- A
- AAA protocols, 695
- AAA services, risks of, 8–11
- Abagnale, Frank (author)
- Scam Me If You Can: Simple Strategies to Outsmart Today's Ripoff Artists, 98
- abstraction, 12
- abuse case testing, 751–752
- acceptable use policy (AUP), 24, 47, 48, 424
- accepting risk. See risk acceptance
- access abuses, 462
- access control list (ACL), 327–328, 679–680
- access control matrix, 327–328, 679
- access control triplet, 333
- access control vestibules, 477–479
- access controls
- about, 640–641, 678, 714–715
- attacks on, 699–714
- in CIA Triad, 321
- comparing models, 678–690
- exam essentials, 715–717
- implementing authentication systems, 690–699
- models, 681–682
- review question answers, 1080–1082
- review questions, 718–721
- written lab, 717
- written lab answers, 1111
- accessibility, availability and, 7
- account access review, 667–668
- account lockout controls, 714
- account maintenance, 667
- account management, 754
- account revocation, 666
- accountability
- about, 644–645
- integrity and, 6
- monitoring and, 838–839
- as a provision of the GDPR, 167
- in security process, 10–11
- accounting, in security process, 8
- accuracy, 6, 166
- ACID model, 978
- acquisitions, mergers and, 19–20
- acting, in IDEAL model, 962
- active monitoring, 752
- active response, to intrusion detection systems (IDSs), 824
- active-active system, 596
- active-passive system, 596
- ActiveX controls, 373
- activity, monitoring, 839
- acts of terrorism, 870
- ad hoc level, of Risk Maturity Model (RMM), 78
- ad hoc mode, 528
- Address Resolution Protocol (ARP), 510, 519–520
- Adleman, Leonard, 265, 273
- administrative controls, 73
- administrative investigations, 910–911
- administrative law, 146–147
- administrative physical security controls, 452
- administrators, 207–208
- admissible evidence, 913
- Adobe Flash, 374
- Advanced Encryption Standard with 256-bit keys (AES 256), 187
- advanced persistent threats (APTs), 770, 925, 995
- advanced threat protection, 1008–1009
- adversarial approach, to threat modeling, 26
- adware, 1004
- Affected Users, in DREAD system, 31
- agent-based system, 550
- agentless system, 550
- aggregation, in databases, 980
- aggregators, 548
- Agile Software Development, 958–959
- air gap, 318
- algorithm, 223. See also specific algorithms
- allowable interruption window (AIW), 453
- alternate keys, 976
- alternate processing sites, 883–888
- alternate sites, 130
- alternative systems, 131
- always-on VPN, 606–607
- Amazon Web Service (AWS) Simple Storage Service (S3), 192
- American Civil Liberties Union (ACLU), 160
- amplifiers, 547
- analog communications, 566
- analysis, in Electronic Discovery Reference Model (EDRM), 912
- analytic attack, 297
- AND operation, 225
- Andersen, Arthur, 730
- Android devices, 407–408
- annual cost of the safeguard (ACS), 69–70
- annualized loss expectancy (ALE)
- about, 127
- quantitative risk analysis and, 65–66
- annualized rate of occurrence (ARO), 65, 125–126
- anonymization, 202–204
- antenna management, 534–535
- antimalware, 829–830, 1007–1008
- antispam software, 89
- anything as a service (XaaS), 402
- applets, 372
- application allow listing (whitelisting), 414
- application attacks
- about, 1009
- backdoors, 1011
- buffer overflows, 1009–1010
- privilege escalation, 1011
- rootkits, 1011
- time of check to time of use (TOCTTOU), 1010–1011
- application cells/containers, 405
- application control/management, 414
- Application layer (layer 7), 501, 506–507
- application logs, 836
- Application Programming Interfaces (APIs), 312, 751, 967–968, 1020
- application resilience, 1031
- application roles, 685
- application security controls
- about, 1025
- code security, 1029–1031
- controlling access to, 640
- database security, 1028–1029
- input validation, 1025–1027
- web application firewalls (WAFs), 1027–1028
- application-level firewall, 552
- applied cryptography
- about, 285
- blockchain, 295–296
- circuit encryption, 294
- dark web, 291–292
- email, 286–287
- emerging applications, 295–297
- homomorphic encryption, 297
- IP security (IPsec) protocol, 294–295
- lightweight cryptography, 296
- networking, 294–295
- portable devices, 285–286
- Pretty Good Privacy (PGP), 287–289
- Secure Sockets Layer (SSL), 290
- Secure/Multipurpose Internet Mail Extensions (S/MIME) protocol, 289
- steganography, 292–293
- Tor, 291–292
- Transport Layer Security (TLS), 290–291
- watermarking, 292–293
- web applications, 290–292
- approving patches, 790
- architecture
- common flaws and issues, 428–432
- of database management system (DBMS), 973–977
- of mobile devices, 424
- Arduino, 387
- Argon2, 707
- arithmetic-logical unit (ALU), 364
- ARP cache poisoning, 520
- ARP spoofing, 520
- “Arrangement on the Recognition of Common Criteria Certificates in the Field of IT Security,” 337
- artifacts, 850–851, 913, 916–919
- artificial intelligence (AI), 846–847
- Asia-Pacific Economic Cooperation (APEC), 167
- ASREPRoast, 711
- assertions, 692
- Assess phase, in Risk Management Framework (RMF), 79–81
- assessment, in disaster recovery planning (DRP), 892
- assessment test, lix–lxxiv
- asset owner role, 21, 56, 205
- asset security
- about, 180, 211
- data protection methods, 199–204
- data roles, 204–208
- data states, 185–186
- defining asset classifications, 185
- defining data classifications, 182–185
- determining compliance requirements, 186
- determining data security controls, 186–188
- establishing handling requirements, 188–198
- exam essentials, 211–213
- identifying and classifying information and assets, 180–188
- review question answers, 1053–1056
- review questions, 214–218
- security baselines, 208–210
- written lab, 213
- written lab answers, 1102–1103
- asset value (AV), 123
- assets
- classifying, 185
- controlling access to, 639–641
- focused on, 27
- managing, 774–776
- ownership of, 774
- tracking, 416
- valuation of, 56, 58–59
- asymmetric cryptography
- about, 264
- Diffie-Hellman algorithm, 269–270
- ElGamal algorithm, 267–268
- elliptic curve cryptography (ECC), 268
- private keys, 264–265
- public keys, 264–265
- quantum cryptography, 270–271
- RSA algorithm, 265–266
- asymmetric cryptosystems, 221
- asymmetric key algorithms, 241–244
- asymmetric key management, 284
- asymmetric multiprocessing (AMP), 376
- asynchronous communications, 567
- asynchronous dynamic password tokens, 651
- atomicity, in ACID model, 978
- attack phase, in penetration testing, 743
- attack vector. See threat vector
- attackers
- attacks. See also specific types
- access control, 699–714
- based on design/coding flaws, 430
- determining potential, 28
- attenuation, 562
- Attribute-Based Access Control (ABAC), 526, 682, 686–687
- audit logging. See logging
- audit trails, 838
- auditing, 8, 10, 731
- auditor role, 22
- authenticated relay, 597
- authentication
- as a goal of cryptography, 222
- implementing systems of, 690–699
- on internal networks, 694–697
- on Internet, 691–694
- protocols for, 582–585
- Remote Authentication Dial-in User Service (RADIUS), 697–698
- in security process, 8, 9
- session management and, 949
- Terminal Access Controller Access Control System Plus (TACACS+), 698–699
- Authentication Header (AH), 295, 609
- authentication protection, 592
- authentication service, Kerberos, 696
- authenticity, risks of, 8
- authoritative passwords, 648–650
- authority, as a social engineering principle, 83
- authorization
- about, 644–645
- exploiting vulnerabilities, 1017–1020
- mechanisms for, 679–681
- in security process, 8, 10
- Authorization to Operate (ATO), 16, 340–341
- Authorize phase, in Risk Management Framework (RMF), 79–81
- Authorizing Official (AO), 340
- automated indicator sharing (AIS), 355
- automated recovery, 879
- automatic expiration, DRM and, 199
- Automatic Private IP Addressing (APIPA), 617–618
- automation
- in configuration management (CM), 784–785
- of incident response, 845–851
- auxiliary alarm system, 460
- availability
- AV-Test, 995–996
- awareness
- about, 96–99
- in disaster recovery planning (DRP), 898–899
- in security management process, 755
- B
- backbone distribution system, 454
- backdoor attacks, 1011
- backdoor vulnerability, 1033–1034
- background checks, 46
- backups, in disaster recovery planning (DRP), 892–896
- badges, 456–457
- baiting, 92
- bandwidth, 880
- barricades, 479
- baseband cables, 560
- baseband radio, 544
- baseband technology, 567
- baselines
- about, 24–25
- in configuration management (CM), 783–784
- base+offset addressing, 365
- basic input/output systems (BIOS), 371
- basic service set identifier (BSSID), 529
- bastion host, 551
- bcrypt, 707
- beacon frame, 529
- behavior, 947
- behavior modification, 96
- behavior-based detection, 821–823
- Behr, Kevin
- The Phoenix Project: A Novel About IT, DevOps, and Helping Your Business Win, 967
- Bell-LaPadula model, 328–332
- benign DoS, 383
- Biba model, 330–332
- biometrics, 409, 651, 653–655
- birthday attacks, 300, 706–707
- birthday paradox, 706
- bit flipping, 749
- Bitcoin, 296, 380–381
- bits, 500
- Black-Box Penetration Test, 744, 969
- blacklisting, 831–832
- blind content-based SQL injection, 1013–1015
- blind timing-based SQL injection, 1015–1016
- block cipher, 237
- blockchain, 295–296, 380–381
- Blowfish, 249
- Blue Screen of Death (BSOD), 950–951
- Bluebugging, 537
- Bluejacking, 537
- Bluesmacking, 537
- Bluesnarfing, 537
- Bluesniffing, 537
- Bluetooth (802.15), 537–538
- Boehm, Barry, 957
- Boeing, 198
- Boldon James, 188
- bombings, 870
- book cipher, 236
- Boolean mathematics, 224
- boot attestation, 371
- boot sector, 996–997
- Border Gateway Protocol (BGP), 503
- botnets (bots), 812–813, 1001
- bottom-up approach, 17
- bounds, in CIA Triad, 320–321
- branch coverage, 752
- breach, 57
- breach and attack simulation (BAS), 745
- Brewer and Nash model, 334–335
- bridge mode, 529
- bridges, 548
- bring your own device (BYOD), 420
- broadband cables, 560
- broadband technology, 567
- broadcast domains, 547
- broadcast storm, 611
- broadcast technology, 567
- browser wrap license agreements, 158
- brute-force attack, 297, 704–705
- buffer overflow errors, 817
- buffer overflows, 1009–1010
- buildings, BCP and, 130
- bumping, 481
- burglar alarms, 458
- bus topology, 564
- business associate agreement (BAA), 162
- business attacks, 925
- business continuity planning (BCP)
- about, 114–115, 136–137
- benefits of, 119–120
- business impact analysis (BIA), 121–128
- continuity planning, 128–131
- documentation for, 132–136
- exam essentials, 137–138
- plan approval and implementation, 131–136
- project scope, 115–121
- review question answers, 1049–1051
- review questions, 139–142
- in security management process, 754–755
- selecting your team, 117–118
- written lab, 138
- written lab answers, 1101
- business email compromise (BEC), 87
- business impact analysis (BIA)
- about, 121–122
- Cloud and, 124–125
- identifying priorities, 122–123
- impact analysis, 126–128
- likelihood assessment, 125–126
- resource prioritization, 128
- risk identification, 123–124
- business strategy, aligning security function with, 17–19
- business unit, 881–882
- business/mission owners, 206
- C
- cable lock, 453
- cable plant management policy, 454
- cabling, 559–563
- cache RAM, 363
- Caesar cipher, 232–234, 235
- California Consumer Privacy Act (CCPA, 2018), 168–169
- California SB 1386, 162
- Caller ID, 525
- cameras, 460–461
- camouflage, 1028–1029
- campus area network (CAN), 606
- Canadian privacy laws, 167–168
- candidate keys, 975
- candidate screening, 46–47
- capabilities
- about, 310, 322–323, 343–344
- access control matrix, 327–328
- Bell-LaPadula model, 328–330
- Biba model, 330–332
- Brewer and Nash model, 334–335
- capabilities of information systems, 341–343
- Clark-Wilson model, 333–334
- design principles, 310–320
- ensuring CIA Triad, 320–322
- exam essentials, 344–347
- fundamental concepts of, 322–336
- Goguen-Meseguer model, 335
- Graham-Denning model, 335–336
- Harrison-Ruzzo-Ullman (HRU) model, 336
- information flow model, 325
- noninterference model, 326
- review question answers, 1060–1062
- review questions, 348–352
- state machine model, 325
- Sutherland model, 335
- systems requirements, 337–341
- take-grant model, 326–327
- trusted computing base (TCB) design principle, 323–325
- written lab, 347
- written lab answers, 1104–1105
- Capability Maturity Model (CMM), 78, 955, 960–961
- Capability Maturity Model Integration (CMMI), 961
- capability table, 679–680
- capacitance motion detector, 459
- captive portals, 535
- capture filters, 506
- cardinality, 974–975
- carrier network connections, 623
- carrier unlocking, 418
- Carrier-Sense Multiple Access (CSMA), 567
- Carrier-Sense Multiple Access with Collision Avoidance (CSMA/CA), 568
- Carrier-Sense Multiple Access with Collision Detection (CSMA/CD), 568
- cascading, 326
- CAST algorithm, 250–251
- Categorize phase, in Risk Management Framework (RMF), 79–81
- Cavoukian, Ann
- “Privacy by Design - The 7 Foundational Principles: Implementation and Mapping of Fair Information Practices,” 319
- cell suppression, 981
- cellular networks, 544
- Center for Internet Security (CIS), 22
- central processing unit (CPU), 356
- central station system, 460
- centralized access control, 659, 660
- CEO fraud, 87
- CEO spoofing, 87
- certificate authority (CA), 278, 279–280
- certificate chaining, 280
- Certificate Practice Statement (CPS), 282
- certificate revocation list (CRL), 280–281, 282
- certificate signing request (CSR), 280
- certificate stapling, 282–283
- certificates
- digital, 278
- formats of, 283
- lifecycle of, 280–283
- pinning, 281
- certification process, xliii
- chain of custody, 914–915
- chain of evidence, 914–915
- Challenge Handshake Authentication Protocol (CHAP), 583
- change control, 965
- change logs, 836
- change management
- about, 785–786
- configuration documentation, 788
- maintenance and, 955
- process of, 787–788
- software development lifecycle (SDLC) and, 964–966
- versioning, 788
- chat, 594–595
- checklists, 891–892
- chief information officer (CIO), 17, 18
- chief information security officer (CISO), 17
- chief security officer (CSO), 17
- chief technical officer (CTO), 18
- Children's Online Privacy Protection Act (COPPA, 1998), 163
- choose your own device (CYOD), 421
- chosen ciphertext attacks, 300
- chosen plaintext attacks, 300
- CIA Triad
- about, 4–7, 320, 640–641
- access controls and, 321
- assurance and, 321–322
- bounds and, 320–321
- confinement and, 320
- isolation and, 321
- trust and, 321–322
- Cipher Block Chaining (CBC) mode, 244
- Cipher Feedback (CFB) mode, 244
- ciphers, 230–238
- ciphertext-only attack, 298–299
- circuit encryption, 294
- circuit proxies, 553
- circuit switching, 620
- circuit-level gateway firewalls, 553, 833
- circular logging, 844
- CISSP exam
- about, xxxix–xl
- advice for, xli–xlii
- question types, xl–xli
- study and preparation tips for, xlii
- civil investigations, 911
- civil law, 146
- Clark-Wilson model, 333–334, 680
- classification levels, 329, 947
- Classless Inter-Domain Routing (CIDR), 518
- clean-desk policy, 464
- clearing media, 196
- clickjacking, 94, 515
- click-through license agreements, 158
- client-based systems
- about, 372
- local caches, 375
- mobile code, 372–374
- client/server model, 556
- clipping levels, 842
- closed head system, 474
- Closed port, 733
- closed relay, 597
- closed source, 313
- closed systems, 312–313
- closed-circuit television (CCTV), 460–461
- cloud access security broker (CASB), 200
- cloud computing
- about, 397
- business impact analysis (BIA) and, 124–125
- integration with, 403
- managed services in the, 779–782
- protecting, 878
- recovery strategy and, 887
- cloud services license agreements, 158
- cloud-based federation, 661
- coaxial cable, 559–560
- code
- about, 954
- ciphers compared with, 231
- flaws in, 430
- practices of coding, 1031–1034
- reuse of, 1029–1030
- review of, 746–747
- review walk-through of, 954
- security of, 1029–1031
- signing, 1029
- code injection attacks, 1016
- Code of Fair Information Practices, 932–933
- Code Red worm, 1001–1002
- code repositories, 970–971, 1030
- cognitive password, 643
- cohesion, 947
- cold aisle, 468
- cold sites, 883–884
- collection
- in Electronic Discovery Reference Model (EDRM), 912
- of evidence, 916–919
- collector, 548
- collision attack. See birthday attacks
- collision domains, 547
- collisions, 244
- collusion, 49
- columnar transposition, 231
- combination locks, 481–482
- command injection attacks, 1016–1017
- Commerce Control List (CCL), 159
- commercial off-the-shelf (COTS) software, 972
- Committee of Sponsoring Organizations (COSO) of the Treadway Commission, 81
- Common Configuration Enumeration (CCE), 732
- Common Criteria (CC), 337–340
- Common Gateway Interface (CGI), 1010
- common mode noise, 467
- Common Platform Enumeration (CPE), 732
- Common Vulnerabilities and Exposures (CVE), 731, 792–793
- Common Vulnerability Scoring System (CVSS), 731
- communications and network attacks
- about, 582, 626–628
- communication protection, 410–411
- communication protocols, 521, 543–544
- email security, 596–602
- exam essentials, 628–630
- fiber-optic links, 624
- load balancing, 595–596
- multimedia collaboration, 593–595
- network address translation (NAT), 614–618
- preventing/mitigating, 625–626
- protocol security mechanisms, 582–585
- remote access security management, 590–593
- review question answers, 1075–1077
- review questions, 631–635
- security control characteristics, 624–625
- switching, 610–614
- switching technologies, 620–622
- third-party connectivity, 618–619
- virtual LANs, 610–614
- virtual private network (VPN), 602–609
- voice communications, 586–590
- wide area network (WAN) technologies, 622–623
- wireless communication, 536–539
- written lab, 630
- written lab answers, 1109–1110
- Communications Assistance for Law Enforcement Act (CALEA, 1994), 161
- community cloud deployment model, 782–783
- compartmentalized environment, 689
- compensation control, 75
- compiler, 944
- completeness, integrity and, 6
- compliance
- determining requirements for, 186
- testing, 68
- compliance checks, 745–746
- compliance policy requirements, 53
- compliant mobile devices, 690
- composition theories, 326
- comprehensiveness, integrity and, 6
- computer architecture, 354
- computer crime
- categories of, 923–929
- laws for, 147–152
- Computer Ethics Institute, 932
- Computer Fraud and Abuse Act (CFAA, 1984), 148–149, 164, 1003
- computer incident response team (CIRT) role, 21
- computer security incident, 803
- computing minimalism, 317
- concealment, confidentiality and, 5
- concentrators, 547
- conceptual definition, 952–953
- concurrency, in databases, 979–980
- condition coverage, 752
- conductors, 561–562
- confidential label, 182, 184
- confidentiality
- in CIA Triad, 5, 640
- as a goal of cryptography, 220–221
- configuration documentation, in change management, 788
- configuration management (CM)
- automation, 784–785
- baselining, 783
- provisioning, 783
- software development lifecycle (SDLC) and, 964–966
- using images for baselining, 783–784
- confinement, in CIA Triad, 320
- confusion, 237–238
- connection methods, 417
- connection oriented, 508
- connectionless “best effort” communication protocol, 509
- consensus, as a social engineering principle, 83
- consistency, in ACID model, 978
- constrained data item (CDI), 333
- constrained interface model, 343, 680
- consultant agreements, 52–53
- contactless payment methods, for mobile devices, 425–426
- containerization, 400, 405–406
- content delivery network, 545
- content distribution network (CDN), 545
- content filtering, 554, 555–556
- content inspection, 555–556
- content management system (CMS), 414
- content-dependent access control, 680
- content/URL filter, 555–556
- context-aware authentication, 646
- context-dependent access control, 680
- continuity of operations plan (COOP), 129
- continuous audit trail, DRM and, 199
- continuous improvement, 77–78
- continuous integration/continuous delivery (CI/CD), 966–967
- contracting, 171
- contractor agreements, 52–53
- contractual license agreements, 158
- Control Objectives for Information and Related Technology (COBIT), 15, 22–23, 206, 731
- control specifications development, 953–954
- control zone, 369
- controls gap, 68–69
- converged protocols, 523–524
- Copyright law, 152–154
- core protection methods, 713–714
- corporate espionage, 925
- corporate policies, for mobile devices, 423
- corporate-owned, personally enabled (COPE), 420–421
- corporate-owned business-only (COBO) strategy, 421
- corporate-owned mobile strategy (COMS), 421
- corrective control, 75
- cost, of security controls vs. benefit of security controls, 69–72
- cost/benefit calculation/analysis, 70
- Counter (CTR) mode, 245
- Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) (Counter-Mode/CBC-MAC Protocol), 532
- Counter with Cipher Block Chaining Message Authentication Code Mode (CCM), 245
- countermeasures
- about, 354, 432–433
- architecture flaws and issues, 428–432
- assessing, 355–372
- client-based systems, 372–375
- containerization, 405–406
- cyber-physical systems, 386–393
- distributed systems, 380–382
- edge computing, 385–386
- embedded devices, 386–393
- essential security protection mechanisms, 426–428
- exam essentials, 433–439
- fog computing, 385–386
- high-performance computing (HPC) systems, 382–383
- industrial control systems, 378–380
- infrastructure as code (IaC), 395–396
- Internet of Things (IoT), 383–385
- managing, 791
- microservices, 394–395
- mitigating, 355–372
- mobile devices, 406–426
- review question answers, 1062–1067
- review questions, 441–445
- selecting and implementing, 72–74
- server-based systems, 375–378
- serverless architecture, 406
- shared responsibility, 354–355
- specialized devices, 393–394
- virtualized systems, 397–405
- written lab, 440
- written lab answers, 1105–1106
- countries of concern, 159
- coupling, 947
- covert channels, 428–429
- covert storage channel, 429
- covert timing channel, 429
- crackers, 699
- Creating Defensible Space (Newman), 452
- credential hijacking, 93
- credential management systems, 419, 662–663
- credential manager apps, 663
- credential stuffing attack, 706
- Crime Prevention Through Environmental Design (CPTED), 450–451
- criminal investigations, 911
- criminal law, 144–146
- crisis management, 882
- critical path analysis, 448–449
- criticality, confidentiality and, 5
- cross-border information sharing, 167
- crossover error rate (CER), 654
- cross-site request forgery (CSRF/XSRF), 1024
- cross-site scripting (XSS), 1016, 1021–1023
- cryptanalysis, 224
- cryptocurrency, 296
- cryptographic algorithms, 156
- cryptographic applications. See PKI and cryptographic applications
- cryptographic attacks, 297–301
- cryptographic erasure, 197
- cryptographic keys, 238–239
- cryptographic mathematics, 224–230
- cryptographic modes of operation, 244–246
- cryptographic salt, 298
- cryptography and symmetric key algorithms
- about, 220, 239–241, 255–256
- ciphers, 230–238
- concepts of cryptography, 223–224
- cryptographic lifecycle, 255
- cryptographic mathematics, 224–230
- exam essentials, 256–257
- goals of cryptography, 220–222
- modern cryptography, 238–244
- review question answers, 1056–1057
- review questions, 258–261
- symmetric cryptography, 244–254
- written lab, 257
- written lab answers, 1103–1104
- cryptology, 224
- cryptomalware, 1001
- cryptosystems, 224
- cryptovariables, 224
- custodian role, 21
- cybercrime for hire, 926
- cyber-physical systems, 389
- Cybersecurity Enhancement Act, 151
- “Cyberwarfare: Origins, Motivations and What You Can Do in Response,” 95
- D
- DAD Triad, 7–8
- Damage Potential, in DREAD system, 31
- dark web, 291–292
- DARPA model. See TCP/IP model
- data at rest, 221
- data breach notification laws, 162–163
- data centers, 455–458
- data classifications, 182–185
- data collection limitation, 192–193
- data controllers, 206–207
- data custodians, 207
- data destruction, 194–197
- data diddling, 431–432
- Data Encryption Standard (DES)
- about, 239, 247
- advanced encryption standard, 250
- Blowfish, 249
- CAST algorithm, 250–251
- comparing symmetric encryption algorithms, 251–252
- International Data Encryption Algorithm (IDEA), 248–249
- Rivest ciphers, 249–250
- Skipjack algorithm, 249
- symmetric key management, 252–254
- Triple DES (3DES), 247–248
- data exposure, 1028
- data extraction, 842
- data flow control, 375
- data hiding, 12–13
- data in motion, 221
- data in transit, 185
- data in use, 185, 221
- data integrity, 922–923
- Data Link layer (layer 2), 503–504
- data location, 193
- data loss prevention (DLP), 188, 189–190
- data maintenance, 189
- data minimization, 166, 1028
- data owners, 204–205
- data ownership, for mobile devices, 422
- data processors, 206–207
- Data Protection Directive (DPD), 165–166
- data protection methods
- about, 199
- anonymization, 202–204
- cloud access security broker (CASB), 200
- digital rights management (DRM), 199–200
- pseudonymization, 200–201, 202
- tokenization, 201–202
- data remanence, 194–195, 367
- data remnants, 462
- data retention, 197–198, 922–923
- data roles
- about, 204
- administrators, 207–208
- asset owners, 205
- business/mission owners, 206
- data controllers, 206–207
- data custodians, 207
- data owners, 204–205
- data processors, 206–207
- subjects, 208
- users, 208
- data security controls, determining, 186–188
- data sovereignty, 382
- data states, 185
- data storage devices, 366–367
- data warehousing, establishing, 973–983
- database contamination, 978
- database management system (DBMS)
- architecture, 973–977
- Open Database Connectivity (ODBC), 982–983
- security for multilevel databases, 978–982
- transactions, 977–978
- database normalization, 976
- database recovery, 888–889
- database vulnerability scanning, 741–742
- databases
- establishing, 973–983
- security of, 1028–1029
- dataflow paths, in decomposition process, 29
- datagram, 500
- dead code, 1030
- deauthentication packet, 541
- debugging, 949
- decentralized access control, 659
- declassification of media, 197
- decompiler, 944
- decomposing. See reduction analysis
- decryption, 223, 343
- dedicated line, 622
- deencapsulation, 498–500
- deep packet inspection (DPI), 554
- defense in depth, 11
- defensive approach, to threat modeling, 26
- defined level, of Risk Maturity Model (RMM), 78
- degaussing media, 196
- degrees, 974
- delegating
- about, 947
- incident response, 809
- Delphi technique, 63
- Delpy, Benjamin, 708
- Delta rule, 986
- deluge system, 475
- demarcation point, 454
- demilitarized zone (DMZ), 545
- demonstrative evidence, 916
- Denial of service (DoS), in STRIDE threat model, 27
- denial-of-service (DoS) attacks, 376, 813–817
- deny by default, 414
- Department of Commerce Bureau of Industry and Security (BIS), 159
- deploying patches, 790
- deployment policies, for mobile devices, 420–426
- deprovisioning, 666–667
- design
- about, 310, 322–323, 343–344
- access control matrix, 327–328
- Bell-LaPadula model, 328–330
- Biba model, 330–332
- Brewer and Nash model, 334–335
- capabilities of information systems, 341–343
- Clark-Wilson model, 333–334
- design principles, 310–320
- ensuring CIA Triad, 320–322
- exam essentials, 344–347
- flaws in, 430
- fundamental concepts of, 322–336
- Goguen-Meseguer model, 335
- Graham-Denning model, 335–336
- Harrison-Ruzzo-Ullman (HRU) model, 336
- information flow model, 325
- noninterference model, 326
- review of, 954
- review question answers, 1060–1062
- review questions, 348–352
- in Software Assurance Maturity Model (SAMM), 961
- state machine model, 325
- Sutherland model, 335
- systems requirements, 337–341
- take-grant model, 326–327
- trusted computing base (TCB) design principle, 323–325
- written lab, 347
- written lab answers, 1104–1105
- design patents, 156
- design principles
- about, 310
- closed systems, 312–313
- KISS principle, 316–317
- objects, 311–312
- open systems, 312–313
- Privacy by Design (PbD), 319
- secure defaults, 314
- subjects, 311–312
- system failures, 314–316
- trust, but verify, 319–320
- zero trust, 317–319
- detection
- of incidents, 805–806
- in vulnerability scanning, 742
- detective control, 75, 810
- deterrent alarms, 459
- deterrent control, 74, 452–453
- development toolsets, 945–946
- device authentication, 409–410, 657–658
- device lockout, 411
- devices, controlling access to, 639. See also mobile devices
- DevOps approach, 966–967
- diagnosing, in IDEAL model, 962
- dictionary attack, 704
- differential backups, 893
- Diffie-Hellman algorithm, 156, 253, 269–270, 291
- diffusion, 237–238
- digital certificates, 278, 283
- digital communications, 566
- Digital Millennium Copyright Act (DMCA, 1998), 153–154
- digital motion detector, 459
- digital rights management (DRM), 199–200
- Digital Signature Algorithm (DSA), 277
- Digital Signature Standard (DSS), 277
- digital signatures
- about, 222, 275–276
- Digital Signature Standard (DSS), 277
- hashed message authentication code (HMAC) algorithm, 276–277
- digital watermarking, 845
- direct addressing, 365
- direct evidence, 915
- direct inward system access (DISA), 590
- Direct Sequence Spread Spectrum (DSSS), 537
- directed graph, 326–327
- directional antenna, 534
- directive control, 76
- directory traversal attacks, 1018–1019
- dirty reads, 979
- disassociation, 541
- Disaster, Reproducibility, Exploitability, Affected Users, and Discoverability (DREAD) system, 30–31
- disaster recovery planning (DRP)
- about, 114–115, 863, 902
- acts of terrorism, 870
- assessment, 892
- backups, 892–896
- bombings, 870
- earthquakes, 864–865
- emergency response, 891
- exam essentials, 902–903
- explosions, 870
- fault tolerance, 875–880
- fires, 868, 869–870
- floods, 865–867
- hardware/software failures, 872
- high availability, 875–880
- human-made disasters, 869–874
- infrastructure failures, 871–872
- logistics, 897
- natural disasters, 864–869
- nature of disaster, 863–874
- network failures, 871–872
- offsite storage, 892–896
- pandemics, 869
- personnel and communications, 891–892
- picketing, 873
- power outages, 871
- recovery plan development, 890–898
- recovery strategy, 880–889
- recovery vs. restoration, 897–898
- review question answers, 1089–1091
- review questions, 904–907
- in security management process, 754–755
- software escrow agreements, 896–897
- storms, 867–868
- strikes, 873
- supplies, 897
- system resilience, 875–880
- testing and maintenance, 899–902
- theft, 873–874
- training, awareness, and documentation, 898–899
- utilities, 897
- utility failures, 871–872
- vandalism, 873–874
- written lab, 903
- written lab answers, 1113–1114
- disasters, nature of, 863–874
- Discoverability, in DREAD system, 31
- discretion, confidentiality and, 5
- Discretionary Access Control (DAC), 681, 682–683
- Discretionary Security Property, 329
- disk-to-disk backup, 895
- display filters, 506
- distance vector routing protocols, 503
- Distinguished Encoding Rules (DER) format, 283
- distributed architecture, 556
- distributed computing environment (DCE). See distributed system
- distributed control systems (DCSs), 378–380
- distributed databases, 973–974
- distributed denial-of-service (DDoS) attacks, 814
- distributed ledger, 381
- Distributed Network Protocol 3 (DNP3), 523
- distributed reflective denial-of-service (DRDoS) attack, 814
- distributed system, 380–382, 556
- distributed virtual switches, 611
- DLL injection attack, 1016
- DNS cache poisoning, 512
- DNS over HTTPS (DoH), 511
- DNS pharming, 512
- DNS poisoning, 511–514
- DNS query spoofing, 513
- DNS sinkhole, 514
- documentary evidence, 914
- documenting investigations, 923
- documents
- business continuity planning (BCP), 132–136
- disaster recovery planning (DRP), 898–899
- exchanging and reviewing, for evaluation of third parties, 20
- reviewing, 15–16
- storing, 983
- DOD model. See TCP/IP model
- domain hijacking, 514–515
- Domain Message Authentication Reporting and Conformance (DMARC), 600
- domain name, 509
- domain name system (DNS)
- about, 509–511
- DNS pharming, 512
- DNS poisoning, 511–514
- DNS query spoofing, 513
- Domain Name System Security Extensions (DNSSEC), 511
- domain theft, 514–515
- Domain Validation (DV) certificates, 280
- DomainKeys Identified Mail (DKIM), 600
- domains, xxxviii, 974
- “Don't Repeat Yourself” (DRY), 317
- double conversion UPS, 465
- Double DES (2DES), 300
- doxing, 95
- Dragonfly Key Exchange, 532–533
- drive-by download, 86
- DRM license, 199
- dry pipe system, 474
- dual stack, 517
- due care, 23
- due diligence, 23
- dumb card, 456
- dumpster diving, 92–93
- durability, in ACID model, 978
- duress, 771–772
- dynamic application security testing (DAST), 748
- Dynamic Host Configuration Protocol (DHCP), 507
- dynamic packet filtering firewall, 553
- dynamic ports, 508
- dynamic RAM, 363–364
- E
- E911 location tracking, 413
- EAP Transport Layer Security (EAP-TLS), 584
- EAP Tunneled Transport Layer Security (EAP-TTLS), 584
- EAP-MD5, 584
- earthquakes, 864–865
- east-west traffic, 546
- eavesdropping, 626
- Economic Espionage Act (1996), 157, 161
- edge computing, 385–386
- education, 98, 132
- effectiveness evaluation, 99–100
- egress monitoring, 844–845
- 802.11x, 528, 533, 584
- elasticity, 398–399, 783
- electromagnetic interference (EMI), 467
- electronic access control (EAC) lock, 481–482
- Electronic Code Book (ECB) mode, 244
- Electronic Communications Privacy Act (1986), 161
- electronic discovery (eDiscovery), 912
- Electronic Discovery Reference Model (EDRM), 912
- electronic vaulting, 888–889
- electronically erasable programmable read-only memory (EEPROM), 362
- electrostatic discharge (ESD), 469
- Elevation of privilege, in STRIDE threat model, 27
- Elgamal, Taher, 267
- ElGamal algorithm, 267–268
- eliciting information, 85
- elliptic curve cryptography (ECC), 268, 291
- Elliptic Curve DSA (ECDSA), 277
- email security
- about, 286–287, 596–597
- email data, 187
- goals for, 597–598
- issues with, 599
- solutions for, 599–602
- email spoofing, 713
- emanation security, 367–369
- embedded systems
- about, 386–387, 813
- elements related to, 389–390
- security concerns of, 390–393
- emergency communications, 882–883
- emergency management, 773
- emergency response
- in disaster recovery planning (DRP), 891
- guidelines in BCP documentation, 135
- employee oversight, 48–49
- employment agreements, 47–48
- Encapsulating Security Payload (ESP), 295, 609
- encapsulation, 498–500
- encrypted traffic, monitoring, 826
- encrypted viruses, 999
- encryption
- encryption export controls, 159
- end user role, 22
- end-of-life (EOL), 78, 198, 397
- end-of-service life (EOSL), 78, 198, 397
- end-of-support (EOS), 78, 198, 397
- endpoint detection and response (EDR), 558, 1008–1009
- endpoint security, 556–559
- endpoint-based DLP, 190
- end-to-end encrypted VPN, 605
- end-to-end encryption, 294
- Enhanced Interior Gateway Routing Protocol (EIGRP), 503
- Enigma codes, 299
- enrollment, digital certificate and, 280
- Enron Corporation, 730
- enterprise (ENT), 532
- enterprise extended mode, 528
- enterprise risk management (ERM) program, 78
- entity behavior analytics (UEBA) functions, 822
- entrance facility, 454
- entrapment, 829
- environment safety, 482
- environmental monitoring, 470
- ephemeral key, 240
- ephemeral ports, 508
- equal error rate (ERR), 654
- equipment failure, 453–454
- equipment room, 454
- erasable programmable read-only memory (EPROM), 362
- erasing media, 195
- error handling, 949, 1032–1033
- escaping input, 948
- escrowed encryption standard, 254
- Ethernet, 565–566
- Ethernet address, 503
- ethical disclosure, 749
- ethics
- about, 929, 933
- exam essentials, 934–935
- Internet and, 931–933
- (ISC) 2 Code of Ethics, 930–931
- organizational code of, 929–930
- review question answers, 1091–1093
- review questions, 936–939
- written lab, 935
- written lab answers, 1114
- European Union
- Data Protection Directive (DPD), 165–166
- General Data Protection Regulation (GDPR), 166–167
- evaluation assurance levels (EALs), 338
- evidence
- about, 913
- admissible, 913
- artifacts, 916–919
- collection of, 916–919
- forensic procedures, 916–919
- gathering, 919–920
- storage of, 463–464
- types, 913–916
- evil twin attacks, 540–541
- exam essentials
- access control, 715–717
- asset security, 211–213
- business continuity planning (BCP), 137–138
- communications and network attacks, 628–630
- cryptography and symmetric key algorithm, 256–257
- disaster recovery planning (DRP), 902–903
- ethics, 934–935
- identity and authentication, 669–670
- incident response, 852–855
- investigations, 934–935
- laws, regulations, and compliance, 172–173
- malicious code and application attacks, 1035–1036
- network architecture, 570–573
- personnel security and risk management, 101–106
- physical security, 484–488
- PKI and cryptographic applications, 302–303
- security and assessment testing program, 756–757
- security governance, 33–36
- security models, 344–347
- security operations, 794–796
- software development security, 987–988
- vulnerabilities, threats, and countermeasures, 433–439
- exception handling, 314–315
- excessive privilege, 668
- exclusive OR operation, 227
- exercises, in BCP documentation, 136
- exigent circumstances, 920
- exit interview, 19, 50
- expert systems, 984–985
- exploit Wednesday, 791
- Exploitability, in DREAD system, 31
- explosions, 870
- Export Administration Regulations (EAR), 159
- exposure, 56
- exposure factor (EF)
- about, 127
- quantitative risk analysis and, 64
- extended service set identifier (ESSID), 529
- Extended Validation (EV) certificates, 280
- Extensible Authentication Protocol (EAP), 533, 583–584
- Extensible Configuration Checklist Description Format (XCCDF), 732
- Extensible Markup Language (XML), 691
- external audits, 729
- F
- face scans, 652
- Facebook, 658
- facilities
- BCP and, 130
- controlling access to, 639
- Factor Analysis of Information Risk (FAIR), 81
- fail-closed, 316
- fail-open state/system, 316, 879, 950–951
- failover, 877
- fail-safe, 315–316
- fail-secure failure state, 950–951
- fail-secure system, 879
- fail-soft, 315
- fair cryptosystems, 254
- fairness, as a provision of the GDPR, 166
- false acceptance rate (FAR), 653
- false alarms, 823
- false positive, 822–823
- false rejection rate (FRR), 653
- familiarity, as a social engineering principle, 84
- Family Educational Rights and Privacy Act (FERPA), 54, 164
- Faraday cage, 368
- Fast Identity Online (FIDO) Alliance, 657
- fat access point, 529
- fault injection attack, 297
- fault tolerance, 343, 623, 875–880
- fax security, 602
- Federal Cybersecurity Laws (2014), 151–152
- Federal Emergency Management Agency (FEMA), 126, 866
- Federal Information Processing Standard (FIPS)
- 140-2, “Security Requirements for Cryptographic Modules,” 224
- 185, the Escrowed Encryption Standard (EES), 249
- Federal Information Security Management Act (FISMA, 2002), 150–151
- Federal Information Systems Modernization Act (FISMA, 2014), 151
- Federal Sentencing Guidelines, 150
- federated identities, 660–662
- feedback, 326
- feedback loop characteristics, 956–957
- fences, 477–479
- fiber-optic cables, 562–563
- fiber-optic links, 624
- Fibre Channel over Ethernet (FCoE), 523–524
- Fibre Channel over I (FCIP), 524
- field-powered proximity device, 458
- field-programmable gate array (FPGA), 387
- fields, in databases, 974
- file inclusion attacks, 1020
- file infector viruses, 997
- File Transfer Protocol (FTP), 294, 506
- Filtered port, 733
- filters, 682
- financial attacks, 926
- fingerprints, 652
- finite state machine (FSM), 325
- fire detection systems, 473–474
- fire extinguishers, 472–473
- fire prevention, detection, and suppression, 470–476
- fire triangle, 470–471
- fires, 868, 869–870
- firewall logs, 836
- firewalls
- about, 550–554
- basic guidelines for, 832–833
- as Rule-Based Access Controls, 686
- firmware over-the-air (OTA) updates, 418–419
- First Street Foundation's Flood Factor, 126
- 5-4-3- rule, 562
- 500-year floodplain, 866
- fixed-temperature detection systems, 473
- Flame Stage, of fire, 471–472
- flame-actuated systems, 473
- flash memory, 362, 374
- Flexible Authentication via Secure Tunneling (EAP-FAST), 584
- floods, 865–867
- fog computing, 385–386
- for official use only (FOUO), 182
- foreign keys, 976
- forensics
- for mobile devices, 423
- procedures for, 916–919
- forward proxy, 555
- Fourth Amendment, 160, 921
- fraggle attacks, 816–817
- frame, 500
- Freedom of Information Act (FOIA), 182
- frequency analysis, 233, 298–299
- Frequency Hopping Spread Spectrum (FHSS), 537
- full backups, 893
- full tunnel VPN, 607
- full-device encryption (FDE), 410
- full-disk encryption (FDE), 286
- Full-duplex mode, 501
- full-interruption test, 900
- fully qualified domain names (FQDN), 510
- function as a service (FaaS), 406
- function coverage, 752
- function recovery, 879
- functional priorities, 881–882
- functional requirements determination, 953
- FutureWave, 374
- fuzz testing, 26, 749–751
- G
- gait analysis, 461
- Galbraith's Star Model, 336
- Galois/Counter Mode (GCM), 245
- gamification, 98–99
- Gantt charts, 964
- gas discharge systems, 475–476
- gates, 477–479
- General Data Protection Regulation (GDPR), 54, 166–167, 207
- generational (intelligent) fuzzing, 749
- Generic Routing Encapsulation (GRE), 608
- geofencing, 413
- geolocation data, 412
- geostationary orbit (GEO), 543
- geotagging, 412–413
- Global Positioning System (GPS), 412–413
- Global Privacy Standard (GPS), 319
- goals
- aligning security function with, 17–19
- of business continuity planning (BCP), 133
- for email security, 597–598
- Goguen-Meseguer model, 335
- Golden Ticket, 710–711
- Good Practice Guidelines (GPG), 890
- Google, 591, 658, 663
- Google Authenticator, 655
- Google v. Oracle, 156
- governance, in Software Assurance Maturity Model (SAMM), 961
- Graham-Denning model, 335–336
- Gramm-Leach-Bliley Act (GLBA, 1999), 54, 163
- Grandfather-Son (GFS) strategy, 896
- graph databases, 983
- gratuitous ARP, 520
- Gray-Box Penetration Test, 744, 969–970
- greatest lower bound (GLB), 329
- grid computing, 377–378
- grudge attacks, 927–928
- guard dogs, 480–481
- guidelines, 24–25
- H
- hackers, 699
- hacktivists, 928–929
- Half-duplex mode, 501
- halon, 475–476
- hard drives, protecting, 875–877
- hard-coded credentials, 1033–1034
- hardening provisions, 130
- hardware
- about, 356
- asset inventories for, 774–775
- data storage devices, 366–367
- emanation security, 367–369
- failures of, 872
- input/output devices, 369–370
- memory, 362–366
- processor, 356–361
- replacement options for, 886–887
- secure operation of, 546–547
- hardware address, 503
- hardware security modules (HSMs), 284
- hardware segmentation, 427
- hardware/embedded device analysis, 918–919
- Harrison-Ruzzo-Ullman (HRU) model, 336
- hash functions
- about, 271–272
- comparing value lengths, 274
- MD5 algorithm, 273
- RIPE Message Digest (RIPEMD), 273–274
- Secure Hash Algorithm (SHA), 272–273
- Hash-based Message Authentication Code (HMAC), 276–277, 609
- hashing, 1029
- hashing algorithms, 244
- Health Information Technology for Economic and Clinical Health Act (HITECH, 2009), 162
- Health Insurance Portability and Accountability Act (HIPAA, 1996), 54, 161, 181, 838
- hearsay rule, 915–916
- heartbeat sensor, 458
- heat map, 531
- Heat Stage, of fire, 471–472
- heat-based motion detector, 459
- Hertz (Hz), 536
- hierarchical databases, 973–974
- hierarchical environment, 689
- hierarchical storage management (HSM), 896
- high-impact baseline, 209
- high-performance computing (HPC) systems, 382–383
- HMAC-based One-Time Password (HOTP), 656
- hoax messages, 90–91
- hoaxes, 999
- homograph attack, 515
- homomorphic encryption, 297
- honeynets, 828–829
- honeypots, 828–829
- hookup, 326
- hop limit field, 517
- horizontal distribution system, 454
- host-based firewall, 554
- host-based intrusion detection systems (HIDSs), 825–827
- hostname, 510
- host-to-host VPN, 605
- hot aisle, 468
- hot sites, 884–885
- hotspots, for mobile devices, 425
- hubs, 547
- human-made disasters, 869–874
- humidity considerations, 467–470
- hurricanes, 867–868
- hybrid assessment/analysis, 62
- hybrid attack, 704
- hybrid cloud deployment model, 783
- hybrid cryptography, 243, 269, 285
- hybrid environment, 689
- hybrid federation, 661–662
- hybrid warfare, 95
- “Hybrid Warfare” report, 95
- Hypertext Transfer Protocol (HTTP), 507
- Hypertext Transfer Protocol Secure (HTTPS), 290, 507
- hypervisor, 397, 403–405
- I
- iBeacon, 413
- IDEAL model, 962–963
- identification
- in Electronic Discovery Reference Model (EDRM), 912
- in security process, 8, 9
- identification cards, 456–457
- identity and access management (IAM), 47, 318
- identity and authentication
- about, 639, 668–669
- accountability, 644–645
- authorization, 644–645
- comparing subjects and objects, 642–643
- controlling access to assets, 639–641
- defining new roles, 667–668
- deprovisioning, 666–667
- device authentication, 657–658
- establishment of, 643–644
- exam essentials, 669–670
- implementing identity management (IdM), 659–664
- managing, 641–659
- multifactor authentication (MFA), 655
- mutual authentication, 659
- offboarding, 666–667
- onboarding, 665–666
- passwordless authentication, 656–657
- proofing, 643–644
- provisioning lifecycle, 664–668, 664–680
- registration, 643–644
- review question answers, 1078–1080
- review questions, 672–675
- service authentication, 658
- something you are factor of authentication, 645, 651–655
- something you have factor of authentication, 645, 650–651
- something you know factor of authentication, 645, 647–650
- two-factor authentication with Authenticator apps, 655–656
- written lab, 671
- written lab answers, 1110–1111
- identity as a service (IDaaS), 662–663
- identity fraud, 93–94
- identity management (IdM)
- about, 659
- credential management systems, 662–663
- credential manager apps, 663
- federated identities, 660–662
- scripted access, 663
- session management, 663–664
- single sign-on (SSO), 659–662
- identity theft, 93–94
- Identity Theft and Assumption Deterrence Act (1998), 164
- Identity Theft Resource Center (ITRC), 186
- immediate addressing, 364
- immutable architecture, 396
- impact analysis, 126–128
- impersonation. See spoofing
- Implement phase, in Risk Management Framework (RMF), 79–81
- implementation attack
- about, 297
- in Software Assurance Maturity Model (SAMM), 961
- implementing countermeasures, 72–74
- implicit deny, 414, 551, 679
- Implicit SMTPS, 601
- importance, statement of, 133
- import/export laws, 158–159
- incident prevention and response
- about, 803, 851–852
- automating, 845–851
- conducting incident management, 803–809
- exam essentials, 852–855
- implementing detective and preventive measures, 809–834
- logging and monitoring, 834–845
- review question answers, 1086–1089
- review questions, 856–859
- written lab, 855
- written lab answers, 1113
- incipient smoke detection systems, 474
- Incipient Stage, of fire, 471–472
- incremental attacks, 431–432
- incremental backups, 893
- independent service set identifier (ISSID), 529
- indirect addressing, 365
- industrial camouflage, 450
- industrial control system (ICS), 378–380
- industrial espionage, 925
- Industrial Internet of Things (IIoT), 385
- industry standards, 912
- inference, in databases, 980–981
- influence campaigns, 94–96
- information
- controlling access to, 639
- eliciting, 85
- ownership of, 774
- Information disclosure, in STRIDE threat model, 27
- information flow model, 325
- information gathering and discovery phase, in penetration testing, 743
- information governance, in Electronic Discovery Reference Model (EDRM), 912
- information security officer (ISO), 17
- information security (InfoSec) officer role, 21
- information security (InfoSec) team, 17
- information systems (IS), 3
- information technology (IT), 3
- Information Technology Infrastructure Library (ITIL), 23
- Information Technology Security Evaluation Criteria (ITSEC), 337
- InfraGard program, 923
- infrastructure
- BCP and, 130–131
- failures of, 871–872
- for mobile devices, 424
- infrastructure as a service (IaaS), 782
- infrastructure as code (IaC), 395–396
- infrastructure mode, 528
- inherent risk, 68
- inheritance, 947
- initialization vector (IV), 542
- initiating, in IDEAL model, 962
- injection vulnerabilities
- about, 1012
- code injection attacks, 1016
- command injection attacks, 1016–1017
- SQL injection attacks, 1012–1016
- in-memory analysis, 917
- input blacklisting, 1025
- input points, in decomposition process, 29
- input validation, 948–949, 1021, 1025–1027
- input whitelisting, 1025
- input/output devices, 369–370
- insecure direct object reference, 1018
- insider threat, 927–928
- instance, 947
- instant messaging (IM), 594–595
- Institute of Electrical and Electronics Engineers (IEEE), 503
- intangible inventories, 775–776
- integrated development environment (IDE), 945–946
- integrated level, of Risk Maturity Model (RMM), 78
- Integrated Product Teams (IPTs), 959
- Integrated Services Digital Network (ISDN), 623
- integration platform as a service (iPaaS), 403
- integrity
- in CIA Triad, 6, 641
- as a goal of cryptography, 221–222
- measurement of, 1030–1031
- monitoring, 1008
- integrity verification procedure (IVP), 333
- intellectual property (IP) laws, 152–157
- interactive application security testing (IAST), 748
- interactive online learning environment, xliv
- interconnection security agreement (ISA), 619
- Interface Definition Language (IDL), 381
- interfaces
- interference, 880
- Interior Gateway Routing Protocol (IGRP), 503
- intermediate distribution facilities, 454
- intermediate distribution frame (IDF), 454
- Intermediate System to Intermediate System (IS-IS), 503
- internal audits, 728
- internal networks, implementing authentication on, 696–697
- internal security controls
- about, 481
- combination locks, 481–482
- environment safety, 482
- keys, 481–482
- life safety, 482
- regulatory requirements, 482
- internal segmentation firewalls (ISFWs), 318, 554
- International Data Encryption Algorithm (IDEA), 248–249
- International Electrotechnical Commission (IEC), 23, 380
- International Organization for Standardization (ISO), 23, 340, 731
- International Traffic in Arms Regulations (ITAR), 159
- Internet
- ethics and, 931–933
- files cache, 375
- implementing authentication on, 691–694
- Internet Architecture Board (IAB), 932
- Internet Assigned Numbers Authority (IANA), 833
- Internet Control Message Protocol (ICMP), 519
- Internet Group Management Protocol (IGMP), 519
- Internet Key Exchange (IKE), 609
- Internet Message Access Protocol (IMAP), 506, 597
- Internet of Things (IoT), 383–385, 813
- Internet Protocol (IP) networking
- about, 516
- Internet Control Message Protocol (ICMP), 519
- Internet Group Management Protocol (IGMP), 519
- IP classes, 517–519
- IPv4 vs. IPv6, 516–517
- Internet Protocol Security (IPsec), 521, 609
- Internet Security Association and Key Management Protocol (ISAKMP), 609
- internet service providers (ISPs), 164
- Internet Small Computer System Interface (iSCSI), 524
- interrogations, during investigations, 922
- interviews, during investigations, 922
- intimidation, as a social engineering principle, 83
- intrusion alarms, 459–460
- intrusion detection systems (IDSs)
- about, 458–459, 820–821
- behavior-based detection, 821–823
- host-based, 825–827
- intrusion alarms, 459–460
- knowledge-based detection, 821–823
- motion detector/motion sensor, 459
- network-based, 825–827
- response to, 824
- secondary verification mechanisms, 460
- intrusion prevention systems (IPSs), 820–821, 827–828
- inventory control, 416
- investigations
- about, 910, 933
- computer crime categories, 923–929
- evidence, 913–919
- exam essentials, 934–935
- monitoring and, 839
- process for, 919–923
- review question answers, 1091–1093
- review questions, 936–939
- types, 910–913
- written lab, 935
- written lab answers, 1114
- invoice scams, 90
- iOS devices, 408
- IP address, 509
- IP configuration, 513
- IP Payload Compression (IPComp), 609
- IP security (IPsec) protocol, 294–295
- iris scans, 652
- ISACA
- Risk IT Framework, 81
- website, 22
- (ISC) 2
- about, xxxvii–xxxviii
- Code of Ethics, 930–931
- (ISC) 2 CISSP Certified Information Systems Security Professional Official Practice Tests, 3rd Edition, xlii
- ISO/IEC 15408, 337
- ISO/IEC 27005 “Information technology - Security techniques - Information security risk management,” 80
- ISO/IEC 31000 document “Risk management - Guidelines,” 80
- ISO/IEC 31004 “Risk management - Guidance for the implementation of ISO 31000,” 80
- isolation
- in ACID model, 978
- in CIA Triad, 321
- confidentiality and, 5
- IT as a service (ITaaS), 402
- IT closets, 455–458
- ITIL Core, 786
- J
- jailbreaking, 417–418, 832
- jamming, 542
- Japanese Purple Machine, 299
- Java, 373
- JavaScript, 373–374
- JavaScript Object Notation (JSON) Web Token (JWT), 693
- jitter, 880
- job descriptions/responsibilities, 45–46
- job rotation, 768, 769
- jump server, 548
- jumpbox, 548
- just-in-time (JIT) provisioning, 662
- K
- KeePass, 663
- Kerberoasting, 711
- Kerberos, 521, 695–697, 710–711
- Kerberos Brute-Force, 711
- Kerberos Principal, 696
- Kerberos Realm, 696
- Kerckhoffs's Principle, 223
- kernel mode, 359
- kernels, 324, 358
- key distribution, symmetric key algorithms and, 240
- Key Distribution Center (KDC), 695
- key escrow, 230, 254
- key performance indicators (KPIs)
- of physical security, 483
- in security management process, 755–756
- key space, 223
- keyboards, as input/output devices, 370
- keys
- about, 481–482
- length of, 266–267
- management of, 419
- recovery of, 254
- keystroke monitoring, 843
- key/value stores, 983
- kill chain model, 847–848
- Kim, Gene
- The Phoenix Project: A Novel About IT, DevOps, and Helping Your Business Win, 967
- KISS principle, 316–317
- knowledge-based detection, 821–823
- knowledge-based systems
- about, 984
- expert systems, 984–985
- machine learning (ML), 985–986
- neural networks, 986
- known plaintext attacks, 299
- L
- L3 switch, 610
- labels, 322
- LAN extenders, 548
- land attack, 817
- large-scale parallel data systems, 376–377
- last login notification, 714
- latency, 880
- lattice-based access control, 329
- law enforcement, calling in, 920
- lawfulness, as a provision of the GDPR, 166
- laws, regulations, and compliance
- about, 144, 171–172
- Canadian privacy laws, 167–168
- categories of laws, 144–147
- compliance, 169–170
- computer crime, 147–152
- contracting, 171
- European Union privacy law, 165–167
- exam essentials, 172–173
- import/export, 158–159
- intellectual property (IP), 152–157
- licensing, 158
- privacy, 160–168
- procurement, 171
- review question answers, 1051–1053
- review questions, 174–178
- state privacy laws, 168–169
- written lab, 173
- written lab answers, 1102
- Layer 2 Tunneling Protocol (L2TP), 608
- layering. See defense in depth
- LDAP injection attack, 1016
- learning, in IDEAL model, 962
- learning rule, 986
- leased line, 622
- least significant bit (LSB), 292
- least upper bound (LUB), 329
- legacy attacks, 817
- legal concerns, for mobile devices, 424
- legal requirements, for BCP, 120–121
- Let's Encrypt!, 279
- libraries, 945
- licensing laws, 158
- life safety, 482
- light fidelity (LiFi), 543
- lighting, 479–480
- lightweight cryptography, 296
- Lightweight Directory Access Protocol (LDAP), 660
- Lightweight Extensible Authentication Protocol (LEAP), 531, 533, 583
- likelihood assessment, 125–126
- limit check, 948
- Line Printer Daemon (LPD), 507
- line-interactive UPS, 466
- link encryption, 294
- link encryption VPN, 605
- link state routing protocols, 503
- load balancing, 376, 595–596
- load persistence, 596
- local alarm system, 460
- local area network (LAN), 559, 567–569
- local file inclusion attacks, 1020
- location services, 412–413
- lock picking, 481
- Lockheed Martin, 848
- lockout, for mobile devices, 411
- locks, 481–482
- log analysis, 840
- log cycling, 844
- log management, 844
- log reviews, 753–754
- logging
- about, 834, 950
- common types, 835–836
- data protection, 836–837
- techniques for, 834–835
- logic bombs, 999–1000
- logical access, controlling, 640
- logical controls, 73
- logical operations, 225–227
- logical topology, 563
- logistics, in disaster recovery planning (DRP), 897
- loop coverage, 752
- loopback address, 518, 618
- lost updates, 979
- low Earth orbit (LEO), 543
- low-impact baseline, 208
- M
- MAC address, 509
- MAC cloning, 613–614
- MAC filtering, 534, 613
- MAC flooding attack, 613
- MAC limiting, 613
- MAC spoofing, 509, 613
- machine language, 944
- machine learning (ML), 846–847, 850–851, 985–986
- macro viruses, 997–998
- magnetic stripe cards, 457
- mail storm, 599
- main distribution frame (MDF), 454
- maintenance
- in BCP documentation, 136
- change management and, 955
- for disaster recovery planning (DRP), 899–902
- malicious code and application attacks
- about, 994, 1035
- application attacks, 1009–1011
- application security controls, 1025–1031
- authorization vulnerabilities, 1017–1020
- exam essentials, 1035–1036
- injection vulnerabilities, 1012–1017
- malware, 994–1006
- malware prevention, 1006–1009
- review question answers, 1095–1097
- review questions, 1037–1040
- secure coding practices, 1031–1034
- web application vulnerabilities, 1020–1025
- written lab, 1036
- written lab answers, 1115
- malicious scripts, 1005–1006
- malicious software, 831
- malware
- about, 772, 994
- adware, 1004
- logic bombs, 999–1000
- malicious scripts, 1005–1006
- preventing, 1006–1009
- ransomware, 1004–1005
- sources of malicious code, 995
- spyware, 1004
- Trojan horses, 1000–1001
- viruses, 995–999
- worms, 1001–1004
- zero-day attacks, 1006
- malware inspection, 555
- managed detection and response (MDR) services, 1009
- managed services
- accounts for, 701
- in the cloud, 779–782
- management controls. See administrative controls
- managerial controls. See administrative controls
- Mandatory Access Control (MAC), 682, 687–689
- mandatory vacations, 48, 768
- Manifesto for Agile Software Development, 958–959
- man-in-the-middle (MiTM) attack, 300, 513, 819–820
- manual recovery, 879
- marking sensitive data, 190–192
- masquerading. See spoofing
- massive parallel processing (MPP), 376–377
- master boot record (MBR), 996–997
- maximum tolerable downtime (MTD), 123, 453
- maximum tolerable outage (MTO), 123, 453
- MD5 algorithm, 273
- mean time between failures (MTBF), 453–454
- mean time to failure (MTTF), 453–454, 778–779
- mean time to repair (MTTR), 453
- measured boot, 371
- media
- analysis of, 916–917
- management of, 776
- managing lifecycle of, 778–779
- protection techniques for, 776–777
- storage facilities for, 462–463
- Media Access Control (MAC) address, 503
- mediated-access model, 359
- medium Earth orbit (MEO), 543
- meet in the middle attacks, 300
- Meltdown memory error, 341–342
- memorandum of agreement (MOA), 619
- memorandum of understanding (MOU), 619
- memory
- random access, 363
- read-only, 362
- secondary, 365–366
- memory addressing, 364–365
- memory dump file, 917
- memory leaks, 1034
- memory management, 1034
- memory pointers, 1034
- memory protection, 341–342
- memory security issues, 366–367
- mergers and acquisitions, 19–20
- Merkle-Hellman Knapsack algorithm, 266
- mesh topology, 565
- message, 947
- message digest, 271
- metacharacters, 1026
- Metasploit Framework, 743–744
- method, 947
- metropolitan area network (MAN), 606
- mice, as input/output devices, 370
- microcode. See firmware
- microcontrollers, 386
- microprocessor, 356
- MicroSD, 410
- microsegmentation, 318, 526–527
- microservices, 394–395
- Microsoft Security Development Lifecycle (SDL), 26
- military and intelligence attacks, 924–925
- Mimikatz, 708–709
- Mirai malware, 813
- mirroring, 876
- mission, aligning security function with, 17–19
- misuse case testing, 751–752
- mitigation, of incidents, 806–807
- MITRE ATT&CK Matrix, 848–849
- mnemonics, 500
- mobile application management (MAM), 414
- mobile code, 372–374
- mobile content management (MCM) system, 414
- mobile device management (MDM), 409
- mobile devices
- about, 406–407
- Android, 407–408
- application control/management, 414
- asset tracking, 416
- bring your own device (BYOD), 420
- carrier unlocking, 418
- choose your own device (CYOD), 421
- communication protection, 410–411
- connection methods, 417
- content management system (CMS), 414
- corporate-owned, personally enabled (COPE), 420–421
- corporate-owned business-only (COBO) strategy, 421
- corporate-owned mobile strategy (COMS), 421
- credential management, 419
- custom firmware, 418
- deployment policies, 420–426
- device authentication, 409–410
- device lockout, 411
- disabling unused features, 417
- firmware over-the-air (OTA) updates, 418–419
- full-device encryption (FDE), 410
- Global Positioning System (GPS), 412–413
- inventory control, 416
- iOS, 408
- jailbreaking, 417–418
- key management, 419
- location services, 412–413
- mobile device management (MDM), 409
- protecting, 778
- push notifications, 415
- remote wiping, 411
- removable storage, 416
- rooting, 417–418
- screen locks, 411–412
- security features for, 408–420
- sideloading, 418
- storage segmentation, 415–416
- text messaging, 419–420
- third-party application stores, 415
- with Wi-Fi capabilities, 539
- mobile sites, 886
- modems, 370, 547–548
- moderate-impact baseline, 209
- modification attacks, 626
- modulo function, 227–228
- Monitor phase, in Risk Management Framework (RMF), 79–81
- monitoring
- accountability and, 838–839
- activity, 839
- audit trails, 838
- devices for, 772
- encrypted traffic, 826
- investigation and, 839
- measurement and, 76–77
- problem identification and, 840
- role of, 837
- security information and event management (SIEM), 841
- techniques for, 840–843
- monitors, as an input/output device, 369
- Morana, Marco M. (author)
- Risk Centric Threat Modeling: Process for Attack Simulation and Threat Analysis, 27–28
- Morris, Robert Tappan, 1002–1003
- motion detector/motion sensor, 459
- multicast technology, 567
- multicasting, 519
- multicore, 357
- multifactor authentication (MFA), 318, 409–410, 646, 655, 690, 713–714
- multifunction devices (MFDs), 390, 554
- multifunction printers (MFPs), 369
- multilayer protocols
- about, 522–523
- converged protocols, 523–524
- implications of, 522–526
- software-defined networking (SDN), 525–526
- Voice over Internet Protocol (VoIP), 524–525
- multilayer switch, 610
- multimedia collaboration, 593–595
- multipartite viruses, 998
- multiparty risk, 52
- multiprocessing, 357
- multiprogramming, 357
- Multiprotocol Label Switching (MPLS), 524
- multitasking, 356–357
- multithreading, 357
- mutation (dumb) fuzzing, 749
- mutual assistance agreements (MAAs), 887–888
- mutual authentication, 659
- N
- narrow-band wireless, 543
- NAT traversal (NAT-T), 555, 616
- National Cybersecurity Protection Act, 152
- National Information Infrastructure Protection Act (1996), 149–150
- National Institute of Standards and Technology (NIST)
- Cybersecurity Framework (CSF), 23, 79, 151
- Federal Information Processing Standards (FIPS), 837
- FISMA implementation guidelines, 150–151
- Risk Management Framework (RMF), 23, 79–81
- SMS for 2FA, 656
- SP 800-18, 205
- SP 800-30r1 Appendix D, “Threat sources,” 60
- SP 800-30r1 Appendix E, “Threat events,” 60
- SP 800-34, Contingency Planning Guide for Federal Information Systems, 890
- SP 800-53, 14–15
- SP 800-53 Rev. 5, “Security and Privacy Controls for Information Systems and Organizations,” 22, 76, 151, 208
- SP 800-53A: Assessing Security and Privacy Controls in federal Information Systems Organizations: Building Effective Assessment Plans, 727
- SP 800-53B, 209–210
- SP 800-61, Computer Security Incident Handling Guide, 803–804, 805, 901
- SP 800-63B, “Digital Identity Guidelines: Authentication and Lifecycle Management,” 644, 648–649
- SP 800-86, Guide to Integrating Forensic Techniques into Incident Response, 913
- SP 800-88 Rev. 1, “Guidelines for Media Sanitization,” 194
- SP 800-94, Guide to Intrusion Detection and Prevention Systems, 821, 824
- SP 800-100, 14–15
- SP 800-115, FedRAMP Penetration Test Guidance, 745
- SP 800-122, Guide to Protecting the Confidentiality of Personally Identifiable Information (PII), 180, 181
- SP 800-145, The NIST Definition of Cloud Computing, 782
- SP 800-171: Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations, 151
- SP 800-207, “Zero Trust Architecture,” 318–319
- website, 732
- National Software Reference Library (NSRL), 918
- natural access control, 451
- natural disasters, 864–869
- natural surveillance, 451
- natural territorial reinforcement, 451–452
- “Navigating Digital Information” YouTube series, 96
- near-field communication (NFC), 539
- need-to-know principle, 680, 765–766
- network access control (NAC), 549–550
- network address and port translation (NAPT). See port address translation (PAT)
- network address translation (NAT)
- about, 614–616
- Automatic Private IP Addressing (APIPA), 617–618
- private IP addresses, 616–617
- stateful NAT, 617
- Network Address Translation-Protocol Translation (NAT-PT), 517
- network analyzer. See protocol analyzer
- network and port address translation (NPAT). See port address translation (PAT)
- network architecture
- about, 497, 569–570
- Address Resolution Protocol (ARP), 519–520
- analyzing network traffic, 505–506
- Application layer protocols, 506–507
- cellular networks, 544
- communication protocols, 521, 543–544
- content distribution network (CDN), 545
- domain name system (DNS), 509–515
- exam essentials, 570–573
- implications of multilayer protocols, 522–526
- Internet Protocol (IP) networking, 516–519
- microsegmentation, 526–527
- network components, 545–569
- Open Systems Interconnection (OSI) Reference Model, 497–504
- review questions, 575–579
- TCP/IP model, 504–505
- Transport layer protocols, 508–509
- wireless networks, 527–542
- written lab, 574
- network architecture and components
- review question answers, 1071–1074
- written lab answers, 1108
- network components
- about, 545–546
- cabling, 559–563
- common equipment, 547–549
- content/URL filter, 555–556
- endpoint security, 556–559
- Ethernet, 565–566
- firewalls, 550–554
- hardware operation, 546–547
- network access control (NAC), 549–550
- proxy, 554–555
- sub-technologies, 566–569
- topology, 559, 563–566
- transmission media technology, 559
- network discovery scanning, 732–737
- network evaluator. See protocol analyzer
- network failures, 871–872
- Network File System (NFS), 507
- network flow (NetFlow), 754
- Network layer (layer 3), 502
- network segmentation, 527
- Network Time Protocol (NTP), 753, 839
- network traffic, analyzing, 505–506
- network vulnerability scanning, 737–739
- network-based DLP, 190
- network-based intrusion detection systems (NIDSs), 825–827
- network-enabled devices, 388
- neural networks, 986
- Newman, Oscar (author)
- Creating Defensible Space, 452
- next-generation firewall (NGFW), 374, 554, 833
- next-generation secure web gateway (SWG), 553
- NIC address, 503
- nnn-nn-nnnn pattern, 189
- noise considerations, 467
- nonce, 228, 651
- nondedicated line, 623
- nondisclosure agreement (NDA), 48, 157
- Nondiscretionary Access Control, 683–685
- noninterference model, 326
- non-IP protocols, 502
- nonlinear warfare, 95
- nonrepudiation
- as a goal of cryptography, 222
- risks of, 8
- symmetric key algorithms and, 240
- nontransparent proxy, 555
- nonvolatility, of storage devices, 366
- north-south traffic, 546
- NoScript, 374
- NoSQL databases, 982–983
- NOT operation, 226
- notification alarms, 459
- nuisance alarm rate (NAR), 477
- NULL pointer, 1034
- O
- OAuth, 692, 694
- obfuscation, 1028–1029
- object evidence, 913–914
- objectives, aligning security function with, 17–19
- object-oriented programming (OOP), 946–948, 974
- objects
- compared with subjects, 642–643
- defined, 678
- in secure design, 311–312
- Oblivious DoH (ODoH), 511
- occupant emergency plans (OEPs), 482
- offboarding, 49–52, 423, 666–667
- offline distribution, 252–253
- offsite storage, in disaster recovery planning (DRP), 892–896
- off-the-shelf solutions, 354
- omnidirectional antenna, 534
- onboard camera/video, for mobile devices, 424–425
- onboarding, 47–48, 423, 665–666
- 100-year floodplain, 866
- one-time pads, 234–236
- onetime passwords, 651
- one-way functions, 228
- Online Certificate Status Protocol (OCSP), 280–281, 282
- on-path attack. See man-in-the-middle (MiTM) attack
- on-premises federated identity management system, 661
- on-site assessment, for evaluation of third parties, 20
- Open Database Connectivity (ODBC), 982–983
- Open port, 733
- open relay, 597
- Open Shortest Path First (OSPF), 503
- open source, 313
- open source software (OSS), 972
- open system authentication (OSA), 531
- open systems, 312–313
- Open Systems Interconnection (OSI) Reference Model
- deencapsulation, 498–500
- encapsulation, 498–500
- functionality of, 498
- history of, 497
- layers, 500–504
- Open Vulnerability and Assessment Language (OVAL), 732
- Open Web Application Security Project (OWASP), 664, 739, 950, 961, 1017
- OpenID, 693
- OpenID Connect (OIDC), 693–694
- OpenPGP, 601
- OpenSSL library, 945
- OpenVPN, 608
- operating modes, for processors, 361
- operating states, 359–361
- operational plan, 19
- operational technology (OT), 378–380
- Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE), 81
- operations, in Software Assurance Maturity Model (SAMM), 961
- operator role, 22
- Optical Carrier (OC), 624
- optimized level, of Risk Maturity Model (RMM), 78
- OR operations, 225–226
- Organization for the Advancement of Structured Information Standards (OASIS), 691
- organizational code of ethics, 929–930
- organizational processes, 19–20
- organizational responsibility, statement of, 133–134
- organizational review, 116
- organizational roles and responsibilities, 21–22
- organizationally unique identifier (OUI), 503
- Orthogonal Frequency-Division Multiplexing (OFDM), 537
- OS-virtualization. See containerization
- out-of-band pathway, 527
- output encoding, 1022
- Output Feedback (OFB) mode, 245
- outsourcing, 53
- overloaded NAT. See port address translation (PAT)
- Overpass the Hash, 710
- overprotection, 8
- overwriting media, 196
- P
- P7B certificates, 283
- packet loss, 880
- packet switching, 620–621
- packet-capturing utility. See protocol analyzer
- Padding Oracle On Downgraded Legacy Encryption (POODLE), 290–291
- pagefile, 365–366
- paging, 365–366
- palm scans, 652
- pan, tilt, and zoom (PTZ), 461
- pandemics, 869
- parallel computing, 376–377
- parallel data systems, 376–377
- parallel test, 900
- parameter pollution, 1026–1027
- parameterized queries, 1028
- Pass the Ticket, 710
- passive audio detector, 459
- passive infrared (PIR) motion detector, 459
- passive monitoring, 752
- passive proximity device, 457
- passive response, to intrusion detection systems (IDSs), 824
- pass-the-hash (PtH) attack, 709–710
- password attacks
- about, 703–704
- birthday attack, 706–707
- brute-force attack, 704–705
- credential stuffing attack, 706
- dictionary attack, 704
- Kerberos exploitation attack, 710–711
- Mimikatz, 708–709
- pass-the-hash (PtH) attack, 709–710
- rainbow table attack, 707–708
- sniffer attack, 711–712
- spraying attack, 706
- Password Authentication Protocol (PAP), 583
- password masking, 713
- password policy, 647–648
- password vault, 419
- Password-Based Key Derivation Function 2 (PBKDF2), 707
- passwordless authentication, 656–657
- patch management
- about, 789–791
- for mobile devices, 422
- Patch Tuesday, 791
- patches, 789
- patents, 155–156
- path vector routing protocol, 503
- pattern-matching detection, 821–823
- Payment Card Industry Data Security Standard (PCI DSS), 53, 169–170, 210, 648, 650, 834, 912
- peer layer communication, 499
- peer-to-peer (P2P) technologies, 378
- penetration testing, 742–745
- people, BCP and, 129–130
- pepper, 708
- perfect forward secrecy, 291–292
- perimeter intrusion detection and assessment system (PIDAS), 477
- perimeter security controls
- about, 477
- access control vestibules, 477–479
- fences, 477–479
- gates, 477–479
- guard dogs, 480–481
- lighting, 479–480
- security guards, 480–481
- turnstiles, 477–479
- period analysis, 234
- permanent address, 509
- permanent virtual circuits (PVCs), 621–622
- permissions, 678
- persistence, 596
- persistent online authentication, DRM and, 199
- personal (PER), 532
- Personal Information Exchange (PFX) format, 283
- Personal Information Protection and Electronic Documents Act (PIPEDA), 167–168
- personally identifiable information (PII), 180
- personnel and communications, in disaster recovery planning (DRP), 891–892
- personnel safety and security
- about, 771
- duress, 771–772
- emergency management, 773
- security training and awareness, 773
- travel, 772–773
- personnel security and risk management
- about, 45, 100–101
- applying risk management concepts, 55–81
- exam essentials, 101–106
- personnel security policies and procedures, 45–54
- review question answers, 1045–1049
- review questions, 107–111
- security awareness, education, and training program, 96–100
- social engineering, 81–96
- written lab, 106
- written lab answers, 1100–1101
- personnel security policies and procedures
- about, 45
- candidate screening and hiring, 46–47
- compliance policy requirement, 53
- consultant agreements, 52–53
- contractor agreements, 52–53
- employee oversight, 48–49
- employment agreements, 47–48
- job descriptions and responsibilities, 45–46
- offboarding, 49–52
- onboarding, 47–48
- privacy policy requirements, 54
- termination, 49–52
- transfers, 49–52
- vendor agreements, 52–53
- phishing, 85–86
- phishing simulation, 86, 755
- The Phoenix Project: A Novel About IT, DevOps, and Helping Your Business Win (Kim, Behr, and Spafford), 967
- phone number spoofing, 713
- photoelectric motion detector, 459
- phreaking, 588–589
- physical access, controlling, 640
- physical address, 503
- physical controls, 74
- physical controls for physical security, 452
- physical interface, 751
- Physical layer (layer 1), 504
- physical security
- about, 448, 484
- exam essentials, 484–488
- implementing and managing, 476–483
- review question answers, 1067–1070
- review questions, 489–493
- site and facility design, 448–452
- site and facility security controls, 452–476
- written lab, 488
- written lab answers, 1106–1107
- physical topology, 563
- physically hardening systems, 131
- picketing, 873
- piggybacking, 91–92
- ping flood attacks, 817
- ping-of-death attack, 817
- PKI and cryptographic applications
- about, 264, 301–302
- applied cryptography, 285–297
- asymmetric cryptography, 264–271
- asymmetric key management, 284
- cryptographic attacks, 297–301
- digital signatures, 275–277
- exam essentials, 302–303
- hash functions, 271–274
- hybrid cryptography, 285
- public key infrastructure, 277–283
- review question answers, 1058–1059
- review questions, 304–307
- written lab, 303
- written lab answers, 1104
- plain view doctrine, 920
- plaintext message, 223
- planning phase, in penetration testing, 743
- platform as a service (PaaS), 782
- playbook, 846
- plenum, 469
- pointer, 365
- pointer dereferencing, 1034
- point-to-point link, 622
- Point-to-Point Protocol (PPP), 582–583
- Point-to-Point Tunneling Protocol (PPTP), 607
- policy review, for evaluation of third parties, 20
- policy violation, 99–100
- polling, 568–569
- polyinstantiation, 981
- polymorphic viruses, 999
- polymorphism, 947
- port address translation (PAT), 615
- port forwarding. See NAT traversal (NAT-T)
- port isolation, 611
- port tap, 612
- portable devices, 285–286
- PortableDocument Format (PDF), 199
- ports
- position descriptions, 45–46
- positive air pressure, 469
- Post Office Protocol (POP3), 506, 597
- postwhitening, 251
- power conditioner, 465
- power considerations, 465–467
- power outages, 871
- power sources, protecting, 878
- power-line conditioner, 465
- power-on self-test (POST), 362
- PowerShell, privilege escalation with, 702
- preaction system, 474
- preliminary level, of Risk Maturity Model (RMM), 78
- premises wire distribution room, 454
- Prepare phase, in Risk Management Framework (RMF), 79–81
- prepending, 85
- preponderance of the evidence, 911
- prequalifications, xxviii–xxxix
- presentation, in Electronic Discovery Reference Model (EDRM), 912
- Presentation layer (layer 6), 501
- preservation, in Electronic Discovery Reference Model (EDRM), 912
- preset locks, 481
- preshared key (PSK), 532
- Pretty Good Privacy (PGP), 287–289, 600, 601
- preventative control. See preventive control
- preventive control
- prewhitening, 251
- primary authoritative name server, 510
- primary keys, 975
- primary memory/storage, 366
- principle of least privilege, 47, 680, 766–767
- printers, as an input/output device, 369
- priorities
- identifying, 122–123
- response and, 30–31
- statement of, 133
- privacy
- confidentiality and, 5
- defined, 54
- for mobile devices, 423
- in the workplace, 164–165
- Privacy Act (1974), 160–161
- Privacy by Design (PbD), 319
- “Privacy by Design - The 7 Foundational Principles: Implementation and Mapping of Fair Information Practices” (Cavoukian), 319
- privacy control baseline, 209
- Privacy Enhanced Mail (PEM) format, 283
- privacy laws, 160–168
- privacy policy requirements, 54
- Privacy Shield, 167
- private branch exchange (PBX), 589–590
- private cloud deployment model, 782
- private IP addresses, 616–617
- private key cryptography. See cryptography and symmetric key algorithms
- private keys, 240, 264–265
- private label, 184
- private port, 611
- privilege creep, 668, 684
- privilege escalation attacks, 700–702, 1011
- privileged account management (PAM), 769–770
- privileged mode, 359, 361
- privileged operations, in decomposition process, 29
- privileges, 679
- proactive approach, to threat modeling, 26
- problem identification, monitoring and, 840
- problem state, 359–361
- procedural controls. See administrative controls
- procedures, 25
- Process for Attack Simulation and Threat Analysis (PASTA) threat model, 27–28
- process isolation, 426–427
- process states, 359–361
- processes
- for BCP, 129–131
- reviewing for evaluation of third parties, 20
- processing, in Electronic Discovery Reference Model (EDRM), 912
- processor, 356–361
- procurement, 171
- production, in Electronic Discovery Reference Model (EDRM), 912
- Professional Practices library (website), 890
- Program Evaluation Review Technique (PERT), 964
- programmable logic controllers (PLCs), 378–380
- programmable read-only memory (PROM), 362
- programming languages, 943–945
- project scope
- about, 115–116
- BCP team selection, 117–118
- legal requirements, 120–121
- organizational review, 116
- regulatory requirements, 120–121
- resource requirements, 119
- promiscuous mode, 505
- proprietary data, 181
- proprietary label, 184
- proprietary system, 460
- protected cable distribution, 454
- Protected Extensible Authentication Protocol (PEAP), 533, 583
- protected health information (PHI), 162, 181
- protection mechanisms
- about, 11
- abstraction, 12
- data hiding, 12–13
- defense in depth, 11
- encryption, 13
- protection profiles (PPs), 338
- protection rings, 358–359
- protective distribution systems (PDSs), 454
- protocol analyzer, 505, 626, 917–918
- protocol data unit (PDU), 499–500
- protocol security mechanisms
- about, 582
- authentication protocols, 582–585
- port security, 585
- quality of service (QoS), 585
- provisioning
- for BCP, 129–131
- in configuration management (CM), 783
- proximity devices, 457–458
- proxy, 554–555
- proxy auto-config (PAC) file, 555
- proxy falsification, 513
- proxy logs, 836
- prudent person rule, 150
- pseudo-flaws, 829
- pseudonymization, 200–201, 202
- PsExec, 710
- PsTools, 710
- public cloud deployment model, 782
- public data, 184
- public key encryption, 253
- public key infrastructure (PKI)
- about, 277, 660
- certificate authorities (CAs), 279–280
- certificate lifecycle, 280–283
- certificates, 278
- public keys, 264–265
- public ledger, 381
- public switched telephone network (PSTN), 369, 524–525, 586
- purging media, 196
- purpose limitation, as a provision of the GDPR, 166
- push notifications, 415
- Q
- qualitative impact assessment, 121–122
- qualitative risk analysis, 61–63
- quality of service (QoS), 585, 880
- quantitative impact assessment, 121–122
- quantitative risk analysis, 61, 63–66
- quantum computing, 270
- quantum cryptography, 270–271
- quantum key distribution (QKD), 270
- quantum supremacy, 270
- query, 512
- Quick Response (QR) codes, 425–426
- R
- Radio Frequency Identification (RFID), 538
- radio-frequency interference (RFI), 467
- RadSec, 698
- RAID, 876
- rainbow table attack, 707–708
- rainbow tables, 298
- random access memory (RAM), 363
- random access storage devices, 366
- random ports, 508
- ransomware, 1004–1005
- Raspberry Pi, 387
- rate-of-rise detection systems, 473
- reactive approach, to threat modeling, 26
- read-only memory (ROM), 362
- read-through test, 899–900
- ready state, 360
- real evidence, 913–914
- real memory, 363
- real user monitoring (RUM), 752
- Real-Tim Transport Protocol (RTP), 525
- real-time operating system (RTOS), 383
- reasonable expectation of privacy, 920
- reciprocal agreements, 887–888
- record retention, 197–198
- recording microphone, for mobile devices, 425
- recovery agents (RAs), 230, 254
- recovery controls, 75
- recovery phase, of incident response, 808
- recovery point objective (RPO), 123
- recovery strategy
- about, 880–881
- alternate processing sites, 883–888
- business unit, 881–882
- cloud computing, 887
- crisis management, 882
- database recovery, 888–889
- electronic vaulting, 888–889
- emergency communications, 882–883
- functional priorities, 881–882
- mutual assistance agreements (MAAs), 887–888
- remote mirroring, 889
- workgroup recovery, 883
- recovery time objective (RTO), 123
- reducing risk. See risk mitigation
- reduction analysis, performing, 28–30
- reference monitors, 324–325
- reference profile, 654
- reference template, 654
- reflected XSS, 1021–1022
- regeneration, symmetric key algorithms and, 241
- register addressing, 364
- registered domain name, 510
- registered software ports, 508
- registers, 364
- registration authorities (RAs), 279
- regulatory investigations, 911–912
- regulatory requirements, 120–121, 482
- rejecting risk. See risk rejection
- relational databases, 974–977
- release control, 965
- relying party, 693
- remediation phase
- in incident response, 808–809
- in vulnerability scanning, 742
- remote access security management
- about, 590
- planning, 592–593
- remote connection security, 591–592
- telecommuting techniques, 591
- remote access Trojan (RAT), 1000–1001
- remote access VPN, 605
- Remote Authentication Dial-in User Service (RADIUS), 697–698
- remote connection security, 591–592
- remote connectivity technique, 592
- remote file inclusion attacks, 1020
- remote meeting, 593–594
- remote mirroring, 889
- remote mode operation, 591
- remote sanitization, 411
- remote user assistance, 592–593
- remote wiping, 411
- remote-control remote access, 591
- remotely triggered black hole (RTBH), 551
- removable storage, 416
- repeaters, concentrators, and amplifiers (RCAs), 547
- repellent alarms, 459
- replay attacks, 301, 542
- reporting phase
- of incidents, 807–808
- investigations, 923
- in penetration testing, 743
- Reproducibility, in DREAD system, 31
- repudiation
- about, 222
- in STRIDE threat model, 27
- reputation filtering, 602
- request control, 965
- request for comments (RFC), 932
- request forgery attacks, 1023–1024
- residual risk, 68
- resource records, 510
- resources
- exhausting, 1034
- prioritizing, in business impact analysis (BIA), 128
- protecting, 776–779
- requirements for BCP, 119
- response, prioritization and, 30–31
- responsibilities
- integrity and, 6
- organizational, 21–22
- restoration, recovery vs., 897–898
- restricted area security, 464–465
- restricted interface model, 333, 343
- restrictions, 682
- retina scans, 652
- Reverse Address Resolution Protocol (RARP), 827
- reverse hash matching. See birthday attacks
- reverse proxy. See NAT traversal (NAT-T)
- review, in Electronic Discovery Reference Model (EDRM), 912
- review question answers
- access control, 1080–1082
- asset security, 1053–1056
- business continuity planning (BCP), 1049–1051
- cryptography and symmetric key algorithms, 1056–1057
- disaster recovery planning (DRP), 1089–1091
- identity and authentication, 1078–1080
- incident prevention and response, 1086–1089
- investigations and ethics, 1091–1093
- laws, regulations, and compliance, 1051–1053
- malicious code and application attacks, 1095–1097
- personnel security and risk management, 1045–1049
- physical security requirements, 1067–1070
- PKI and cryptographic applications, 1058–1059
- secure communications and network attacks, 1075–1077
- secure network architecture and components, 1071–1074
- security assessment and testing, 1082–1084
- security governance, 1042–1045
- security models, design, and capabilities, 1060–1062
- security operations, 1084–1086
- software development security, 1093–1095
- vulnerabilities, threats, and countermeasures, 1062–1067
- review questions
- access control, 718–721
- asset security, 214–218
- business continuity planning (BCP), 139–142
- cryptography and symmetric key algorithm, 258–261
- disaster recovery planning (DRP), 904–907
- ethics, 936–939
- identity and authentication, 672–675
- incident response, 856–859
- investigations, 936–939
- laws, regulations, and compliance, 174–178
- malicious code and application attacks, 1037–1040
- network architecture, 575–579
- personnel security and risk management, 107–111
- physical security, 489–493
- PKI and cryptographic applications, 304–307
- security and assessment testing program, 759–762
- security governance, 37–42
- security models, 348–352
- security operations, 797–800
- software development security, 989–992
- vulnerabilities, threats, and countermeasures, 441–445
- revocation, digital certificate and, 281–283
- rights, 679
- Rijndael block cipher, 250
- ring topology, 563
- RIPE Message Digest (RIPEMD), 273–274
- risk acceptance, 67, 134
- risk analysis. See risk assessment
- risk appetite, 67
- risk assessment
- about, 60–66
- in BCP documentation, 134
- defined, 55
- risk assignment, 67
- risk avoidance, 67
- risk awareness, 55
- risk capacity, 67
- Risk Centric Threat Modeling: Process for Attack Simulation and Threat Analysis (Velez and Morana), 27–28
- risk deterrence, 67
- risk frameworks, 79–81
- risk identification, in business impact analysis (BIA), 123–124
- risk indicators, in security management process, 755–756
- risk log. See risk register
- risk management
- about, 55
- asset valuation, 58–59
- continuous improvement, 77–78
- cost vs. benefit of security controls, 69–72
- countermeasure selection and implementation, 72–74
- defined, 700
- identifying threats and vulnerabilities, 60
- monitoring and measurement, 76–77
- risk assessment/analysis, 60–66
- risk frameworks, 79–81
- risk reporting and documentation, 77
- risk responses, 66–69
- security control assessment (SCA), 76
- terminology and concepts, 56–58
- Risk Maturity Model (RMM), 78
- risk mitigation, 67, 134
- risk register, 77
- risk rejection, 68
- risk response, 55, 66–69
- Risk-Based Access Control, 682, 689–690
- risks
- defined, 57
- reporting and documentation of, 77
- Rivest, Ronald, 265, 273
- Rivest Cipher 4 (RC4), 249–250
- Rivest Cipher 5 (RC5), 250
- Rivest Cipher 6 (RC6), 250
- Rivest ciphers, 249–250
- Rivest-Shamir-Adleman (RSA) algorithm, 277
- robot sentries, 481
- rogue access points, 540
- rogue DNS server, 512
- Role-Based Access Control (RBAC), 681–685
- roles, 21–22, 667–668
- rollover logging, 844
- root certificate, 279
- rooting, 417–418
- rootkits, 431, 1011
- ROT3 cipher, 233
- routers, 548
- Routing Information Protocol (RIP), 503
- routing protocols, 503
- Royce, Winston, 956
- RSA algorithm, 156, 265–266
- rule of least power, 317
- Rule-Based Access Control, 682, 686
- rules of behavior, 205
- runbook, 846
- running key ciphers, 236–237
- running state, 360
- Runtime Application Self-protection (RASP), 748
- runtime environment, 944
- S
- sabotage, 820
- safe, 463
- safeguards
- applicable types of, 74–76
- cost vs. benefit of, 69–72
- defined, 57
- selecting and implementing, 72–74
- salami attack, 432
- salting, 298
- sampling, 754, 842
- sandboxing, 320, 833
- Sandvig v. Barr, 149
- sanitizing, 367
- Sarbanes-Oxley Act (SOX, 2002), 54, 170, 838
- satellite communications, 543, 623
- scalability, 241, 399, 783
- Scam Me If You Can: Simple Strategies to Outsmart Today's Ripoff Artists (Abagnale), 98
- scarcity, as a social engineering principle, 84
- scenarios, creating, 62
- Schneier, Bruce, 249
- Schrems II, 167
- Scientific Working Group on Digital Evidence, 919
- scoping, tailoring compared with, 209–210
- screen locks, 411–412
- screen scraper/scraping, 591
- screened host, 546
- screened subnet, 545
- screening router, 552
- script kiddies, 928, 995
- scripted access, 663
- Scrum approach, 959
- search warrant, 920, 921
- seclusion, confidentiality and, 5
- secondary authoritative name server, 510
- secondary memory/storage, 365–366
- secondary verification mechanisms, 460
- secrecy, confidentiality and, 5
- secret key attacker, 231
- secret key cryptography. See cryptography and symmetric key algorithms
- secret label, 182
- secure boot, 371
- secure defaults, 314
- secure facility plan, 448–449
- Secure Hash Algorithm (SHA), 272–273
- Secure Key Exchange Mechanism (SKEME), 609
- Secure Multipurpose Internet Mail Extensions (S/MIME), 600
- Secure Real-Time Transport Protocol or Secure RTP (SRTP), 525
- Secure Remote Procedure Call (S-RPC), 521
- Secure Shell (SSH), 294, 521, 608
- Secure Sockets Layer (SSL), 290, 521
- secure state machine, 325
- Secure/Multipurpose Internet Mail Extensions (S/MIME) protocol, 289
- security. See also specific topics
- about, 3–4
- applying concepts, 4–13
- as a provision of the GDPR, 167
- security and assessment testing program
- about, 725–727, 756
- building, 725–731
- exam essentials, 756–757
- implementing security management processes, 753–756
- performing vulnerability assessments, 731–746
- review question answers, 1082–1084
- review questions, 759–762
- testing software, 746–753
- written lab, 758
- written lab answers, 1111–1112
- security as a service (SECaaS), 402
- Security Assertion Markup Language (SAML), 691–692, 694
- security association (SA), 295
- security audits, 727–731
- security awareness, 96–99
- security baselines, 24–25, 208–210
- security bollards, 479
- security boundaries, 13–14
- security capabilities
- about, 341
- encryption/decryption, 343
- fault tolerance, 343
- interfaces, 343
- memory protection, 341–342
- Trusted Platform Module (TPM), 342
- virtualization, 342
- security champions, 98
- security collector, 548
- Security Content Automation Protocol (SCAP), 731
- security control assessment (SCA), 76
- security control characteristics, 624–625
- security control frameworks, 22–23
- security controls. See safeguards
- security function
- about, 16
- alignment with business strategy, goals, mission, and objectives, 17–19
- due care, 23
- due diligence, 23
- organizational processes, 19–20
- organizational roles and responsibilities, 21–22
- security control frameworks, 22–23
- security governance
- about, 3, 14–15, 33
- applying principles of, 14–16
- applying security concepts, 4–13
- documentation review, 15–16
- exam essentials, 33–36
- managing security function, 16–23
- review question answers, 1042–1045
- review questions, 37–42
- security, 3–4
- security boundaries, 13–14
- security policy, standards, procedures, and guidelines, 23–25
- supply chain risk management, 31–32
- third-party governance, 15
- threat modeling, 26–31
- written lab, 36
- written lab answers, 1100
- security guards, 480–481
- security guidelines, 24–25
- security IDs, 456–457
- security incident, 803
- security information and event management (SIEM), 841
- security kernels, 324, 358
- security logs, 835
- security management processes
- about, 753
- account management, 754
- awareness, 755
- business continuity, 754–755
- disaster recovery, 754–755
- key performance and risk indicators, 755–756
- log reviews, 753–754
- training, 755
- security mechanisms
- about, 426
- hardware segmentation, 427
- process isolation, 426–427
- system security policy, 427–428
- security models
- about, 310, 322–323, 343–344
- access control matrix, 327–328
- Bell-LaPadula model, 328–330
- Biba model, 330–332
- Brewer and Nash model, 334–335
- capabilities of information systems, 341–343
- Clark-Wilson model, 333–334
- design principles, 310–320
- ensuring CIA Triad, 320–322
- exam essentials, 344–347
- fundamental concepts of, 322–336
- Goguen-Meseguer model, 335
- Graham-Denning model, 335–336
- Harrison-Ruzzo-Ullman (HRU) model, 336
- information flow model, 325
- noninterference model, 326
- review question answers, 1060–1062
- review questions, 348–352
- state machine model, 325
- Sutherland model, 335
- systems requirements, 337–341
- take-grant model, 326–327
- trusted computing base (TCB) design principle, 323–325
- written lab, 347
- written lab answers, 1104–1105
- security operations
- about, 765, 793–794
- applying resource protection, 776–779
- exam essentials, 794–796
- foundational concepts, 765–771
- job rotation, 768, 769
- managed services in the cloud, 779–782
- managing change, 785–788
- managing patches, 789–793
- mandatory vacations, 768
- need-to-know principle, 765–766
- performing configuration management (CM), 782–785
- personnel safety and security, 771–773
- principle of least privilege, 766–767
- privileged account management (PAM), 769–770
- provisioning resources securely, 773–776
- reducing vulnerabilities, 789–793
- review question answers, 1084–1086
- review questions, 797–800
- separation of duties (SoD) and responsibilities, 767
- service level agreements (SLAs), 771
- two-person control, 768
- written lab, 796
- written lab answers, 1112
- security orchestration, automation, and response (SOAR), 845–846, 850–851
- security perimeter, 324
- security policy, 17, 24, 681
- security procedures, 25
- security product management, for mobile devices, 422
- security professional role, 21
- security questions, 643
- security requirements
- about, 337
- Authorization to Operate (ATO), 340–341
- Common Criteria (CC), 337–340
- security stance/approach, in decomposition process, 29
- security standards, 24–25
- security tests, 725–726
- security through obscurity, 5, 12
- security training and awareness, 97–99, 773
- Security-Enhanced Android (SEAndroid), 408
- segment, 500
- Select phase, in Risk Management Framework (RMF), 79–81
- self-signed certificates, 280
- Sender Policy Framework (SPF), 600
- Sendmail, 1002–1003
- senior management, 18, 118
- senior manager role, 21
- sensitive compartmented information facility (SCIF), 465
- sensitive data
- about, 184
- code repositories and, 971
- encryption of, 194
- identifying, 180–181
- marking, 190–192
- storing, 193–194
- sensitivity, confidentiality and, 5
- sensor, 548
- separation of duties (SoD) and responsibilities, 681, 767
- sequential access storage devices, 366
- Serial Line Internet Protocol (SLIP), 583
- server rooms, 455–458
- server sprawl, 404
- server vaults, 455–458
- server-based systems
- about, 375–376
- grid computing, 377–378
- large-scale parallel data systems, 376–377
- peer to peer (P2P) technologies, 378
- serverless architecture, 406
- servers, protecting, 877–878
- server-side request forgery (SSRF), 1024
- service authentication, 658
- service delivery objective (SDO), 453
- service delivery platform (SDP), 395
- service injection viruses, 998
- Service Organization Control (SOC), 125, 729–730
- service ports, 508
- service set identifier (SSID), 529
- service-level-agreements (SLAs), 20, 32, 52–53, 120–121, 453, 771, 971–972
- service-oriented architecture (SOA), 394
- services integration, 403
- service-specific remote access, 591
- session hijacking, 1024–1025
- Session layer (layer 5), 501
- session management, 663–664, 949
- shadow IT, 404
- Shamir, Adi, 265, 273
- shared key authentication (SKA), 531
- shared responsibility
- about, 354–355
- with cloud service models, 780–782
- shielded twisted-pair (STP), 560
- shimming, 481
- Short Message Service (SMS) phishing, 88
- shoulder surfing, 90, 464
- shrink-wrap license agreements, 158
- side-channel attack, 297
- sideloading, 418
- signage, 476
- Signal Protocol, 521
- signature-based detection, 821–823
- Silver Ticket, 710
- Simple Integrity Property, 330
- Simple Mail Transfer Protocol (SMTP), 506, 596
- Simple Network Management Protocol (SNMP), 507
- Simple Security Property, 329
- Simplex mode, 501
- simulation test, 900
- Simultaneous Authentication of Equals (SAE), 532
- single point of failure (SPOF), 875
- single sign-on (SSO), 659–662
- single-factor authentication, 646, 655
- single-loss expectancy (SLE), quantitative risk analysis and, 64–65
- site and facility design
- about, 448, 450–452
- secure facility plan, 448–449
- site selection, 449–450
- site and facility security controls
- about, 452–453
- access abuses, 462
- cameras, 460–461
- equipment failure, 453–454
- evidence storage, 463–464
- fire prevention, detection, and suppression, 470–476
- intrusion detection systems (IDSs), 458–460
- media storage facilities, 462–463
- restricted and work area security, 464–465
- server rooms/data centers, 455–458
- utility considerations, 465–470
- wiring closets, 454–455
- site surveys, 530–531
- site-to-site VPN, 605
- Six Cartridge Weekly Backup strategy, 896
- Skipjack algorithm, 249
- smart devices, 383
- smartcards, 296, 456–457, 650
- smartphones, 286
- smishing, 88
- Smoke Stage, of fire, 471–472
- smoke-actuated systems, 474
- smurf attacks, 816–817
- sniffer. See protocol analyzer
- sniffer attack, 711–712
- snooping attack, 711
- social engineering
- about, 81–83
- baiting, 92
- dumpster diving, 92–93
- eliciting information, 85
- hoax, 90–91
- hybrid warfare, 95
- identity fraud, 93–94
- impersonation and masquerading, 91
- influence campaigns, 94–96
- invoice scams, 90
- phishing, 85–86
- prepending, 85
- principles of, 83–84
- shoulder surfing, 90
- smishing, 88
- social media, 96
- spam, 89
- spear phishing, 87
- tailgating and piggybacking, 91–92
- typo squatting, 94
- vishing, 88–89
- whaling, 87–88
- social media, 96
- socket, 508
- software
- analysis of, 918
- antimalware, 1007–1008
- asset inventories for, 775
- code review, 746–747
- diversity of, 1030
- dynamic application security testing (DAST), 748
- failures of, 872
- focused on, 27
- fuzz testing, 749–751
- interface testing, 751
- misuse case testing, 751–752
- protecting, 155–156
- static application security testing (SAST), 747–748
- test coverage analysis, 752
- testing, 746–753, 969–970
- website monitoring, 752–753
- software as a service (SaaS), 782
- Software Assurance Maturity Model (SAMM), 961–962
- software configuration management (SCM), 965–966
- software development
- assurance, 948
- development toolsets, 945–946
- libraries, 945
- mitigating system failure, 948–951
- object-oriented programming, 946–948
- programming languages, 943–945
- software development lifecycle (SDLC)
- about, 319, 955–956
- Agile Software Development, 958–959
- Application Programming Interfaces (APIs), 967–968
- Capability Maturity Model (CMM), 960–961
- change management, 964–966
- code repositories, 970–971
- configuration management, 964–966
- DevOps approach, 966–967
- Gantt charts, 964
- IDEAL model, 962–963
- Program Evaluation Review Technique (PERT), 964
- service-level agreements (SLAs), 971–972
- Software Assurance Maturity Model (SAMM), 961–962
- software testing, 969–970
- spiral model, 957–958
- third-party software acquisition, 972
- waterfall model, 956–957
- software development security
- about, 943, 987
- data warehousing, 973–983
- databases, 973–983
- exam essentials, 987–988
- knowledge-based systems, 984–986
- review question answers, 1093–1095
- review questions, 989–992
- storage threats, 983–984
- systems development controls, 943–972
- written lab, 988
- written lab answers, 1114–1115
- software escrow agreements, 896–897
- software libraries, 945
- software-as-a-service (SaaS), 124
- software-defined data center (SDDC), 402
- software-defined everything (SDx), 400–402
- software-defined networking (SDN), 525–526
- software-defined security, 967
- software-defined storage (SDS), 526
- software-defined visibility (SDV), 402
- software-defined wide-area networks (SDWAN/SD-WAN), 526
- something you are factor of authentication, 645, 651–655
- something you have factor of authentication, 645, 650–651
- something you know factor of authentication, 645, 647–650
- somewhere you are authentication factor, 646
- somewhere you aren't authentication factor, 646
- source code comments, 1031–1032
- Source Network Address Translation (SNAT), 615
- Spafford, George
- The Phoenix Project: A Novel About IT, DevOps, and Helping Your Business Win, 967
- spam, 89
- Spam over instant messaging (SPIM), 88
- Spam over Internet Telephony (SpIT), 88–89
- spear phishing, 87
- specialized devices, 393–394
- Spectre memory error, 341–342
- speech recognition, 653
- spiral model, 957–958
- split knowledge, 230, 253, 768
- split tunnel VPN, 607
- split-brain DNS, 514
- split-DNS system, 514
- split-horizon DNS, 514
- spoofed email, 89
- spoofing, 91, 93–94, 700
- in STRIDE threat model, 27
- spraying attack, 706
- spread spectrum, 536
- sprints, 959
- spyware, 1004
- SQL injection attacks, 741, 1012–1016
- SSDs, 195, 367
- standalone mode, 528
- standard operating procedure (SOP), 25
- standards, 24–25, 210
- * (star) Integrity Property, 330
- STAR program, 336
- * (star) Security Property, 329
- star topology, 564–565
- STARTTLS, 600
- state attacks, 1011
- state machine model, 325
- state privacy laws, 168–169
- state transition, 325
- stateful inspection firewalls, 553, 833
- stateful NAT, 617
- stateless firewall, 552
- statement coverage, 752
- statement of importance, 133
- statement of organizational responsibility, 133–134
- statement of priorities, 133
- statement of urgency and timing, 134
- Statement on Standards for Attestation Engagements, 729
- static application security testing (SAST), 747–748
- static considerations, 467–470
- static environments, 387–393
- static NAT. See NAT traversal (NAT-T)
- static packet-filtering firewall, 552
- static RAM, 363–364
- static systems, 387–393
- statistical attack, 297
- statistical intrusion detection, 821–823
- stealth viruses, 998–999
- steganography, 292–293, 844
- stopped state, 360
- Storage Area Network (SAN), 523
- storage limitation, as a provision of the GDPR, 166
- storage media security, 367
- storage segmentation, 415–416
- storage threats, 983–984
- store-and-forward device, 548
- stored procedures, 1028
- stored/persistent XSS, 1022–1023
- storing
- sensitive data, 193–194
- symmetric keys, 253–254
- storms, 867–868
- strategic plan, 18
- strategy development, for BCP, 129
- stream ciphers, 237
- STRIDE threat model, 27
- strikes, 873
- stripe of mirrors, 876
- striping, 876
- striping with parity, 876
- Structured Threat Information eXpression (STIX), 355
- structured walk-through test, 900
- Stuxnet, 379, 1003–1004
- su command, 701–702
- subdomain, 510
- subjects
- about, 208
- compared with objects, 642–643
- defined, 678
- in secure design, 311–312
- subpoena, 919–920
- Subscriber Identity Module (EAP-SIM), 583
- subscriber identity module (SIM) cloning, for mobile devices, 426
- substitution cipher2, 232–234
- sub-technologies, 566–569
- sudo command, 701–702
- supervised learning, 985–986
- supervisor state, 359–361
- supervisory control and data acquisition (SCADA), 378–380
- supervisory state, 360
- supplies, in disaster recovery planning (DRP), 897
- supply chain, 31
- supply chain risk management (SCRM), 31–32
- support ownership, for mobile devices, 422
- surge protectors, 465
- Sutherland model, 335
- swapfile, 365–366
- switch eavesdropping, 611–612
- Switched Port Analyzer (SPAN) port, 611
- switched virtual circuits (SVCs), 621–622
- switches, 548, 826
- switching, 610–614
- switching technologies, 620–622
- symmetric cryptography, 244–254
- symmetric cryptosystems, 221
- symmetric key algorithms. See cryptography and symmetric key algorithms
- symmetric key management, 252–254
- symmetric multiprocessing (SMP), 376
- SYN flood attack, 814–816
- synchronous communications, 566
- Synchronous Digital Hierarchy (SDH), 624
- synchronous dynamic password tokens, 651
- Synchronous Optical Network (SONET), 624
- Synchronous Transport Modules (STM), 624
- Synchronous Transport Signals (STS), 624
- synthetic monitoring, 752
- synthetic transactions, 748
- Syslog Protocol, 842
- system call, 359
- system failures, 314–316, 948–951
- system logs, 836
- system on a chip (SoC), 549
- system security policy, 427–428
- systems
- managing, 789
- resilience of, 875–880
- testing, 954–955
- systems development lifecycle
- about, 953
- Application Programming Interface (API), 967–968
- change management, 964–966
- code repositories, 970–971
- code review walk-through, 955
- coding, 955
- conceptual definition, 953–954
- configuration management, 964–966
- control specifications development, 954–955
- design review, 955
- DevOps approach, 966–967
- functional requirements determination, 954
- Gantt charts, 964
- maintenance and change management, 956
- models of, 956–963
- Program Evaluation Review Technique (PERT), 964
- service-level agreements (SLAs), 971–972
- software testing, 969–970
- testing, 955–956
- third-party software acquisition, 972
- T
- tactical plan, 18–19
- tailgating, 91–92
- tailoring, scoping compared with, 209–210
- take-grant model, 326–327
- Tampering, in STRIDE threat model, 27
- tape media, 777–778
- tape rotation, 896
- target of evaluation (TOE), 338
- task-based access control (TBAC), 685
- TCP ACK Scanning, 733
- TCP Connect Scanning, 733
- TCP reset attack, 816
- TCP SYN Scanning, 733
- TCP Wrapper, 553
- TCP/IP model, 504–505
- teardrop attack, 817
- technical controls, 73
- technical physical security controls, 452
- technology convergence, 449
- technology crime investigators, 145
- telecommunications room, 454
- telecommuting techniques, 591
- Telnet, 506, 608
- temperature considerations, 467–470
- TEMPEST countermeasures, 368–369
- Temporal Key Integrity Protocol (TKIP), 531, 532
- temporary address, 509
- temporary authorization to operate (TATO), 16
- temporary internet files, 375
- Ten Commandments of Computer Ethics, 932
- Terminal Access Controller Access Control System Plus (TACACS+), 698–699
- termination, of employees, 49–52
- terrorism, acts of, 870, 926
- test coverage analysis, 752
- test patches, 790
- TestBank, xliv
- testimonial evidence, 915
- testing
- in BCP documentation, 136
- for disaster recovery planning (DRP), 899–902
- software, 746–753, 954–955, 969–970
- tethering, for mobile devices, 425
- text messaging, 419–420
- theft, 873–874
- thin access point, 529
- thin client, 401–402
- third-party application stores, 415
- third-party audits
- about, 729–730
- for evaluation of third parties, 20
- third-party connectivity, 618–619
- third-party governance, 15
- third-party security services, 833–834
- third-party software acquisition, 972
- Threat Agent Risk Assessment (TARA), 81
- threat agents/actors, 56
- threat events, 56
- threat feeds, 849–851
- threat hunting, 26, 850
- threat intelligence, 847–850
- threat modeling
- about, 26
- determining potential attacks, 28
- identifying threats, 26–28
- performing reduction analysis, 28–30
- prioritization and response, 30–31
- threat vector, 56, 57
- threats
- about, 354, 432–433
- architecture flaws and issues, 428–432
- assessing, 355–372, 731–746
- client-based systems, 372–375
- containerization, 405–406
- cyber-physical systems, 386–393
- defined, 56, 700
- distributed systems, 380–382
- edge computing, 385–386
- embedded devices, 386–393
- essential security protection mechanisms, 426–428
- exam essentials, 433–439
- fog computing, 385–386
- high-performance computing (HPC) systems, 382–383
- identifying, 26–28, 60
- industrial control systems, 378–380
- infrastructure as code (IaC), 395–396
- Internet of Things (IoT), 383–385
- managing, 791
- microservices, 394–395
- mitigating, 355–372
- mobile devices, 406–426
- review question answers, 1062–1067
- review questions, 441–445
- server-based systems, 375–378
- serverless architecture, 406
- shared responsibility, 354–355
- specialized devices, 393–394
- virtualized systems, 397–405
- written lab, 440
- written lab answers, 1105–1106
- three dumb routers, 384
- three-way handshake, 508
- thrill attacks, 928
- throughput rate, 655
- THSuite, 192
- ticket, 696
- ticket-granting ticket (TGT), 696
- time of check (TOC), 1010–1011
- time of check to time of use (TOCTTOU), 1010–1011
- time of use (TOU), 1010–1011
- time slice, 360
- time to live (TTL), 517
- Time-based One-Time Password (TOTP), 656
- timeliness, availability and, 7
- timing attack, 297
- TLS offloading, 596
- token passing, 568
- tokenization, 201–202, 1028
- tokens, 322, 650–651
- top secret label, 182
- top-down approach, 17
- top-level domain (TLD), 510
- topology, 559, 563–566
- Tor, 291–292
- total risk, 68
- Tower of Hanoi strategy, 896
- trade secrets, 156–157
- trademarks, 154–155
- traffic analysis, 843
- traffic monitor. See protocol analyzer
- training
- about, 97–99
- for BCP implementation, 132
- for disaster recovery planning (DRP), 898–899
- for security management process, 755
- transactions, database, 977–978
- transborder data flow, 158
- transfers, of employees, 49–52
- transformation procedures (TPs), 333
- transient noise, 467
- transitive trust, 311
- Transmission Control Protocol (TCP), 508
- Transmission Control Protocol/Internet Protocol (TCP/IP), 582
- transmission error correction, 625
- transmission logging, 625
- transmission media technology, 559
- transmission protection, 592
- transparency, 166, 625
- transparent proxy, 555
- transponder proximity device, 458
- Transport layer (layer 4), 502, 508–509
- Transport Layer Security (TLS) protocol, 240, 269, 285, 290–291, 521
- transport mode, 604–606
- transposition ciphers, 231–232
- trap messages, 507
- travel, for personnel, 772–773
- traverse mode noise, 467
- trend analysis, 843
- TrickBot, 372
- Triple DES (3DES), 247–248
- Trivial File Transfer Protocol (TFTP), 506, 519
- Trojan horses, 1000–1001
- true negative, 822–823
- trust, as a social engineering principle, 84
- trust boundaries, in decomposition process, 29
- trust but verify approach, 319–320
- Trusted Automated eXchange of Intelligence Information (TAXII), 355
- Trusted Computer System Evaluation Criteria (TCSEC), 337
- trusted computing base (TCB) design principle, 323–325
- trusted paths, 324
- Trusted Platform Module (TPM), 286, 342
- trusted recovery, 879
- trusted shell, 324
- trusted system, in CIA Triad, 321–322
- trusts, 660
- truthfulness, integrity and, 6
- tunnel mode, 295, 604–606
- tunneling, 603–604
- tuples, 974
- Turing, Alan, 299
- turnstiles, 477–479
- twisted-pair cables, 560–561
- two-factor authentication (2FA), 655
- two-factor authentication with Authenticator apps, 655–656
- Twofish algorithm, 251
- two-person control, 768
- Type 1 authentication factor, 645
- Type 1 error, 653
- Type 2 authentication factor, 645
- Type 3 authentication factor, 645
- type I hypervisor, 397
- Type II error, 653
- type II hypervisor, 397
- Type of Service (ToS), 516
- typosquatting, 94, 515
- U
- UBlock Origin, 374
- UDP Scanning, 733
- ultraviolet EPROMs (UVEPROMs), 362
- unclassified label, 182
- unicast technology, 567
- unified endpoint management (UEM), 409
- Unified Extensible Firmware Interface (UEFI), 371
- unified threat management (UTM), 554, 833
- uninterruptible power supply (UPS), 465–466, 878
- United States Munitions List (USML), 159
- United States Patent and Trademark Office (USPTO), 154–155
- unshielded twisted-pair (UP), 560
- unsolicited ARP, 520
- unsupervised learning, 986
- update management, for mobile devices, 422
- urgency, as a social engineering principle, 84
- urgency and timing, statement of, 134
- URL filtering, 555–556
- URL hijacking, 94, 515
- U.S. Copyright Office (website), 153
- U.S. Cybersecurity and Infrastructure Security Agency (CISA), 120
- U.S. Geological Survey (USGS), 126
- U.S. Government Accountability Office (GAO), 728
- U.S. National Security Agency (NSA), 195
- U.S. Privacy Law, 160–164
- USA PATRIOT Act (2001), 163–164
- usability, availability and, 7
- USB flash drives, 777
- USB On-The-Go (OTG), 416
- US-CERT, 310
- use cases, 969
- user acceptance, for mobile devices, 424
- user acceptance testing (UAT), 955
- user and entity behavior analytics (UEBA), 49, 1009
- user behavior analytics (UBA), 49
- User Datagram Protocol (UDP), 508
- User Interface (UI), 751
- user mode, 359, 361
- user role, 22
- users, 208
- utility considerations
- in disaster recovery planning (DRP), 897
- humidity, 467–470
- noise, 467
- power, 465–467
- static, 467–470
- temperature, 467–470
- water, 470
- utility failures, 871–872
- utility patents, 155
- V
- validation, in vulnerability scanning, 742
- validity, integrity and, 6
- Van Buren v. United States, 149
- Van Eck radiation, 368
- vandalism, 873–874
- variable length subnet masking (VLSM), 518
- Velez, Tony Uceda (author)
- Risk Centric Threat Modeling: Process for Attack Simulation and Threat Analysis, 27–28
- vendor agreements, 52–53
- vendor management system (VMS), 53
- VENONA project, 236
- verification, 280–281, 961
- Vernam, Gilbert Sandford, 235
- Vernam ciphers, 235
- version control, 1030
- versioning, in change management, 788
- views, of databases, 979
- Vigenère cipher, 233–234, 235
- virtual application, 399–400
- virtual circuits, 621–622
- virtual data center (VDC), 402
- virtual desktop, 401
- virtual desktop infrastructure (VDI), 401
- virtual firewall, 550
- virtual IP addresses, 596
- virtual local area networks (VLANs), 610–614
- virtual machine monitor/manager (VMM), 397
- virtual memory, 365–366
- virtual network segmentation, 400
- virtual private network (VPN)
- about, 602–603
- always-on VPN, 606–607
- common protocols, 607–609
- full tunnel, 607
- how they work, 604–606
- personnel and, 773
- split tunnel, 607
- tunneling, 603–604
- virtual SAN (VSAN), 526
- virtual software, 399–400
- virtual tape libraries (VTLs), 895
- Virtual xEtensible LAN (VXLAN), 527
- virtualization, 397
- virtualization security management, 403–405
- virtualization technology, 342
- Virtualized Environment Neglected Operations Manipulation (VENOM), 404
- virtualized networking, 400
- virtualized systems
- about, 397–399
- software-defined everything (SDx), 400–402
- virtual software, 399–400
- virtualization security management, 403–405
- virtualized networking, 400
- virus decryption routine, 999
- viruses, 995–999
- vishing, 88–89, 588–589
- Visual, Agile, and Simple Threat (VAST), 27–28
- vital records program, in BCP documentation, 135
- VLAN hopping, 612
- VM escaping, 404
- voice communications
- about, 586
- phreaking, 588–589
- private branch exchange (PBX), 589–590
- vishing, 588–589
- Voice over Internet Protocol (VoIP), 524–525, 586–588
- Voice over Internet Protocol (VoIP), 524–525, 586–588
- voice pattern recognition, 653
- voice-based phishing, 88–89
- volatility, of storage devices, 366
- voluntarily surrender, 919
- VPN appliance, 603
- VPN concentrator, 603
- VPN device, 603
- VPN firewall, 603
- VPN gateway, 603
- VPN proxy, 603
- VPN remote access server (RAS), 603
- VPN server, 603
- vulnerabilities. See also Common Vulnerabilities and Exposures (CVE)
- about, 354, 432–433, 731–732
- architecture flaws and issues, 428–432
- assessing, 355–372, 731–746
- client-based systems, 372–375
- containerization, 405–406
- cyber-physical systems, 386–393
- defined, 56, 700
- distributed systems, 380–382
- edge computing, 385–386
- embedded devices, 386–393
- essential security protection mechanisms, 426–428
- exam essentials, 433–439
- fog computing, 385–386
- high-performance computing (HPC) systems, 382–383
- identifying, 60
- industrial control systems, 378–380
- infrastructure as code (IaC), 395–396
- Internet of Things (IoT), 383–385
- managing, 791
- microservices, 394–395
- mitigating, 355–372
- mobile devices, 406–426
- review question answers, 1062–1067
- review questions, 441–445
- server-based systems, 375–378
- serverless architecture, 406
- shared responsibility, 354–355
- specialized devices, 393–394
- virtualized systems, 397–405
- written lab, 440
- written lab answers, 1105–1106
- vulnerability scanning
- about, 792
- database vulnerability scanning, 741–742
- management workflow, 742
- web vulnerability scanning, 739–741
- vulnerability scans, 732–742
- W
- waiting state, 360
- war driving, 539
- warm sites, 885–886
- warning banners, 829
- water issues, 470
- water suppression systems, 474–475
- waterfall model, 956–957
- watermarking, 292–293, 845
- wave pattern motion detector, 459
- wearable technology, 384
- wearables, 384
- web application firewalls (WAFs), 374, 552–553, 833, 1027–1028
- web applications, 290–292, 1020–1025
- Web Authentication (WebAuth), 657
- web filtering, 555–556
- web security gateway, 556
- web vulnerability scanning, 739–741
- website monitoring, 752–753
- well-known ports, 508
- wet pipe system, 474
- whaling, 87–88
- white noise, 368
- White-Box Penetration Test, 744, 969
- whitelisting, 414, 831–832
- wide area network (WAN), 559, 606, 622–623
- Wi-Fi, free, 772–773
- Wi-Fi Direct, 425, 528
- Wi-Fi positioning system (WFPS), 413
- Wi-Fi Protected Access (WPA), 531–532
- Wi-Fi Protected Access 2 (WPA2), 532
- Wi-Fi Protected Access 3 (WPA3), 532–533
- Wi-Fi Protected Setup (WPS), 533–534
- wildcard certificates, 278
- window of vulnerability, 1006
- Windows Group Policy Objects (GPOs), 753
- Wired Equivalent Privacy (WEP), 531
- wired extension mode, 528
- wireless access point (WAP), 528
- wireless attacks, 539–542
- wireless channels, 529–530
- wireless communications, 536–539
- wireless controller, 529
- wireless networks
- about, 527–529
- antenna management, 534–535
- captive portals, 535
- general security procedure, 535–536
- MAC filter, 534
- service set identifier (SSID), 529
- site surveys, 530–531
- Wi-Fi Protected Setup (WPS), 533–534
- wireless attacks, 539–542
- wireless channels, 529–530
- wireless communications, 536–539
- wireless security, 531–533
- wireless positioning system (WiPS), 413
- wireless scanners, 539
- wireless security, 531–533
- wiring closets, 454–455
- WordPress, 685
- work area security, 464–465
- work function, 230
- workgroup recovery, 883
- workplace, privacy in the, 164–165
- World Intellectual Property Organization (WIPO) treaties, 153–154
- worms, 1001–1004
- “Worse Is Better” (New Jersey Style), 317
- wrapper, 392
- written lab answers
- access control, 1111
- asset security, 1102–1103
- business continuity planning (BCP), 1101
- cryptography and symmetric key algorithms, 1103–1104
- disaster recovery planning (DRP), 1113–1114
- identity and authentication, 1110–1111
- incident prevention and response, 1113
- investigations and ethics, 1114
- laws, regulations, and compliance, 1102
- malicious code and application attacks, 1115
- personnel security and risk management, 1100–1101
- physical security requirements, 1106–1107
- PKI and cryptographic applications, 1104
- secure communications and network attacks, 1109–1110
- secure network architecture and components, 1108
- security assessment and testing, 1111–1112
- security governance, 1100
- security models, design, and capabilities, 1104–1105
- security operations, 1112
- software development security, 1114–1115
- vulnerabilities, threats, and countermeasures, 1105–1106
- written labs
- access control, 717
- asset security, 213
- business continuity planning (BCP), 138
- communications and network attacks, 630
- cryptography and symmetric key algorithm, 257
- disaster recovery planning (DRP), 903
- ethics, 935
- identity and authentication, 671
- incident response, 855
- investigations, 935
- laws, regulations, and compliance, 173
- malicious code and application attacks, 1036
- network architecture, 574
- personnel security and risk management, 106
- physical security, 488
- PKI and cryptographic applications, 303
- security and assessment testing program, 758
- security governance, 36
- security models, 347
- security operations, 796
- software development security, 988
- vulnerabilities, threats, and countermeasures, 440
- X
- X Window, 507
- X.509 standard, 278
- Xmas Scanning, 733
- Y
- “You Aren't Gonna Need It” (YAGNI), 317
- Z
- zero trust, 317–319
- zero-day attacks, 818, 1006
- zero-knowledge proof, 229
- Zigbee, 543
- Zimmerman, Phil, 249, 287
- zombies, 812–813
- zzuf tool, 749
..................Content has been hidden....................
You can't read the all page of ebook, please click
here login for view all page.