Index

Symbols

3-D Secure, 580

3DES (Triple Digital Encryption Standard), 583-585, 602

6to4, 223

802.1x, 226, 235, 549

802.11 (WLAN), 308-313

A

A (Availability) metric, CVSS, 417

A records (DNS), 395

A/V systems, 278-279

AAAA records (DNS), 395

AC (Access Complexity) metric, CVSS, 417

accept risk reduction strategy, 137

acceptability (biometrics), 546

acceptance testing, 678, 704

accepting/monitoring phase (software acquisitions), 679

access

DAP, 564

EAC, 442

LDAP, 564-565

NAC, 199, 232, 269-271, 644

physical access control systems, 277

SCAP scanners, 418

access control

access control matrices, 552

access control models, 550-553

access control policies, 553

ACL, 54, 210, 246-247, 304-305, 488, 553, 658

administrative (management) controls, 104-105

compensative controls, 103

content-dependent access control, 498

context-dependent access control, 498

corrective controls, 103

DAC, 81

data flow enforcement, 243

detective controls, 103

deterrent controls, 103

directive controls, 103

IP-based access control, 277

logical (technical) controls, 106-107

physical controls, 107-108

preventive controls, 104

RBAC, 81

recovery controls, 104

selecting/implementing based on CIA requirements, 102

accountability and audits, 52

accounts

lockout policies, passwords, 543

managing, 540-541

policies (Group Policy), 300

accreditation, 666, 676

accuracy (biometrics), 546

ACL (Access Control Lists), 54, 210, 246-247, 304-305, 488, 553, 658

acquisition/development stage (SDLC), 666-668

acquisitions

integrated solutions, 501

mergers and, 42-44

software, 679

action factor authentication, 538

activation/deactivation (unauthorized), wearable technology security/privacy, 349

Active Directory, IPsec policies (Group Policy), 301

active fingerprinting tools, 386

ActiveX, 373

AD (Active Directory), 565-566

Ad Hoc mode (WLAN), 309

Adams and CAST, Carlisle, 585

adapt solutions, 706-709

ADC (Application Delivery Controllers), 211

add-ons (browser extensions), 373-374

AddressSanitizer, runtime debugging, 385

Adleman and RSA, Leonard, 586-587

administration

database administration, 719-720

executive administration, 104-105, 720-726

management controls, 104-105, 720-726

network administration, 720

remote administration, 618

security, 105, 724

AES (Advanced Encryption Standard), 583-585, 620

after-action reports (incident response/recovery), 177, 481

agent-based log collection (SIEM), 425

agentless log collection (SIEM), 425

agentless NAC (Network Access Control), 271

aggregate CIA scoring, 101-102

aggregating data, data security in integrated solutions, 498

Agile model, software development, 694-697

agreements, 75-77, 249

AH (Authentication Headers), 216, 580

AI (Artificial Intelligence)

identity management, 708

security trends/threats, researching, 653

AIK (Attestation Identity Keys), TPM chips, 320, 558

air gaps, 269

AJAX (Asynchronous JavaScript and XML), 374

ALE (Annualized Loss Expectancy), magnitude of risk (risk impact), 128

alerts, 259-260

analyzing

behavioral analytics, 460, 708

code, 683-688

communications analysis, 464

content analysis, 464

context analysis, 464

cost/benefits, 186

data analysis, 455, 460

data flow security for changing business needs, 487-488

forensic analysis (incident response/recovery), 464

log reduction/analysis tools, 425-426, 438-439, 464

media, 464

Microsoft Baseline Security Analyzer, 428

network analysis, 464

protocol analyzers, 257-258

risk analysis, 126-127, 678

root-cause analysis (incident response/recovery), 480

security solutions, 183-186

slack space analysis, 464

software, 464

steganography analysis, 464

test coverage analysis, 687

trend analysis, 130, 182, 424

Android

APK format, 334

fragmentation, mobile device security/privacy, 340

Lost Android app, 332

remote wiping, 332

SEAndroid, trusted OS, 289

anomaly-based IDS/IPS, 196

anti-tamper technology, 338

antimalware, 291, 522

antispam services, clouds, 523

antispyware, 291

antivirus software, 291, 439

AP (Access Points), 208-209, 239, 308

API (Application Programming Interfaces), 337, 494, 581

APK (Android Package) format, 334

Apktool, 441

Apple, Xcode 7, 334

applications

API, interoperability issues with integrated solutions, 494

blacklists, 299, 360-362

client-based application virtualization (application streaming), 322-323

client-side processing versus server-side processing, 371-376

Compatibility tab, 492

DAM, 371

deploying, secure design, 356

digital certificates, 606

geofencing, 335

in-house developed applications/software, 493

integration solutions, 487-507

managing, 56, 331

mobile applications, social media attacks, 390

OWASP, 355, 362

permissions, mobile devices, 333

proxies, 203-204, 233, 236

requirements, interoperability issues with integrated solutions, 492

resource provisioning/deprovisioning, 501

sandboxing, 370

secure design, 355

secure enclaves, 371

security frameworks, SDLC, 677

server-based application virtualization (terminal services), 322-323

sharing, 619-620

side loading, 334

standard libraries, 679

streaming, 322-323

system applications, 334

unsigned applications, 334

updates, 670

vulnerabilities, 356-370

WAF, 371

whitelists, 299, 360-362

wrapping, 330

AR (Augmented Reality), mobile device security/privacy, 345

ARAT (Active Reader/Active Tag) RFID systems, 710

ARC4. See RC4

architectures

architecture design (SDD), 701

SOA, integration solutions, 506

archiving data, 453-454

ARO (Annualized Rate of Occurrence), 128, 130

ARPT (Active Reader/Passive Tag) RFID systems, 710

ASLR (Address Space Layout Randomization), 682

assertion tickets, 560

assessments

onsite assessments, 53

risk assessments, 125-126, 137-140

security assessments, 383-405, 411-444

self-assessments (security-based), 402

tools, 411, 414-444

vulnerability assessments, 401-402, 647, 667, 670, 675

assets

commissioning/decommissioning, 668-669

critical asset distribution, 495

disposal of, 672-673

inventory control, 450-451

managing (inventory control), 709

reusing, 673

tangible/intangible value/costs (risk assessments), 138-139

assigning system ports, 264

assurance (software)

acquiring software, 679

auditing, 677

development best practices, 680-688

logging, 677

risk analysis/mitigation, 678

standard libraries, 679

asymmetric cryptography, 585-591, 602-603, 610

attacks

assumed likelihood of attacks, 496

attack surfaces, 206, 675

authentication attacks, 258

Bluejacking, 307

Bluesnarfing, 307

brute force attacks, 427

buffer overflow attacks, 364-366

click-jacking, 358

client-side attacks, 644

CSRF, application vulnerabilities, 357

DDoS attacks, 266

dictionary attacks, 427

DNS harvesting, 395

DoS attacks, 266, 621, 626, 630-631

drive-by download attacks, 377

dronejacking, 647

dumpster diving, 389

eavesdropping, 414. See also packets, sniffing

fault injection attacks, 363-364, 684

firewall attacks, 258

honenets, 647

honeypots, 647

hopping attacks, 261-262

identity theft, 389

integer overflow attacks, 367

IPS/IDS, 258

latest attacks, researching, 644-645

live migration, 529

LPE attacks, 377

malware, 291, 630

man-in-the-middle attacks, 218

NOP slides, 365-366

pharming, 389

phishing, 388, 659

poisoning DNS caches, 506

privilege elevation, 528

race conditions, 367-368

reconnaissance (information-gathering), 385

resource exhaustion, 368

session hijacking, 359

shoulder surfing, 389

snooping, VoIP, 631

social engineering attacks, 388-389, 626, 659

spam, 292, 628-629

spoofing attacks, 261, 628

spyware, 291

SQL injection attacks, 360-362

switch spoofing, 261

time of check/time of use attacks, 367-368

viruses, 291

VLAN hopping, 261-262

VMEscape, 527

whaling, 629

XSS, application vulnerabilities, 356

zero-day attacks, 647

attestation, 557

boot loaders, 319

SAML, 560-562

TPM chips, 558

Au (Authentication) metric, CVSS, 417

audio

A/V systems, 278-279

conferencing, 623

output, host security, 314

auditing, 719

audit logs, 255

audit trails, 88, 296

auditing/monitoring services, data flow enforcement, 243

auditors, risk management, 52

code audits, 718

endpoint security, 295-297

incident response/recovery, 461

internal/external audits, 403, 404

ISO, 52

SAS 70, 403

scrubbing, 296

security audits, 88

SOC reports, 404

software assurance, 677

SSAE 16 audits, 404

Windows audit policies, 297

authentication

802.1, 226, 235

802.1x, 549

account management, 540-541

action factor authentication, 538

AD, 565-566

AH, 216

authentication attacks, 258

biometrics, 343-344, 539, 546-547

certificate-based authentication, 548

CHAP, 224-225, 394

characteristic factor authentication, 538-539, 544-547

context-aware authentication/management, 334, 550

dual-factor authentication, 548

EAP, 225-226

geolocation, 335

gestures, 343

HOTP algorithm, 540

HSM, 211-212, 233

identification and the authentication process, 537

identity management, 540, 559-563

identity proofing, 558

identity propagation, 558

IKE, 581

Kerberos, 565

knowledge factor authentication, 538

LDAP, 564-565

location factor authentication, 538

MD5 authentication, 266

message authentication, 577-578

mobile devices, 342-344

multi-factor authentication, 548

network authentication, 224-226, 235

OSA, 312

ownership factor authentication, 538-539

PAP, 224-225, 394

passwords, 541-544

PIN, 343

ports, 226, 235

proximity authentication devices, 442

push-based authentication, 550

RADIUS, 226, 563-564

SAML, 560-562

single-factor authentication, 538

SKA, 313

SSL, 579, 595

SSO, 540, 548-549, 558-560, 563-565

swipe patterns, 343

system failures, cloud storage, 337

TACACS+, 226

TLS, 579, 595

TOTP algorithm, 540

Type III authentication. See characteristic factor authentication

user behavior, 335

WPA-PSK, 313

author identification, software analysis, 464

authorization

access control models, 550-553

attestation, 557

OAuth, 553

SPML, 556

XACML, 555-556

automation

BACnet, 276

building automation systems, 274

patch management, 302

resiliency issues with integrated solutions, 495

SCAP, 437

AV (Access Vector) metric, CVSS, 417

availability

availability controls, 248-253

CIA triad, categorizing data, 99

high availability, resiliency issues with integrated solutions, 496

presence, 626-627

security solutions, analyzing, 185

virtualization, 513

avoid risk reduction strategy, 135

AVS (Active Vulnerability Scanners), 214

awareness training, 86-87, 105

B

backups, 338, 453, 465-469, 719

BACnet (Building Automation and Control Network), 276

base metric group (CVSS), 416

baseband radio/SOC, mobile device security/privacy, 345

Basel II, 48

baselines

benchmark comparisons, 181-182

capturing, 181-182

clipping levels, 543

defined, 167, 181

host security, 298

Microsoft Baseline Security Analyzer, 428

performance baselines, 669

bastion hosts, 206, 237

BCP (Business Continuity Planning), 141-148

behavioral analytics, 460, 708

behavioral characteristics (authentication), 539, 545-546

benchmarks, capturing, 181-182

benefit/cost analysis, analyzing security solutions, 186

best practices, researching security trends/threats, 640-641

BGP (Border Gateway Protocol), RTBH routing, 267

BIA (Business Impact Analysis), 72, 145

bidding (RFQ), 76

big data, researching security trends/threats, 652-653

biometrics, 343-344, 539, 546-547

BIOS, 316-318

BitLocker, 320

BitLocker Drive Encryption, 719

BitLocker to Go, 320

black box (zero-knowledge) testing, 400-401

black hats, 655-656

blacklists, 299, 360-362

blind penetration testing, 399

block ciphers, 582-585, 597-602

block-level encryption, 589

blockchains, 609, 709

Blowfish, 584-585

blue team exercises, security assessments, 405

Bluetooth

Bluejacking, 307

Bluesnarfing, 307

host security, 306

tethering, 342

wearable technology security/technology, 349

boot loaders, 316-320, 520

booting (secure) and SoC, 271

boundaries (networks)

boundary control services, data flow enforcement, 243

de-perimeterization, 54-59

BPA (Business Partnership Agreements), 74

breaches (data)

central security breach response, SoC, 274

cloud storage, 337

defined, 454

incident response process, 454-457, 461-463, 470-471

internal/external violations, 458-459

severity of, 478-480

bridge (trusted third-party) model (federated identities), 560

bridges

transparent bridging, 201

unauthorized domain bridging, 344

browser extensions (add-ons), 373-374

brute force attacks, 427

BSI (Build Security In), software development best practices, 680

buffer overflow attacks, 364-366

build and fix software development method, 689

Burp Suite, 422

business models/strategies, 40-44

business units

collaboration in security solutions, 725-726

security controls/processes, 724-725

security requirements/goals, 717-724

BYOD (Bring Your Own Device) policies, 56-57, 68, 332

C

C (Confidentiality) metric, CVSS, 417

CA (Certificate Authorities), 548, 604-607

cable locks, 444

Cain and Abel, 427

cameras

IR cameras, 444

wearable cameras, 346

CANVAS, 423

CAPTCHA passwords, 542

capturing

data, web conferences, 621

email messages, 629

packets, 657

CASB (Cloud Security Broker), 526

CAST, 585

categorizing data, 98-102

CBC (Cipher Block Chaining) mode (DES), 599

CBC-MAC (Cipher Block Chaining MAC), 577

CC (Common Criteria), 287-289. See also TCSEC

CCE (Common Configuration Enumeration), SCAP scanners, 416

central security breach response, SoC, 274

CEO (Chief Executive Officers), 720, 726

CER (Crossover Error Rates), biometrics, 546-547

CERT (Computer Emergency Readiness Teams), 654, 700

certificates

accreditation process, 666

applications, 606

authentication, 548

certification/accreditation phase (SDLC), 676

classes, 607

CRL, 604

defined, 666

issuance of, 604

OCSP, 604, 608

RA, 605

SCEP, 332

tokens, 607

user credentials, 605

wildcard certificates, 603-604

X.509 certificates, 606

CFAA (Computer Fraud and Abuse Act), 47

CFB (Cipher Feedback) mode (DES), 600

CFO (Chief Financial Officers), security requirements/goals, 721

chain of custody (incident response/recovery), 461-463, 470-471

change control process, 481

change management, 670-672, 677

change monitoring, 247-248

CHAP (Challenge Handshake Authentication Protocol), 224-225, 394

characteristic factor authentication, 538-539, 544-547

CI (Configuration Items), 672

CI (Continuous Integration), software development, 698

CIA (Confidentiality, Integrity, Availability) triad, 98-102, 571

CIO (Chief Information Officers), security requirements/goals, 721

CIP (Critical Infrastructure Protection) plans, 144

cipher locks, 442

circles of trust, SAML, 560

circuit-level proxies, 203-204, 233, 236

CIS (Center for Internet Security), Critical Security Controls, 118-119

classifying information, 89-90

Cleanroom model, software development, 695

clearing data, 369, 454, 497

click-jacking, 358

clients

application virtualization (application streaming), 322-323

client-side attacks, 644

risk management, client requirements, 53

server-side processing versus client-side processing, 371-376

clipping levels, 543

cloud computing

antimalware, 522

antispam services, 523

antivirus software, 439, 522

backups, 469

CASB, 526

collaboration, 633-634

community clouds, 42, 514

content filtering, 525

critical assets, separating, 268

data storage, 337

de-perimeterization, 55

elasticity, 42

end-user cloud storage, 650

hash matching, 522

hosted solution, 515

hybrid clouds, 42, 514

latest attacks, researching, 645

MSSP, 527

multitenancy model, 515-516

on-premise solution, 515

private clouds, 42, 513-514, 651

public clouds, 41, 513-516, 651

resource provisioning/deprovisioning, 531

risk management, 41-42, 55

sandboxing, 525

SecaaS, 527

single-tenancy model, 515

SLA, 531

virtualization, 513, 527-530

vulnerability scanning, 523-524

clustering, 253

CMAC (Cipher MAC), 578

CMDB (Configuration Management Database), 505

CMMI (Capability Maturity Model Integration), 123

CMS (Content Management System), 505

CNAME records (DNS), 395

COBIT (Control Objectives for Information and Related Technology), 114-115

coding

analyzing code, 683-688

audits, 718

dynamic testing, 686

forbidden coding techniques, 681-682

formal code reviews, 686

fuzzing, 683-684

interface testing, 688

lightweight code reviews, 686

misuse case (negative) testing, 687

quality of, 683

reusing code, application vulnerabilities, 370

reviews, 387-388

secure coding standards, 700

signing, 578

software development best practices, 681-688

static testing, 686

test coverage analysis, 687

cognitive passwords, 542

collaboration

audio conferencing, 623

cloud-based collaboration, 633-634

color teams, security assessments, 405

document collaboration tools, 624-625

email, 627-632

IM, 625-626

presence (user availability), 626-627

security risks, 625

security solutions, 725-726

social media, 632

storage collaboration tools, 624-625

telephony systems, 630-632

texting, 625-626

video conferencing, 622-623

web conferencing, 621-622

combination locks, 443

combination passwords, 541

command shell, host security, 301

command-line tools, 429-438

comments, RFC, 643

commercial business classifications (information classification), 89-90

commercial customized (tailored commercial) software, 493

commissioning/decommissioning assets, 668-669

communications

analysis, 464

crisis communications plans, 144

encrypted/unencrypted communication, 349

remote access, 617-621

wearable technology security/privacy, 349

community clouds, 42, 514

compartmentalization, 81

Compatibility tab (applications), 492

compensative controls, 103

competing standards, integration solutions, 490

competitors, risk management, 52

complex passwords, 542

compliance, 726-727

Computer Security Act, 47

conferencing, 621-623

confidentiality (CIA), categorizing data, 98-100

configuration profiles (MDM), payloads, 329

configuring

configuration lockdown, 248

managing configurations, 671-672, 677

misconfigurations/nonmalicious threats, 459

network components, 246-253

consultants/vendors, 41, 655

containers

containerization, defined, 329

Group Policy (Windows), 300

virtualization, 520

containment technologies, 709-711

content analysis, 464

content-aware authentication/management, 334

content-dependent access control, 498, 552

content filtering, clouds, 525

content management, mobile devices, 331

context analysis, 464

context-aware (context-dependent) authentication, 550

context-dependent access control, 498

contingency planning, 144, 148

continuity planning, 141-148, 465

continuous monitoring, 86, 141

contracting phase (software acquisitions), 679

contracts, 41, 75-77

control plane (networks), 254

conventions/conferences, 654-655

cookies, storing/transmitting, 364

COOP (Continuity of Operations Plan), 144, 465

COPE (Corporate-Owned, Personally Enabled) policies, 332

copy backups, 467

corrective controls, 103

COSO (Committee of Sponsoring Organizations), 119, 163

costs

analysis of (security solutions), 186

asset value/costs (tangible/intangible), risk assessments, 138-139

information value/costs (tangible/intangible), risk assessments, 138-139

repair costs, 131

ROI, 131, 186

severity of data breaches, 479

TCO, 133-134, 186

COTS (Commercial-Off-The-Shelf) software, 493-494

coverage gap detection, wireless controllers, 209

CPE (Common Platform Enumeration), SCAP scanners, 416

CPO (Chief Privacy Officers), security requirements/goals, 721

crackers, 656

CRAMM (CCTA Risk Analysis and Management Method), 123

credential breaches, 624

credit card readers (peripheral-enabled mobile payments), 341

credit card security, 580, 590

CredSSP (Credential Security Support Provider), identity propagation, 559

crisis communications plans, 144

critical assets, 268, 495

Critical Security Controls (CIS), 118-119

critical systems, 479

criticality (system process), severity of data breaches, 479

CRL (Certificate Revocation Lists), 604

CRM (Customer Relationship Management), 504

cross-certification model (federated identities), 559

CRR (Cyber Resilience Review) assessments, 168-169

crypto processing, HSM, 211-212, 233

cryptography

asymmetric cryptography, 586-591, 610

block ciphers, 597-598

blockchain, 609

CIA triad, 571

code signing, 578

cryptocurrencies, 609

crypto modules, 592

crypto processors, 593

CSP, 593

data flow enforcement, 243

data-at-rest encryption, 581-591, 602-603

data-in-memory/processing, 581

data-in-transit encryption, 579-580, 595

digital signatures, 576-577

digital watermarking, 591, 594

DRM, 593-594

encryption, 571, 581-602, 610

GPG, 594

hashing, 572-577

implementing algorithms, 596-597

interoperability of algorithms, 596-597

key stretching, 572

message authentication, 577-578

performance of algorithms, 596-597

PFS, 578

PGP, 594

PKI/digital certificates, 603-608

PRNG, 578

public key cryptography, digital signatures, 577

S/MIME, 596

SSH, 595

steganography, 591

stream ciphers, 597-598

strength of algorithms, 596-597

symmetric cryptography, 588, 602

CSO (Chief Security Officers), security requirements/goals, 721

CSP (Cryptographic Service Providers), 593

CSRF (Cross-Site Request Forgery), application vulnerabilities, 357

CTR (Counter) mode (DES), 601

Cuckoo malware sandboxing tool, 383

custody, chain of (incident response/recovery), 461-463, 471

customer requirements, risk management, 53

CVE (Common Vulnerabilities and Exposures), SCAP scanners, 416

CVSS (Common Vulnerability Scoring System), 416-418

CWE (Common Weakness Enumeration), SCAP scanners, 416

cyber incident response plans, 144

D

DAC (Discretionary Access Control), 81, 551

daily backups, 467

DAM (Database Activity Monitoring), 214, 240, 371, 634

DAP (Directory Access Protocol), 564

data

aggregation, data security in integrated solutions, 498

analytics, 455, 460

archives, 453-454

breaches, 337, 454-463, 470-471, 478-480

capturing, web conferencing, 621

categorizing, 98-102

clearing, 369, 454

compromise, ROI, 131

design (SDD), 701

exfiltration, 242, 293

flow, 241-245, 487-488

forensic data, 350

formats, 493-494

handling policies, 453-454

havens, 50

inference, 498

integrity, 579, 595

interfaces, host security, 305

isolation, data security in integrated solutions, 498

jurisdiction, public clouds, 516

leakage, 293, 621

loss, ROI, 131

management, mobile devices, 331

normalization, 494

ownership of, 43, 452, 499

purging, 369, 453

reclassification of, 44

recovery, 451-452

remnants, 369, 497-498, 501, 529-531, 673

retention policies, 451, 500

security, integrated solutions, 497-500

sovereignty of, 50-51, 499

storage, 336-338, 362, 451-452

theft (personal), wearable technology security/privacy, 350

warehouses, 494

data plane (networks), 254

Data Protection Directive (EU), 49

data-at-rest encryption, 581-591, 599-603, 610

data-in-memory/processing, 581

data-in-transit encryption, 579-581, 595

databases

administration, 719

CMDB, 505

DAM, 214, 240, 371, 634

heterogeneous databases, 494

permissions, granting, 719

RDBMS, 558

security requirements/goals, 719

dcfldd command, 471

dd command, 471

DDoS (Distributed Denial-of-Service) attacks, 266

de facto standards, integrated solutions, 490

de-perimeterization, 54-59

deactivation/activation (unauthorized), wearable technology security/privacy, 349

debugging (runtime), 385

deception technology, 708

decommissioning/commissioning assets, 668-669

deconstructing/reverse engineering security solutions, 177

dedicated interfaces, host security, 303-305

deep packet inspection, 242

default to no access (authorization), 553

DEFCON conference, 655

Deleaker, runtime debugging, 385

delegation in networks, integrated solutions, 502

Delphi technique, 126

demergers/divestitures, 42-44, 501

deploying

applications, secure design, 356

deployment diagrams, integrated solutions, 502-504

deprovisioning/provisioning resources, integrated solutions, 500-501, 531

DES (Digital Encryption Standard), 582, 585, 599-601

DES-X (Digital Encryption Standard X), 583

design phase (SDLC), 675

designing

applications, secure design, 355

integration solutions, 501

desktops

sharing, 619-620

VDI, 521

Destination Unreachable code (ping command), 432

destruction/disposal

data, 453-454, 497

remanence, 454

storage media, 453

detective controls, 103

deterrence

deterrent controls, 103

risk assessment, 140

develop phase (SDLC), 675

developing software

acceptance testing, 704

best practices, 680-688

CI, 698

documentation, 700-704

integration testing, 705

methods, 688-698

peer reviews, 706

regression testing, 706

secure coding standards, 700

unit testing, 704

user acceptance testing, 705

validation testing, 704

versioning, 698

development life cycles, 665-677

development/acquisition stage (SDLC), 666-668

device fingerprinting, 420

device tracking, 709-711

DevOps, software development, 695

dex2jar, 441

DFD (Data Flow Diagrams), 245

dial-up connections, 617-618

dictionary attacks, 427

differential backups, 466

Diffie-Hellman, 586

dig command, 435

digital certificates, 603-608

digital forensics, 350

digital keys, HSM, 211-212, 233

digital signatures, 576-577

digital watermarking, 591, 594

direct objects references (unsecure), application vulnerabilities, 356

directive controls, 103

Directory Services, 505, 564-565

disaster recovery, 144, 465-469

disclosure policies, 630

disk encryption, 315, 320, 718

disk imaging, 464

disk-level encryption, 588-591

disk mirroring. See RAID

disk striping. See RAID

disposal stage (SDLC), 667

disposal/destruction

assets, 672-673

data clearing, 454

data purging, 453

remanence, 454

storage media, 453

disruptive technologies, addressing, 707-708

diStorm3, 441

diverse industries, integrating, 44-51

divestitures/demergers, 42-44, 501

DLP (Data Loss Prevention), 241-242, 293

DMADV (Six Sigma), 121

DMAIC (Six Sigma), 121

DMZ (Demilitarized Zones), 207, 268

DNS (Domain Name System), 394-397, 506

DNSSEC (Domain Name System Security Extensions), 506

documentation

after-action reports (incident response/recovery), 481

bidding-process documents, 76-77

collaboration tools, 624-625

exchanges/reviews, 53

lessons learned reports (incident response/recovery), 480

maintenance, 671

outsourcing, 41

PIPEDA, 48

security documents, 71-77

SLA, 249

SOC reports, 404

software development documentation, 700-704

TCA, 40

trend data, 183

DoDAF (Department of Defense Architecture Framework), 113

domain bridging (unauthorized), mobile device security/privacy, 344

door locks, 442

DoS (Denial of Service) attacks, 266, 621, 626, 630-631

double-blind penetration testing, 399

Double-DES (Digital Encryption Standard), 583

double tagging, 261

downloading, drive-by download attacks, 377

downstream liability, 58

downtime, 146, 479

DPAPI (Data-Protection API), 581

drive mapping, host security, 314

drive mounting, host security, 313

drive-by download attacks, 377

DRM (Digital Rights Management), 593-594

dronejacking, 647

Dropbox, hash matching, 522

DRP (Disaster Recovery Plans), 144

DSA (Digital Security Algorithm), 577

DSS (Digital Signature Standard), 577

DTP (Dynamic Trunking Protocol), 261

dual-factor authentication, 548

dual-homed firewalls, 206, 238

dual stack solutions, 223

due care, risk management, 59

due diligence, 43, 59

dumpster diving, 389

duties, separation of (security policies), 78-79

dwell time, keystroke dynamics (authentication), 546

dynamic packet filtering, 203

dynamic passwords, 542

dynamic testing, 686

E

e-discovery, 449-454

EAC (Electronic Access Control), 442

EAL (Evaluation Assurance Levels), CC, 287

EAP (Extensible Authentication Protocol), 225-226

eavesdropping, 414. See also packets, sniffing

ECB (Electronic Code Book) mode (DES), 599

ECC (Elliptic Curve Cryptography), 587, 610

Economic Espionage Act, 48-49

ECPA (Electronic Communications Privacy Act), 49

edb-debugger, 441

EDR (Endpoint Detection Response), endpoint security, 297

EFS (Encrypting File Systems), 719

eFuse, finding lost/stolen devices, 338

egress filters (DLP), 242

EK (Endorsement Keys), TPM chips, 319, 558

Elastic Sandbox, 383

elasticity (clouds), 42

electric locks, 442

electronic backups, 469

Electronic Security Directive (EU), 50

electronic signatures, 50

electronic vaulting, 469

El Gamal, 587

email, 388, 596, 627-630, 658

emergency response teams, security requirements/goals, 723

emerging risks, updating policies/procedures, 70

employment, hiring personnel, 85-86

encapsulation PPP command, 394

enclaves (secure), 371, 521

encryption

3-D Secure, 580

3DES, 583-585

3ES, modes of, 602

AES, 583-585, 620

benefits of, 571

BitLocker Drive Encryption, 719

block ciphers, 597-598

block-level encryption, 589

Blowfish, 584-585

CAST, 585

data-at-rest encryption, 581-591, 602-603

data-in-memory/processing, 581

data-in-transit encryption, 579-580, 595

DES, 582, 585, 599-601

DES-X, 583

Diffie-Hellman, 586

disk encryption, 315, 320, 588-591

document collaboration, 624

Double-DES, 583

DPAPI, 581

DRM, 593-594

ECC, 587, 610

EFS, 719

El Gamal, 587

email, 629

enclaves, 371

file encryption, 315, 589-591

full disk encryption, 718

hard drives, 673

HTTP, 579

HTTPS, 580

hybrid ciphers, 588

IDEA, 583-585

IM, 340

INE, 198, 231

IPsec, 580-581

Knapsack, 588

mobile devices, 610

PGP, 594

port-level encryption, 591

RC4, 584-585

RC5, 584-585

RC6, 584-585

record-level encryption, 589-591

RSA, 586-587

S/MIME, 596

SET, 580

SGX, 581

SHTTP, 580

Skipjack, 584-585

SSL, 579, 595

storage collaboration, 624

storage encryption, 589-590

stream ciphers, 597-598

TDE, 719

TLS, 579, 595

Twofish, 584-585

wearable technology security/privacy, 349

Zero Knowledge Proof, 588

endpoint DLP (Data Loss Prevention), 242

endpoint security, 290-297

engagement, rules of (incident response), 83

enrollment time (biometrics), 546

enterprise resilience, 168-169

enticement, incident response, 83

entrapment, incident response, 83

environmental changes, updating policies/procedures, 69

environmental metric group (CVSS), 416

EPA (U.S. Environmental Protection Agency), exemptions to risk assessment, 139

ERM (Enterprise Risk Management), COSO, 163

ERP (Enterprise Resource Planning), 505

error handling, application vulnerabilities, 362

ESB (Enterprise Service Buses), integration solutions, 507

ESP (Encapsulating Security Payloads), 217, 580

EU (European Union), laws/regulations, 49-50

evaluation/testing phase (SDLC), 668

event handlers, 376

event log policies (Group Policy), 300

events

incidents versus, 83

SIEM, 199, 232

evidence (data breaches), 455, 461-463, 470-471

evolving technologies, researching security trends/threats, 642

exception handling, application vulnerabilities, 362

executive management, 720-721, 724-726

exemptions, risk assessment, 139

exploitation frameworks, 422-423, 436

export controls, integrating diverse industries, 45

external I/O, host security, 305-313

external/internal audits, 403-404

extranets, 268

extreme (worst-case) scenario planning, 123-125

eye (iris) scanning (biometrics), 344

F

facial scanning (biometrics), 344, 545

facilities managers, security requirements/goals, 723

Failover, 253

Failsoft, 253

failures

MTBF, 146

SPOF, 253

FAR (False Acceptance Rates), biometrics, 546-547

FATKit, 385

fault injection attacks, 363-364, 684

fault-tolerance, 249, 496

feature extraction (biometrics), 546

Federal Privacy Act, 47

federated identities, 559-563

federation, 560

FERMA (Federation of European Risk Management Associations), 164-166

Fiddler, 422

FIFO (First-In, First-Out) rotation scheme, backups, 467

file encryption, 315, 589-591

File Fuzzer, 685

file integrity monitoring, 437

file system policies (Group Policy), 301

financial staff, security requirements/goals, 722

finding lost/stolen devices, 338

fingerprinting

authentication, 544

biometrics, 344

device fingerprinting, 420

fingerprinting tools, 385-386

OS fingerprinting, 657

FIPS 199 (Federal Information Processing Standard), 99-102

firewalls

ACL reviews, 658

bastion hosts, 206, 237

dual-homed firewalls, 206, 238

dynamic packet filtering, 203

firewall attacks, 258

host-based firewalls, endpoint security, 294

multihomed firewalls, 207, 239

network segmentation, 269

NGFW, 205, 236

packet-filtering firewalls, 202-204, 236

proxy firewalls, 203-204, 233, 236

remote access networks, 236

screened subnets, 208, 239

screen host firewalls, 207-208, 239

stateful firewalls, 202-203

three-legged firewalls, 207, 239

WAF, 212-213, 234, 371

firing personnel, 86

firmware

FOTA updates, 331

threats to, 647

UEFI, boot loaders, 318

updates, 316, 377

vulnerabilities, 377

FISA (Foreign Intelligence Surveillance Act), 49

FISMA (Federal Information Security Management Act), 47-48

fitness trackers, 347, 350

flashing BIOS, 316

flight time, keystroke dynamics (authentication), 546

follow-on phase (software acquisitions), 679

foremost command, 477

forensic analysis (incident response/recovery), 464

forensic data, 350

forensic investigations, 84

forensic recovery, hard drives, 673

formal code reviews, 387, 686

forward proxies, 203

forwarding plane. See data plane (networks)

FOTA (Firmware-Over-The-Air) updates, 331

fragmentation (Android), mobile device security/privacy, 340

frameworks

application security frameworks, SDLC, 677

exploitation frameworks, 422-423, 436

NIST Framework for Improving Critical Infrastructure Cybersecurity, 160

risk management frameworks, 149-158

security control, 110-123, 137, 143, 150-163, 280, 673

frequencies (radio)

restrictions, mobile device security, 336

spectrum management, 342

FRR (False Rejection Rates), biometrics, 546-547

full backups, 466

full disk encryption, mobile devices, 718

full-knowledge testing, 400

fuzzing, 363-364, 421-422, 683-685

G

gap analysis, 176

gather requirements (SDLC), 674

generation-based fuzzing, 363, 684

geofencing, 335, 710

geography, integrating diverse industries, 50-51

geolocation/GPS location devices, 335, 709-711

geotagging, 339, 368-369, 710

gestures, mobile device authentication, 343

GFS (Grandfather/Father/Son) rotation scheme, backups, 468

glasses (wearable technology), 347

GLBA (Gramm-Leach-Bliley Act), 47

global IA industry/community, researching security trends/threats, 653-659

GoAccess, 438

goals/requirements (security), 717-724

Google Glass, 347

governance (IT), 148-166, 726-727

government/military classifications (information classification), 90

GPG (GNU Privacy Guard), 594

GPMC (Group Policy Management Console), 296, 300

GPO (Group Policy Objects), 300

GPS (Global Positioning System) devices, 709-711

graphical passwords, 542

gray box testing, 400-401

gray hats, 656

Graylog, 439

GRE tunnels, 223

Group Policy (Windows), 299-301, 306

guidelines, 167

GUI testing, 688

H

hackers/hacking

CFAA, 47

hacktivists, 656

OSINT, 390-397

Hadoop, 652

hand geometry scans, authentication, 545

hand topography scans, authentication, 545

hand/palm scans, authentication, 545

handling data, 453-454

hard drives, 673

hardware

anti-tamper technology, 338

redundant hardware, 248

threats to, 647

updates, 670

vulnerabilities, host security, 322

harvesting email, 658

hash matching (hash spoofing), clouds, 522

hashing, 572-577

HAVAL, 576

HC1 headset computer (Zebra), 348

HDMI ports, host security, 315

headsets (wearable technology), 348

Health Care and Education Reconciliation Act, 49

health privacy, wearable technology security/privacy, 350

Herzog and OSSTMM, Pete, 163

heterogeneous components, resiliency issues with integrate solutions, 494

heterogeneous computing, 495

heterogeneous databases, 494

heuristic (rule-based) IDS/IPS, 196

heuristics/behavioral analytics, 460

HIDS/HIPS (Host-based IDS/IPS), 197, 230, 293

high availability, 496, 513

hijacked user accounts, 626

HIPAA (Health Insurance Portability and Accountability Act), 46

hiring personnel, 85-86

HITRUST CSF (Common Security Framework), 118

HMAC (Hash MAC), 577

honeynets, 647

honeypots, 647

hopping attacks (VLAN), 261-262

horizontal privilege escalation, 362

hosts

cloud computing, 515

firewalls, endpoint security, 294

integration solutions, 487-504

security, 287-297, 302-323, 520

single platform hosts, 530

single server hosts, 530

tools, 427-441

virtualization and data security, 530

vulnerability scanners, 428

hot fixes, 292

HOTP (HMAC-Based One-Time Password) algorithm, authentication, 540

hotspots, tethering, 341-342

HR (Human Resources), security requirements/goals, 722

HSM (Hardware Security Modules), 211-212, 233-234

HSM (Hierarchical Storage Management), 469

HTML5 (Hypertext Markup Language 5), 374

HTTP (Hypertext Transfer Protocol), 579

HTTP interceptors, 422

HTTPS (HTTP Secure), 580

human resources, legal advocacy/compliance, 70

hunt teaming, 460

HVAC controllers, 276

hybrid ciphers, 588

hybrid clouds, 42, 514

hyperconverged infrastructures, virtualization, 521

hypervisors, 518-519

I

I (Integrity) metric, CVSS, 418

I/O (external), host security, 305-313

IA (Interoperability Agreements), 72

IaaS (Infrastructure as a Service), public clouds, 516

ICS (Industrial Control Systems), SCADA, 279-280

ID-FF (Identity Federation Framework), SAML, 560

IDEA (International Data Encryption Algorithm), 583-585

identifying

attack surfaces, 675

threats, risk assessments, 139

identity/identification

authentication process, 537

configuration identification, 672

managing, 540, 559-563, 708

proofing, 558

propagation, 558

RFID, 710-711

theft, 47, 389, 624

IDS/IPS (Intrusion Detection Systems/Intrusion Prevention Systems)

anomaly-based IDS/IPS, 196

endpoint security, 293

HIDS/HIPS, 197, 230, 293

IPS/IDS attacks, 258

NIDS, 198, 230

NIPS, 197, 230

remote access networks, 230

rule-based (heuristic) IDS/IPS, 196

signature-based IDS/IPS, 195

Snort IDS, writing rules, 259

IETF (Internet Engineering Task Force), RFC, 643

IFB (Invitations For Bids). See RFQ

ifconfig command, 435

IKE (Internet Key Exchange), 217, 581

IM (Instant Messaging), 340, 345, 349, 625-627

IMA (Integrity Measurement Architecture), boot loaders, 318

imaging disks, 464

IMAP (Internet Message Access Protocol) and email, 627

IMPACT, 423

impact, severity of data breaches, 478

implementation stage (SDLC), 666

in-house developed applications/software, 493

incident response/recovery, 449

audits, 461

chain of custody, 461-463, 470-471

continuity planning, 465

COOP, 465

cyber incident response plans, 144

data breaches, 454-463, 470-471, 478-480

dcfldd command, 471

dd command, 471

disaster recovery, 465-469

e-discovery, 449-454

enticement, 83

entrapment, 83

events, 83

foremost command, 477

forensic analysis, 464

heuristics/behavioral analytics, 460

hunt teaming, 460

incident detection/response, 458

incident response teams, 454-455, 469

memcpy command, 476

nbstat command, 473

nc command, 475

netstat command, 474

policies, 81-82

post-incident response, 480-481

process of, 81, 454-457, 461-463, 470-471

review systems, 461

rules of engagement, 83

search/seizure, 463

security logs, 461

surveillance, 463

tcpdump command, 472

tshark command, 476-477

incremental backups, 466

incremental software development method, 691

inductance-enabled mobile payments, 341

industrial/scientific equipment, 279

INE (In-line Network Encryptors), 198, 231

inference, 498

information

classifying, 89-90

disclosure policies, 630

gathering (reconnaissance), 385

governance, 148-166

ISCP, 144

life cycle of, 89-90

security, 89-90

SIEM, 199, 232

tangible/intangible value/costs (risk assessments), 138-139

Infrastructure mode (WLAN), 308

infrastuctures, CIP plans, 144

ingress filters (DLP), 242

inherent risk, risk assessment, 140

initiate/plan phase (SDLC), 674

initiation phase (SDLC), 665

input validation, application vulnerabilities, 360-362, 366

insider threats, incident response/recovery, 459

insurance, HIPAA, 46

integer overflow attacks, 367

integration

acquisitions, 501

application integration, 504-507, 564-565

CI, software development, 698

cloud computing, 527-530

data flow analysis for changing business needs, 487, 488

data security, 497-500

delegating, networks, 502

demergers/divestitures, 501

deployment diagrams, 502-504

design considerations, 501

diverse industries, 44-51

interoperability issues, 491-494

mergers, 501

resiliency issues, 494-496

resource provisioning/deprovisioning, 500-501

segmenting, networks, 502

standards, 489-490

storage integration, 504

testing, 705

virtualization, 527-530

integrity

CIA triad, categorizing data, 99-100

data, 579, 595

file integrity monitoring, 437

integrity services, data flow enforcement, 243

interfaces

data, host security, 305

dedicated interfaces, host security, 303-305

design (SDD), 701

loopback interfaces, 305

management interfaces, host security, 304

OOB interfaces, 303

testing, 688

weak interfaces, cloud storage, 337

interference detection/avoidance, wireless controllers, 209

internal/external audits, 403-404

interoperability issues with integrated solutions, 491-494

inventory control, 450-451, 709

investments (ROI/TCO), 131-134

IoT (Internet of Things), deception technology, 708

IP video, 275

IP-based access control, 277

ipconfig command, 434

IPsec (Internet Protocol Security), 216-218, 260, 301, 580-581

IPS (Intrusion Prevention Systems). See IDS/IPS

IPv4 (Internet Protocol version 4), 222-224

IPv6 (Internet Protocol version 6), 222-224

IR (Infrared) cameras, 444

IrDA (Infrared Data Association), host security, 307

iris scanning (biometrics), 344, 545

IriusRisk, threat modeling, 648

ISA (Interconnection Security Agreements), 72

ISAKMP (Internet Security Association and Key Management Protocol), 217, 581

ISCP (Information System Contingency Plans), 144

ISECOM (Institute for Security and Open Methodologies), OSSTMM, 163

ISMS (Information Security Management Systems), 110-112

ISO (International Organization for Standardization), 52, 110-112, 162, 680

isolating data, data security in integrated solutions, 498

issue-specific security policies (FERMA Risk Management Standard), 166

IT governance, 148-166, 726-727

ITIL (Information Technology Infrastructure Library), 120

J

JAD (Joint Analysis Development) model, software development, 694

Jad Debugger, 441

jailbreaking mobile devices, 339

Java applets, 373-374

JavaScript, 374-376

Javasnoop, 441

job rotation, security policies, 79

John the Ripper, 428

journaling (remote), 469

JSM (Java Security Model), 374

JSON (JavaScript Object Notation), 372-373

judgment in problem-solving, 187

jurisdictions, 51, 516

JVM (Java Virtual Machines), 373

K

Kali Linux, Metasploit, 423

Kennedy-Kassebaum Act. See HIPAA

Kerberos authentication, 565

kernel proxy firewalls, 204, 233, 236

key escrow, 606

key management, ISAKMP, 581

key recovery, 606

key stretching (key strengthening), 572

keystroke dynamics, authentication, 545

Knapsack, 588

knowledge factor authentication, 538

KnTTools, 384

KPI (Key Performance Indicators), 178-180

KRI (Key Risk Indicators), 178-180

L

L2TP (Layer 2 Tunneling Protocol), 216

laptops

cable locks, 444

TPM chips, 339

latency, analyzing security solutions, 184

launches (measured), 317

laws

Basel II, 48

CFAA, 47

Computer Security Act, 47

diverse industries, integrating, 46-50

Economic Espionage Act, 48-49

ECPA, 49

EU laws, 49-50

Federal Privacy Act, 47

FISA, 49

FISMA, 47-48

GLBA, 47

Health Care and Education Reconciliation Act, 49

HIPAA, 46

Identity Theft Enforcement and Restitution Act, 47

PCI DSS, 48

PIPEDA, 48

Sarbanes-Oxley (SOX) Act, 46

USA PATRIOT Act, 47-49

LDAP (Lightweight Directory Access Protocol), 564-565

leaking data, web conferencing, 621

least functionality, principle of, 290

least privilege, principle of, 80-81

legacy systems, interoperability issues with integrated solutions, 491

legal advocacy, 70

legal compliance, 70

legal counsel, security requirements/goals, 724

legal holds, 454

legal ramifications of data breaches, 480

legal requirements, integrating diverse industries, 46-50

lessons learned reports (incident response/recovery), 480

liabilities (downstream), 58

libraries

software libraries, 672

standard libraries, 679

third-party libraries, 369

life cycle of information, 89-90

lightweight code reviews, 388, 686

likelihood of threats, 128-130

Linux

command shell, host security, 301

Kali Linux, Metasploit, 423

passwords, 544

Perl, swatch script, 425

SELinux, trusted OS, 289

live migration, cloud computing virtualization vulnerabilities, 529

load balancers, 209-211, 233, 253

local exploitation frameworks, 436

local policies (Group Policy), 300

location factor authentication, 538

lockout policies, passwords, 543

locks, 441-444, 718

Logentries, 438

Loggly, 438

logical (technical) controls, 106-107, 725

logical deployment diagrams, integrated solutions, 502-504

logins, credential breaches, 624

logs

analyzing425-426, 438-439, 464

audits, incident response/recovery, 461

collecting, SIEM, 425

event log policies (Group Policy), 300

log reduction/analysis tools, 425-426, 438-439

managing, 256-257

monitoring, endpoint security, 295-297

reviewing, 461, 658

security logs, incident response/recovery, 461

SIEM, log collection, 425

software assurance, 677

transaction log backups, 467, 719

loopback interfaces, 305

Lost Android app, 332

lost/stolen devices, 388

LPE (Local Privilege Escalation) attacks, 377

Lpogz.io, 438

M

MAC (Mandatory Access Control), 551

MAC addresses, port security, 263

MAC filters, host security, 312

Sticky Mac, 263

MAC (Message Authentication Code), 577-578

machine learning/AI (Artificial Intelligence), researching security trends, 653

magnitude of impact (risk impact), 128

maintenance

analyzing security solutions, 185

BCP, 148

documenting, 671

maintenance/operational stage (SDLC), 666

release/maintenance phase (SDLC), 676

SDLC, 670

temporary roll backs, 670

updates, 670

malware

antimalware, 291, 522

document collaboration, 624

email, 630

IM, 626

mobile device security/privacy, 344

sandboxing, 383

social media, 391

storage collaboration, 624

MAM (Mobile Application Management), 56

man-in-the-middle attacks, 218

management interfaces, host security, 304

management plane (networks), 254

management/administration (executive)

administrative controls, 104-105

CEO, 720, 726

CFO, 721

CIO, 721

CPO, 721

CSO, 721

facilities managers, 723

physical security managers, 723-724

security controls/processes, 724-725

security requirements/goals, 720-721

managing

accounts, 540-541

applications, 56, 331

assets (inventory control), 709

changes, 670-672, 677

configurations, 671-672, 677

content, mobile devices, 331

context-aware authentication/management, 334

data, mobile devices, 331

events, SIEM, 199, 232

identity, 540, 559-563, 708

keys, ISAKMP, 581

logs, 256-257

mobile devices, 56-57, 331

network management/monitoring tools, 255-260

OOB interfaces, 303

passwords, 543

patches, 292-293, 302

risk. See risk management

spectrum management and tethering, 342

state, 376

storage, HSM, 469

threats, UTM, 194-195, 230

top-level management, risk, 54

user behaviors, 39

vendors, 41

mandatory vacations, security policies, 80

mantraps, 277

mapping/deployment diagrams, integrated solutions, 502-504

master test plans, 702

MD2 (Message Digest 2) algorithm, hashing, 574

MD4 (Message Digest 4) algorithm, 574

MD5 (Message Digest 5) algorithm, 266, 574

MD6 (Message Digest 6) algorithm, 574

MDM (Mobile Device Management), 56-57, 329

Measured Boot, 318

measured launches, 317

media

analyzing, 464

backup media, 467

libraries, archiving data, 453

medical sensors/devices (wearable technology), 348-350

memcpy command, 476

memory

data-in-memory processing, 581

dumping, 384-385

FATKit, 385

KnTTools, 384

leaks, application vulnerabilities, 367

Memdump memory-reading tool, 384

memory cards, ownership factor authentication, 539

secure memory and SoC, 272

mergers/acquisitions, 42-44, 501

mesh networks, 228

message authentication, 577-578

Metasploit, 423

metrics (security), 177

availability, 185

capability, 185

cost/benefit analysis, 186

KPI, 178-180

KRI, 178-180

latency, 184

maintainability, 185

performance, 183

recoverability, 186

scalability, 184

usability, 185

microSD HSM, 212, 234

Microsoft Baseline Security Analyzer, 428

Microsoft SDL File/Regex Fuzzer, 685

mics (recording), host security, 314

migration (live), cloud computing virtualization vulnerabilities, 529

MIL, CRR assessments, 169

military/government classifications (information classification), 90

MIME (Multipurpose Internet Mail Extensions), 596

mirroring (screen), mobile devices, 330

misconfigurations/nonmalicious threats, incident response/recovery, 459

misuse case (negative) testing, 687

mitigating risk. See risk management

MMS (Multimedia Messaging Service), mobile device security/privacy, 345

mobile applications, social media attacks, 390

mobile devices. See also wearable technology

applications, 331-335

authentication, 335, 342-344

BYOD, 332

configuration profiles (MDM), 329

containerization, 329

content management, 331

COPE, 332

data management, 331

data storage, 336-338

de-perimeterization, 55-56

encryption, 610

full disk encryption, 718

geolocation, 335

latest attacks, researching, 645

lost/stolen devices, 338

managing, 56-57, 334

personally owned, corporate-enabled mobile device policies, 330

remote assistance, 330

remote wiping, 332, 718

risk management, 55-56

SCEP, 332

security/privacy, 336-341, 344-345, 350

TPM chips, 339

tracking, 718

updates, 331

user behavior and authentication, 335

VPN, 333

mobile payments, 340-341

Mobile Wallet, 341

MODAF (British Ministry of Defense Architecture Framework), 113

monitoring

auditing/monitoring services, data flow enforcement, 243

change monitoring, 247-248

continuous monitoring/improvement, 86, 141

DAM, 214, 240, 634

file integrity monitoring, 437

fitness monitors, 347, 350

logs, endpoint security, 295-297

monitoring/accepting phase (software acquisitions), 679

network management/monitoring tools, 256-260

performance, 669-670

RUM, 687

security, 669-670

synthetic transaction monitoring, 686

user behaviors, 40

motivation (likelihood of threat), 129

MOU (Memorandums Of Understanding), 73

MPTD (Maximum Period Time of Disruption), 146

MSA (Master Service Agreements), 75

MS-CHAP v1 (Microsoft Challenge Handshake Authentication Protocol v1), 224-225

MS-CHAP v2 (Microsoft Challenge Handshake Authentication Protocol v2), 225

MSRD (Microsoft’s Security Risk Detection), 685

MSSP (Managed Security Service Providers), 527

MTBF (Mean Time Between Failures), 146, 249

MTD (Maximum Tolerable Downtime), 146

MTTR (Mean Time To Repair), 146, 249

multi-factor authentication, 548

multihomed firewalls, 207, 239

multitenancy cloud computing model, public clouds, 515-516

mutation fuzzing, 363, 684

MX (Mail Exchange) records, 395, 506

MyAppSecurity, threat modeling, 648

N

NAC (Network Access Control), 55, 199, 232, 269-271, 644

NAP (Network Access Protection), 269

nbstat command, 473

nc (Netcat) command, 475

NDA (Non-Disclosure Agreements), 74

need-to-know principle, 80-81

negative (misuse case) testing, 687

Nessus, 413, 419

NetBIOS, nbstat command, 473

netstat (network status) command, 429-430, 474

NetworkMiner fingerprinting tool, 386

networks

A/V systems, 278-279

administrators, security requirements/goals, 720

analyzing, 464

authentication, 224-226, 235

automation systems, 274

configuring components, 246-253

control plane, 254

data flow enforcement, 244-245

data plane, 254

de-perimeterization of boundaries, 54-59

delegation, integrated solutions, 502

DLP, 242

enumerators, 420

HVAC controllers, 276

integration solutions, 487-504

IP video, 275

management plane, 254

management/monitoring tools, 255-260

mesh networks, 228

NAC, 55, 269-271, 644

physical access control systems, 277

remote access, 216-237, 240

SAN, 253

scientific/industrial equipment, 279

SDN, 254

security assessment tools, 411-426

segmentation, 269, 502

sensors, 277

testing, 646

virtual networks, researching latest attacks, 645

VLAN, 260-262, 488

VPN, 215-219, 235, 333, 618

vulnerability scanners, 413, 419

new technologies/systems/services, security trends/threats, researching, 641-642

NFC (Near Field Communication), 307, 340-341

NFS (Number Field Sieve), 587

NGFW (Next-Generation Firewalls), 205, 236

NIDS (Network IDS), 198, 230

NIPS (Network IPS), 197, 230

NIST (National Institute of Standards and Technology)

Framework for Improving Critical Infrastructure Cybersecurity, 160

risk management frameworks, 149-158

SP 800 Series, 115-117, 137, 143, 150-158, 280, 673

Nmap (Network Mapper), 411

no access (authorization), default to, 553

non-removable data storage, 337

nonmalicious threats/misconfigurations, incident response/recovery, 459

nonpersistent agents (NAC), 270

nonpersistent/persistent data, resiliency issues with integrated solutions, 495

NOP (No-Operation) slides, 365-366

notifications (push), mobile device security/privacy, 339

NPV (Net Present Value), ROI, 132

NS records (DNS), 395

nslookup command, 396-397, 435

numeric passwords, 542

NX (No Execute) bits (processors), 682

O

OAKLEY, 581

OAuth (Open Authorization), 553

object tracking technologies, 709-711

occupant emergency plans, 144

OCSP (Online Certificate Status Protocol), 604, 608

OCTAVE (Operationally Critical Threat, Asset and Vulnerability Evaluation), 120

OEM/carrier Android fragmentation, 340

OFB (Output Feedback) mode (DES), 601

OLA (Operating-Level Agreements), 73

OllyDbg, 441

on-premise cloud computing, 515

onsite assessments, 53

OOB (Out-of-Band) interfaces, host security, 303

OpenID, 561

open message format, asymmetric cryptography, 586

open source software, interoperability issues with integrated solutions, 493

open standards, 489

OpenSSL, 436

operating system (container-based) virtualization, 520

operational activities (SDLC), 669-673

operational/maintenance stage (SDLC), 666

optical jukeboxes, 469

Orange Book (TCSEC), 287

order of volatility (evidence collection), 470-471

organizational security policies (FERMA Risk Management Standard), 165

OS (Operating Systems)

fingerprinting, 657

secure enclaves, 371

trusted OS, 287-290

vulnerabilities, 377

OSA (Open Source Authentication), host security, 312

OSINT (Open Source Intelligence), 390-397

OSSTMM (Open Source Security Testing Methodology Manual), 163

OTP (One-Time Passwords), 542

outages

BCP outage impacts/downtime, 146

revenue loss during outages, ROI, 131

outsourcing, 41, 58-59

over-the-air updates, 331

over the shoulder code reviews, 388

overwriting hard drives, 673

OWASP (Open Web Application Security Project), 355, 362, 648, 680

ownership

data, 43, 452, 499

factor authentication, 538-539

TCO, 133-134, 186

P

PaaS (Platform as a Service), public clouds, 516

packets

capturing, 657

deep packet inspection, 242

filtering, 202-204, 236

NOP slides, 365

sniffing, 414-415. See also eavesdropping

pair programming, 388

palm/hand scans, authentication, 545

PAP (Password Authentication Protocol), 224-225, 394

partial-knowledge testing, 400

partnerships

downstream liability, 58

risk management, 40, 58

TCA, 40

passive fingerprinting tools, 386

passwords, 224-225, 394, 427-428, 540-544

patches, 292-293, 302

path tracing, 465

pattern matching, signature-based IDS/IPS, 195

payback (ROI), 132

payloads, configuration profiles (MDM), 329

payments (mobile), 340-341

PCI DSS (Payment Card Industry Data Security Standard), 48

PCR (Platform Configuration Register) hashes, TPM chips, 320

PDP (Policy Decision Points), 555

Peach, 421, 684

peer reviews, 706

penetration testing, 384-385, 398-401, 667, 670

PEP (Policy Enforcement Points), 555

performance

baselines, 669

monitoring, 669-670

security solutions, analyzing, 183

peripheral devices

host security, 305-313

mobile payments (credit card readers), 341

Perl, swatch script, 425

permissions

application permissions, 333

granting, 719

SCAP scanners, 418

persistent/nonpersistent data, resiliency issues with integrated solutions, 495

persistent/volatile agents (NAC), 270

personal data theft, wearable technology security/privacy, 350

personal information, PIPEDA, 48

personally owned, corporate-enabled mobile device policies, 330

personnel

BCP, 142

hiring, 85-86

occupant emergency plans, 144

screening, 85

terminating, 86

testing, 646

PFS (Perfect Forward Secrecy), 578

PGP (Pretty Good Privacy), 594, 629

pharming, 389

phishing, 388, 628, 659

physical access control systems, 277

physical controls, 107-108

physical deployment diagrams, integrated solutions, 502-504

physical reconnaissance, wearable technology security/privacy, 349

physical security

controls/processes, 725

physical security managers, 723-724

tools, 441-444

physical testing, 646

physiological characteristics (authentication), 539, 544-545

PII (Personally Identifiable Information), 77

PIN, mobile device authentication, 343

ping command, 431-432

ping scans, 386

pinning (public key), 608

PIPEDA (Personal Information Protection and Electronic Documents Act), 48

pivoting, 389

PKI (Public Key Infrastructure)/digital certificates, 548, 603-608

plan/initiate phase (SDLC), 674

planning

BCP, 141-148

CIP plans, 144

continuity planning, 465

COOP, 144, 465

crisis communications plans, 144

cyber incident response plans, 144

DRP, 144

ERP, 505

incident response plans, updating, 481

ISCP, 144

occupant emergency plans, 144

testing plans, 702-704

worst-case (extreme) scenario planning, 123-125

planning phase (software acquisitions), 679

platforms

PaaS, public clouds, 516

single platform hosts, virtualization and data security, 530

PLC (Programmable Logic Controllers), SCADA, 279

poisoning DNS caches, 506

policies

access control policies, 553

account policies (Group Policy), 300

application wrapping, 330

baselines, 167

BCP policies, developing, 144

BYOD policies, 68

categories of, 167

COPE, 332

data handling policies, 453-454

data retention policies, 451, 500

defined, 65

disclosure policies, 630

diverse industries, integrating, 45

event log policies (Group Policy), 300

FERMA Risk Management Standard, 165-166

file system policies (Group Policy), 301

guidelines, 167

incident response policies, 81-82

IPsec policies on Active Directory (Group Policy), 301

life cycle of, 66

local policies (Group Policy), 300

NAC policies, 644

PDP, 555

PEP, 555

personally-owned, corporate-enabled mobile device policies, 330

privacy policies, incident response/recovery, 458

procedures, 167

processes, 167

public key policies (Group Policy), 301

registry policies (Group Policy), 300

restricted group policies (Group Policy), 300

reviewing, 53, 66-70

same-origin policies (AJAX), 374

security policies, 78-82

social media policies, 391

standards, 167

systems services policies (Group Policy), 300

types of, 66

updating, 67-70

POP (Post Office Protocol), 627

portable media devices, inventory/asset control, 450

ports

authentication, 802.1x, 226, 235

encryption, 591

HDMI ports, host security, 315

scanners, 411

SD ports, host security, 315

security, 262-265, 305

system ports, assigning, 264

TCP/UDP port numbers, 265

post-incident response (incident response/recovery), 480-481

PPP (Point-to-Point Protocol), 394, 618

PPTP (Point-to-Point Tunneling Protocol), 216

presence (user availability), 626-627

preventive controls, 104, 147

PRI (Product Release Information) updates, 331

Principles of Privacy (EU), 49

print recognition, authentication, 546

privacy/security

CPO, 721

EU Principles of Privacy, 49

EU Safe Harbor Privacy Principles, 49

Federal Privacy Act, 47

health privacy, wearable technology security/privacy, 350

impact ratings, 675

incident response/recovery, 458

mobile devices, 336-345, 350

PGP, 594, 629

PII, 77

policies, 458

wearable technology, 349-350

private clouds, 42, 513-514, 651

privileges

elevation of, 528

escalation of, 362, 377

least privilege, principle of, 80-81

PRL (Preferred Roaming List) updates, 331

PRNG (Pseudo-Random Number Generators), 578

problem-solving, judgment in, 187

procedural design (SDD), 701

procedures

defined, 65-67, 167

employment procedures, 85-86

reviewing, 68-70

types of, 67

updating, 68-70

processes

BCP critical processes/resources, 145

defined, 65-66, 167

forensic investigations, 84

life cycle of, 66

reviewing, 53, 67

risk assessment, 137

types of, 67

updating, 67

processors, 682

productivity loss, ROI, 131

profiling, social media, 659

programmers, security requirements/goals, 718-719

proposals (bidding), RFP, 76

protection profiles (CC), 288-289

protocols

analyzers, 257-258, 414-415

anomaly-based IDS/IPS, 196

interoperability issues with integrated solutions, 494

prototyping

security solutions, 181

software development method, 691

provisional accreditation, 676

provisioning/deprovisioning resources, integrated solutions, 500-501, 531

proxies, remote access networks, 233

proximity authentication devices, 442

proximity readers, 277

proxy firewalls, 203-204, 233, 236

proxy servers, 210

PST (Provisioning Service Targets), SPML, 556

public clouds, 41, 513-516, 651

public key cryptography, digital signatures, 577

public key pinning, 608

public key policies (Group Policy), 301

purging data, 369, 453, 497

push notification services, mobile device security/privacy, 339

push-based authentication, 550

PVS (Passive Vulnerability Scanners), 213

Q

qualitative risk analysis, 126-127

quality of coding, 683

quantitative risk analysis, 127

quarantine/remediation (NAC), 270

quotes (bidding), RFQ, 76

R

RA (Registration Authorities), 605

RA (Request Authorities), SPML, 556

RA (Risk Assessments), 71-72

race conditions, application vulnerabilities, 367-368

RAD (Rapid Application Development) model, software development, 692

radio frequencies

restrictions, mobile device security, 336

spectrum management, 342

RADIUS (Remote Authentication Dial-In User Service), 226, 563-564

RAID (Redundant Array of Inexpensive/Independent Disks), 249-253

Rainbow Series (TCSEC), 287

ransomware, 647

RAT (Remote Access Trojans), 647

RBAC (Role-Based Access Control), 81, 551

RC4, 584-585

RC5, 584-585

RC6, 584-585

RDBMS (Relational Database Management System), identity propagation, 558

RDP (Remote Desktop Protocol), 220

reclassification of data, 44

reconnaissance

information-gathering, 385

physical reconnaissance, wearable technology security/privacy, 349

record-level encryption, 589-591

recording mics, host security, 314

recoverability, analyzing security solutions, 186

recovery

BCP recovery priorities, 147-148

data recovery, 451-452

MTBF, 146

MTD, 146

recovery controls, 104

RPO, 146

RTO, 146

WRT, 146

red team exercises, security assessments, 405

reducing

attack surfaces, 206

risk, 135-137

redundancy

hardware, 248

resiliency issues with integrated solutions, 496

Regex Fuzzer, 685

registry policies (Group Policy), 300

regression testing, 678, 706

regulations

diverse industries, integrating, 45-50

EU regulations, 49-50

export controls, 45

policies/procedures, updating, 69

regulatory entities, 53

release/maintenance phase (SDLC), 676

remanence, 454

remediation/quarantine (NAC), 270

remnants (data), 673

application vulnerabilities, 369

cloud computing virtualization vulnerabilities, 529

data security in integrated solutions, 497-498

resource provisioning/deprovisioning, 501, 531

remote access

application sharing, 619-620

desktop sharing, 619-620

dial-up connections, 617-618

network design, 215-226, 229-237, 240

RAT, 647

remote administration, 618

remote assistance, 620-621

resources/services, 618

SSL, 618

VPN, 216, 618

remote activation/deactivation (unauthorized), wearable technology security/privacy, 349

remote administration, 618

remote assistance, 330, 620-621

remote journaling, 469

remote locks, mobile devices, 718

remote wiping devices, 332, 450, 718

removable data storage, 337

repairs

costs, ROI, 131

MTTR, 146

replication, backups, 469

reports

after-action reports, security control reviews, 177

collaboration tools, 624-625

SOC reports, 404

reputation (ROI), loss of, 131

Request Timed Out code (ping command), 432

requirements/goals

gather phase (SDLC), 674

requirements definitions lists, 701

security, 717-724

SRTM documents, 700

researching security trends/threats

best practices, 640-641

emerging business tools, 651-653

emerging threat sources, 660

evolving technologies, 642

global IA industry/community, 653-659

new technologies/systems/services, 641-642

RFC, 643

threat intelligence, 643-649

resetting passwords, 543

residual risk, risk assessment, 140

resiliency issues with integrated solutions, 494-496

resources

BCP critical processes/resources, 145

BCP resource requirements, 147

exhaustion, application vulnerabilities, 368

provisioning/deprovisioning, 500-501, 531

REST (Representational State Transfer), 372-373

restricted group policies (Group Policy), 300

retaining data, 451, 500

retina scans, authentication, 545

reusing

assets, 673

codes, application vulnerabilities, 370

revenue loss during outage, ROI, 131

reverse engineering, 177, 440-441, 464

reverse proxies, 222, 235

review systems, incident response/recovery, 461

reviewing

code, 387-388

logs, 658

policies, 66-70

procedures, 68-70

processes, 67

security controls, 175-177

RF (Radio Frequencies), host security, 308-311

RFC (Requests For Comments), 643

RFC 2138, RADIUS, 564

RFI (Requests For Information), 76

RFID (Radio Frequency Identification), 313, 444, 710-711

RFP (Requests For Proposal), 76

RFQ (Requests For Quotes), 76

Rijndael algorithm, AES, 583

RIPEMD-160, 576

risk management/mitigation, 726-727

access controls, 103-108

acquisitions/mergers, 42-43

analysis, 125-127, 678

appetite, defined, 135

assessments, 125-126, 137-140

auditors, 52

BCP, 141-148

BYOD, 56, 57

CIA, 98-102

client requirements, 53

clouds, 41-42, 55

competitors, 52

continuous improvement/monitoring, 141

COSO ERM, 163

CRR assessments, 168-169

de-perimeterization, 54-59

detection, MSRD, 685

diverse industries, integrating, 44-51

divestitures/demergers, 42-43

downstream liability, 58

due care, 59

due diligence, 59

emerging risks, updating policies/procedures, 70

FERMA Risk Management Standard, 164-166

impact of (magnitude of risk), 128

ISO/IES 27005:2008 risk management process, 162

IT governance, 148-166

likelihood of threats, 128-130

magnitude of impact (risk impact), 128

mobile devices, 55-56

network boundaries, 54-59

NIST Framework for Improving Critical Infrastructure Cybersecurity, 160

OSSTMM, 163

outsourcing, 41, 58-59

partnerships, 40

policies/procedures, 70

profiles, 39

reduction, 135-137

regulatory entities, 53

risk analysis, 125-127

risk assessments, 125-126, 137-140

risk management frameworks, NIST, 149-158

risk profiles, 39

risk reduction, 135-137

ROI, 131-132

security control frameworks, 109-120, 123, 162-163

software assurance, 678

source code escrow, 39

SRTM, 108

TCO, 133-134

technical risk, translating in business terms, 134-135

telecommuting, 55

top-level management, 54

updating policies/procedures, 70

user behaviors, 39

worst-case (extreme) scenario planning, 123-125

Rivest and RSA, Ron, 586-587

robo hunters, 708

ROI (Return on Investment), 131, 186

roll backs (temporary), 670

root-cause analysis (incident response/recovery), 480

rooting mobile devices, 339

rotating jobs, security policies, 79

rotation schemes (backups), 467-468

routers

access lists, 305

ACL, 54, 210, 658

MD5 authentication, 266

network segmentation, 269

remote access networks, 233

route protection, 266

RTBH routing, 267

security, 210

transport security, 260

trunking security, 260-262

routing tables, 392-394

RPO (Recovery Point Objective), 146

RSA, 586-587, 655

RTBH (Remotely Triggered Black Hole) routing, 267

RTO (Recovery Time Objective), 146

RTU (Remote Terminal Units), SCADA, 279

rules

access control, 552

diverse industries, integrating, 44-45

engagement, incident response, 83

export controls, 45

IDS/IPS, 196

Snort IDS rules, writing, 259

RUM (Real User Monitoring), 687

runtime data integrity checks, SoC, 273

runtime debugging, 385

S

S/flow (Sampled Flow), data flow enforcement, 244

S/MIME (Secure MIME), 596

SA (Security Associations), IPsec, 580

SaaS (Software as a Service), public clouds, 516

SABSA (Sherwood Applied Business Security Architecture), 113-114

Safe Harbor Privacy Principles (EU), 49

safe harbors, 50

sales staff, security requirements/goals, 717-718

same-origin policies (AJAX), 374

SAML (Security Assertion Markup Language), 560-562

sandboxing, 370, 383, 525

SAN (Storage Area Networks), 253

Sarbanes-Oxley (SOX) Act, 46

SAS (Statement on Auditing Standards) 70, 403

SC (Security Categories), aggregate CIA scoring, 101-102

SCADA (Supervisory Control and Data Acquisition), 279-280

scalability, analyzing security solutions, 184

scanners

SCAP scanners, 416-419

vulnerability scanners, 213-214, 235

SCAP (Security Content Automation Protocol), 416-419, 437

SCEP (Simple Certificate Enrollment Protocol), mobile devices, 332

scientific/industrial equipment, 279

scope

BCP, 142

severity of data breaches, 478

scoring (aggregate CIA), 101-102

screen mirroring, mobile devices, 330

screened host firewalls, 207-208, 239

screened subnets, 208, 239

screening personnel, 85

scripting (XSS), application vulnerabilities, 356

scrubbing, defined, 296

SD Elements, threat modeling, 649

SD ports, host security, 315

SDD (Software Design Documents), 701

SDL File/Regex Fuzzer, 685

SDLC (Systems Development Life Cycle), 665-673

SDN (Software-Defined Networking), 254

sealing TPM chips, 319

SEAndroid (Security-Enhanced Android), 289

search engines, 397

search/seizure (incident response/recovery), 463

search warrants, 463

SecaaS (Security as a Service), 527

secure boot, 317

secure enclaves, 371, 521

secure message format, asymmetric cryptography, 586

secure volumes, 521

securiCAD, threat modeling, 648

security

access controls, 103-108

analyzing solutions, 184-186

assessments, 383-405, 411, 414-444

auditing, 88

awareness training, 86-87

BIA, 72

BPA, 74

categorizing data, 98-102

CIA, 98-102

Computer Security Act, 47

contracts, 75-77

controls/processes, 175-177, 724-725

credit cards, 580, 590

data categorization, 98-102

deconstructing/reverse engineering security solutions, 177

employment procedures, 85-86

EU Electronic Security Directive, 50

events versus incidents, 83

FISMA, 47-48

forensic investigations, 84

IA, 72

incident response, 81-83

information, 89-90

ISA, 72

logs, incident response/recovery, 461

metrics, 177-180, 183-186

mobile devices, 336-345, 350

monitoring, 86, 669-670

MOU, 73

MSA, 75

NDA, 74

OLA, 73

PCI DSS, 48

physical security, 723-725

policies, 78-82

port security, 262-265

prototyping solutions, 181

RA, 71-72

requirements/goals, 717-724

reverse engineering/deconstructing security solutions, 177

routers, 210, 266-267

security control frameworks, 109-123, 162-163

SLA, 73

SRTM, 108

testing solutions, 181

threats, likelihood of, 128-130

training, 86-87

transport security, 260

trends/threats, researching, 640-660, 708-709

trunking security, 260-262

unauthorized remote activation/deactivation, 349

wearable technology, 349-350

worst-case (extreme) scenario planning, 123-125

zones, 268-269

segmenting networks, integrated solution, 502

seizure (search and), incident response/recovery, 463

self-assessments (security-based), 402

SELinux (Security-Enhanced Linux), trusted OS, 289

sensitive data, improper storage of, 362

sensors, 277-279

separation of duties, security policies, 78-79

sequence-based versioning, 698

servers

application virtualization (terminal services), 322-323

client-side processing versus, 371-376

email servers and spam, 629

proxy servers, 210

RADIUS servers, 564

resource provisioning/deprovisioning, 501

single server hosts, virtualization and data security, 530

service packs, patch management, 293

services

discovery, 657

remote access, 618

security trends/threats, researching, 641-642

session hijacking, 359

SET (Secure Electronic Transactions), 580

SFC (System File Checker), switches, 437-438

SGX (Software Guard Extensions), 581

SHA-0 (Secure Hash Algorithm 0), 575

SHA-1 (Secure Hash Algorithm 1), 575

SHA-2 (Secure Hash Algorithm 2), 575

SHA-3 (Secure Hash Algorithm 3), 575

Shamir and RSA, Adi, 586-587

sharing applications/desktops, 619-620

Shibboleth, 561-562

shoulder surfing, 389

SHTTP (Secure HTTP), 580

side loading applications, 334

SIEM (Security Information and Event Management), 199, 232, 425-426

signatures

digital, 576-577

electronic, 50

IDS/IPS, 195

signature dynamics, authentication, 545

SIMPLE (Session Initiation Protocol for Instant Messaging and Presence Leveraging Extensions), 627

single platform hosts, virtualization and data security, 530

single server hosts, virtualization and data security, 530

single-factor authentication, 538

single-tenancy cloud computing model, 515

site-to-site VPN, 216-217

Six Sigma, 121

SKA (Shared Key Authentication), host security, 313

Skipjack, 584-585

slack space analysis, 464

SLA (Service-Level Agreements), 73, 249, 531

SLE (Single Loss Expectancy), magnitude of risk (risk impact), 128

SLIP (Serial Line Internet Protocol), dial-up connections, 618

smart cards, ownership factor authentication, 539

smart watches, 346

SMS (Short Message Service), mobile device security/privacy, 345

SMTP (Simple Mail Transfer Protocol), 628

sniffing (packet), 257-258, 414-415. See also eavesdropping

snooping, VoIP, 631

Snort IDS, writing rules, 259

SOA (Service-Oriented Architectures), integration solutions, 506

SOA (Statements of Applicability), 72

SOA records (DNS), 395

SOAP (Simple Object Access Protocol), 376. See also WSS

SoC (System on a Chip), 271-274, 345

SOC reports, 404

social engineering attacks, 388-389, 626, 659

social media

collaboration sites, 632

evolving platforms, 650

malware, 391

OSINT, 390-391

policies, 391

profiling, 659

trust an, 390

software

acceptance testing, 678

acquiring, 679

analyzing, 464

antimalware, 291

antispyware, 291

antivirus software, 291, 439

assurance, 677-688

COTS software, 493

deploying, secure design, 356

development, 673-677, 680-706

development methods, 688

IaaS, public clouds, 516

in-house developed applications/software, 493

libraries, 672

open source software, 493

regression testing, 678

SaaS, public clouds, 516

secure design, 355

standard libraries, 679

tailored commercial (commercial customized) software, 493

updates, 670

vulnerabilities, 356-370

Software Verify tool, runtime debugging, 385

Solaris 10, TrustedSolaris, 290

source (likelihood of threat), 130

source code escrow, 39

sovereignty of data, 50-51, 499

SOW (Statements of Work), 75

SP 800-12 Rev. 1, 115

SP 800-16 Rev. 1, 115

SP 800-18 Rev. 1, 115

SP 800-30 Rev. 1, 115, 137

SP 800-34 Rev. 1, 115, 143

SP 800-35, 115

SP 800-36, 115

SP 800-37 Rev. 1, 115, 156-158

SP 800-39, 116, 158

SP 800-50, 116

SP 800-53 Rev. 4, 116

SP 800-53A Rev. 4, 116, 152-153

SP 800-55 Rev. 1, 116

SP 800-60 Vol. 1 Rev. 1, 116, 150-151

SP 800-61 Rev. 2, 116

SP 800-82 Rev. 2, 116, 280

SP 800-84, 116

SP 800-86, 116

SP 800-88 Rev. 1, 116, 673

SP 800-92, 116

SP 800-101 Rev. 1, 116

SP 800-115, 116

SP 800-122, 116

SP 800-123, 116

SP 800-124 Rev. 1, 116

SP 800-137, 116

SP 800-144, 117

SP 800-145, 117

SP 800-146, 117

SP 800-150, 117

SP 800-153, 117

SP 800-154 (Draft), 117

SP 800-160, 117, 153-156

SP 800-161, 117

SP 800-162, 117

SP 800-163, 117

SP 800-164, 117

SP 800-167, 117

SP 800-175A and B, 117

SP 800-181, 117

SP 800-183, 117

spam, 292, 523, 629

spear phishing, 628

spectrum management and tethering, 342

SPF (Sender Policy Framework), email validating, 628

spiral model, software development, 692, 698

SPML (Service Provisioning Markup Language), 556

SPOF (Single Point of Failure), 253

spoofing attacks, 261, 522, 628

spyware, 291

SQL injection attacks, 360-362

SRK (Storage Root Keys), TPM chips, 319

SRTM (Security Requirements Traceability Matrix), 108, 700

SSAE 16 audits, 404

SSH (Secure Shell), 220, 595

SSID (Service Set Identifiers), 308, 312

SSL (Secure Sockets Layer), 218, 579, 595, 618

SSO (Single Sign-On), 540, 548-549, 558-560, 565

stakeholders, security, 100, 717-726

standard libraries, 679

standard word passwords, 541

standards, 167

adherence to, 489

competing standards, integration solutions, 490

de facto standards, integrate solutions, 490

ISO/IEC 27000 series, software development best practices, 680

lack of standards in integration solutions, 490

open standards, 489

secure coding standards, 700

stapling (OCSP), 608

stateful firewalls, 202-203

stateful matching, signature-based IDS/IPS, 195

state management, 376

static passwords, 541

static testing, 686

statistical anomaly-based IDS/IPS, 196

steganography, 464, 591

Sticky Mac, 263

stolen/lost devices, 338

storage

cloud storage (end-user), 650

collaboration tools, 624-625

cookies, 364

data storage, 336-338, 362, 451-452

encryption, 589-590

HSM, 469

integration solutions, 487-504

media, disposal of, 453

storage keys, TPM chips, 320

stream ciphers, 584-585, 597-598

subnets (screened), 208, 239

surveillance, 275, 463

swatch script (Perl), 425

swipe patterns, mobile device authentication, 343

switches

network segmentation, 269

port security, 262-265, 305

remote access networks, 232

SFC, 437-438

spoofing, 261

transparent bridging, 201

transport security, 260

trunking security, 260-262

symmetric algorithms, 582-585, 599-602

symmetric cryptography, 588, 602

synthetic transaction monitoring, 686

Sysinternals, 435-436

systems

applications, 334

failures (authentication), cloud storage, 337

lockdown. See configuring, configuration lockdown

ports, assigning, 264

process criticality, severity of data breaches, 479

requirements (SDLC), 667

security policies (FERMA Risk Management Standard), 166

security trends/threats, researching, 641-642

services policies (Group Policy), 300

testing, 646

T

tabletop exercises, security self-assessments, 403

TACACS+ (Terminal Access Controller Access-Control System Plus), 226

tags

ARAT systems (RFID), 710

ARPT systems (RFID), 710

double tagging, 261

RFID tags, 313

trunking security, 261

tailgating, 277

tailored commercial (commercial customized) software, 493

tampering, anti-tamper technology, 338

tape vaulting, 469

target penetration testing, 399

Tastic RFID Thief, 444

Tavares and CAST, Stafford, 585

TCA (Third-Party Connection Agreements), 40

TCO (Total Cost of Ownership), 133-134, 186

TCP/UDP, port numbers, 265

tcpdump command, 472

TCSEC (Trusted Computer System Evaluation Criteria), 287. See also CC

TDE (Transparent Data Encryption), 719

TDF (Trusted Data Format), 494

technical (logical) controls, 106-107, 725

technical risk, translating in business terms, 134-135

technologies, researching security trends/threats, 641-642

telecommuting, 55, 618

telemetry systems, SCADA, 279

telephony systems, 630-632

temporal metric group (CVSS), 416

temporary roll backs, 670

Teredo, 223

terminal services, host security, 322-323

terminating personnel, 86

test data method, 668

test/evaluation phase (SDLC), 668

tests

acceptance testing, 678, 704

BCP, 148

black box (zero-knowledge) testing, 400-401

blind penetration testing, 399

document exchanged/reviews, 53

double-blind penetration testing, 399

dynamic testing, 686

formal code reviews, 686

full-knowledge testing, 400

fuzzing, 363, 683-684

gray box testing, 400-401

GUI testing, 688

integration testing, 705

interface testing, 688

level-specific test plans, 702

lightweight code reviews, 686

misuse case (negative) testing, 687

network testing, 646

onsite assessments, 53

partial-knowledge testing, 400

peer reviews, 706

penetration testing, 398-401, 667, 670

personnel testing, 646

physical testing, 646

policy reviews, 53

process reviews, 53

regression testing, 678, 706

security solutions, 181

static testing, 686

systems testing, 646

target penetration testing, 399

test coverage analysis, 687

test data method, 676

test/validate phase (SDLC), 676

testing plans, 702-704

type-specific test plans, 702

unit testing, 704

user acceptance testing, 705

validation testing, 676, 704

verification testing, 676

white box testing, 400-401

zero-knowledge (black box) testing, 400-401

tethering, 341-342

texting

collaboration risks, 625, 626

encrypted IM, mobile device security/privacy, 340

encrypted/unencrypted communication, wearable technology security/privacy, 349

MMS, 345

mobile device security/privacy, 340, 345

theft of personal data and wearable technology security/privacy, 350

third-party libraries, application vulnerabilities, 369

third-party outsourcing, 41, 58-59

threats

agents, 139

best practices, 640-641

current threats, knowledge of, 646-647

emerging business tools, 650-653

emerging threats, 660, 706-707

evolving technologies, 642

global IA industry/community, 653-659

identifying, risk assessments, 139

insider threats, 459

likelihood of threats, 128-130

modeling, 648-649

new technologies/systems/services, 641-642

nonmalicious threats/misconfigurations, 459

RFC, 643

robo hunters, 708

threat actors, 655-659

threat intelligence, 643-649, 707

Threat Modeling Tool, 648

UTM, 194-195, 230

three-legged firewalls, 207, 239

throughput rate (biometrics), 546

time of check/time of use attacks, 367-368

time-based restrictions, mobile device security, 336

TLS (Transport Layer Security), 218-219, 579, 595

TOGAF (The Open Group Architecture Framework), 113

token devices, ownership factor authentication, 539

tokenization, mobile device security/privacy, 340

tokens, 607

top-level management, risk management, 54

topology discovery, 656

TOTP (Time-Based One-Time Password) algorithm, authentication, 540

TPM (Trusted Platform Module) chips, 315, 319-320, 339, 520, 558

traceroute tool, 395

tracert tool, 395

tracert/traceroute command, 433

tracing paths, 465

tracking

devices, 450

fitness trackers, 347, 350

geolocation/GPS devices, 709-711

mobile device, 718

object tracking technologies, 709-711

unauthorized tracking, 624

traffic anomaly-based IDS/IPS, 196

training, BCP training/exercises, 148

transaction log backups, 467, 719

transactional security, 580

transfer risk reduction strategy, 136

transferring data to uncontrolled storage, 338

transparent bridging, 201

transponders (RFID), 313

transport security, 260

Treadway Commission Framework, COSO, 119

trends/threats of security, researching

analysis, 130, 182-183, 424

best practices, 640-641

emerging business tools, 650-653

emerging threat sources, 660

evolving technologies, 642

global IA industry/community, 653-659

new technologies/systems/ services, 641-642

RFC, 643

threat intelligence, 643-649

Trojans, 626, 647

trunking security, 260-262

trust

circles of (SAML), 560

social media and, 390

trusted OS (Operating Systems), 287-290

trusted third-part (bridge) model (federated identities), 560

TrustedSolaris, 290

tshark command, 476-477

TSIG (Transaction Signatures), 506

TT&E (Testing, Training and Exercises), BCP, 148

TTL (Time to Live), DNS records, 506

tumbler locks, 442

Twofish, 584, 585

Type 1 hypervisors, 519

Type 2 hypervisors, 519

Type I errors. See FRR

Type II. See FAR

Type III authentication. See characteristic factor authentication

U

UDP (User Datagram Protocol), port numbers, 265

UEFI (Unified Extensible Firmware Interface), boot loaders, 318

unauthorized domain bridging, mobile device security/privacy, 344

unauthorized remote activation/deactivation, wearable technology security/privacy, 349

uncontrolled storage, transferring/backing up data to, 338

unencrypted/encrypted communication, wearable technology security/privacy, 349

unified collaboration tools, 621-634

uninvited guests, web conferencing, 621

unit testing, 704

UNIX

command shell, host security, 301

passwords, 544

traceroute tool, 395

unsecure direct object references, application vulnerabilities, 356

unsigned applications, 334

updates

firmware, 316, 377

FOTA updates, 331

incident response plans, 481

mobile devices, 331

over-the-air updates, 331

patches, 292-293, 302

policies, 67-70

PRI updates, 331

PRL updates, 331

procedures, 68-70

processes, 67

temporary roll backs, 670

Zeeis updates, 331

URL (Uniform Resource Locators), document collaboration, 624

usability, analyzing security solutions, 185

USA PATRIOT Act, 47-49

USB (Universal Serial Bus) devices, 306, 338, 342, 607

users

acceptance testing, 705

behaviors, 39-40, 335

end-user cloud storage, 650

hijacked accounts, 626

managing, 39

monitoring, 40

personnel testing, 646

PKI and digital certificates, 605

presence (availability), 626-627

resource provisioning/deprovisioning, 500

security, 86-87

UTM (Unified Threat Management), 194-195, 230

V

V-shaped software development method, 690

vacations (mandatory), security policies, 80

Valgrind, 441

validate/test phase (SDLC), 676

validating

email, 628

input, application vulnerabilities, 360-362, 366

validation testing, 676, 704

value (assets/information), risk assessment, 138-139

vascular scans, authentication, 545

vaulting, 469

VDI (Virtual Desktop Infrastructure), 221, 521

vendors/consultants, 41, 655

verification

Software Verify tool, runtime debugging, 385

verification testing, 676

VeriSign, 605-607

versioning, software development, 698

vertical privilege escalation, 362

video

A/V systems, 278-279

conferencing, 622-623

IP video, 275

physical access control systems, 277

virtualization, 513

client-based application virtualization (application streaming), 322-323

container-based (operating system) virtualization, 520

data remnants, resource provisioning/deprovisioning, 531

high availability, 513

hyperconverged infrastructures, 521

hypervisors, 518-519

JVM, 373

secure enclaves, 521

secure volumes, 521

server-based application virtualization (terminal services), 322-323

VDI, 521

virtual devices, resource provisioning/deprovisioning, 501, 531

virtual networks, researching latest attacks, 645

VNC, 330

VPN, 618

VTPM, 320, 520

vulnerabilities, 527-530

viruses, antivirus software, 291, 439

visualization tools, 424

VLAN (Virtual LAN), 198, 260-262, 488

VMEscape, 527

VNC (Virtual Network Computing), 221, 235, 330

voice pattern recognition, authentication, 546

VoIP (Voice over IP), 630-632

volatile/persistent agents (NAC), 270

volatility, order of (evidence collection), 470-471

volumes (secure), 521

VPN (Virtual Private Networks), 215-219, 235, 333, 618, 718

VTPM (Virtual TPM), 320, 520

vulnerabilities

applications, 357-370

assessments, 401-402, 647, 667, 670, 675

current vulnerabilities, knowledge of, 646-647

CVE, SCAP scanners, 416

CVSS, 416-418

emerging threats, adapt solutions, 706-707

firmware, 377

management systems, 402

network vulnerability scanners, 413, 419

OS, 377

risk assessment, 139

software, 356-370

vulnerability cycles, 706

vulnerability scanners, 213-214, 235, 428, 523-524

zero-day vulnerabilities, 647, 676

W

WAF (Web Application Firewalls), 212-213, 234, 371

Walt Disney Magic Band and RFID, 710

WAP (Wireless Access Points), 208-209, 239

warded locks, 442

warehouses (data), 494

WASC (Web Application Security Consortium), software development best practices, 680

watches (smart), 346

Waterfall software development method, 689, 694, 697

watermarking (digital), 591, 594

WAYF (Where Are You From), 563

weak interfaces/API (Application Programming Interfaces), cloud storage, 337

wearable technology, 346-350. See also mobile devices

web conferencing, 621-622

webcams, host security, 314

WEP (Wired Equivalent Privacy), host security, 310-311

whaling, 629

white box testing, 400-401

white hats, 656

white team exercises, security assessments, 405

whitelists, 299, 360-362

Whois protocol, OSINT, 391

wildcard certificates, 603-604

Windows Group Policy, 299-301, 306

Windows Security Log, 439

Windows Server 2003, passwords, 544

wiping

hard drives, 673

mobile devices, 332, 450, 718

remote wiping devices, 332, 450

wireless controllers, 208-209, 239

wireless devices, host security, 306-313

wireless networks. See WLAN

wireless security, 311-313

Wireshark, 257-258, 414-415

WLAN (Wireless LAN), 208-209, 232, 308-313

worms, IM, 626

worst-case (extreme) scenario planning, 123-125

WPA (Wi-Fi Protected Access), 311

WPA-PSK, host security, 313

WPA2 (Wi-Fi Protected Access 2), 311

wrapping applications, 330

WRT (Work Recovery Time), 146

WSS (Web Services Security), 681. See also SOAP

X

X.500, DAP, 564

X.509 certificates, 606

XACML (Extensible Access Control Markup Language), 555-556

Xcode 7, 334

XHTML (Extensible Hypertext Markup Language), SAML, 560

XML (Extensible Markup Language), 374, 555-556

XMPP (Extensible Messaging and Presence Protocol), 627

XN (Never Execute) bits (processors), 682

XSS (Cross-Site Scripting), 356

Y-Z

Zachman Framework, 112

Zebra, HC1 headset computer, 348

Zeeis updates, 331

Zenmap, 411

Zephyr charts, 546

zero-day vulnerabilities, 647, 676

Zero Knowledge Proof, 588

zero-knowledge (black box) testing, 400-401

zero-trust models, 708

zone transfers (DNS), 395

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
174.129.190.10