Search in book...
Toggle Font Controls
Create new playlist

Name your new playlist

Playlist description (optional)
Sign In

Email address

Password

Forgot Password?

or

Continue with Facebook

Continue with Google
Sign Up

Full Name

Email address

Confirm Email Address

Password

or

Continue with Facebook

Continue with Google

Index

A
AAA protocols, 695
AAA services, risks of, 8–11
Abagnale, Frank (author)
- Scam Me If You Can: Simple Strategies to Outsmart Today's Ripoff Artists, 98

abstraction, 12
abuse case testing, 751–752
acceptable use policy (AUP), 24, 47, 48, 424
accepting risk. See risk acceptance
access abuses, 462
access control list (ACL), 327–328, 679–680
access control matrix, 327–328, 679
access control triplet, 333
access control vestibules, 477–479
access controls
- about, 640–641, 678, 714–715
- attacks on, 699–714
- in CIA Triad, 321
- comparing models, 678–690
- exam essentials, 715–717
- implementing authentication systems, 690–699
- models, 681–682
- review question answers, 1080–1082
- review questions, 718–721
- written lab, 717
- written lab answers, 1111

accessibility, availability and, 7
account access review, 667–668
account lockout controls, 714
account maintenance, 667
account management, 754
account revocation, 666
accountability
- about, 644–645
- integrity and, 6
- monitoring and, 838–839
- as a provision of the GDPR, 167
- in security process, 10–11

accounting, in security process, 8
accuracy, 6, 166
ACID model, 978
acquisitions, mergers and, 19–20
acting, in IDEAL model, 962
active monitoring, 752
active response, to intrusion detection systems (IDSs), 824
active-active system, 596
active-passive system, 596
ActiveX controls, 373
activity, monitoring, 839
acts of terrorism, 870
ad hoc level, of Risk Maturity Model (RMM), 78
ad hoc mode, 528
Address Resolution Protocol (ARP), 510, 519–520
Adleman, Leonard, 265, 273
administrative controls, 73
administrative investigations, 910–911
administrative law, 146–147
administrative physical security controls, 452
administrators, 207–208
admissible evidence, 913
Adobe Flash, 374
Advanced Encryption Standard with 256-bit keys (AES 256), 187
advanced persistent threats (APTs), 770, 925, 995
advanced threat protection, 1008–1009
adversarial approach, to threat modeling, 26
adware, 1004
Affected Users, in DREAD system, 31
agent-based system, 550
agentless system, 550
aggregation, in databases, 980
aggregators, 548
Agile Software Development, 958–959
air gap, 318
algorithm, 223. See also specific algorithms
allowable interruption window (AIW), 453
alternate keys, 976
alternate processing sites, 883–888
alternate sites, 130
alternative systems, 131
always-on VPN, 606–607
Amazon Web Service (AWS) Simple Storage Service (S3), 192
American Civil Liberties Union (ACLU), 160
amplifiers, 547
analog communications, 566
analysis, in Electronic Discovery Reference Model (EDRM), 912
analytic attack, 297
AND operation, 225
Andersen, Arthur, 730
Android devices, 407–408
annual cost of the safeguard (ACS), 69–70
annualized loss expectancy (ALE)
- about, 127
- quantitative risk analysis and, 65–66

annualized rate of occurrence (ARO), 65, 125–126
anonymization, 202–204
antenna management, 534–535
antimalware, 829–830, 1007–1008
antispam software, 89
anything as a service (XaaS), 402
applets, 372
application allow listing (whitelisting), 414
application attacks
- about, 1009
- backdoors, 1011
- buffer overflows, 1009–1010
- privilege escalation, 1011
- rootkits, 1011
- time of check to time of use (TOCTTOU), 1010–1011

application cells/containers, 405
application control/management, 414
Application layer (layer 7), 501, 506–507
application logs, 836
Application Programming Interfaces (APIs), 312, 751, 967–968, 1020
application resilience, 1031
application roles, 685
application security controls
- about, 1025
- code security, 1029–1031
- controlling access to, 640
- database security, 1028–1029
- input validation, 1025–1027
- web application firewalls (WAFs), 1027–1028

application-level firewall, 552
applied cryptography
- about, 285
- blockchain, 295–296
- circuit encryption, 294
- dark web, 291–292
- email, 286–287
- emerging applications, 295–297
- homomorphic encryption, 297
- IP security (IPsec) protocol, 294–295
- lightweight cryptography, 296
- networking, 294–295
- portable devices, 285–286
- Pretty Good Privacy (PGP), 287–289
- Secure Sockets Layer (SSL), 290
- Secure/Multipurpose Internet Mail Extensions (S/MIME) protocol, 289
- steganography, 292–293
- Tor, 291–292
- Transport Layer Security (TLS), 290–291
- watermarking, 292–293
- web applications, 290–292

approving patches, 790
architecture
- common flaws and issues, 428–432
- of database management system (DBMS), 973–977
- of mobile devices, 424

Arduino, 387
Argon2, 707
arithmetic-logical unit (ALU), 364
ARP cache poisoning, 520
ARP spoofing, 520
“Arrangement on the Recognition of Common Criteria Certificates in the Field of IT Security,” 337
artifacts, 850–851, 913, 916–919
artificial intelligence (AI), 846–847
Asia-Pacific Economic Cooperation (APEC), 167
ASREPRoast, 711
assertions, 692
Assess phase, in Risk Management Framework (RMF), 79–81
assessment, in disaster recovery planning (DRP), 892
assessment test, lix–lxxiv
asset owner role, 21, 56, 205
asset security
- about, 180, 211
- data protection methods, 199–204
- data roles, 204–208
- data states, 185–186
- defining asset classifications, 185
- defining data classifications, 182–185
- determining compliance requirements, 186
- determining data security controls, 186–188
- establishing handling requirements, 188–198
- exam essentials, 211–213
- identifying and classifying information and assets, 180–188
- review question answers, 1053–1056
- review questions, 214–218
- security baselines, 208–210
- written lab, 213
- written lab answers, 1102–1103

asset value (AV), 123
assets
- classifying, 185
- controlling access to, 639–641
- focused on, 27
- managing, 774–776
- ownership of, 774
- tracking, 416
- valuation of, 56, 58–59

assigning risk. See risk assignment
assurance
- about, 948
- in CIA Triad, 321–322

asymmetric cryptography
- about, 264
- Diffie-Hellman algorithm, 269–270
- ElGamal algorithm, 267–268
- elliptic curve cryptography (ECC), 268
- private keys, 264–265
- public keys, 264–265
- quantum cryptography, 270–271
- RSA algorithm, 265–266

asymmetric cryptosystems, 221
asymmetric key algorithms, 241–244
asymmetric key management, 284
asymmetric multiprocessing (AMP), 376
asynchronous communications, 567
asynchronous dynamic password tokens, 651
atomicity, in ACID model, 978
attack phase, in penetration testing, 743
attack vector. See threat vector
attackers
- about, 699
- defined, 924
- focused on, 27

attacks. See also specific types
- access control, 699–714
- based on design/coding flaws, 430
- determining potential, 28

attenuation, 562
Attribute-Based Access Control (ABAC), 526, 682, 686–687
audit logging. See logging
audit trails, 838
auditing, 8, 10, 731
auditor role, 22
authenticated relay, 597
authentication
- as a goal of cryptography, 222
- implementing systems of, 690–699
- on internal networks, 694–697
- on Internet, 691–694
- protocols for, 582–585
- Remote Authentication Dial-in User Service (RADIUS), 697–698
- in security process, 8, 9
- session management and, 949
- Terminal Access Controller Access Control System Plus (TACACS+), 698–699

Authentication Header (AH), 295, 609
authentication protection, 592
authentication service, Kerberos, 696
authenticity, risks of, 8
authoritative passwords, 648–650
authority, as a social engineering principle, 83
authorization
- about, 644–645
- exploiting vulnerabilities, 1017–1020
- mechanisms for, 679–681
- in security process, 8, 10

Authorization to Operate (ATO), 16, 340–341
Authorize phase, in Risk Management Framework (RMF), 79–81
Authorizing Official (AO), 340
automated indicator sharing (AIS), 355
automated recovery, 879
automatic expiration, DRM and, 199
Automatic Private IP Addressing (APIPA), 617–618
automation
- in configuration management (CM), 784–785
- of incident response, 845–851

auxiliary alarm system, 460
availability
- in CIA Triad, 7, 641
- high, 875–880

AV-Test, 995–996
awareness
- about, 96–99
- in disaster recovery planning (DRP), 898–899
- in security management process, 755

AWS buckets, 192

B
backbone distribution system, 454
backdoor attacks, 1011
backdoor vulnerability, 1033–1034
background checks, 46
backups, in disaster recovery planning (DRP), 892–896
badges, 456–457
baiting, 92
bandwidth, 880
barricades, 479
baseband cables, 560
baseband radio, 544
baseband technology, 567
baselines
- about, 24–25
- in configuration management (CM), 783–784

base+offset addressing, 365
basic input/output systems (BIOS), 371
basic service set identifier (BSSID), 529
bastion host, 551
bcrypt, 707
beacon frame, 529
behavior, 947
behavior modification, 96
behavior-based detection, 821–823
Behr, Kevin
- The Phoenix Project: A Novel About IT, DevOps, and Helping Your Business Win, 967

Bell-LaPadula model, 328–332
benign DoS, 383
Biba model, 330–332
biometrics, 409, 651, 653–655
birthday attacks, 300, 706–707
birthday paradox, 706
bit flipping, 749
Bitcoin, 296, 380–381
bits, 500
Black-Box Penetration Test, 744, 969
blacklisting, 831–832
blind content-based SQL injection, 1013–1015
blind timing-based SQL injection, 1015–1016
block cipher, 237
blockchain, 295–296, 380–381
Blowfish, 249
Blue Screen of Death (BSOD), 950–951
Bluebugging, 537
Bluejacking, 537
Bluesmacking, 537
Bluesnarfing, 537
Bluesniffing, 537
Bluetooth (802.15), 537–538
Boehm, Barry, 957
Boeing, 198
Boldon James, 188
bombings, 870
book cipher, 236
Boolean mathematics, 224
boot attestation, 371
boot sector, 996–997
Border Gateway Protocol (BGP), 503
botnets (bots), 812–813, 1001
bottom-up approach, 17
bounds, in CIA Triad, 320–321
branch coverage, 752
breach, 57
breach and attack simulation (BAS), 745
Brewer and Nash model, 334–335
bridge mode, 529
bridges, 548
bring your own device (BYOD), 420
broadband cables, 560
broadband technology, 567
broadcast domains, 547
broadcast storm, 611
broadcast technology, 567
browser wrap license agreements, 158
brute-force attack, 297, 704–705
buffer overflow errors, 817
buffer overflows, 1009–1010
buildings, BCP and, 130
bumping, 481
burglar alarms, 458
bus topology, 564
business associate agreement (BAA), 162
business attacks, 925
business continuity planning (BCP)
- about, 114–115, 136–137
- benefits of, 119–120
- business impact analysis (BIA), 121–128
- continuity planning, 128–131
- documentation for, 132–136
- exam essentials, 137–138
- plan approval and implementation, 131–136
- project scope, 115–121
- review question answers, 1049–1051
- review questions, 139–142
- in security management process, 754–755
- selecting your team, 117–118
- written lab, 138
- written lab answers, 1101

business email compromise (BEC), 87
business impact analysis (BIA)
- about, 121–122
- Cloud and, 124–125
- identifying priorities, 122–123
- impact analysis, 126–128
- likelihood assessment, 125–126
- resource prioritization, 128
- risk identification, 123–124

business strategy, aligning security function with, 17–19
business unit, 881–882
business/mission owners, 206

C
cable lock, 453
cable plant management policy, 454
cabling, 559–563
cache RAM, 363
Caesar cipher, 232–234, 235
California Consumer Privacy Act (CCPA, 2018), 168–169
California SB 1386, 162
Caller ID, 525
cameras, 460–461
camouflage, 1028–1029
campus area network (CAN), 606
Canadian privacy laws, 167–168
candidate keys, 975
candidate screening, 46–47
capabilities
- about, 310, 322–323, 343–344
- access control matrix, 327–328
- Bell-LaPadula model, 328–330
- Biba model, 330–332
- Brewer and Nash model, 334–335
- capabilities of information systems, 341–343
- Clark-Wilson model, 333–334
- design principles, 310–320
- ensuring CIA Triad, 320–322
- exam essentials, 344–347
- fundamental concepts of, 322–336
- Goguen-Meseguer model, 335
- Graham-Denning model, 335–336
- Harrison-Ruzzo-Ullman (HRU) model, 336
- information flow model, 325
- noninterference model, 326
- review question answers, 1060–1062
- review questions, 348–352
- state machine model, 325
- Sutherland model, 335
- systems requirements, 337–341
- take-grant model, 326–327
- trusted computing base (TCB) design principle, 323–325
- written lab, 347
- written lab answers, 1104–1105

Capability Maturity Model (CMM), 78, 955, 960–961
Capability Maturity Model Integration (CMMI), 961
capability table, 679–680
capacitance motion detector, 459
captive portals, 535
capture filters, 506
cardinality, 974–975
carrier network connections, 623
carrier unlocking, 418
Carrier-Sense Multiple Access (CSMA), 567
Carrier-Sense Multiple Access with Collision Avoidance (CSMA/CA), 568
Carrier-Sense Multiple Access with Collision Detection (CSMA/CD), 568
cascading, 326
CAST algorithm, 250–251
Categorize phase, in Risk Management Framework (RMF), 79–81
Cavoukian, Ann
- “Privacy by Design - The 7 Foundational Principles: Implementation and Mapping of Fair Information Practices,” 319

cell suppression, 981
cellular networks, 544
Center for Internet Security (CIS), 22
central processing unit (CPU), 356
central station system, 460
centralized access control, 659, 660
CEO fraud, 87
CEO spoofing, 87
certificate authority (CA), 278, 279–280
certificate chaining, 280
Certificate Practice Statement (CPS), 282
certificate revocation list (CRL), 280–281, 282
certificate signing request (CSR), 280
certificate stapling, 282–283
certificates
- digital, 278
- formats of, 283
- lifecycle of, 280–283
- pinning, 281

certification process, xliii
chain of custody, 914–915
chain of evidence, 914–915
Challenge Handshake Authentication Protocol (CHAP), 583
change control, 965
change logs, 836
change management
- about, 785–786
- configuration documentation, 788
- maintenance and, 955
- process of, 787–788
- software development lifecycle (SDLC) and, 964–966
- versioning, 788

chat, 594–595
checklists, 891–892
chief information officer (CIO), 17, 18
chief information security officer (CISO), 17
chief security officer (CSO), 17
chief technical officer (CTO), 18
Children's Online Privacy Protection Act (COPPA, 1998), 163
choose your own device (CYOD), 421
chosen ciphertext attacks, 300
chosen plaintext attacks, 300
CIA Triad
- about, 4–7, 320, 640–641
- access controls and, 321
- assurance and, 321–322
- bounds and, 320–321
- confinement and, 320
- isolation and, 321
- trust and, 321–322

Cipher Block Chaining (CBC) mode, 244
Cipher Feedback (CFB) mode, 244
ciphers, 230–238
ciphertext-only attack, 298–299
circuit encryption, 294
circuit proxies, 553
circuit switching, 620
circuit-level gateway firewalls, 553, 833
circular logging, 844
CISSP exam
- about, xxxix–xl
- advice for, xli–xlii
- question types, xl–xli
- study and preparation tips for, xlii

civil investigations, 911
civil law, 146
Clark-Wilson model, 333–334, 680
classification levels, 329, 947
Classless Inter-Domain Routing (CIDR), 518
clean-desk policy, 464
clearing media, 196
clickjacking, 94, 515
click-through license agreements, 158
client-based systems
- about, 372
- local caches, 375
- mobile code, 372–374

client/server model, 556
clipping levels, 842
closed head system, 474
Closed port, 733
closed relay, 597
closed source, 313
closed systems, 312–313
closed-circuit television (CCTV), 460–461
cloud access security broker (CASB), 200
cloud computing
- about, 397
- business impact analysis (BIA) and, 124–125
- integration with, 403
- managed services in the, 779–782
- protecting, 878
- recovery strategy and, 887

cloud services license agreements, 158
cloud-based federation, 661
coaxial cable, 559–560
code
- about, 954
- ciphers compared with, 231
- flaws in, 430
- practices of coding, 1031–1034
- reuse of, 1029–1030
- review of, 746–747
- review walk-through of, 954
- security of, 1029–1031
- signing, 1029

code injection attacks, 1016
Code of Fair Information Practices, 932–933
Code Red worm, 1001–1002
code repositories, 970–971, 1030
cognitive password, 643
cohesion, 947
cold aisle, 468
cold sites, 883–884
collection
- in Electronic Discovery Reference Model (EDRM), 912
- of evidence, 916–919

collector, 548
collision attack. See birthday attacks
collision domains, 547
collisions, 244
collusion, 49
columnar transposition, 231
combination locks, 481–482
command injection attacks, 1016–1017
Commerce Control List (CCL), 159
commercial off-the-shelf (COTS) software, 972
Committee of Sponsoring Organizations (COSO) of the Treadway Commission, 81
Common Configuration Enumeration (CCE), 732
Common Criteria (CC), 337–340
Common Gateway Interface (CGI), 1010
common mode noise, 467
Common Platform Enumeration (CPE), 732
Common Vulnerabilities and Exposures (CVE), 731, 792–793
Common Vulnerability Scoring System (CVSS), 731
communications and network attacks
- about, 582, 626–628
- communication protection, 410–411
- communication protocols, 521, 543–544
- email security, 596–602
- exam essentials, 628–630
- fiber-optic links, 624
- load balancing, 595–596
- multimedia collaboration, 593–595
- network address translation (NAT), 614–618
- preventing/mitigating, 625–626
- protocol security mechanisms, 582–585
- remote access security management, 590–593
- review question answers, 1075–1077
- review questions, 631–635
- security control characteristics, 624–625
- switching, 610–614
- switching technologies, 620–622
- third-party connectivity, 618–619
- virtual LANs, 610–614
- virtual private network (VPN), 602–609
- voice communications, 586–590
- wide area network (WAN) technologies, 622–623
- wireless communication, 536–539
- written lab, 630
- written lab answers, 1109–1110

Communications Assistance for Law Enforcement Act (CALEA, 1994), 161
community cloud deployment model, 782–783
compartmentalized environment, 689
compensation control, 75
compiler, 944
completeness, integrity and, 6
compliance
- determining requirements for, 186
- testing, 68

compliance checks, 745–746
compliance policy requirements, 53
compliant mobile devices, 690
composition theories, 326
comprehensiveness, integrity and, 6
computer architecture, 354
computer crime
- categories of, 923–929
- laws for, 147–152

Computer Ethics Institute, 932
Computer Fraud and Abuse Act (CFAA, 1984), 148–149, 164, 1003
computer incident response team (CIRT) role, 21
computer security incident, 803
computing minimalism, 317
concealment, confidentiality and, 5
concentrators, 547
conceptual definition, 952–953
concurrency, in databases, 979–980
condition coverage, 752
conductors, 561–562
confidential label, 182, 184
confidentiality
- in CIA Triad, 5, 640
- as a goal of cryptography, 220–221

configuration documentation, in change management, 788
configuration management (CM)
- automation, 784–785
- baselining, 783
- provisioning, 783
- software development lifecycle (SDLC) and, 964–966
- using images for baselining, 783–784

confinement, in CIA Triad, 320
confusion, 237–238
connection methods, 417
connection oriented, 508
connectionless “best effort” communication protocol, 509
consensus, as a social engineering principle, 83
consistency, in ACID model, 978
constrained data item (CDI), 333
constrained interface model, 343, 680
consultant agreements, 52–53
contactless payment methods, for mobile devices, 425–426
containerization, 400, 405–406
content delivery network, 545
content distribution network (CDN), 545
content filtering, 554, 555–556
content inspection, 555–556
content management system (CMS), 414
content-dependent access control, 680
content/URL filter, 555–556
context-aware authentication, 646
context-dependent access control, 680
continuity of operations plan (COOP), 129
continuous audit trail, DRM and, 199
continuous improvement, 77–78
continuous integration/continuous delivery (CI/CD), 966–967
contracting, 171
contractor agreements, 52–53
contractual license agreements, 158
Control Objectives for Information and Related Technology (COBIT), 15, 22–23, 206, 731
control specifications development, 953–954
control zone, 369
controls gap, 68–69
converged protocols, 523–524
Copyright law, 152–154
core protection methods, 713–714
corporate espionage, 925
corporate policies, for mobile devices, 423
corporate-owned, personally enabled (COPE), 420–421
corporate-owned business-only (COBO) strategy, 421
corporate-owned mobile strategy (COMS), 421
corrective control, 75
cost, of security controls vs. benefit of security controls, 69–72
cost/benefit calculation/analysis, 70
Counter (CTR) mode, 245
Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) (Counter-Mode/CBC-MAC Protocol), 532
Counter with Cipher Block Chaining Message Authentication Code Mode (CCM), 245
countermeasures
- about, 354, 432–433
- architecture flaws and issues, 428–432
- assessing, 355–372
- client-based systems, 372–375
- containerization, 405–406
- cyber-physical systems, 386–393
- distributed systems, 380–382
- edge computing, 385–386
- embedded devices, 386–393
- essential security protection mechanisms, 426–428
- exam essentials, 433–439
- fog computing, 385–386
- high-performance computing (HPC) systems, 382–383
- industrial control systems, 378–380
- infrastructure as code (IaC), 395–396
- Internet of Things (IoT), 383–385
- managing, 791
- microservices, 394–395
- mitigating, 355–372
- mobile devices, 406–426
- review question answers, 1062–1067
- review questions, 441–445
- selecting and implementing, 72–74
- server-based systems, 375–378
- serverless architecture, 406
- shared responsibility, 354–355
- specialized devices, 393–394
- virtualized systems, 397–405
- written lab, 440
- written lab answers, 1105–1106

countries of concern, 159
coupling, 947
covert channels, 428–429
covert storage channel, 429
covert timing channel, 429
crackers, 699
Creating Defensible Space (Newman), 452
credential hijacking, 93
credential management systems, 419, 662–663
credential manager apps, 663
credential stuffing attack, 706
Crime Prevention Through Environmental Design (CPTED), 450–451
criminal investigations, 911
criminal law, 144–146
crisis management, 882
critical path analysis, 448–449
criticality, confidentiality and, 5
cross-border information sharing, 167
crossover error rate (CER), 654
cross-site request forgery (CSRF/XSRF), 1024
cross-site scripting (XSS), 1016, 1021–1023
cryptanalysis, 224
cryptocurrency, 296
cryptographic algorithms, 156
cryptographic applications. See PKI and cryptographic applications
cryptographic attacks, 297–301
cryptographic erasure, 197
cryptographic keys, 238–239
cryptographic mathematics, 224–230
cryptographic modes of operation, 244–246
cryptographic salt, 298
cryptography and symmetric key algorithms
- about, 220, 239–241, 255–256
- ciphers, 230–238
- concepts of cryptography, 223–224
- cryptographic lifecycle, 255
- cryptographic mathematics, 224–230
- exam essentials, 256–257
- goals of cryptography, 220–222
- modern cryptography, 238–244
- review question answers, 1056–1057
- review questions, 258–261
- symmetric cryptography, 244–254
- written lab, 257
- written lab answers, 1103–1104

cryptology, 224
cryptomalware, 1001
cryptosystems, 224
cryptovariables, 224
custodian role, 21
cybercrime for hire, 926
cyber-physical systems, 389
Cybersecurity Enhancement Act, 151
“Cyberwarfare: Origins, Motivations and What You Can Do in Response,” 95

D
DAD Triad, 7–8
Damage Potential, in DREAD system, 31
dark web, 291–292
DARPA model. See TCP/IP model
data at rest, 221
data breach notification laws, 162–163
data centers, 455–458
data classifications, 182–185
data collection limitation, 192–193
data controllers, 206–207
data custodians, 207
data destruction, 194–197
data diddling, 431–432
Data Encryption Standard (DES)
- about, 239, 247
- advanced encryption standard, 250
- Blowfish, 249
- CAST algorithm, 250–251
- comparing symmetric encryption algorithms, 251–252
- International Data Encryption Algorithm (IDEA), 248–249
- Rivest ciphers, 249–250
- Skipjack algorithm, 249
- symmetric key management, 252–254
- Triple DES (3DES), 247–248

data exposure, 1028
data extraction, 842
data flow control, 375
data hiding, 12–13
data in motion, 221
data in transit, 185
data in use, 185, 221
data integrity, 922–923
Data Link layer (layer 2), 503–504
data location, 193
data loss prevention (DLP), 188, 189–190
data maintenance, 189
data minimization, 166, 1028
data owners, 204–205
data ownership, for mobile devices, 422
data processors, 206–207
Data Protection Directive (DPD), 165–166
data protection methods
- about, 199
- anonymization, 202–204
- cloud access security broker (CASB), 200
- digital rights management (DRM), 199–200
- pseudonymization, 200–201, 202
- tokenization, 201–202

data remanence, 194–195, 367
data remnants, 462
data retention, 197–198, 922–923
data roles
- about, 204
- administrators, 207–208
- asset owners, 205
- business/mission owners, 206
- data controllers, 206–207
- data custodians, 207
- data owners, 204–205
- data processors, 206–207
- subjects, 208
- users, 208

data security controls, determining, 186–188
data sovereignty, 382
data states, 185
data storage devices, 366–367
data warehousing, establishing, 973–983
database contamination, 978
database management system (DBMS)
- architecture, 973–977
- Open Database Connectivity (ODBC), 982–983
- security for multilevel databases, 978–982
- transactions, 977–978

database normalization, 976
database recovery, 888–889
database vulnerability scanning, 741–742
databases
- establishing, 973–983
- security of, 1028–1029

dataflow paths, in decomposition process, 29
datagram, 500
dead code, 1030
deauthentication packet, 541
debugging, 949
decentralized access control, 659
declassification of media, 197
decompiler, 944
decomposing. See reduction analysis
decryption, 223, 343
dedicated line, 622
deencapsulation, 498–500
deep packet inspection (DPI), 554
defense in depth, 11
defensive approach, to threat modeling, 26
defined level, of Risk Maturity Model (RMM), 78
degaussing media, 196
degrees, 974
delegating
- about, 947
- incident response, 809

Delphi technique, 63
Delpy, Benjamin, 708
Delta rule, 986
deluge system, 475
demarcation point, 454
demilitarized zone (DMZ), 545
demonstrative evidence, 916
Denial of service (DoS), in STRIDE threat model, 27
denial-of-service (DoS) attacks, 376, 813–817
deny by default, 414
Department of Commerce Bureau of Industry and Security (BIS), 159
deploying patches, 790
deployment policies, for mobile devices, 420–426
deprovisioning, 666–667
design
- about, 310, 322–323, 343–344
- access control matrix, 327–328
- Bell-LaPadula model, 328–330
- Biba model, 330–332
- Brewer and Nash model, 334–335
- capabilities of information systems, 341–343
- Clark-Wilson model, 333–334
- design principles, 310–320
- ensuring CIA Triad, 320–322
- exam essentials, 344–347
- flaws in, 430
- fundamental concepts of, 322–336
- Goguen-Meseguer model, 335
- Graham-Denning model, 335–336
- Harrison-Ruzzo-Ullman (HRU) model, 336
- information flow model, 325
- noninterference model, 326
- review of, 954
- review question answers, 1060–1062
- review questions, 348–352
- in Software Assurance Maturity Model (SAMM), 961
- state machine model, 325
- Sutherland model, 335
- systems requirements, 337–341
- take-grant model, 326–327
- trusted computing base (TCB) design principle, 323–325
- written lab, 347
- written lab answers, 1104–1105

design patents, 156
design principles
- about, 310
- closed systems, 312–313
- KISS principle, 316–317
- objects, 311–312
- open systems, 312–313
- Privacy by Design (PbD), 319
- secure defaults, 314
- subjects, 311–312
- system failures, 314–316
- trust, but verify, 319–320
- zero trust, 317–319

destination network address translation (DNAT). See NAT traversal (NAT-T)
destruction
- about, 197
- of symmetric keys, 253–254

detection
- of incidents, 805–806
- in vulnerability scanning, 742

detective control, 75, 810
deterrent alarms, 459
deterrent control, 74, 452–453
development toolsets, 945–946
device authentication, 409–410, 657–658
device lockout, 411
devices, controlling access to, 639. See also mobile devices
DevOps approach, 966–967
diagnosing, in IDEAL model, 962
dictionary attack, 704
differential backups, 893
Diffie-Hellman algorithm, 156, 253, 269–270, 291
diffusion, 237–238
digital certificates, 278, 283
digital communications, 566
Digital Millennium Copyright Act (DMCA, 1998), 153–154
digital motion detector, 459
digital rights management (DRM), 199–200
Digital Signature Algorithm (DSA), 277
Digital Signature Standard (DSS), 277
digital signatures
- about, 222, 275–276
- Digital Signature Standard (DSS), 277
- hashed message authentication code (HMAC) algorithm, 276–277

digital watermarking, 845
direct addressing, 365
direct evidence, 915
direct inward system access (DISA), 590
Direct Sequence Spread Spectrum (DSSS), 537
directed graph, 326–327
directional antenna, 534
directive control, 76
directory traversal attacks, 1018–1019
dirty reads, 979
disassociation, 541
Disaster, Reproducibility, Exploitability, Affected Users, and Discoverability (DREAD) system, 30–31
disaster recovery planning (DRP)
- about, 114–115, 863, 902
- acts of terrorism, 870
- assessment, 892
- backups, 892–896
- bombings, 870
- earthquakes, 864–865
- emergency response, 891
- exam essentials, 902–903
- explosions, 870
- fault tolerance, 875–880
- fires, 868, 869–870
- floods, 865–867
- hardware/software failures, 872
- high availability, 875–880
- human-made disasters, 869–874
- infrastructure failures, 871–872
- logistics, 897
- natural disasters, 864–869
- nature of disaster, 863–874
- network failures, 871–872
- offsite storage, 892–896
- pandemics, 869
- personnel and communications, 891–892
- picketing, 873
- power outages, 871
- recovery plan development, 890–898
- recovery strategy, 880–889
- recovery vs. restoration, 897–898
- review question answers, 1089–1091
- review questions, 904–907
- in security management process, 754–755
- software escrow agreements, 896–897
- storms, 867–868
- strikes, 873
- supplies, 897
- system resilience, 875–880
- testing and maintenance, 899–902
- theft, 873–874
- training, awareness, and documentation, 898–899
- utilities, 897
- utility failures, 871–872
- vandalism, 873–874
- written lab, 903
- written lab answers, 1113–1114

disasters, nature of, 863–874
Discoverability, in DREAD system, 31
discretion, confidentiality and, 5
Discretionary Access Control (DAC), 681, 682–683
Discretionary Security Property, 329
disk-to-disk backup, 895
display filters, 506
distance vector routing protocols, 503
Distinguished Encoding Rules (DER) format, 283
distributed architecture, 556
distributed computing environment (DCE). See distributed system
distributed control systems (DCSs), 378–380
distributed databases, 973–974
distributed denial-of-service (DDoS) attacks, 814
distributed ledger, 381
Distributed Network Protocol 3 (DNP3), 523
distributed reflective denial-of-service (DRDoS) attack, 814
distributed system, 380–382, 556
distributed virtual switches, 611
DLL injection attack, 1016
DNS cache poisoning, 512
DNS over HTTPS (DoH), 511
DNS pharming, 512
DNS poisoning, 511–514
DNS query spoofing, 513
DNS sinkhole, 514
documentary evidence, 914
documenting investigations, 923
documents
- business continuity planning (BCP), 132–136
- disaster recovery planning (DRP), 898–899
- exchanging and reviewing, for evaluation of third parties, 20
- reviewing, 15–16
- storing, 983

DOD model. See TCP/IP model
domain hijacking, 514–515
Domain Message Authentication Reporting and Conformance (DMARC), 600
domain name, 509
domain name system (DNS)
- about, 509–511
- DNS pharming, 512
- DNS poisoning, 511–514
- DNS query spoofing, 513

Domain Name System Security Extensions (DNSSEC), 511
domain theft, 514–515
Domain Validation (DV) certificates, 280
DomainKeys Identified Mail (DKIM), 600
domains, xxxviii, 974
“Don't Repeat Yourself” (DRY), 317
double conversion UPS, 465
Double DES (2DES), 300
doxing, 95
Dragonfly Key Exchange, 532–533
drive-by download, 86
DRM license, 199
dry pipe system, 474
dual stack, 517
due care, 23
due diligence, 23
dumb card, 456
dumpster diving, 92–93
durability, in ACID model, 978
duress, 771–772
dynamic application security testing (DAST), 748
Dynamic Host Configuration Protocol (DHCP), 507
dynamic packet filtering firewall, 553
dynamic ports, 508
dynamic RAM, 363–364

E
E911 location tracking, 413
EAP Transport Layer Security (EAP-TLS), 584
EAP Tunneled Transport Layer Security (EAP-TTLS), 584
EAP-MD5, 584
earthquakes, 864–865
east-west traffic, 546
eavesdropping, 626
Economic Espionage Act (1996), 157, 161
edge computing, 385–386
education, 98, 132
effectiveness evaluation, 99–100
egress monitoring, 844–845
802.11x, 528, 533, 584
elasticity, 398–399, 783
electromagnetic interference (EMI), 467
electronic access control (EAC) lock, 481–482
Electronic Code Book (ECB) mode, 244
Electronic Communications Privacy Act (1986), 161
electronic discovery (eDiscovery), 912
Electronic Discovery Reference Model (EDRM), 912
electronic vaulting, 888–889
electronically erasable programmable read-only memory (EEPROM), 362
electrostatic discharge (ESD), 469
Elevation of privilege, in STRIDE threat model, 27
Elgamal, Taher, 267
ElGamal algorithm, 267–268
eliciting information, 85
elliptic curve cryptography (ECC), 268, 291
Elliptic Curve DSA (ECDSA), 277
email security
- about, 286–287, 596–597
- email data, 187
- goals for, 597–598
- issues with, 599
- solutions for, 599–602

email spoofing, 713
emanation security, 367–369
embedded systems
- about, 386–387, 813
- elements related to, 389–390
- security concerns of, 390–393

emergency communications, 882–883
emergency management, 773
emergency response
- in disaster recovery planning (DRP), 891
- guidelines in BCP documentation, 135

employee oversight, 48–49
employment agreements, 47–48
Encapsulating Security Payload (ESP), 295, 609
encapsulation, 498–500
encrypted traffic, monitoring, 826
encrypted viruses, 999
encryption
- about, 13, 343
- defined, 223
- of sensitive data, 194

encryption export controls, 159
end user role, 22
end-of-life (EOL), 78, 198, 397
end-of-service life (EOSL), 78, 198, 397
end-of-support (EOS), 78, 198, 397
endpoint detection and response (EDR), 558, 1008–1009
endpoint security, 556–559
endpoint-based DLP, 190
end-to-end encrypted VPN, 605
end-to-end encryption, 294
Enhanced Interior Gateway Routing Protocol (EIGRP), 503
Enigma codes, 299
enrollment, digital certificate and, 280
Enron Corporation, 730
enterprise (ENT), 532
enterprise extended mode, 528
enterprise risk management (ERM) program, 78
entity behavior analytics (UEBA) functions, 822
entrance facility, 454
entrapment, 829
environment safety, 482
environmental monitoring, 470
ephemeral key, 240
ephemeral ports, 508
equal error rate (ERR), 654
equipment failure, 453–454
equipment room, 454
erasable programmable read-only memory (EPROM), 362
erasing media, 195
error handling, 949, 1032–1033
escaping input, 948
escrowed encryption standard, 254
Ethernet, 565–566
Ethernet address, 503
ethical disclosure, 749
ethics
- about, 929, 933
- exam essentials, 934–935
- Internet and, 931–933
- (ISC)² Code of Ethics, 930–931
- organizational code of, 929–930
- review question answers, 1091–1093
- review questions, 936–939
- written lab, 935
- written lab answers, 1114

European Union
- Data Protection Directive (DPD), 165–166
- General Data Protection Regulation (GDPR), 166–167

evaluation assurance levels (EALs), 338
evidence
- about, 913
- admissible, 913
- artifacts, 916–919
- collection of, 916–919
- forensic procedures, 916–919
- gathering, 919–920
- storage of, 463–464
- types, 913–916

evil twin attacks, 540–541
exam essentials
- access control, 715–717
- asset security, 211–213
- business continuity planning (BCP), 137–138
- communications and network attacks, 628–630
- cryptography and symmetric key algorithm, 256–257
- disaster recovery planning (DRP), 902–903
- ethics, 934–935
- identity and authentication, 669–670
- incident response, 852–855
- investigations, 934–935
- laws, regulations, and compliance, 172–173
- malicious code and application attacks, 1035–1036
- network architecture, 570–573
- personnel security and risk management, 101–106
- physical security, 484–488
- PKI and cryptographic applications, 302–303
- security and assessment testing program, 756–757
- security governance, 33–36
- security models, 344–347
- security operations, 794–796
- software development security, 987–988
- vulnerabilities, threats, and countermeasures, 433–439

exception handling, 314–315
excessive privilege, 668
exclusive OR operation, 227
exercises, in BCP documentation, 136
exigent circumstances, 920
exit interview, 19, 50
expert systems, 984–985
exploit Wednesday, 791
Exploitability, in DREAD system, 31
explosions, 870
Export Administration Regulations (EAR), 159
exposure, 56
exposure factor (EF)
- about, 127
- quantitative risk analysis and, 64

extended service set identifier (ESSID), 529
Extended Validation (EV) certificates, 280
Extensible Authentication Protocol (EAP), 533, 583–584
Extensible Configuration Checklist Description Format (XCCDF), 732
Extensible Markup Language (XML), 691
external audits, 729

F
face scans, 652
Facebook, 658
facilities
- BCP and, 130
- controlling access to, 639

Factor Analysis of Information Risk (FAIR), 81
fail-closed, 316
fail-open state/system, 316, 879, 950–951
failover, 877
fail-safe, 315–316
fail-secure failure state, 950–951
fail-secure system, 879
fail-soft, 315
fair cryptosystems, 254
fairness, as a provision of the GDPR, 166
false acceptance rate (FAR), 653
false alarms, 823
false positive, 822–823
false rejection rate (FRR), 653
familiarity, as a social engineering principle, 84
Family Educational Rights and Privacy Act (FERPA), 54, 164
Faraday cage, 368
Fast Identity Online (FIDO) Alliance, 657
fat access point, 529
fault injection attack, 297
fault tolerance, 343, 623, 875–880
fax security, 602
Federal Cybersecurity Laws (2014), 151–152
Federal Emergency Management Agency (FEMA), 126, 866
Federal Information Processing Standard (FIPS)
- 140-2, “Security Requirements for Cryptographic Modules,” 224
- 185, the Escrowed Encryption Standard (EES), 249

Federal Information Security Management Act (FISMA, 2002), 150–151
Federal Information Systems Modernization Act (FISMA, 2014), 151
Federal Sentencing Guidelines, 150
federated identities, 660–662
feedback, 326
feedback loop characteristics, 956–957
fences, 477–479
fiber-optic cables, 562–563
fiber-optic links, 624
Fibre Channel over Ethernet (FCoE), 523–524
Fibre Channel over I (FCIP), 524
field-powered proximity device, 458
field-programmable gate array (FPGA), 387
fields, in databases, 974
file inclusion attacks, 1020
file infector viruses, 997
File Transfer Protocol (FTP), 294, 506
Filtered port, 733
filters, 682
financial attacks, 926
fingerprints, 652
finite state machine (FSM), 325
fire detection systems, 473–474
fire extinguishers, 472–473
fire prevention, detection, and suppression, 470–476
fire triangle, 470–471
fires, 868, 869–870
firewall logs, 836
firewalls
- about, 550–554
- basic guidelines for, 832–833
- as Rule-Based Access Controls, 686

firmware
- about, 370–372
- custom, 418

firmware over-the-air (OTA) updates, 418–419
First Street Foundation's Flood Factor, 126
5-4-3- rule, 562
500-year floodplain, 866
fixed-temperature detection systems, 473
Flame Stage, of fire, 471–472
flame-actuated systems, 473
flash memory, 362, 374
Flexible Authentication via Secure Tunneling (EAP-FAST), 584
floods, 865–867
fog computing, 385–386
for official use only (FOUO), 182
foreign keys, 976
forensics
- for mobile devices, 423
- procedures for, 916–919

forward proxy, 555
Fourth Amendment, 160, 921
fraggle attacks, 816–817
frame, 500
Freedom of Information Act (FOIA), 182
frequency analysis, 233, 298–299
Frequency Hopping Spread Spectrum (FHSS), 537
full backups, 893
full tunnel VPN, 607
full-device encryption (FDE), 410
full-disk encryption (FDE), 286
Full-duplex mode, 501
full-interruption test, 900
fully qualified domain names (FQDN), 510
function as a service (FaaS), 406
function coverage, 752
function recovery, 879
functional priorities, 881–882
functional requirements determination, 953
FutureWave, 374
fuzz testing, 26, 749–751

G
gait analysis, 461
Galbraith's Star Model, 336
Galois/Counter Mode (GCM), 245
gamification, 98–99
Gantt charts, 964
gas discharge systems, 475–476
gates, 477–479
General Data Protection Regulation (GDPR), 54, 166–167, 207
generational (intelligent) fuzzing, 749
Generic Routing Encapsulation (GRE), 608
geofencing, 413
geolocation data, 412
geostationary orbit (GEO), 543
geotagging, 412–413
Global Positioning System (GPS), 412–413
Global Privacy Standard (GPS), 319
goals
- aligning security function with, 17–19
- of business continuity planning (BCP), 133
- for email security, 597–598

Goguen-Meseguer model, 335
Golden Ticket, 710–711
Good Practice Guidelines (GPG), 890
Google, 591, 658, 663
Google Authenticator, 655
Google v. Oracle, 156
governance, in Software Assurance Maturity Model (SAMM), 961
Graham-Denning model, 335–336
Gramm-Leach-Bliley Act (GLBA, 1999), 54, 163
Grandfather-Son (GFS) strategy, 896
graph databases, 983
gratuitous ARP, 520
Gray-Box Penetration Test, 744, 969–970
greatest lower bound (GLB), 329
grid computing, 377–378
grudge attacks, 927–928
guard dogs, 480–481
guidelines, 24–25

H
hackers, 699
hacktivists, 928–929
Half-duplex mode, 501
halon, 475–476
hard drives, protecting, 875–877
hard-coded credentials, 1033–1034
hardening provisions, 130
hardware
- about, 356
- asset inventories for, 774–775
- data storage devices, 366–367
- emanation security, 367–369
- failures of, 872
- input/output devices, 369–370
- memory, 362–366
- processor, 356–361
- replacement options for, 886–887
- secure operation of, 546–547

hardware address, 503
hardware security modules (HSMs), 284
hardware segmentation, 427
hardware/embedded device analysis, 918–919
Harrison-Ruzzo-Ullman (HRU) model, 336
hash functions
- about, 271–272
- comparing value lengths, 274
- MD5 algorithm, 273
- RIPE Message Digest (RIPEMD), 273–274
- Secure Hash Algorithm (SHA), 272–273

Hash-based Message Authentication Code (HMAC), 276–277, 609
hashing, 1029
hashing algorithms, 244
Health Information Technology for Economic and Clinical Health Act (HITECH, 2009), 162
Health Insurance Portability and Accountability Act (HIPAA, 1996), 54, 161, 181, 838
hearsay rule, 915–916
heartbeat sensor, 458
heat map, 531
Heat Stage, of fire, 471–472
heat-based motion detector, 459
Hertz (Hz), 536
hierarchical databases, 973–974
hierarchical environment, 689
hierarchical storage management (HSM), 896
high-impact baseline, 209
high-performance computing (HPC) systems, 382–383
HMAC-based One-Time Password (HOTP), 656
hoax messages, 90–91
hoaxes, 999
homograph attack, 515
homomorphic encryption, 297
honeynets, 828–829
honeypots, 828–829
hookup, 326
hop limit field, 517
horizontal distribution system, 454
host-based firewall, 554
host-based intrusion detection systems (HIDSs), 825–827
hostname, 510
host-to-host VPN, 605
hot aisle, 468
hot sites, 884–885
hotspots, for mobile devices, 425
hubs, 547
human-made disasters, 869–874
humidity considerations, 467–470
hurricanes, 867–868
hybrid assessment/analysis, 62
hybrid attack, 704
hybrid cloud deployment model, 783
hybrid cryptography, 243, 269, 285
hybrid environment, 689
hybrid federation, 661–662
hybrid warfare, 95
“Hybrid Warfare” report, 95
Hypertext Transfer Protocol (HTTP), 507
Hypertext Transfer Protocol Secure (HTTPS), 290, 507
hypervisor, 397, 403–405

I
iBeacon, 413
IDEAL model, 962–963
identification
- in Electronic Discovery Reference Model (EDRM), 912
- in security process, 8, 9

identification cards, 456–457
identity and access management (IAM), 47, 318
identity and authentication
- about, 639, 668–669
- accountability, 644–645
- authorization, 644–645
- comparing subjects and objects, 642–643
- controlling access to assets, 639–641
- defining new roles, 667–668
- deprovisioning, 666–667
- device authentication, 657–658
- establishment of, 643–644
- exam essentials, 669–670
- implementing identity management (IdM), 659–664
- managing, 641–659
- multifactor authentication (MFA), 655
- mutual authentication, 659
- offboarding, 666–667
- onboarding, 665–666
- passwordless authentication, 656–657
- proofing, 643–644
- provisioning lifecycle, 664–668, 664–680
- registration, 643–644
- review question answers, 1078–1080
- review questions, 672–675
- service authentication, 658
- something you are factor of authentication, 645, 651–655
- something you have factor of authentication, 645, 650–651
- something you know factor of authentication, 645, 647–650
- two-factor authentication with Authenticator apps, 655–656
- written lab, 671
- written lab answers, 1110–1111

identity as a service (IDaaS), 662–663
identity fraud, 93–94
identity management (IdM)
- about, 659
- credential management systems, 662–663
- credential manager apps, 663
- federated identities, 660–662
- scripted access, 663
- session management, 663–664
- single sign-on (SSO), 659–662

identity theft, 93–94
Identity Theft and Assumption Deterrence Act (1998), 164
Identity Theft Resource Center (ITRC), 186
immediate addressing, 364
immutable architecture, 396
impact analysis, 126–128
impersonation. See spoofing
Implement phase, in Risk Management Framework (RMF), 79–81
implementation attack
- about, 297
- in Software Assurance Maturity Model (SAMM), 961

implementing countermeasures, 72–74
implicit deny, 414, 551, 679
Implicit SMTPS, 601
importance, statement of, 133
import/export laws, 158–159
incident prevention and response
- about, 803, 851–852
- automating, 845–851
- conducting incident management, 803–809
- exam essentials, 852–855
- implementing detective and preventive measures, 809–834
- logging and monitoring, 834–845
- review question answers, 1086–1089
- review questions, 856–859
- written lab, 855
- written lab answers, 1113

incipient smoke detection systems, 474
Incipient Stage, of fire, 471–472
incremental attacks, 431–432
incremental backups, 893
independent service set identifier (ISSID), 529
indirect addressing, 365
industrial camouflage, 450
industrial control system (ICS), 378–380
industrial espionage, 925
Industrial Internet of Things (IIoT), 385
industry standards, 912
inference, in databases, 980–981
influence campaigns, 94–96
information
- controlling access to, 639
- eliciting, 85
- ownership of, 774

Information disclosure, in STRIDE threat model, 27
information flow model, 325
information gathering and discovery phase, in penetration testing, 743
information governance, in Electronic Discovery Reference Model (EDRM), 912
information security officer (ISO), 17
information security (InfoSec) officer role, 21
information security (InfoSec) team, 17
information systems (IS), 3
information technology (IT), 3
Information Technology Infrastructure Library (ITIL), 23
Information Technology Security Evaluation Criteria (ITSEC), 337
InfraGard program, 923
infrastructure
- BCP and, 130–131
- failures of, 871–872
- for mobile devices, 424

infrastructure as a service (IaaS), 782
infrastructure as code (IaC), 395–396
infrastructure mode, 528
inherent risk, 68
inheritance, 947
initialization vector (IV), 542
initiating, in IDEAL model, 962
injection vulnerabilities
- about, 1012
- code injection attacks, 1016
- command injection attacks, 1016–1017
- SQL injection attacks, 1012–1016

in-memory analysis, 917
input blacklisting, 1025
input points, in decomposition process, 29
input validation, 948–949, 1021, 1025–1027
input whitelisting, 1025
input/output devices, 369–370
insecure direct object reference, 1018
insider threat, 927–928
instance, 947
instant messaging (IM), 594–595
Institute of Electrical and Electronics Engineers (IEEE), 503
intangible inventories, 775–776
integrated development environment (IDE), 945–946
integrated level, of Risk Maturity Model (RMM), 78
Integrated Product Teams (IPTs), 959
Integrated Services Digital Network (ISDN), 623
integration platform as a service (iPaaS), 403
integrity
- in CIA Triad, 6, 641
- as a goal of cryptography, 221–222
- measurement of, 1030–1031
- monitoring, 1008

integrity verification procedure (IVP), 333
intellectual property (IP) laws, 152–157
interactive application security testing (IAST), 748
interactive online learning environment, xliv
interconnection security agreement (ISA), 619
Interface Definition Language (IDL), 381
interfaces
- about, 343
- testing, 751

interference, 880
Interior Gateway Routing Protocol (IGRP), 503
intermediate distribution facilities, 454
intermediate distribution frame (IDF), 454
Intermediate System to Intermediate System (IS-IS), 503
internal audits, 728
internal networks, implementing authentication on, 696–697
internal security controls
- about, 481
- combination locks, 481–482
- environment safety, 482
- keys, 481–482
- life safety, 482
- regulatory requirements, 482

internal segmentation firewalls (ISFWs), 318, 554
International Data Encryption Algorithm (IDEA), 248–249
International Electrotechnical Commission (IEC), 23, 380
International Organization for Standardization (ISO), 23, 340, 731
International Traffic in Arms Regulations (ITAR), 159
Internet
- ethics and, 931–933
- files cache, 375
- implementing authentication on, 691–694

Internet Architecture Board (IAB), 932
Internet Assigned Numbers Authority (IANA), 833
Internet Control Message Protocol (ICMP), 519
Internet Group Management Protocol (IGMP), 519
Internet Key Exchange (IKE), 609
Internet Message Access Protocol (IMAP), 506, 597
Internet of Things (IoT), 383–385, 813
Internet Protocol (IP) networking
- about, 516
- Internet Control Message Protocol (ICMP), 519
- Internet Group Management Protocol (IGMP), 519
- IP classes, 517–519
- IPv4 vs. IPv6, 516–517

Internet Protocol Security (IPsec), 521, 609
Internet Security Association and Key Management Protocol (ISAKMP), 609
internet service providers (ISPs), 164
Internet Small Computer System Interface (iSCSI), 524
interrogations, during investigations, 922
interviews, during investigations, 922
intimidation, as a social engineering principle, 83
intrusion alarms, 459–460
intrusion detection systems (IDSs)
- about, 458–459, 820–821
- behavior-based detection, 821–823
- host-based, 825–827
- intrusion alarms, 459–460
- knowledge-based detection, 821–823
- motion detector/motion sensor, 459
- network-based, 825–827
- response to, 824
- secondary verification mechanisms, 460

intrusion prevention systems (IPSs), 820–821, 827–828
inventory control, 416
investigations
- about, 910, 933
- computer crime categories, 923–929
- evidence, 913–919
- exam essentials, 934–935
- monitoring and, 839
- process for, 919–923
- review question answers, 1091–1093
- review questions, 936–939
- types, 910–913
- written lab, 935
- written lab answers, 1114

invoice scams, 90
iOS devices, 408
IP address, 509
IP configuration, 513
IP Payload Compression (IPComp), 609
IP security (IPsec) protocol, 294–295
iris scans, 652
ISACA
- Risk IT Framework, 81
- website, 22

(ISC)²
- about, xxxvii–xxxviii
- Code of Ethics, 930–931

(ISC) ² CISSP Certified Information Systems Security Professional Official Practice Tests, 3rd Edition, xlii
ISO/IEC 15408, 337
ISO/IEC 27005 “Information technology - Security techniques - Information security risk management,” 80
ISO/IEC 31000 document “Risk management - Guidelines,” 80
ISO/IEC 31004 “Risk management - Guidance for the implementation of ISO 31000,” 80
isolation
- in ACID model, 978
- in CIA Triad, 321
- confidentiality and, 5

IT as a service (ITaaS), 402
IT closets, 455–458
ITIL Core, 786

J
jailbreaking, 417–418, 832
jamming, 542
Japanese Purple Machine, 299
Java, 373
JavaScript, 373–374
JavaScript Object Notation (JSON) Web Token (JWT), 693
jitter, 880
job descriptions/responsibilities, 45–46
job rotation, 768, 769
jump server, 548
jumpbox, 548
just-in-time (JIT) provisioning, 662

K
KeePass, 663
Kerberoasting, 711
Kerberos, 521, 695–697, 710–711
Kerberos Brute-Force, 711
Kerberos Principal, 696
Kerberos Realm, 696
Kerckhoffs's Principle, 223
kernel mode, 359
kernels, 324, 358
key distribution, symmetric key algorithms and, 240
Key Distribution Center (KDC), 695
key escrow, 230, 254
key performance indicators (KPIs)
- of physical security, 483
- in security management process, 755–756

key space, 223
keyboards, as input/output devices, 370
keys
- about, 481–482
- length of, 266–267
- management of, 419
- recovery of, 254

keystroke monitoring, 843
key/value stores, 983
kill chain model, 847–848
Kim, Gene
- The Phoenix Project: A Novel About IT, DevOps, and Helping Your Business Win, 967

KISS principle, 316–317
knowledge-based detection, 821–823
knowledge-based systems
- about, 984
- expert systems, 984–985
- machine learning (ML), 985–986
- neural networks, 986

known plaintext attacks, 299

L
L3 switch, 610
labels, 322
LAN extenders, 548
land attack, 817
large-scale parallel data systems, 376–377
last login notification, 714
latency, 880
lattice-based access control, 329
law enforcement, calling in, 920
lawfulness, as a provision of the GDPR, 166
laws, regulations, and compliance
- about, 144, 171–172
- Canadian privacy laws, 167–168
- categories of laws, 144–147
- compliance, 169–170
- computer crime, 147–152
- contracting, 171
- European Union privacy law, 165–167
- exam essentials, 172–173
- import/export, 158–159
- intellectual property (IP), 152–157
- licensing, 158
- privacy, 160–168
- procurement, 171
- review question answers, 1051–1053
- review questions, 174–178
- state privacy laws, 168–169
- written lab, 173
- written lab answers, 1102

Layer 2 Tunneling Protocol (L2TP), 608
layering. See defense in depth
LDAP injection attack, 1016
learning, in IDEAL model, 962
learning rule, 986
leased line, 622
least significant bit (LSB), 292
least upper bound (LUB), 329
legacy attacks, 817
legal concerns, for mobile devices, 424
legal requirements, for BCP, 120–121
Let's Encrypt!, 279
libraries, 945
licensing laws, 158
life safety, 482
light fidelity (LiFi), 543
lighting, 479–480
lightweight cryptography, 296
Lightweight Directory Access Protocol (LDAP), 660
Lightweight Extensible Authentication Protocol (LEAP), 531, 533, 583
likelihood assessment, 125–126
limit check, 948
Line Printer Daemon (LPD), 507
line-interactive UPS, 466
link encryption, 294
link encryption VPN, 605
link state routing protocols, 503
load balancing, 376, 595–596
load persistence, 596
local alarm system, 460
local area network (LAN), 559, 567–569
local file inclusion attacks, 1020
location services, 412–413
lock picking, 481
Lockheed Martin, 848
lockout, for mobile devices, 411
locks, 481–482
log analysis, 840
log cycling, 844
log management, 844
log reviews, 753–754
logging
- about, 834, 950
- common types, 835–836
- data protection, 836–837
- techniques for, 834–835

logic bombs, 999–1000
logical access, controlling, 640
logical controls, 73
logical operations, 225–227
logical topology, 563
logistics, in disaster recovery planning (DRP), 897
loop coverage, 752
loopback address, 518, 618
lost updates, 979
low Earth orbit (LEO), 543
low-impact baseline, 208

M
MAC address, 509
MAC cloning, 613–614
MAC filtering, 534, 613
MAC flooding attack, 613
MAC limiting, 613
MAC spoofing, 509, 613
machine language, 944
machine learning (ML), 846–847, 850–851, 985–986
macro viruses, 997–998
magnetic stripe cards, 457
mail storm, 599
main distribution frame (MDF), 454
maintenance
- in BCP documentation, 136
- change management and, 955
- for disaster recovery planning (DRP), 899–902

malicious code and application attacks
- about, 994, 1035
- application attacks, 1009–1011
- application security controls, 1025–1031
- authorization vulnerabilities, 1017–1020
- exam essentials, 1035–1036
- injection vulnerabilities, 1012–1017
- malware, 994–1006
- malware prevention, 1006–1009
- review question answers, 1095–1097
- review questions, 1037–1040
- secure coding practices, 1031–1034
- web application vulnerabilities, 1020–1025
- written lab, 1036
- written lab answers, 1115

malicious scripts, 1005–1006
malicious software, 831
malware
- about, 772, 994
- adware, 1004
- logic bombs, 999–1000
- malicious scripts, 1005–1006
- preventing, 1006–1009
- ransomware, 1004–1005
- sources of malicious code, 995
- spyware, 1004
- Trojan horses, 1000–1001
- viruses, 995–999
- worms, 1001–1004
- zero-day attacks, 1006

malware inspection, 555
managed detection and response (MDR) services, 1009
managed services
- accounts for, 701
- in the cloud, 779–782

management controls. See administrative controls
managerial controls. See administrative controls
Mandatory Access Control (MAC), 682, 687–689
mandatory vacations, 48, 768
Manifesto for Agile Software Development, 958–959
man-in-the-middle (MiTM) attack, 300, 513, 819–820
manual recovery, 879
marking sensitive data, 190–192
masquerading. See spoofing
massive parallel processing (MPP), 376–377
master boot record (MBR), 996–997
maximum tolerable downtime (MTD), 123, 453
maximum tolerable outage (MTO), 123, 453
MD5 algorithm, 273
mean time between failures (MTBF), 453–454
mean time to failure (MTTF), 453–454, 778–779
mean time to repair (MTTR), 453
measured boot, 371
media
- analysis of, 916–917
- management of, 776
- managing lifecycle of, 778–779
- protection techniques for, 776–777
- storage facilities for, 462–463

Media Access Control (MAC) address, 503
mediated-access model, 359
medium Earth orbit (MEO), 543
meet in the middle attacks, 300
Meltdown memory error, 341–342
memorandum of agreement (MOA), 619
memorandum of understanding (MOU), 619
memory
- random access, 363
- read-only, 362
- secondary, 365–366

memory addressing, 364–365
memory dump file, 917
memory leaks, 1034
memory management, 1034
memory pointers, 1034
memory protection, 341–342
memory security issues, 366–367
mergers and acquisitions, 19–20
Merkle-Hellman Knapsack algorithm, 266
mesh topology, 565
message, 947
message digest, 271
metacharacters, 1026
Metasploit Framework, 743–744
method, 947
metropolitan area network (MAN), 606
mice, as input/output devices, 370
microcode. See firmware
microcontrollers, 386
microprocessor, 356
MicroSD, 410
microsegmentation, 318, 526–527
microservices, 394–395
Microsoft Security Development Lifecycle (SDL), 26
military and intelligence attacks, 924–925
Mimikatz, 708–709
Mirai malware, 813
mirroring, 876
mission, aligning security function with, 17–19
misuse case testing, 751–752
mitigation, of incidents, 806–807
MITRE ATT&CK Matrix, 848–849
mnemonics, 500
mobile application management (MAM), 414
mobile code, 372–374
mobile content management (MCM) system, 414
mobile device management (MDM), 409
mobile devices
- about, 406–407
- Android, 407–408
- application control/management, 414
- asset tracking, 416
- bring your own device (BYOD), 420
- carrier unlocking, 418
- choose your own device (CYOD), 421
- communication protection, 410–411
- connection methods, 417
- content management system (CMS), 414
- corporate-owned, personally enabled (COPE), 420–421
- corporate-owned business-only (COBO) strategy, 421
- corporate-owned mobile strategy (COMS), 421
- credential management, 419
- custom firmware, 418
- deployment policies, 420–426
- device authentication, 409–410
- device lockout, 411
- disabling unused features, 417
- firmware over-the-air (OTA) updates, 418–419
- full-device encryption (FDE), 410
- Global Positioning System (GPS), 412–413
- inventory control, 416
- iOS, 408
- jailbreaking, 417–418
- key management, 419
- location services, 412–413
- mobile device management (MDM), 409
- protecting, 778
- push notifications, 415
- remote wiping, 411
- removable storage, 416
- rooting, 417–418
- screen locks, 411–412
- security features for, 408–420
- sideloading, 418
- storage segmentation, 415–416
- text messaging, 419–420
- third-party application stores, 415
- with Wi-Fi capabilities, 539

mobile sites, 886
modems, 370, 547–548
moderate-impact baseline, 209
modification attacks, 626
modulo function, 227–228
Monitor phase, in Risk Management Framework (RMF), 79–81
monitoring
- accountability and, 838–839
- activity, 839
- audit trails, 838
- devices for, 772
- encrypted traffic, 826
- investigation and, 839
- measurement and, 76–77
- problem identification and, 840
- role of, 837
- security information and event management (SIEM), 841
- techniques for, 840–843

monitors, as an input/output device, 369
Morana, Marco M. (author)
- Risk Centric Threat Modeling: Process for Attack Simulation and Threat Analysis, 27–28

Morris, Robert Tappan, 1002–1003
motion detector/motion sensor, 459
multicast technology, 567
multicasting, 519
multicore, 357
multifactor authentication (MFA), 318, 409–410, 646, 655, 690, 713–714
multifunction devices (MFDs), 390, 554
multifunction printers (MFPs), 369
multilayer protocols
- about, 522–523
- converged protocols, 523–524
- implications of, 522–526
- software-defined networking (SDN), 525–526
- Voice over Internet Protocol (VoIP), 524–525

multilayer switch, 610
multimedia collaboration, 593–595
multipartite viruses, 998
multiparty risk, 52
multiprocessing, 357
multiprogramming, 357
Multiprotocol Label Switching (MPLS), 524
multitasking, 356–357
multithreading, 357
mutation (dumb) fuzzing, 749
mutual assistance agreements (MAAs), 887–888
mutual authentication, 659

N
narrow-band wireless, 543
NAT traversal (NAT-T), 555, 616
National Cybersecurity Protection Act, 152
National Information Infrastructure Protection Act (1996), 149–150
National Institute of Standards and Technology (NIST)
- Cybersecurity Framework (CSF), 23, 79, 151
- Federal Information Processing Standards (FIPS), 837
- FISMA implementation guidelines, 150–151
- Risk Management Framework (RMF), 23, 79–81
- SMS for 2FA, 656
- SP 800-18, 205
- SP 800-30r1 Appendix D, “Threat sources,” 60
- SP 800-30r1 Appendix E, “Threat events,” 60
- SP 800-34, Contingency Planning Guide for Federal Information Systems, 890
- SP 800-53, 14–15
- SP 800-53 Rev. 5, “Security and Privacy Controls for Information Systems and Organizations,” 22, 76, 151, 208
- SP 800-53A: Assessing Security and Privacy Controls in federal Information Systems Organizations: Building Effective Assessment Plans, 727
- SP 800-53B, 209–210
- SP 800-61, Computer Security Incident Handling Guide, 803–804, 805, 901
- SP 800-63B, “Digital Identity Guidelines: Authentication and Lifecycle Management,” 644, 648–649
- SP 800-86, Guide to Integrating Forensic Techniques into Incident Response, 913
- SP 800-88 Rev. 1, “Guidelines for Media Sanitization,” 194
- SP 800-94, Guide to Intrusion Detection and Prevention Systems, 821, 824
- SP 800-100, 14–15
- SP 800-115, FedRAMP Penetration Test Guidance, 745
- SP 800-122, Guide to Protecting the Confidentiality of Personally Identifiable Information (PII), 180, 181
- SP 800-145, The NIST Definition of Cloud Computing, 782
- SP 800-171: Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations, 151
- SP 800-207, “Zero Trust Architecture,” 318–319
- website, 732

National Software Reference Library (NSRL), 918
natural access control, 451
natural disasters, 864–869
natural surveillance, 451
natural territorial reinforcement, 451–452
“Navigating Digital Information” YouTube series, 96
near-field communication (NFC), 539
need-to-know principle, 680, 765–766
network access control (NAC), 549–550
network address and port translation (NAPT). See port address translation (PAT)
network address translation (NAT)
- about, 614–616
- Automatic Private IP Addressing (APIPA), 617–618
- private IP addresses, 616–617
- stateful NAT, 617

Network Address Translation-Protocol Translation (NAT-PT), 517
network analyzer. See protocol analyzer
network and port address translation (NPAT). See port address translation (PAT)
network architecture
- about, 497, 569–570
- Address Resolution Protocol (ARP), 519–520
- analyzing network traffic, 505–506
- Application layer protocols, 506–507
- cellular networks, 544
- communication protocols, 521, 543–544
- content distribution network (CDN), 545
- domain name system (DNS), 509–515
- exam essentials, 570–573
- implications of multilayer protocols, 522–526
- Internet Protocol (IP) networking, 516–519
- microsegmentation, 526–527
- network components, 545–569
- Open Systems Interconnection (OSI) Reference Model, 497–504
- review questions, 575–579
- TCP/IP model, 504–505
- Transport layer protocols, 508–509
- wireless networks, 527–542
- written lab, 574

network architecture and components
- review question answers, 1071–1074
- written lab answers, 1108

network components
- about, 545–546
- cabling, 559–563
- common equipment, 547–549
- content/URL filter, 555–556
- endpoint security, 556–559
- Ethernet, 565–566
- firewalls, 550–554
- hardware operation, 546–547
- network access control (NAC), 549–550
- proxy, 554–555
- sub-technologies, 566–569
- topology, 559, 563–566
- transmission media technology, 559

network discovery scanning, 732–737
network evaluator. See protocol analyzer
network failures, 871–872
Network File System (NFS), 507
network flow (NetFlow), 754
Network layer (layer 3), 502
network segmentation, 527
Network Time Protocol (NTP), 753, 839
network traffic, analyzing, 505–506
network vulnerability scanning, 737–739
network-based DLP, 190
network-based intrusion detection systems (NIDSs), 825–827
network-enabled devices, 388
neural networks, 986
Newman, Oscar (author)
- Creating Defensible Space, 452

next-generation firewall (NGFW), 374, 554, 833
next-generation secure web gateway (SWG), 553
NIC address, 503
nnn-nn-nnnn pattern, 189
noise considerations, 467
nonce, 228, 651
nondedicated line, 623
nondisclosure agreement (NDA), 48, 157
Nondiscretionary Access Control, 683–685
noninterference model, 326
non-IP protocols, 502
nonlinear warfare, 95
nonrepudiation
- as a goal of cryptography, 222
- risks of, 8
- symmetric key algorithms and, 240

nontransparent proxy, 555
nonvolatility, of storage devices, 366
north-south traffic, 546
NoScript, 374
NoSQL databases, 982–983
NOT operation, 226
notification alarms, 459
nuisance alarm rate (NAR), 477
NULL pointer, 1034

O
OAuth, 692, 694
obfuscation, 1028–1029
object evidence, 913–914
objectives, aligning security function with, 17–19
object-oriented programming (OOP), 946–948, 974
objects
- compared with subjects, 642–643
- defined, 678
- in secure design, 311–312

Oblivious DoH (ODoH), 511
occupant emergency plans (OEPs), 482
offboarding, 49–52, 423, 666–667
offline distribution, 252–253
offsite storage, in disaster recovery planning (DRP), 892–896
off-the-shelf solutions, 354
omnidirectional antenna, 534
onboard camera/video, for mobile devices, 424–425
onboarding, 47–48, 423, 665–666
100-year floodplain, 866
one-time pads, 234–236
onetime passwords, 651
one-way functions, 228
Online Certificate Status Protocol (OCSP), 280–281, 282
on-path attack. See man-in-the-middle (MiTM) attack
on-premises federated identity management system, 661
on-site assessment, for evaluation of third parties, 20
Open Database Connectivity (ODBC), 982–983
Open port, 733
open relay, 597
Open Shortest Path First (OSPF), 503
open source, 313
open source software (OSS), 972
open system authentication (OSA), 531
open systems, 312–313
Open Systems Interconnection (OSI) Reference Model
- deencapsulation, 498–500
- encapsulation, 498–500
- functionality of, 498
- history of, 497
- layers, 500–504

Open Vulnerability and Assessment Language (OVAL), 732
Open Web Application Security Project (OWASP), 664, 739, 950, 961, 1017
OpenID, 693
OpenID Connect (OIDC), 693–694
OpenPGP, 601
OpenSSL library, 945
OpenVPN, 608
operating modes, for processors, 361
operating states, 359–361
operational plan, 19
operational technology (OT), 378–380
Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE), 81
operations, in Software Assurance Maturity Model (SAMM), 961
operator role, 22
Optical Carrier (OC), 624
optimized level, of Risk Maturity Model (RMM), 78
OR operations, 225–226
Organization for the Advancement of Structured Information Standards (OASIS), 691
organizational code of ethics, 929–930
organizational processes, 19–20
organizational responsibility, statement of, 133–134
organizational review, 116
organizational roles and responsibilities, 21–22
organizationally unique identifier (OUI), 503
Orthogonal Frequency-Division Multiplexing (OFDM), 537
OS-virtualization. See containerization
out-of-band pathway, 527
output encoding, 1022
Output Feedback (OFB) mode, 245
outsourcing, 53
overloaded NAT. See port address translation (PAT)
Overpass the Hash, 710
overprotection, 8
overwriting media, 196

P
P7B certificates, 283
packet loss, 880
packet switching, 620–621
packet-capturing utility. See protocol analyzer
Padding Oracle On Downgraded Legacy Encryption (POODLE), 290–291
pagefile, 365–366
paging, 365–366
palm scans, 652
pan, tilt, and zoom (PTZ), 461
pandemics, 869
parallel computing, 376–377
parallel data systems, 376–377
parallel test, 900
parameter pollution, 1026–1027
parameterized queries, 1028
Pass the Ticket, 710
passive audio detector, 459
passive infrared (PIR) motion detector, 459
passive monitoring, 752
passive proximity device, 457
passive response, to intrusion detection systems (IDSs), 824
pass-the-hash (PtH) attack, 709–710
password attacks
- about, 703–704
- birthday attack, 706–707
- brute-force attack, 704–705
- credential stuffing attack, 706
- dictionary attack, 704
- Kerberos exploitation attack, 710–711
- Mimikatz, 708–709
- pass-the-hash (PtH) attack, 709–710
- rainbow table attack, 707–708
- sniffer attack, 711–712
- spraying attack, 706

Password Authentication Protocol (PAP), 583
password masking, 713
password policy, 647–648
password vault, 419
Password-Based Key Derivation Function 2 (PBKDF2), 707
passwordless authentication, 656–657
patch management
- about, 789–791
- for mobile devices, 422

Patch Tuesday, 791
patches, 789
patents, 155–156
path vector routing protocol, 503
pattern-matching detection, 821–823
Payment Card Industry Data Security Standard (PCI DSS), 53, 169–170, 210, 648, 650, 834, 912
peer layer communication, 499
peer-to-peer (P2P) technologies, 378
penetration testing, 742–745
people, BCP and, 129–130
pepper, 708
perfect forward secrecy, 291–292
perimeter intrusion detection and assessment system (PIDAS), 477
perimeter security controls
- about, 477
- access control vestibules, 477–479
- fences, 477–479
- gates, 477–479
- guard dogs, 480–481
- lighting, 479–480
- security guards, 480–481
- turnstiles, 477–479

period analysis, 234
permanent address, 509
permanent virtual circuits (PVCs), 621–622
permissions, 678
persistence, 596
persistent online authentication, DRM and, 199
personal (PER), 532
Personal Information Exchange (PFX) format, 283
Personal Information Protection and Electronic Documents Act (PIPEDA), 167–168
personally identifiable information (PII), 180
personnel and communications, in disaster recovery planning (DRP), 891–892
personnel safety and security
- about, 771
- duress, 771–772
- emergency management, 773
- security training and awareness, 773
- travel, 772–773

personnel security and risk management
- about, 45, 100–101
- applying risk management concepts, 55–81
- exam essentials, 101–106
- personnel security policies and procedures, 45–54
- review question answers, 1045–1049
- review questions, 107–111
- security awareness, education, and training program, 96–100
- social engineering, 81–96
- written lab, 106
- written lab answers, 1100–1101

personnel security policies and procedures
- about, 45
- candidate screening and hiring, 46–47
- compliance policy requirement, 53
- consultant agreements, 52–53
- contractor agreements, 52–53
- employee oversight, 48–49
- employment agreements, 47–48
- job descriptions and responsibilities, 45–46
- offboarding, 49–52
- onboarding, 47–48
- privacy policy requirements, 54
- termination, 49–52
- transfers, 49–52
- vendor agreements, 52–53

phishing, 85–86
phishing simulation, 86, 755
The Phoenix Project: A Novel About IT, DevOps, and Helping Your Business Win (Kim, Behr, and Spafford), 967
phone number spoofing, 713
photoelectric motion detector, 459
phreaking, 588–589
physical access, controlling, 640
physical address, 503
physical controls, 74
physical controls for physical security, 452
physical interface, 751
Physical layer (layer 1), 504
physical security
- about, 448, 484
- exam essentials, 484–488
- implementing and managing, 476–483
- review question answers, 1067–1070
- review questions, 489–493
- site and facility design, 448–452
- site and facility security controls, 452–476
- written lab, 488
- written lab answers, 1106–1107

physical topology, 563
physically hardening systems, 131
picketing, 873
piggybacking, 91–92
ping flood attacks, 817
ping-of-death attack, 817
PKI and cryptographic applications
- about, 264, 301–302
- applied cryptography, 285–297
- asymmetric cryptography, 264–271
- asymmetric key management, 284
- cryptographic attacks, 297–301
- digital signatures, 275–277
- exam essentials, 302–303
- hash functions, 271–274
- hybrid cryptography, 285
- public key infrastructure, 277–283
- review question answers, 1058–1059
- review questions, 304–307
- written lab, 303
- written lab answers, 1104

plain view doctrine, 920
plaintext message, 223
planning phase, in penetration testing, 743
platform as a service (PaaS), 782
playbook, 846
plenum, 469
pointer, 365
pointer dereferencing, 1034
point-to-point link, 622
Point-to-Point Protocol (PPP), 582–583
Point-to-Point Tunneling Protocol (PPTP), 607
policy review, for evaluation of third parties, 20
policy violation, 99–100
polling, 568–569
polyinstantiation, 981
polymorphic viruses, 999
polymorphism, 947
port address translation (PAT), 615
port forwarding. See NAT traversal (NAT-T)
port isolation, 611
port tap, 612
portable devices, 285–286
PortableDocument Format (PDF), 199
ports
- defined, 584
- security of, 585

position descriptions, 45–46
positive air pressure, 469
Post Office Protocol (POP3), 506, 597
postwhitening, 251
power conditioner, 465
power considerations, 465–467
power outages, 871
power sources, protecting, 878
power-line conditioner, 465
power-on self-test (POST), 362
PowerShell, privilege escalation with, 702
preaction system, 474
preliminary level, of Risk Maturity Model (RMM), 78
premises wire distribution room, 454
Prepare phase, in Risk Management Framework (RMF), 79–81
prepending, 85
preponderance of the evidence, 911
prequalifications, xxviii–xxxix
presentation, in Electronic Discovery Reference Model (EDRM), 912
Presentation layer (layer 6), 501
preservation, in Electronic Discovery Reference Model (EDRM), 912
preset locks, 481
preshared key (PSK), 532
Pretty Good Privacy (PGP), 287–289, 600, 601
preventative control. See preventive control
preventive control
- about, 74, 810
- basic measures, 810–811

prewhitening, 251
primary authoritative name server, 510
primary keys, 975
primary memory/storage, 366
principle of least privilege, 47, 680, 766–767
printers, as an input/output device, 369
priorities
- identifying, 122–123
- response and, 30–31
- statement of, 133

privacy
- confidentiality and, 5
- defined, 54
- for mobile devices, 423
- in the workplace, 164–165

Privacy Act (1974), 160–161
Privacy by Design (PbD), 319
“Privacy by Design - The 7 Foundational Principles: Implementation and Mapping of Fair Information Practices” (Cavoukian), 319
privacy control baseline, 209
Privacy Enhanced Mail (PEM) format, 283
privacy laws, 160–168
privacy policy requirements, 54
Privacy Shield, 167
private branch exchange (PBX), 589–590
private cloud deployment model, 782
private IP addresses, 616–617
private key cryptography. See cryptography and symmetric key algorithms
private keys, 240, 264–265
private label, 184
private port, 611
privilege creep, 668, 684
privilege escalation attacks, 700–702, 1011
privileged account management (PAM), 769–770
privileged mode, 359, 361
privileged operations, in decomposition process, 29
privileges, 679
proactive approach, to threat modeling, 26
problem identification, monitoring and, 840
problem state, 359–361
procedural controls. See administrative controls
procedures, 25
Process for Attack Simulation and Threat Analysis (PASTA) threat model, 27–28
process isolation, 426–427
process states, 359–361
processes
- for BCP, 129–131
- reviewing for evaluation of third parties, 20

processing, in Electronic Discovery Reference Model (EDRM), 912
processor, 356–361
procurement, 171
production, in Electronic Discovery Reference Model (EDRM), 912
Professional Practices library (website), 890
Program Evaluation Review Technique (PERT), 964
programmable logic controllers (PLCs), 378–380
programmable read-only memory (PROM), 362
programming languages, 943–945
project scope
- about, 115–116
- BCP team selection, 117–118
- legal requirements, 120–121
- organizational review, 116
- regulatory requirements, 120–121
- resource requirements, 119

promiscuous mode, 505
proprietary data, 181
proprietary label, 184
proprietary system, 460
protected cable distribution, 454
Protected Extensible Authentication Protocol (PEAP), 533, 583
protected health information (PHI), 162, 181
protection mechanisms
- about, 11
- abstraction, 12
- data hiding, 12–13
- defense in depth, 11
- encryption, 13

protection profiles (PPs), 338
protection rings, 358–359
protective distribution systems (PDSs), 454
protocol analyzer, 505, 626, 917–918
protocol data unit (PDU), 499–500
protocol security mechanisms
- about, 582
- authentication protocols, 582–585
- port security, 585
- quality of service (QoS), 585

provisioning
- for BCP, 129–131
- in configuration management (CM), 783

proximity devices, 457–458
proxy, 554–555
proxy auto-config (PAC) file, 555
proxy falsification, 513
proxy logs, 836
prudent person rule, 150
pseudo-flaws, 829
pseudonymization, 200–201, 202
PsExec, 710
PsTools, 710
public cloud deployment model, 782
public data, 184
public key encryption, 253
public key infrastructure (PKI)
- about, 277, 660
- certificate authorities (CAs), 279–280
- certificate lifecycle, 280–283
- certificates, 278

public keys, 264–265
public ledger, 381
public switched telephone network (PSTN), 369, 524–525, 586
purging media, 196
purpose limitation, as a provision of the GDPR, 166
push notifications, 415

Q
qualitative impact assessment, 121–122
qualitative risk analysis, 61–63
quality of service (QoS), 585, 880
quantitative impact assessment, 121–122
quantitative risk analysis, 61, 63–66
quantum computing, 270
quantum cryptography, 270–271
quantum key distribution (QKD), 270
quantum supremacy, 270
query, 512
Quick Response (QR) codes, 425–426

R
Radio Frequency Identification (RFID), 538
radio-frequency interference (RFI), 467
RadSec, 698
RAID, 876
rainbow table attack, 707–708
rainbow tables, 298
random access memory (RAM), 363
random access storage devices, 366
random ports, 508
ransomware, 1004–1005
Raspberry Pi, 387
rate-of-rise detection systems, 473
reactive approach, to threat modeling, 26
read-only memory (ROM), 362
read-through test, 899–900
ready state, 360
real evidence, 913–914
real memory, 363
real user monitoring (RUM), 752
Real-Tim Transport Protocol (RTP), 525
real-time operating system (RTOS), 383
reasonable expectation of privacy, 920
reciprocal agreements, 887–888
record retention, 197–198
recording microphone, for mobile devices, 425
recovery agents (RAs), 230, 254
recovery controls, 75
recovery phase, of incident response, 808
recovery point objective (RPO), 123
recovery strategy
- about, 880–881
- alternate processing sites, 883–888
- business unit, 881–882
- cloud computing, 887
- crisis management, 882
- database recovery, 888–889
- electronic vaulting, 888–889
- emergency communications, 882–883
- functional priorities, 881–882
- mutual assistance agreements (MAAs), 887–888
- remote mirroring, 889
- workgroup recovery, 883

recovery time objective (RTO), 123
reducing risk. See risk mitigation
reduction analysis, performing, 28–30
reference monitors, 324–325
reference profile, 654
reference template, 654
reflected XSS, 1021–1022
regeneration, symmetric key algorithms and, 241
register addressing, 364
registered domain name, 510
registered software ports, 508
registers, 364
registration authorities (RAs), 279
regulatory investigations, 911–912
regulatory requirements, 120–121, 482
rejecting risk. See risk rejection
relational databases, 974–977
release control, 965
relying party, 693
remediation phase
- in incident response, 808–809
- in vulnerability scanning, 742

remote access security management
- about, 590
- planning, 592–593
- remote connection security, 591–592
- telecommuting techniques, 591

remote access Trojan (RAT), 1000–1001
remote access VPN, 605
Remote Authentication Dial-in User Service (RADIUS), 697–698
remote connection security, 591–592
remote connectivity technique, 592
remote file inclusion attacks, 1020
remote meeting, 593–594
remote mirroring, 889
remote mode operation, 591
remote sanitization, 411
remote user assistance, 592–593
remote wiping, 411
remote-control remote access, 591
remotely triggered black hole (RTBH), 551
removable storage, 416
repeaters, concentrators, and amplifiers (RCAs), 547
repellent alarms, 459
replay attacks, 301, 542
reporting phase
- of incidents, 807–808
- investigations, 923
- in penetration testing, 743

Reproducibility, in DREAD system, 31
repudiation
- about, 222
- in STRIDE threat model, 27

reputation filtering, 602
request control, 965
request for comments (RFC), 932
request forgery attacks, 1023–1024
residual risk, 68
resource records, 510
resources
- exhausting, 1034
- prioritizing, in business impact analysis (BIA), 128
- protecting, 776–779
- requirements for BCP, 119

response, prioritization and, 30–31
responsibilities
- integrity and, 6
- organizational, 21–22

restoration, recovery vs., 897–898
restricted area security, 464–465
restricted interface model, 333, 343
restrictions, 682
retina scans, 652
Reverse Address Resolution Protocol (RARP), 827
reverse hash matching. See birthday attacks
reverse proxy. See NAT traversal (NAT-T)
review, in Electronic Discovery Reference Model (EDRM), 912
review question answers
- access control, 1080–1082
- asset security, 1053–1056
- business continuity planning (BCP), 1049–1051
- cryptography and symmetric key algorithms, 1056–1057
- disaster recovery planning (DRP), 1089–1091
- identity and authentication, 1078–1080
- incident prevention and response, 1086–1089
- investigations and ethics, 1091–1093
- laws, regulations, and compliance, 1051–1053
- malicious code and application attacks, 1095–1097
- personnel security and risk management, 1045–1049
- physical security requirements, 1067–1070
- PKI and cryptographic applications, 1058–1059
- secure communications and network attacks, 1075–1077
- secure network architecture and components, 1071–1074
- security assessment and testing, 1082–1084
- security governance, 1042–1045
- security models, design, and capabilities, 1060–1062
- security operations, 1084–1086
- software development security, 1093–1095
- vulnerabilities, threats, and countermeasures, 1062–1067

review questions
- access control, 718–721
- asset security, 214–218
- business continuity planning (BCP), 139–142
- cryptography and symmetric key algorithm, 258–261
- disaster recovery planning (DRP), 904–907
- ethics, 936–939
- identity and authentication, 672–675
- incident response, 856–859
- investigations, 936–939
- laws, regulations, and compliance, 174–178
- malicious code and application attacks, 1037–1040
- network architecture, 575–579
- personnel security and risk management, 107–111
- physical security, 489–493
- PKI and cryptographic applications, 304–307
- security and assessment testing program, 759–762
- security governance, 37–42
- security models, 348–352
- security operations, 797–800
- software development security, 989–992
- vulnerabilities, threats, and countermeasures, 441–445

revocation, digital certificate and, 281–283
rights, 679
Rijndael block cipher, 250
ring topology, 563
RIPE Message Digest (RIPEMD), 273–274
risk acceptance, 67, 134
risk analysis. See risk assessment
risk appetite, 67
risk assessment
- about, 60–66
- in BCP documentation, 134
- defined, 55

risk assignment, 67
risk avoidance, 67
risk awareness, 55
risk capacity, 67
Risk Centric Threat Modeling: Process for Attack Simulation and Threat Analysis (Velez and Morana), 27–28
risk deterrence, 67
risk frameworks, 79–81
risk identification, in business impact analysis (BIA), 123–124
risk indicators, in security management process, 755–756
risk log. See risk register
risk management
- about, 55
- asset valuation, 58–59
- continuous improvement, 77–78
- cost vs. benefit of security controls, 69–72
- countermeasure selection and implementation, 72–74
- defined, 700
- identifying threats and vulnerabilities, 60
- monitoring and measurement, 76–77
- risk assessment/analysis, 60–66
- risk frameworks, 79–81
- risk reporting and documentation, 77
- risk responses, 66–69
- security control assessment (SCA), 76
- terminology and concepts, 56–58

Risk Maturity Model (RMM), 78
risk mitigation, 67, 134
risk register, 77
risk rejection, 68
risk response, 55, 66–69
Risk-Based Access Control, 682, 689–690
risks
- defined, 57
- reporting and documentation of, 77

Rivest, Ronald, 265, 273
Rivest Cipher 4 (RC4), 249–250
Rivest Cipher 5 (RC5), 250
Rivest Cipher 6 (RC6), 250
Rivest ciphers, 249–250
Rivest-Shamir-Adleman (RSA) algorithm, 277
robot sentries, 481
rogue access points, 540
rogue DNS server, 512
Role-Based Access Control (RBAC), 681–685
roles, 21–22, 667–668
rollover logging, 844
root certificate, 279
rooting, 417–418
rootkits, 431, 1011
ROT3 cipher, 233
routers, 548
Routing Information Protocol (RIP), 503
routing protocols, 503
Royce, Winston, 956
RSA algorithm, 156, 265–266
rule of least power, 317
Rule-Based Access Control, 682, 686
rules of behavior, 205
runbook, 846
running key ciphers, 236–237
running state, 360
Runtime Application Self-protection (RASP), 748
runtime environment, 944

S
sabotage, 820
safe, 463
safeguards
- applicable types of, 74–76
- cost vs. benefit of, 69–72
- defined, 57
- selecting and implementing, 72–74

salami attack, 432
salting, 298
sampling, 754, 842
sandboxing, 320, 833
Sandvig v. Barr, 149
sanitizing, 367
Sarbanes-Oxley Act (SOX, 2002), 54, 170, 838
satellite communications, 543, 623
scalability, 241, 399, 783
Scam Me If You Can: Simple Strategies to Outsmart Today's Ripoff Artists (Abagnale), 98
scarcity, as a social engineering principle, 84
scenarios, creating, 62
Schneier, Bruce, 249
Schrems II, 167
Scientific Working Group on Digital Evidence, 919
scoping, tailoring compared with, 209–210
screen locks, 411–412
screen scraper/scraping, 591
screened host, 546
screened subnet, 545
screening router, 552
script kiddies, 928, 995
scripted access, 663
Scrum approach, 959
search warrant, 920, 921
seclusion, confidentiality and, 5
secondary authoritative name server, 510
secondary memory/storage, 365–366
secondary verification mechanisms, 460
secrecy, confidentiality and, 5
secret key attacker, 231
secret key cryptography. See cryptography and symmetric key algorithms
secret label, 182
secure boot, 371
secure defaults, 314
secure facility plan, 448–449
Secure Hash Algorithm (SHA), 272–273
Secure Key Exchange Mechanism (SKEME), 609
Secure Multipurpose Internet Mail Extensions (S/MIME), 600
Secure Real-Time Transport Protocol or Secure RTP (SRTP), 525
Secure Remote Procedure Call (S-RPC), 521
Secure Shell (SSH), 294, 521, 608
Secure Sockets Layer (SSL), 290, 521
secure state machine, 325
Secure/Multipurpose Internet Mail Extensions (S/MIME) protocol, 289
security. See also specific topics
- about, 3–4
- applying concepts, 4–13
- as a provision of the GDPR, 167

security and assessment testing program
- about, 725–727, 756
- building, 725–731
- exam essentials, 756–757
- implementing security management processes, 753–756
- performing vulnerability assessments, 731–746
- review question answers, 1082–1084
- review questions, 759–762
- testing software, 746–753
- written lab, 758
- written lab answers, 1111–1112

security as a service (SECaaS), 402
Security Assertion Markup Language (SAML), 691–692, 694
security association (SA), 295
security audits, 727–731
security awareness, 96–99
security baselines, 24–25, 208–210
security bollards, 479
security boundaries, 13–14
security capabilities
- about, 341
- encryption/decryption, 343
- fault tolerance, 343
- interfaces, 343
- memory protection, 341–342
- Trusted Platform Module (TPM), 342
- virtualization, 342

security champions, 98
security collector, 548
Security Content Automation Protocol (SCAP), 731
security control assessment (SCA), 76
security control characteristics, 624–625
security control frameworks, 22–23
security controls. See safeguards
security function
- about, 16
- alignment with business strategy, goals, mission, and objectives, 17–19
- due care, 23
- due diligence, 23
- organizational processes, 19–20
- organizational roles and responsibilities, 21–22
- security control frameworks, 22–23

security governance
- about, 3, 14–15, 33
- applying principles of, 14–16
- applying security concepts, 4–13
- documentation review, 15–16
- exam essentials, 33–36
- managing security function, 16–23
- review question answers, 1042–1045
- review questions, 37–42
- security, 3–4
- security boundaries, 13–14
- security policy, standards, procedures, and guidelines, 23–25
- supply chain risk management, 31–32
- third-party governance, 15
- threat modeling, 26–31
- written lab, 36
- written lab answers, 1100

security guards, 480–481
security guidelines, 24–25
security IDs, 456–457
security incident, 803
security information and event management (SIEM), 841
security kernels, 324, 358
security logs, 835
security management processes
- about, 753
- account management, 754
- awareness, 755
- business continuity, 754–755
- disaster recovery, 754–755
- key performance and risk indicators, 755–756
- log reviews, 753–754
- training, 755

security mechanisms
- about, 426
- hardware segmentation, 427
- process isolation, 426–427
- system security policy, 427–428

security models
- about, 310, 322–323, 343–344
- access control matrix, 327–328
- Bell-LaPadula model, 328–330
- Biba model, 330–332
- Brewer and Nash model, 334–335
- capabilities of information systems, 341–343
- Clark-Wilson model, 333–334
- design principles, 310–320
- ensuring CIA Triad, 320–322
- exam essentials, 344–347
- fundamental concepts of, 322–336
- Goguen-Meseguer model, 335
- Graham-Denning model, 335–336
- Harrison-Ruzzo-Ullman (HRU) model, 336
- information flow model, 325
- noninterference model, 326
- review question answers, 1060–1062
- review questions, 348–352
- state machine model, 325
- Sutherland model, 335
- systems requirements, 337–341
- take-grant model, 326–327
- trusted computing base (TCB) design principle, 323–325
- written lab, 347
- written lab answers, 1104–1105

security operations
- about, 765, 793–794
- applying resource protection, 776–779
- exam essentials, 794–796
- foundational concepts, 765–771
- job rotation, 768, 769
- managed services in the cloud, 779–782
- managing change, 785–788
- managing patches, 789–793
- mandatory vacations, 768
- need-to-know principle, 765–766
- performing configuration management (CM), 782–785
- personnel safety and security, 771–773
- principle of least privilege, 766–767
- privileged account management (PAM), 769–770
- provisioning resources securely, 773–776
- reducing vulnerabilities, 789–793
- review question answers, 1084–1086
- review questions, 797–800
- separation of duties (SoD) and responsibilities, 767
- service level agreements (SLAs), 771
- two-person control, 768
- written lab, 796
- written lab answers, 1112

security orchestration, automation, and response (SOAR), 845–846, 850–851
security perimeter, 324
security policy, 17, 24, 681
security procedures, 25
security product management, for mobile devices, 422
security professional role, 21
security questions, 643
security requirements
- about, 337
- Authorization to Operate (ATO), 340–341
- Common Criteria (CC), 337–340

security stance/approach, in decomposition process, 29
security standards, 24–25
security tests, 725–726
security through obscurity, 5, 12
security training and awareness, 97–99, 773
Security-Enhanced Android (SEAndroid), 408
segment, 500
Select phase, in Risk Management Framework (RMF), 79–81
self-signed certificates, 280
Sender Policy Framework (SPF), 600
Sendmail, 1002–1003
senior management, 18, 118
senior manager role, 21
sensitive compartmented information facility (SCIF), 465
sensitive data
- about, 184
- code repositories and, 971
- encryption of, 194
- identifying, 180–181
- marking, 190–192
- storing, 193–194

sensitivity, confidentiality and, 5
sensor, 548
separation of duties (SoD) and responsibilities, 681, 767
sequential access storage devices, 366
Serial Line Internet Protocol (SLIP), 583
server rooms, 455–458
server sprawl, 404
server vaults, 455–458
server-based systems
- about, 375–376
- grid computing, 377–378
- large-scale parallel data systems, 376–377
- peer to peer (P2P) technologies, 378

serverless architecture, 406
servers, protecting, 877–878
server-side request forgery (SSRF), 1024
service authentication, 658
service delivery objective (SDO), 453
service delivery platform (SDP), 395
service injection viruses, 998
Service Organization Control (SOC), 125, 729–730
service ports, 508
service set identifier (SSID), 529
service-level-agreements (SLAs), 20, 32, 52–53, 120–121, 453, 771, 971–972
service-oriented architecture (SOA), 394
services integration, 403
service-specific remote access, 591
session hijacking, 1024–1025
Session layer (layer 5), 501
session management, 663–664, 949
shadow IT, 404
Shamir, Adi, 265, 273
shared key authentication (SKA), 531
shared responsibility
- about, 354–355
- with cloud service models, 780–782

shielded twisted-pair (STP), 560
shimming, 481
Short Message Service (SMS) phishing, 88
shoulder surfing, 90, 464
shrink-wrap license agreements, 158
side-channel attack, 297
sideloading, 418
signage, 476
Signal Protocol, 521
signature-based detection, 821–823
Silver Ticket, 710
Simple Integrity Property, 330
Simple Mail Transfer Protocol (SMTP), 506, 596
Simple Network Management Protocol (SNMP), 507
Simple Security Property, 329
Simplex mode, 501
simulation test, 900
Simultaneous Authentication of Equals (SAE), 532
single point of failure (SPOF), 875
single sign-on (SSO), 659–662
single-factor authentication, 646, 655
single-loss expectancy (SLE), quantitative risk analysis and, 64–65
site and facility design
- about, 448, 450–452
- secure facility plan, 448–449
- site selection, 449–450

site and facility security controls
- about, 452–453
- access abuses, 462
- cameras, 460–461
- equipment failure, 453–454
- evidence storage, 463–464
- fire prevention, detection, and suppression, 470–476
- intrusion detection systems (IDSs), 458–460
- media storage facilities, 462–463
- restricted and work area security, 464–465
- server rooms/data centers, 455–458
- utility considerations, 465–470
- wiring closets, 454–455

site surveys, 530–531
site-to-site VPN, 605
Six Cartridge Weekly Backup strategy, 896
Skipjack algorithm, 249
smart devices, 383
smartcards, 296, 456–457, 650
smartphones, 286
smishing, 88
Smoke Stage, of fire, 471–472
smoke-actuated systems, 474
smurf attacks, 816–817
sniffer. See protocol analyzer
sniffer attack, 711–712
snooping attack, 711
social engineering
- about, 81–83
- baiting, 92
- dumpster diving, 92–93
- eliciting information, 85
- hoax, 90–91
- hybrid warfare, 95
- identity fraud, 93–94
- impersonation and masquerading, 91
- influence campaigns, 94–96
- invoice scams, 90
- phishing, 85–86
- prepending, 85
- principles of, 83–84
- shoulder surfing, 90
- smishing, 88
- social media, 96
- spam, 89
- spear phishing, 87
- tailgating and piggybacking, 91–92
- typo squatting, 94
- vishing, 88–89
- whaling, 87–88

social media, 96
socket, 508
software
- analysis of, 918
- antimalware, 1007–1008
- asset inventories for, 775
- code review, 746–747
- diversity of, 1030
- dynamic application security testing (DAST), 748
- failures of, 872
- focused on, 27
- fuzz testing, 749–751
- interface testing, 751
- misuse case testing, 751–752
- protecting, 155–156
- static application security testing (SAST), 747–748
- test coverage analysis, 752
- testing, 746–753, 969–970
- website monitoring, 752–753

software as a service (SaaS), 782
Software Assurance Maturity Model (SAMM), 961–962
software configuration management (SCM), 965–966
software development
- assurance, 948
- development toolsets, 945–946
- libraries, 945
- mitigating system failure, 948–951
- object-oriented programming, 946–948
- programming languages, 943–945

software development lifecycle (SDLC)
- about, 319, 955–956
- Agile Software Development, 958–959
- Application Programming Interfaces (APIs), 967–968
- Capability Maturity Model (CMM), 960–961
- change management, 964–966
- code repositories, 970–971
- configuration management, 964–966
- DevOps approach, 966–967
- Gantt charts, 964
- IDEAL model, 962–963
- Program Evaluation Review Technique (PERT), 964
- service-level agreements (SLAs), 971–972
- Software Assurance Maturity Model (SAMM), 961–962
- software testing, 969–970
- spiral model, 957–958
- third-party software acquisition, 972
- waterfall model, 956–957

software development security
- about, 943, 987
- data warehousing, 973–983
- databases, 973–983
- exam essentials, 987–988
- knowledge-based systems, 984–986
- review question answers, 1093–1095
- review questions, 989–992
- storage threats, 983–984
- systems development controls, 943–972
- written lab, 988
- written lab answers, 1114–1115

software escrow agreements, 896–897
software libraries, 945
software-as-a-service (SaaS), 124
software-defined data center (SDDC), 402
software-defined everything (SDx), 400–402
software-defined networking (SDN), 525–526
software-defined security, 967
software-defined storage (SDS), 526
software-defined visibility (SDV), 402
software-defined wide-area networks (SDWAN/SD-WAN), 526
something you are factor of authentication, 645, 651–655
something you have factor of authentication, 645, 650–651
something you know factor of authentication, 645, 647–650
somewhere you are authentication factor, 646
somewhere you aren't authentication factor, 646
source code comments, 1031–1032
Source Network Address Translation (SNAT), 615
Spafford, George
- The Phoenix Project: A Novel About IT, DevOps, and Helping Your Business Win, 967

spam, 89
Spam over instant messaging (SPIM), 88
Spam over Internet Telephony (SpIT), 88–89
spear phishing, 87
specialized devices, 393–394
Spectre memory error, 341–342
speech recognition, 653
spiral model, 957–958
split knowledge, 230, 253, 768
split tunnel VPN, 607
split-brain DNS, 514
split-DNS system, 514
split-horizon DNS, 514
spoofed email, 89
spoofing, 91, 93–94, 700
- in STRIDE threat model, 27

spraying attack, 706
spread spectrum, 536
sprints, 959
spyware, 1004
SQL injection attacks, 741, 1012–1016
SSDs, 195, 367
standalone mode, 528
standard operating procedure (SOP), 25
standards, 24–25, 210
* (star) Integrity Property, 330
STAR program, 336
* (star) Security Property, 329
star topology, 564–565
STARTTLS, 600
state attacks, 1011
state machine model, 325
state privacy laws, 168–169
state transition, 325
stateful inspection firewalls, 553, 833
stateful NAT, 617
stateless firewall, 552
statement coverage, 752
statement of importance, 133
statement of organizational responsibility, 133–134
statement of priorities, 133
statement of urgency and timing, 134
Statement on Standards for Attestation Engagements, 729
static application security testing (SAST), 747–748
static considerations, 467–470
static environments, 387–393
static NAT. See NAT traversal (NAT-T)
static packet-filtering firewall, 552
static RAM, 363–364
static systems, 387–393
statistical attack, 297
statistical intrusion detection, 821–823
stealth viruses, 998–999
steganography, 292–293, 844
stopped state, 360
Storage Area Network (SAN), 523
storage limitation, as a provision of the GDPR, 166
storage media security, 367
storage segmentation, 415–416
storage threats, 983–984
store-and-forward device, 548
stored procedures, 1028
stored/persistent XSS, 1022–1023
storing
- sensitive data, 193–194
- symmetric keys, 253–254

storms, 867–868
strategic plan, 18
strategy development, for BCP, 129
stream ciphers, 237
STRIDE threat model, 27
strikes, 873
stripe of mirrors, 876
striping, 876
striping with parity, 876
Structured Threat Information eXpression (STIX), 355
structured walk-through test, 900
Stuxnet, 379, 1003–1004
su command, 701–702
subdomain, 510
subjects
- about, 208
- compared with objects, 642–643
- defined, 678
- in secure design, 311–312

subpoena, 919–920
Subscriber Identity Module (EAP-SIM), 583
subscriber identity module (SIM) cloning, for mobile devices, 426
substitution cipher2, 232–234
sub-technologies, 566–569
sudo command, 701–702
supervised learning, 985–986
supervisor state, 359–361
supervisory control and data acquisition (SCADA), 378–380
supervisory state, 360
supplies, in disaster recovery planning (DRP), 897
supply chain, 31
supply chain risk management (SCRM), 31–32
support ownership, for mobile devices, 422
surge protectors, 465
Sutherland model, 335
swapfile, 365–366
switch eavesdropping, 611–612
Switched Port Analyzer (SPAN) port, 611
switched virtual circuits (SVCs), 621–622
switches, 548, 826
switching, 610–614
switching technologies, 620–622
symmetric cryptography, 244–254
symmetric cryptosystems, 221
symmetric key algorithms. See cryptography and symmetric key algorithms
symmetric key management, 252–254
symmetric multiprocessing (SMP), 376
SYN flood attack, 814–816
synchronous communications, 566
Synchronous Digital Hierarchy (SDH), 624
synchronous dynamic password tokens, 651
Synchronous Optical Network (SONET), 624
Synchronous Transport Modules (STM), 624
Synchronous Transport Signals (STS), 624
synthetic monitoring, 752
synthetic transactions, 748
Syslog Protocol, 842
system call, 359
system failures, 314–316, 948–951
system logs, 836
system on a chip (SoC), 549
system security policy, 427–428
systems
- managing, 789
- resilience of, 875–880
- testing, 954–955

systems development lifecycle
- about, 953
- Application Programming Interface (API), 967–968
- change management, 964–966
- code repositories, 970–971
- code review walk-through, 955
- coding, 955
- conceptual definition, 953–954
- configuration management, 964–966
- control specifications development, 954–955
- design review, 955
- DevOps approach, 966–967
- functional requirements determination, 954
- Gantt charts, 964
- maintenance and change management, 956
- models of, 956–963
- Program Evaluation Review Technique (PERT), 964
- service-level agreements (SLAs), 971–972
- software testing, 969–970
- testing, 955–956
- third-party software acquisition, 972

systems integration, 403, 639

T
tactical plan, 18–19
tailgating, 91–92
tailoring, scoping compared with, 209–210
take-grant model, 326–327
Tampering, in STRIDE threat model, 27
tape media, 777–778
tape rotation, 896
target of evaluation (TOE), 338
task-based access control (TBAC), 685
TCP ACK Scanning, 733
TCP Connect Scanning, 733
TCP reset attack, 816
TCP SYN Scanning, 733
TCP Wrapper, 553
TCP/IP model, 504–505
teardrop attack, 817
technical controls, 73
technical physical security controls, 452
technology convergence, 449
technology crime investigators, 145
telecommunications room, 454
telecommuting techniques, 591
Telnet, 506, 608
temperature considerations, 467–470
TEMPEST countermeasures, 368–369
Temporal Key Integrity Protocol (TKIP), 531, 532
temporary address, 509
temporary authorization to operate (TATO), 16
temporary internet files, 375
Ten Commandments of Computer Ethics, 932
Terminal Access Controller Access Control System Plus (TACACS+), 698–699
termination, of employees, 49–52
terrorism, acts of, 870, 926
test coverage analysis, 752
test patches, 790
TestBank, xliv
testimonial evidence, 915
testing
- in BCP documentation, 136
- for disaster recovery planning (DRP), 899–902
- software, 746–753, 954–955, 969–970

tethering, for mobile devices, 425
text messaging, 419–420
theft, 873–874
thin access point, 529
thin client, 401–402
third-party application stores, 415
third-party audits
- about, 729–730
- for evaluation of third parties, 20

third-party connectivity, 618–619
third-party governance, 15
third-party security services, 833–834
third-party software acquisition, 972
Threat Agent Risk Assessment (TARA), 81
threat agents/actors, 56
threat events, 56
threat feeds, 849–851
threat hunting, 26, 850
threat intelligence, 847–850
threat modeling
- about, 26
- determining potential attacks, 28
- identifying threats, 26–28
- performing reduction analysis, 28–30
- prioritization and response, 30–31

threat vector, 56, 57
threats
- about, 354, 432–433
- architecture flaws and issues, 428–432
- assessing, 355–372, 731–746
- client-based systems, 372–375
- containerization, 405–406
- cyber-physical systems, 386–393
- defined, 56, 700
- distributed systems, 380–382
- edge computing, 385–386
- embedded devices, 386–393
- essential security protection mechanisms, 426–428
- exam essentials, 433–439
- fog computing, 385–386
- high-performance computing (HPC) systems, 382–383
- identifying, 26–28, 60
- industrial control systems, 378–380
- infrastructure as code (IaC), 395–396
- Internet of Things (IoT), 383–385
- managing, 791
- microservices, 394–395
- mitigating, 355–372
- mobile devices, 406–426
- review question answers, 1062–1067
- review questions, 441–445
- server-based systems, 375–378
- serverless architecture, 406
- shared responsibility, 354–355
- specialized devices, 393–394
- virtualized systems, 397–405
- written lab, 440
- written lab answers, 1105–1106

three dumb routers, 384
three-way handshake, 508
thrill attacks, 928
throughput rate, 655
THSuite, 192
ticket, 696
ticket-granting ticket (TGT), 696
time of check (TOC), 1010–1011
time of check to time of use (TOCTTOU), 1010–1011
time of use (TOU), 1010–1011
time slice, 360
time to live (TTL), 517
Time-based One-Time Password (TOTP), 656
timeliness, availability and, 7
timing attack, 297
TLS offloading, 596
token passing, 568
tokenization, 201–202, 1028
tokens, 322, 650–651
top secret label, 182
top-down approach, 17
top-level domain (TLD), 510
topology, 559, 563–566
Tor, 291–292
total risk, 68
Tower of Hanoi strategy, 896
trade secrets, 156–157
trademarks, 154–155
traffic analysis, 843
traffic monitor. See protocol analyzer
training
- about, 97–99
- for BCP implementation, 132
- for disaster recovery planning (DRP), 898–899
- for security management process, 755

transactions, database, 977–978
transborder data flow, 158
transfers, of employees, 49–52
transformation procedures (TPs), 333
transient noise, 467
transitive trust, 311
Transmission Control Protocol (TCP), 508
Transmission Control Protocol/Internet Protocol (TCP/IP), 582
transmission error correction, 625
transmission logging, 625
transmission media technology, 559
transmission protection, 592
transparency, 166, 625
transparent proxy, 555
transponder proximity device, 458
Transport layer (layer 4), 502, 508–509
Transport Layer Security (TLS) protocol, 240, 269, 285, 290–291, 521
transport mode, 604–606
transposition ciphers, 231–232
trap messages, 507
travel, for personnel, 772–773
traverse mode noise, 467
trend analysis, 843
TrickBot, 372
Triple DES (3DES), 247–248
Trivial File Transfer Protocol (TFTP), 506, 519
Trojan horses, 1000–1001
true negative, 822–823
trust, as a social engineering principle, 84
trust boundaries, in decomposition process, 29
trust but verify approach, 319–320
Trusted Automated eXchange of Intelligence Information (TAXII), 355
Trusted Computer System Evaluation Criteria (TCSEC), 337
trusted computing base (TCB) design principle, 323–325
trusted paths, 324
Trusted Platform Module (TPM), 286, 342
trusted recovery, 879
trusted shell, 324
trusted system, in CIA Triad, 321–322
trusts, 660
truthfulness, integrity and, 6
tunnel mode, 295, 604–606
tunneling, 603–604
tuples, 974
Turing, Alan, 299
turnstiles, 477–479
twisted-pair cables, 560–561
two-factor authentication (2FA), 655
two-factor authentication with Authenticator apps, 655–656
Twofish algorithm, 251
two-person control, 768
Type 1 authentication factor, 645
Type 1 error, 653
Type 2 authentication factor, 645
Type 3 authentication factor, 645
type I hypervisor, 397
Type II error, 653
type II hypervisor, 397
Type of Service (ToS), 516
typosquatting, 94, 515

U
UBlock Origin, 374
UDP Scanning, 733
ultraviolet EPROMs (UVEPROMs), 362
unclassified label, 182
unicast technology, 567
unified endpoint management (UEM), 409
Unified Extensible Firmware Interface (UEFI), 371
unified threat management (UTM), 554, 833
uninterruptible power supply (UPS), 465–466, 878
United States Munitions List (USML), 159
United States Patent and Trademark Office (USPTO), 154–155
unshielded twisted-pair (UP), 560
unsolicited ARP, 520
unsupervised learning, 986
update management, for mobile devices, 422
urgency, as a social engineering principle, 84
urgency and timing, statement of, 134
URL filtering, 555–556
URL hijacking, 94, 515
U.S. Copyright Office (website), 153
U.S. Cybersecurity and Infrastructure Security Agency (CISA), 120
U.S. Geological Survey (USGS), 126
U.S. Government Accountability Office (GAO), 728
U.S. National Security Agency (NSA), 195
U.S. Privacy Law, 160–164
USA PATRIOT Act (2001), 163–164
usability, availability and, 7
USB flash drives, 777
USB On-The-Go (OTG), 416
US-CERT, 310
use cases, 969
user acceptance, for mobile devices, 424
user acceptance testing (UAT), 955
user and entity behavior analytics (UEBA), 49, 1009
user behavior analytics (UBA), 49
User Datagram Protocol (UDP), 508
User Interface (UI), 751
user mode, 359, 361
user role, 22
users, 208
utility considerations
- in disaster recovery planning (DRP), 897
- humidity, 467–470
- noise, 467
- power, 465–467
- static, 467–470
- temperature, 467–470
- water, 470

utility failures, 871–872
utility patents, 155

V
validation, in vulnerability scanning, 742
validity, integrity and, 6
Van Buren v. United States, 149
Van Eck radiation, 368
vandalism, 873–874
variable length subnet masking (VLSM), 518
Velez, Tony Uceda (author)
- Risk Centric Threat Modeling: Process for Attack Simulation and Threat Analysis, 27–28

vendor agreements, 52–53
vendor management system (VMS), 53
VENONA project, 236
verification, 280–281, 961
Vernam, Gilbert Sandford, 235
Vernam ciphers, 235
version control, 1030
versioning, in change management, 788
views, of databases, 979
Vigenère cipher, 233–234, 235
virtual application, 399–400
virtual circuits, 621–622
virtual data center (VDC), 402
virtual desktop, 401
virtual desktop infrastructure (VDI), 401
virtual firewall, 550
virtual IP addresses, 596
virtual local area networks (VLANs), 610–614
virtual machine monitor/manager (VMM), 397
virtual memory, 365–366
virtual network segmentation, 400
virtual private network (VPN)
- about, 602–603
- always-on VPN, 606–607
- common protocols, 607–609
- full tunnel, 607
- how they work, 604–606
- personnel and, 773
- split tunnel, 607
- tunneling, 603–604

virtual SAN (VSAN), 526
virtual software, 399–400
virtual tape libraries (VTLs), 895
Virtual xEtensible LAN (VXLAN), 527
virtualization, 397
virtualization security management, 403–405
virtualization technology, 342
Virtualized Environment Neglected Operations Manipulation (VENOM), 404
virtualized networking, 400
virtualized systems
- about, 397–399
- software-defined everything (SDx), 400–402
- virtual software, 399–400
- virtualization security management, 403–405
- virtualized networking, 400

virus decryption routine, 999
viruses, 995–999
vishing, 88–89, 588–589
Visual, Agile, and Simple Threat (VAST), 27–28
vital records program, in BCP documentation, 135
VLAN hopping, 612
VM escaping, 404
voice communications
- about, 586
- phreaking, 588–589
- private branch exchange (PBX), 589–590
- vishing, 588–589
- Voice over Internet Protocol (VoIP), 524–525, 586–588

Voice over Internet Protocol (VoIP), 524–525, 586–588
voice pattern recognition, 653
voice-based phishing, 88–89
volatility, of storage devices, 366
voluntarily surrender, 919
VPN appliance, 603
VPN concentrator, 603
VPN device, 603
VPN firewall, 603
VPN gateway, 603
VPN proxy, 603
VPN remote access server (RAS), 603
VPN server, 603
vulnerabilities. See also Common Vulnerabilities and Exposures (CVE)
- about, 354, 432–433, 731–732
- architecture flaws and issues, 428–432
- assessing, 355–372, 731–746
- client-based systems, 372–375
- containerization, 405–406
- cyber-physical systems, 386–393
- defined, 56, 700
- distributed systems, 380–382
- edge computing, 385–386
- embedded devices, 386–393
- essential security protection mechanisms, 426–428
- exam essentials, 433–439
- fog computing, 385–386
- high-performance computing (HPC) systems, 382–383
- identifying, 60
- industrial control systems, 378–380
- infrastructure as code (IaC), 395–396
- Internet of Things (IoT), 383–385
- managing, 791
- microservices, 394–395
- mitigating, 355–372
- mobile devices, 406–426
- review question answers, 1062–1067
- review questions, 441–445
- server-based systems, 375–378
- serverless architecture, 406
- shared responsibility, 354–355
- specialized devices, 393–394
- virtualized systems, 397–405
- written lab, 440
- written lab answers, 1105–1106

vulnerability scanning
- about, 792
- database vulnerability scanning, 741–742
- management workflow, 742
- web vulnerability scanning, 739–741

vulnerability scans, 732–742

W
waiting state, 360
war driving, 539
warm sites, 885–886
warning banners, 829
water issues, 470
water suppression systems, 474–475
waterfall model, 956–957
watermarking, 292–293, 845
wave pattern motion detector, 459
wearable technology, 384
wearables, 384
web application firewalls (WAFs), 374, 552–553, 833, 1027–1028
web applications, 290–292, 1020–1025
Web Authentication (WebAuth), 657
web filtering, 555–556
web security gateway, 556
web vulnerability scanning, 739–741
website monitoring, 752–753
well-known ports, 508
wet pipe system, 474
whaling, 87–88
white noise, 368
White-Box Penetration Test, 744, 969
whitelisting, 414, 831–832
wide area network (WAN), 559, 606, 622–623
Wi-Fi, free, 772–773
Wi-Fi Direct, 425, 528
Wi-Fi positioning system (WFPS), 413
Wi-Fi Protected Access (WPA), 531–532
Wi-Fi Protected Access 2 (WPA2), 532
Wi-Fi Protected Access 3 (WPA3), 532–533
Wi-Fi Protected Setup (WPS), 533–534
wildcard certificates, 278
window of vulnerability, 1006
Windows Group Policy Objects (GPOs), 753
Wired Equivalent Privacy (WEP), 531
wired extension mode, 528
wireless access point (WAP), 528
wireless attacks, 539–542
wireless channels, 529–530
wireless communications, 536–539
wireless controller, 529
wireless networks
- about, 527–529
- antenna management, 534–535
- captive portals, 535
- general security procedure, 535–536
- MAC filter, 534
- service set identifier (SSID), 529
- site surveys, 530–531
- Wi-Fi Protected Setup (WPS), 533–534
- wireless attacks, 539–542
- wireless channels, 529–530
- wireless communications, 536–539
- wireless security, 531–533

wireless positioning system (WiPS), 413
wireless scanners, 539
wireless security, 531–533
wiring closets, 454–455
WordPress, 685
work area security, 464–465
work function, 230
workgroup recovery, 883
workplace, privacy in the, 164–165
World Intellectual Property Organization (WIPO) treaties, 153–154
worms, 1001–1004
“Worse Is Better” (New Jersey Style), 317
wrapper, 392
written lab answers
- access control, 1111
- asset security, 1102–1103
- business continuity planning (BCP), 1101
- cryptography and symmetric key algorithms, 1103–1104
- disaster recovery planning (DRP), 1113–1114
- identity and authentication, 1110–1111
- incident prevention and response, 1113
- investigations and ethics, 1114
- laws, regulations, and compliance, 1102
- malicious code and application attacks, 1115
- personnel security and risk management, 1100–1101
- physical security requirements, 1106–1107
- PKI and cryptographic applications, 1104
- secure communications and network attacks, 1109–1110
- secure network architecture and components, 1108
- security assessment and testing, 1111–1112
- security governance, 1100
- security models, design, and capabilities, 1104–1105
- security operations, 1112
- software development security, 1114–1115
- vulnerabilities, threats, and countermeasures, 1105–1106

written labs
- access control, 717
- asset security, 213
- business continuity planning (BCP), 138
- communications and network attacks, 630
- cryptography and symmetric key algorithm, 257
- disaster recovery planning (DRP), 903
- ethics, 935
- identity and authentication, 671
- incident response, 855
- investigations, 935
- laws, regulations, and compliance, 173
- malicious code and application attacks, 1036
- network architecture, 574
- personnel security and risk management, 106
- physical security, 488
- PKI and cryptographic applications, 303
- security and assessment testing program, 758
- security governance, 36
- security models, 347
- security operations, 796
- software development security, 988
- vulnerabilities, threats, and countermeasures, 440

X
X Window, 507
X.509 standard, 278
Xmas Scanning, 733

Y
“You Aren't Gonna Need It” (YAGNI), 317

Z
zero trust, 317–319
zero-day attacks, 818, 1006
zero-knowledge proof, 229
Zigbee, 543
Zimmerman, Phil, 249, 287
zombies, 812–813
zzuf tool, 749

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.

Table of Contents for Index

Create new playlist

Sign In

Sign Up

Table of Contents for
Index