protocol), 224-225, 394
partial-knowledge testing, 400
partnerships
downstream liability, 58
TCA, 40
passive fingerprinting tools, 386
passwords, 224-225, 394, 427-428, 540-544
path tracing, 465
pattern matching, signature-based IDS/IPS, 195
payback (ROI), 132
payloads, configuration profiles (MDM), 329
PCI DSS (Payment Card Industry Data Security Standard), 48
PCR (Platform Configuration Register) hashes, TPM chips, 320
PDP (Policy Decision Points), 555
peer reviews, 706
penetration testing, 384-385, 398-401, 667, 670
PEP (Policy Enforcement Points), 555
performance
baselines, 669
security solutions, analyzing, 183
peripheral devices
mobile payments (credit card readers), 341
Perl, swatch script, 425
permissions
application permissions, 333
granting, 719
SCAP scanners, 418
persistent/nonpersistent data, resiliency issues with integrated solutions, 495
persistent/volatile agents (NAC), 270
personal data theft, wearable technology security/privacy, 350
personal information, PIPEDA, 48
personally owned, corporate-enabled mobile device policies, 330
personnel
BCP, 142
occupant emergency plans, 144
screening, 85
terminating, 86
testing, 646
PFS (Perfect Forward Secrecy), 578
PGP (Pretty Good Privacy), 594, 629
pharming, 389
physical access control systems, 277
physical deployment diagrams, integrated solutions, 502-504
physical reconnaissance, wearable technology security/privacy, 349
physical security
controls/processes, 725
physical security managers, 723-724
physical testing, 646
physiological characteristics (authentication), 539, 544-545
PII (Personally Identifiable Information), 77
PIN, mobile device authentication, 343
ping scans, 386
pinning (public key), 608
PIPEDA (Personal Information Protection and Electronic Documents Act), 48
pivoting, 389
PKI (Public Key Infrastructure)/digital certificates, 548, 603-608
plan/initiate phase (SDLC), 674
planning
CIP plans, 144
continuity planning, 465
crisis communications plans, 144
cyber incident response plans, 144
DRP, 144
ERP, 505
incident response plans, updating, 481
ISCP, 144
occupant emergency plans, 144
worst-case (extreme) scenario planning, 123-125
planning phase (software acquisitions), 679
platforms
PaaS, public clouds, 516
single platform hosts, virtualization and data security, 530
PLC (Programmable Logic Controllers), SCADA, 279
poisoning DNS caches, 506
policies
access control policies, 553
account policies (Group Policy), 300
application wrapping, 330
baselines, 167
BCP policies, developing, 144
BYOD policies, 68
categories of, 167
COPE, 332
data handling policies, 453-454
data retention policies, 451, 500
defined, 65
disclosure policies, 630
diverse industries, integrating, 45
event log policies (Group Policy), 300
FERMA Risk Management Standard, 165-166
file system policies (Group Policy), 301
guidelines, 167
incident response policies, 81-82
IPsec policies on Active Directory (Group Policy), 301
life cycle of, 66
local policies (Group Policy), 300
NAC policies, 644
PDP, 555
PEP, 555
personally-owned, corporate-enabled mobile device policies, 330
privacy policies, incident response/recovery, 458
procedures, 167
processes, 167
public key policies (Group Policy), 301
registry policies (Group Policy), 300
restricted group policies (Group Policy), 300
same-origin policies (AJAX), 374
social media policies, 391
standards, 167
systems services policies (Group Policy), 300
types of, 66
POP (Post Office Protocol), 627
portable media devices, inventory/asset control, 450
ports
authentication, 802.1x, 226, 235
encryption, 591
HDMI ports, host security, 315
scanners, 411
SD ports, host security, 315
system ports, assigning, 264
TCP/UDP port numbers, 265
post-incident response (incident response/recovery), 480-481
PPP (Point-to-Point Protocol), 394, 618
PPTP (Point-to-Point Tunneling Protocol), 216
presence (user availability), 626-627
PRI (Product Release Information) updates, 331
Principles of Privacy (EU), 49
print recognition, authentication, 546
privacy/security
CPO, 721
EU Principles of Privacy, 49
EU Safe Harbor Privacy Principles, 49
Federal Privacy Act, 47
health privacy, wearable technology security/privacy, 350
impact ratings, 675
incident response/recovery, 458
PII, 77
policies, 458
private clouds, 42, 513-514, 651
privileges
elevation of, 528
least privilege, principle of, 80-81
PRL (Preferred Roaming List) updates, 331
PRNG (Pseudo-Random Number Generators), 578
problem-solving, judgment in, 187
procedural design (SDD), 701
procedures
types of, 67
processes
BCP critical processes/resources, 145
forensic investigations, 84
life cycle of, 66
risk assessment, 137
types of, 67
updating, 67
processors, 682
productivity loss, ROI, 131
profiling, social media, 659
programmers, security requirements/goals, 718-719
proposals (bidding), RFP, 76
protection profiles (CC), 288-289
protocols
anomaly-based IDS/IPS, 196
interoperability issues with integrated solutions, 494
prototyping
security solutions, 181
software development method, 691
provisional accreditation, 676
provisioning/deprovisioning resources, integrated solutions, 500-501, 531
proxies, remote access networks, 233
proximity authentication devices, 442
proximity readers, 277
proxy firewalls, 203-204, 233, 236
proxy servers, 210
PST (Provisioning Service Targets), SPML, 556
public clouds, 41, 513-516, 651
public key cryptography, digital signatures, 577
public key pinning, 608
public key policies (Group Policy), 301
push notification services, mobile device security/privacy, 339
push-based authentication, 550
PVS (Passive Vulnerability Scanners), 213
Q
qualitative risk analysis, 126-127
quality of coding, 683
quantitative risk analysis, 127
quarantine/remediation (NAC), 270
quotes (bidding), RFQ, 76
R
RA (Registration Authorities), 605
RA (Request Authorities), SPML, 556
race conditions, application vulnerabilities, 367-368
RAD (Rapid Application Development) model, software development, 692
radio frequencies
restrictions, mobile device security, 336
spectrum management, 342
RADIUS (Remote Authentication Dial-In User Service), 226, 563-564
RAID (Redundant Array of Inexpensive/Independent Disks), 249-253
Rainbow Series (TCSEC), 287
ransomware, 647
RAT (Remote Access Trojans), 647
RBAC (Role-Based Access Control), 81, 551
RDBMS (Relational Database Management System), identity propagation, 558
RDP (Remote Desktop Protocol), 220
reclassification of data, 44
reconnaissance
information-gathering, 385
physical reconnaissance, wearable technology security/privacy, 349
record-level encryption, 589-591
recording mics, host security, 314
recoverability, analyzing security solutions, 186
recovery
BCP recovery priorities, 147-148
MTBF, 146
MTD, 146
recovery controls, 104
RPO, 146
RTO, 146
WRT, 146
red team exercises, security assessments, 405
reducing
attack surfaces, 206
redundancy
hardware, 248
resiliency issues with integrated solutions, 496
Regex Fuzzer, 685
registry policies (Group Policy), 300
regulations
diverse industries, integrating, 45-50
export controls, 45
policies/procedures, updating, 69
regulatory entities, 53
release/maintenance phase (SDLC), 676
remanence, 454
remediation/quarantine (NAC), 270
remnants (data), 673
application vulnerabilities, 369
cloud computing virtualization vulnerabilities, 529
data security in integrated solutions, 497-498
resource provisioning/deprovisioning, 501, 531
remote access
network design, 215-226, 229-237, 240
RAT, 647
remote administration, 618
resources/services, 618
SSL, 618
remote activation/deactivation (unauthorized), wearable technology security/privacy, 349
remote administration, 618
remote assistance, 330, 620-621
remote journaling, 469
remote locks, mobile devices, 718
remote wiping devices, 332, 450, 718
removable data storage, 337
repairs
costs, ROI, 131
MTTR, 146
replication, backups, 469
reports
after-action reports, security control reviews, 177
SOC reports, 404
reputation (ROI), loss of, 131
Request Timed Out code (ping command), 432
requirements/goals
gather phase (SDLC), 674
requirements definitions lists, 701
SRTM documents, 700
researching security trends/threats
emerging business tools, 651-653
emerging threat sources, 660
evolving technologies, 642
global IA industry/community, 653-659
new technologies/systems/services, 641-642
RFC, 643
resetting passwords, 543
residual risk, risk assessment, 140
resiliency issues with integrated solutions, 494-496
resources
BCP critical processes/resources, 145
BCP resource requirements, 147
exhaustion, application vulnerabilities, 368
provisioning/deprovisioning, 500-501, 531
REST (Representational State Transfer), 372-373
restricted group policies (Group Policy), 300
retina scans, authentication, 545
reusing
assets, 673
codes, application vulnerabilities, 370
revenue loss during outage, ROI, 131
reverse engineering, 177, 440-441, 464
review systems, incident response/recovery, 461
reviewing
logs, 658
processes, 67
RF (Radio Frequencies), host security, 308-311
RFC (Requests For Comments), 643
RFC 2138, RADIUS, 564
RFI (Requests For Information), 76
RFID (Radio Frequency Identification), 313, 444, 710-711
RFP (Requests For Proposal), 76
RFQ (Requests For Quotes), 76
Rijndael algorithm, AES, 583
RIPEMD-160, 576
risk management/mitigation, 726-727
appetite, defined, 135
auditors, 52
client requirements, 53
competitors, 52
continuous improvement/monitoring, 141
COSO ERM, 163
detection, MSRD, 685
diverse industries, integrating, 44-51
downstream liability, 58
due care, 59
due diligence, 59
emerging risks, updating policies/procedures, 70
FERMA Risk Management Standard, 164-166
impact of (magnitude of risk), 128
ISO/IES 27005:2008 risk management process, 162
likelihood of threats, 128-130
magnitude of impact (risk impact), 128
NIST Framework for Improving Critical Infrastructure Cybersecurity, 160
OSSTMM, 163
partnerships, 40
policies/procedures, 70
profiles, 39
regulatory entities, 53
risk assessments, 125-126, 137-140
risk management frameworks, NIST, 149-158
risk profiles, 39
security control frameworks, 109-120, 123, 162-163
software assurance, 678
source code escrow, 39
SRTM, 108
technical risk, translating in business terms, 134-135
telecommuting, 55
top-level management, 54
updating policies/procedures, 70
user behaviors, 39
worst-case (extreme) scenario planning, 123-125
robo hunters, 708
ROI (Return on Investment), 131, 186
roll backs (temporary), 670
root-cause analysis (incident response/recovery), 480
rooting mobile devices, 339
rotating jobs, security policies, 79
rotation schemes (backups), 467-468
routers
access lists, 305
MD5 authentication, 266
network segmentation, 269
remote access networks, 233
route protection, 266
RTBH routing, 267
security, 210
transport security, 260
RPO (Recovery Point Objective), 146
RTBH (Remotely Triggered Black Hole) routing, 267
RTO (Recovery Time Objective), 146
RTU (Remote Terminal Units), SCADA, 279
rules
access control, 552
diverse industries, integrating, 44-45
engagement, incident response, 83
export controls, 45
IDS/IPS, 196
Snort IDS rules, writing, 259
RUM (Real User Monitoring), 687
runtime data integrity checks, SoC, 273
runtime debugging, 385
S
S/flow (Sampled Flow), data flow enforcement, 244
S/MIME (Secure MIME), 596
SA (Security Associations), IPsec, 580
SaaS (Software as a Service), public clouds, 516
SABSA (Sherwood Applied Business Security Architecture), 113-114
Safe Harbor Privacy Principles (EU), 49
safe harbors, 50
sales staff, security requirements/goals, 717-718
same-origin policies (AJAX), 374
SAML (Security Assertion Markup Language), 560-562
SAN (Storage Area Networks), 253
Sarbanes-Oxley (SOX) Act, 46
SAS (Statement on Auditing Standards) 70, 403
SC (Security Categories), aggregate CIA scoring, 101-102
SCADA (Supervisory Control and Data Acquisition), 279-280
scalability, analyzing security solutions, 184
scanners
vulnerability scanners, 213-214, 235
SCAP (Security Content Automation Protocol), 416-419, 437
SCEP (Simple Certificate Enrollment Protocol), mobile devices, 332
scientific/industrial equipment, 279
scope
BCP, 142
severity of data breaches, 478
scoring (aggregate CIA), 101-102
screen mirroring, mobile devices, 330
screened host firewalls, 207-208, 239
screening personnel, 85
scripting (XSS), application vulnerabilities, 356
scrubbing, defined, 296
SD Elements, threat modeling, 649
SD ports, host security, 315
SDD (Software Design Documents), 701
SDL File/Regex Fuzzer, 685
SDLC (Systems Development Life Cycle), 665-673
SDN (Software-Defined Networking), 254
sealing TPM chips, 319
SEAndroid (Security-Enhanced Android), 289
search engines, 397
search/seizure (incident response/recovery), 463
search warrants, 463
SecaaS (Security as a Service), 527
secure boot, 317
secure message format, asymmetric cryptography, 586
secure volumes, 521
securiCAD, threat modeling, 648
security
assessments, 383-405, 411, 414-444
auditing, 88
BIA, 72
BPA, 74
Computer Security Act, 47
controls/processes, 175-177, 724-725
deconstructing/reverse engineering security solutions, 177
EU Electronic Security Directive, 50
events versus incidents, 83
forensic investigations, 84
IA, 72
ISA, 72
logs, incident response/recovery, 461
MOU, 73
MSA, 75
NDA, 74
OLA, 73
PCI DSS, 48
prototyping solutions, 181
reverse engineering/deconstructing security solutions, 177
security control frameworks, 109-123, 162-163
SLA, 73
SRTM, 108
testing solutions, 181
threats, likelihood of, 128-130
transport security, 260
trends/threats, researching, 640-660, 708-709
unauthorized remote activation/deactivation, 349
worst-case (extreme) scenario planning, 123-125
segmenting networks, integrated solution, 502
seizure (search and), incident response/recovery, 463
self-assessments (security-based), 402
SELinux (Security-Enhanced Linux), trusted OS, 289
sensitive data, improper storage of, 362
separation of duties, security policies, 78-79
sequence-based versioning, 698
servers
application virtualization (terminal services), 322-323
client-side processing versus, 371-376
email servers and spam, 629
proxy servers, 210
RADIUS servers, 564
resource provisioning/deprovisioning, 501
single server hosts, virtualization and data security, 530
service packs, patch management, 293
services
discovery, 657
remote access, 618
security trends/threats, researching, 641-642
session hijacking, 359
SET (Secure Electronic Transactions), 580
SFC (System File Checker), switches, 437-438
SGX (Software Guard Extensions), 581
SHA-0 (Secure Hash Algorithm 0), 575
SHA-1 (Secure Hash Algorithm 1), 575
SHA-2 (Secure Hash Algorithm 2), 575
SHA-3 (Secure Hash Algorithm 3), 575
sharing applications/desktops, 619-620
shoulder surfing, 389
SHTTP (Secure HTTP), 580
side loading applications, 334
SIEM (Security Information and Event Management), 199, 232, 425-426
signatures
electronic, 50
IDS/IPS, 195
signature dynamics, authentication, 545
SIMPLE (Session Initiation Protocol for Instant Messaging and Presence Leveraging Extensions), 627
single platform hosts, virtualization and data security, 530
single server hosts, virtualization and data security, 530
single-factor authentication, 538
single-tenancy cloud computing model, 515
Six Sigma, 121
SKA (Shared Key Authentication), host security, 313
slack space analysis, 464
SLA (Service-Level Agreements), 73, 249, 531
SLE (Single Loss Expectancy), magnitude of risk (risk impact), 128
SLIP (Serial Line Internet Protocol), dial-up connections, 618
smart cards, ownership factor authentication, 539
smart watches, 346
SMS (Short Message Service), mobile device security/privacy, 345
SMTP (Simple Mail Transfer Protocol), 628
sniffing (packet), 257-258, 414-415. See also eavesdropping
snooping, VoIP, 631
Snort IDS, writing rules, 259
SOA (Service-Oriented Architectures), integration solutions, 506
SOA (Statements of Applicability), 72
SOA records (DNS), 395
SOAP (Simple Object Access Protocol), 376. See also WSS
SoC (System on a Chip), 271-274, 345
SOC reports, 404
social engineering attacks, 388-389, 626, 659
social media
collaboration sites, 632
evolving platforms, 650
malware, 391
policies, 391
profiling, 659
trust an, 390
software
acceptance testing, 678
acquiring, 679
analyzing, 464
antimalware, 291
antispyware, 291
COTS software, 493
deploying, secure design, 356
development methods, 688
IaaS, public clouds, 516
in-house developed applications/software, 493
libraries, 672
open source software, 493
regression testing, 678
SaaS, public clouds, 516
secure design, 355
standard libraries, 679
tailored commercial (commercial customized) software, 493
updates, 670
Software Verify tool, runtime debugging, 385
Solaris 10, TrustedSolaris, 290
source (likelihood of threat), 130
source code escrow, 39
sovereignty of data, 50-51, 499
SOW (Statements of Work), 75
SP 800-35, 115
SP 800-36, 115
SP 800-37 Rev. 1, 115, 156-158
SP 800-50, 116
SP 800-53A Rev. 4, 116, 152-153
SP 800-60 Vol. 1 Rev. 1, 116, 150-151
SP 800-84, 116
SP 800-86, 116
SP 800-92, 116
SP 800-115, 116
SP 800-122, 116
SP 800-123, 116
SP 800-137, 116
SP 800-144, 117
SP 800-145, 117
SP 800-146, 117
SP 800-150, 117
SP 800-153, 117
SP 800-154 (Draft), 117
SP 800-161, 117
SP 800-162, 117
SP 800-163, 117
SP 800-164, 117
SP 800-167, 117
SP 800-175A and B, 117
SP 800-181, 117
SP 800-183, 117
spear phishing, 628
spectrum management and tethering, 342
SPF (Sender Policy Framework), email validating, 628
spiral model, software development, 692, 698
SPML (Service Provisioning Markup Language), 556
SPOF (Single Point of Failure), 253
spoofing attacks, 261, 522, 628
spyware, 291
SQL injection attacks, 360-362
SRK (Storage Root Keys), TPM chips, 319
SRTM (Security Requirements Traceability Matrix), 108, 700
SSAE 16 audits, 404
SSID (Service Set Identifiers), 308, 312
SSL (Secure Sockets Layer), 218, 579, 595, 618
SSO (Single Sign-On), 540, 548-549, 558-560, 565
stakeholders, security, 100, 717-726
standard libraries, 679
standard word passwords, 541
standards, 167
adherence to, 489
competing standards, integration solutions, 490
de facto standards, integrate solutions, 490
ISO/IEC 27000 series, software development best practices, 680
lack of standards in integration solutions, 490
open standards, 489
secure coding standards, 700
stapling (OCSP), 608
stateful matching, signature-based IDS/IPS, 195
state management, 376
static passwords, 541
static testing, 686
statistical anomaly-based IDS/IPS, 196
Sticky Mac, 263
stolen/lost devices, 338
storage
cloud storage (end-user), 650
cookies, 364
data storage, 336-338, 362, 451-452
HSM, 469
integration solutions, 487-504
media, disposal of, 453
storage keys, TPM chips, 320
stream ciphers, 584-585, 597-598
swatch script (Perl), 425
swipe patterns, mobile device authentication, 343
switches
network segmentation, 269
remote access networks, 232
spoofing, 261
transparent bridging, 201
transport security, 260
symmetric algorithms, 582-585, 599-602
symmetric cryptography, 588, 602
synthetic transaction monitoring, 686
systems
applications, 334
failures (authentication), cloud storage, 337
lockdown. See configuring, configuration lockdown
ports, assigning, 264
process criticality, severity of data breaches, 479
requirements (SDLC), 667
security policies (FERMA Risk Management Standard), 166
security trends/threats, researching, 641-642
services policies (Group Policy), 300
testing, 646
T
tabletop exercises, security self-assessments, 403
TACACS+ (Terminal Access Controller Access-Control System Plus), 226
tags
ARAT systems (RFID), 710
ARPT systems (RFID), 710
double tagging, 261
RFID tags, 313
trunking security, 261
tailgating, 277
tailored commercial (commercial customized) software, 493
tampering, anti-tamper technology, 338
tape vaulting, 469
target penetration testing, 399
Tastic RFID Thief, 444
Tavares and CAST, Stafford, 585
TCA (Third-Party Connection Agreements), 40
TCO (Total Cost of Ownership), 133-134, 186
TCP/UDP, port numbers, 265
tcpdump command, 472
TCSEC (Trusted Computer System Evaluation Criteria), 287. See also CC
TDE (Transparent Data Encryption), 719
TDF (Trusted Data Format), 494
technical (logical) controls, 106-107, 725
technical risk, translating in business terms, 134-135
technologies, researching security trends/threats, 641-642
telemetry systems, SCADA, 279
temporal metric group (CVSS), 416
temporary roll backs, 670
Teredo, 223
terminal services, host security, 322-323
terminating personnel, 86
test data method, 668
test/evaluation phase (SDLC), 668
tests
BCP, 148
black box (zero-knowledge) testing, 400-401
blind penetration testing, 399
document exchanged/reviews, 53
double-blind penetration testing, 399
dynamic testing, 686
formal code reviews, 686
full-knowledge testing, 400
GUI testing, 688
integration testing, 705
interface testing, 688
level-specific test plans, 702
lightweight code reviews, 686
misuse case (negative) testing, 687
network testing, 646
onsite assessments, 53
partial-knowledge testing, 400
peer reviews, 706
penetration testing, 398-401, 667, 670
personnel testing, 646
physical testing, 646
policy reviews, 53
process reviews, 53
security solutions, 181
static testing, 686
systems testing, 646
target penetration testing, 399
test coverage analysis, 687
test data method, 676
test/validate phase (SDLC), 676
type-specific test plans, 702
unit testing, 704
user acceptance testing, 705
verification testing, 676
zero-knowledge (black box) testing, 400-401
texting
encrypted IM, mobile device security/privacy, 340
encrypted/unencrypted communication, wearable technology security/privacy, 349
MMS, 345
mobile device security/privacy, 340, 345
theft of personal data and wearable technology security/privacy, 350
third-party libraries, application vulnerabilities, 369
third-party outsourcing, 41, 58-59
threats
agents, 139
current threats, knowledge of, 646-647
emerging business tools, 650-653
emerging threats, 660, 706-707
evolving technologies, 642
global IA industry/community, 653-659
identifying, risk assessments, 139
insider threats, 459
likelihood of threats, 128-130
new technologies/systems/services, 641-642
nonmalicious threats/misconfigurations, 459
RFC, 643
robo hunters, 708
threat intelligence, 643-649, 707
Threat Modeling Tool, 648
three-legged firewalls, 207, 239
throughput rate (biometrics), 546
time of check/time of use attacks, 367-368
time-based restrictions, mobile device security, 336
TLS (Transport Layer Security), 218-219, 579, 595
TOGAF (The Open Group Architecture Framework), 113
token devices, ownership factor authentication, 539
tokenization, mobile device security/privacy, 340
tokens, 607
top-level management, risk management, 54
topology discovery, 656
TOTP (Time-Based One-Time Password) algorithm, authentication, 540
TPM (Trusted Platform Module) chips, 315, 319-320, 339, 520, 558
traceroute tool, 395
tracert tool, 395
tracert/traceroute command, 433
tracing paths, 465
tracking
devices, 450
geolocation/GPS devices, 709-711
mobile device, 718
object tracking technologies, 709-711
unauthorized tracking, 624
traffic anomaly-based IDS/IPS, 196
training, BCP training/exercises, 148
transaction log backups, 467, 719
transactional security, 580
transfer risk reduction strategy, 136
transferring data to uncontrolled storage, 338
transparent bridging, 201
transponders (RFID), 313
transport security, 260
Treadway Commission Framework, COSO, 119
trends/threats of security, researching
emerging business tools, 650-653
emerging threat sources, 660
evolving technologies, 642
global IA industry/community, 653-659
new technologies/systems/ services, 641-642
RFC, 643
trust
circles of (SAML), 560
social media and, 390
trusted OS (Operating Systems), 287-290
trusted third-part (bridge) model (federated identities), 560
TrustedSolaris, 290
TSIG (Transaction Signatures), 506
TT&E (Testing, Training and Exercises), BCP, 148
TTL (Time to Live), DNS records, 506
tumbler locks, 442
Type 1 hypervisors, 519
Type 2 hypervisors, 519
Type I errors. See FRR
Type II. See FAR
Type III authentication. See characteristic factor authentication
U
UDP (User Datagram Protocol), port numbers, 265
UEFI (Unified Extensible Firmware Interface), boot loaders, 318
unauthorized domain bridging, mobile device security/privacy, 344
unauthorized remote activation/deactivation, wearable technology security/privacy, 349
uncontrolled storage, transferring/backing up data to, 338
unencrypted/encrypted communication, wearable technology security/privacy, 349
unified collaboration tools, 621-634
uninvited guests, web conferencing, 621
unit testing, 704
UNIX
command shell, host security, 301
passwords, 544
traceroute tool, 395
unsecure direct object references, application vulnerabilities, 356
unsigned applications, 334
updates
FOTA updates, 331
incident response plans, 481
mobile devices, 331
over-the-air updates, 331
PRI updates, 331
PRL updates, 331
processes, 67
temporary roll backs, 670
Zeeis updates, 331
URL (Uniform Resource Locators), document collaboration, 624
usability, analyzing security solutions, 185
USB (Universal Serial Bus) devices, 306, 338, 342, 607
users
acceptance testing, 705
end-user cloud storage, 650
hijacked accounts, 626
managing, 39
monitoring, 40
personnel testing, 646
PKI and digital certificates, 605
presence (availability), 626-627
resource provisioning/deprovisioning, 500
UTM (Unified Threat Management), 194-195, 230
V
V-shaped software development method, 690
vacations (mandatory), security policies, 80
Valgrind, 441
validate/test phase (SDLC), 676
validating
email, 628
input, application vulnerabilities, 360-362, 366
value (assets/information), risk assessment, 138-139
vascular scans, authentication, 545
vaulting, 469
VDI (Virtual Desktop Infrastructure), 221, 521
verification
Software Verify tool, runtime debugging, 385
verification testing, 676
versioning, software development, 698
vertical privilege escalation, 362
video
IP video, 275
physical access control systems, 277
virtualization, 513
client-based application virtualization (application streaming), 322-323
container-based (operating system) virtualization, 520
data remnants, resource provisioning/deprovisioning, 531
high availability, 513
hyperconverged infrastructures, 521
JVM, 373
secure enclaves, 521
secure volumes, 521
server-based application virtualization (terminal services), 322-323
VDI, 521
virtual devices, resource provisioning/deprovisioning, 501, 531
virtual networks, researching latest attacks, 645
VNC, 330
VPN, 618
viruses, antivirus software, 291, 439
visualization tools, 424
VLAN (Virtual LAN), 198, 260-262, 488
VMEscape, 527
VNC (Virtual Network Computing), 221, 235, 330
voice pattern recognition, authentication, 546
volatile/persistent agents (NAC), 270
volatility, order of (evidence collection), 470-471
volumes (secure), 521
VPN (Virtual Private Networks), 215-219, 235, 333, 618, 718
vulnerabilities
assessments, 401-402, 647, 667, 670, 675
current vulnerabilities, knowledge of, 646-647
CVE, SCAP scanners, 416
emerging threats, adapt solutions, 706-707
firmware, 377
management systems, 402
network vulnerability scanners, 413, 419
OS, 377
risk assessment, 139
vulnerability cycles, 706
vulnerability scanners, 213-214, 235, 428, 523-524
zero-day vulnerabilities, 647, 676
W
WAF (Web Application Firewalls), 212-213, 234, 371
Walt Disney Magic Band and RFID, 710
WAP (Wireless Access Points), 208-209, 239
warded locks, 442
warehouses (data), 494
WASC (Web Application Security Consortium), software development best practices, 680
watches (smart), 346
Waterfall software development method, 689, 694, 697
watermarking (digital), 591, 594
WAYF (Where Are You From), 563
weak interfaces/API (Application Programming Interfaces), cloud storage, 337
wearable technology, 346-350. See also mobile devices
webcams, host security, 314
WEP (Wired Equivalent Privacy), host security, 310-311
whaling, 629
white hats, 656
white team exercises, security assessments, 405
Whois protocol, OSINT, 391
wildcard certificates, 603-604
Windows Group Policy, 299-301, 306
Windows Security Log, 439
Windows Server 2003, passwords, 544
wiping
hard drives, 673
remote wiping devices, 332, 450
wireless controllers, 208-209, 239
wireless devices, host security, 306-313
wireless networks. See WLAN
WLAN (Wireless LAN), 208-209, 232, 308-313
worms, IM, 626
worst-case (extreme) scenario planning, 123-125
WPA (Wi-Fi Protected Access), 311
WPA-PSK, host security, 313
WPA2 (Wi-Fi Protected Access 2), 311
wrapping applications, 330
WRT (Work Recovery Time), 146
WSS (Web Services Security), 681. See also SOAP
X
X.500, DAP, 564
X.509 certificates, 606
XACML (Extensible Access Control Markup Language), 555-556
XHTML (Extensible Hypertext Markup Language), SAML, 560
XML (Extensible Markup Language), 374, 555-556
XMPP (Extensible Messaging and Presence Protocol), 627
XN (Never Execute) bits (processors), 682
XSS (Cross-Site Scripting), 356
Y-Z
Zachman Framework, 112
Zebra, HC1 headset computer, 348
Zeeis updates, 331
Zenmap, 411
Zephyr charts, 546
zero-day vulnerabilities, 647, 676
Zero Knowledge Proof, 588
zero-knowledge (black box) testing, 400-401
zero-trust models, 708
zone transfers (DNS), 395
174.129.190.10