Home Page Icon
Home Page
Table of Contents for
Cover
Close
Cover
by
Principles of Computer Security: CompTIA Security+ and Beyond, Sixth Edition (Exam SY0-601), 6th Edition
Cover
About the Authors
Title Page
Copyright Page
Acknowledgments
About this Book
Contents at a Glance
Contents
Foreword
Preface
Introduction
Instructor Website
Chapter 1 Introduction and Security Trends
The Computer Security Problem
Definition of Computer Security
Historical Security Incidents
The Current Threat Environment
Infrastructure Attacks
Ransomware
Threats to Security
Viruses and Worms
Intruders
Insiders
Criminal Organizations
Nation-States, Terrorists, and Information Warfare
Brand-Name Attacks
Attributes of Actors
Internal/External
Level of Sophistication
Resources/Funding
Intent/Motivation
Security Trends
Targets and Attacks
Specific Target
Opportunistic Target
Minimizing Possible Avenues of Attack
Approaches to Computer Security
Cybersecurity Kill Chain
Threat Intelligence
Open Source Intelligence
Ethics
Additional References
Chapter 1 Review
Chapter 2 General Security Concepts
Basic Security Terminology
Security Basics
Security Tenets
Security Approaches
Security Principles
Formal Security Models
Confidentiality Models
Integrity Models
Additional References
Chapter 2 Review
Chapter 3 Operational and Organizational Security
Policies, Procedures, Standards, and Guidelines
Organizational Policies
Change Management Policy
Change Control
Asset Management
Security Policies
Data Policies
Credential Policies
Password and Account Policies
Human Resources Policies
Code of Ethics
Job Rotation
Separation of Duties
Employee Hiring (Onboarding) and Promotions
Retirement, Separation, or Termination (Offboarding)
Exit Interviews
Onboarding/Offboarding Business Partners
Adverse Actions
Mandatory Vacations
Acceptable Use Policy
Internet Usage Policy
E-mail Usage Policy
Social Media Analysis
Clean Desk Policy
Bring-Your-Own-Device (BYOD) Policy
Privacy Policy
Due Care and Due Diligence
Due Process
Incident Response Policies and Procedures
Security Awareness and Training
Diversity of Training Techniques
Security Policy Training and Procedures
User Training
Role-Based Training
Continuing Education
Compliance with Laws, Best Practices, and Standards
User Habits
Training Metrics and Compliance
Standard Operating Procedures
Third-Party Risk Management
Vendors
Supply Chain
Business Partners
Interoperability Agreements
Service Level Agreement (SLA)
Memorandum of Understanding (MOU)
Measurement Systems Analysis (MSA)
Business Partnership Agreement (BPA)
Interconnection Security Agreement (ISA)
NDA
End of Service Life (EOSL)
End of Life (EOL)
Chapter 3 Review
Chapter 4 The Role of People in Security
People—A Security Problem
Social Engineering
Tools
Principles (Reasons for Effectiveness)
Defenses
Attacks
Impersonation
Phishing
Smishing
Vishing
Spam
Spam over Internet Messaging (SPIM)
Spear Phishing
Whaling
Pharming
Dumpster Diving
Shoulder Surfing
Tailgating/Piggybacking
Eliciting Information
Prepending
Identity Fraud
Invoice Scams
Credential Harvesting
Reverse Social Engineering
Reconnaissance
Hoax
Watering Hole Attack
Typo Squatting
Influence Campaigns
Poor Security Practices
Password Selection
Shoulder Surfing
Piggybacking
Dumpster Diving
Installing Unauthorized Hardware and Software
Data Handling
Physical Access by Non-Employees
Clean Desk Policies
People as a Security Tool
Security Awareness
Security Policy Training and Procedures
Chapter 4 Review
Chapter 5 Cryptography
Cryptography in Practice
Fundamental Methods
Comparative Strengths and Performance of Algorithms
Key Length
Cryptographic Objectives
Diffusion
Confusion
Obfuscation
Perfect Forward Secrecy
Security Through Obscurity
Historical Perspectives
Algorithms
Substitution Ciphers
One-Time Pads
Key Management
Random Numbers
Salting
Hashing Functions
Message Digest
SHA
RIPEMD
Hashing Summary
Symmetric Encryption
DES
3DES
AES
CAST
RC
Blowfish
Twofish
IDEA
ChaCha20
Cipher Modes
Authenticated Encryption with Associated Data (AEAD)
Block vs. Stream
Symmetric Encryption Summary
Asymmetric Encryption
Diffie-Hellman
RSA Algorithm
ElGamal
ECC
Asymmetric Encryption Summary
Symmetric vs. Asymmetric
Quantum Cryptography
Post-Quantum
Lightweight Cryptography
Homomorphic Encryption
For More Information
Chapter 5 Review
Chapter 6 Applied Cryptography
Cryptography Use
Confidentiality
Integrity
Authentication
Nonrepudiation
Digital Signatures
Digital Rights Management
Cryptographic Applications
Use of Proven Technologies
Cipher Suites
Secret Algorithms
Key Exchange
Key Escrow
Session Keys
Ephemeral Keys
Key Stretching
Transport Encryption
TLS v1.3
Data in Transit/Motion
Data at Rest
Data in Use/Processing
Implementation vs. Algorithm Selection
Common Use Cases
HMAC
S/MIME
IETF S/MIME History
IETF S/MIME v3 Specifications
PGP
How PGP Works
Steganography
Secure Protocols
DNSSEC
SSH
S/MIME
SRTP
LDAPS
FTPS
SFTP
SNMPv3
TLS
HTTPS
Secure POP/IMAP
IPSec
Secure Protocol Use Cases
Voice and Video
Time Synchronization
E-mail and Web
File Transfer
Directory Services
Remote Access
Domain Name Resolution
Routing and Switching
Network Address Allocation
Subscription Services
Cryptographic Attacks
Birthday
Known Plaintext/Ciphertext
Chosen Cipher Text Attack
Weak Implementations
Meet-in-the-Middle Attacks
Replay
Downgrade
Collision
Password Attacks
Other Standards
FIPS
Common Criteria
ISO/IEC 27002 (Formerly ISO 17799)
Chapter 6 Review
Chapter 7 Public Key Infrastructure
The Basics of Public Key Infrastructures
Certificate Authorities
Registration Authorities
Local Registration Authorities
Public Certificate Authorities
In-house Certificate Authorities
Choosing Between a Public CA and an In-house CA
Outsourced Certificate Authorities
Online vs. Offline CA
Stapling
Pinning
Trust Models
Certificate Chaining
Hierarchical Trust Model
Peer-to-Peer Model
Hybrid Trust Model
Walking the Certificate Path
Digital Certificates
Certificate Classes
Certificate Extensions
Certificate Attributes
Certificate Formats
Certificate Lifecycles
Registration and Generation
CSR
Renewal
Suspension
Certificate Revocation
Key Destruction
Certificate Repositories
Sharing Key Stores
Trust and Certificate Verification
Centralized and Decentralized Infrastructures
Hardware Security Modules
Private Key Protection
Key Recovery
Key Escrow
Certificate-Based Threats
Stolen Certificates
PKIX and PKCS
PKIX Standards
PKCS
Why You Need to Know the PKIX and PKCS Standards
ISAKMP
CMP
XKMS
CEP
Chapter 7 Review
Chapter 8 Physical Security
The Security Problem
Physical Security Safeguards
Walls and Guards
Lights and Signage
Physical Access Controls and Monitoring
Electronic Access Control Systems
Policies and Procedures
Environmental Controls
Hot and Cold Aisles
Fire Suppression
Water-Based Fire Suppression Systems
Halon-Based Fire Suppression Systems
Clean-Agent Fire Suppression Systems
Handheld Fire Extinguishers
Fire Detection Devices
Electromagnetic Environment
Power Protection
UPS
Backup Power and Cable Shielding
Generator
Dual Supply
Managed Power Distribution Units (PDUs)
Drones/UAVs
Chapter 8 Review
Chapter 9 Network Fundamentals
Network Architectures
Network Topology
Wireless
Ad Hoc
Segregation/Segmentation/Isolation
Physical Separation
Enclaves
Logical (VLAN)
Virtualization
Airgaps
Zones and Conduits
Zero Trust
Security Zones
DMZ
Internet
East-West Traffic
Intranet
Extranet
Wireless
Guest
Honeynets
Flat Networks
Network Protocols
Protocols
Packets
Internet Protocol
IP Packets
TCP vs. UDP
ICMP
IPv4 vs. IPv6
Expanded Address Space
Neighbor Discovery
Benefits of IPv6
Packet Delivery
Ethernet
Local Packet Delivery
ARP Attacks
Remote Packet Delivery
IP Addresses and Subnetting
Network Address Translation
Inter-Networking
MPLS
Software-Defined Networking (SDN)
Software-Defined Visibility (SDV)
Quality of Service (QoS)
Traffic Engineering
Route Security
For More Information
Chapter 9 Review
Chapter 10 Infrastructure Security
Devices
Workstations
Servers
Mobile Devices
Device Security, Common Concerns
Network-Attached Storage
Removable Storage
Virtualization
Hypervisor
Application Cells/Containers
VM Sprawl Avoidance
VM Escape Protection
Snapshots
Patch Compatibility
Host Availability/Elasticity
Security Control Testing
Sandboxing
Networking
Network Interface Cards
Hubs
Bridges
Switches
Port Security
Routers
Security Devices
Firewalls
VPN Concentrator
Wireless Devices
Modems
Telephony
Intrusion Detection Systems
Network Access Control
Network Monitoring/Diagnostic
Load Balancers
Proxies
Web Security Gateways
Internet Content Filters
Data Loss Prevention
Unified Threat Management
Security Device/Technology Placement
Sensors
Collectors
TAPs and Port Mirror
Correlation Engines
Filters
SSL Accelerators
DDoS Mitigator
Aggregation Switches
Tunneling/VPN
Site-to-Site
Remote Access
Storage Area Networks
iSCSI
Fibre Channel
FCoE
Media
Coaxial Cable
UTP/STP
Fiber
Unguided Media
Removable Media
Magnetic Media
Optical Media
Electronic Media
Security Concerns for Transmission Media
Physical Security Concerns
Chapter 10 Review
Chapter 11 Authentication and Remote Access
User, Group, and Role Management
User
Shared and Generic Accounts/Credentials
Guest Accounts
Service Accounts
Privileged Accounts
Group
Role
Account Policies
Account Policy Enforcement
Domain Passwords
Single Sign-On
Credential Management
Group Policy
Standard Naming Convention
Account Maintenance
Usage Auditing and Review
Account Audits
Time-of-Day Restrictions
Impossible Travel Time/Risky Login
Account Expiration
Privileged Access Management
Authorization
Access Control
Security Controls and Permissions
Access Control Lists (ACLs)
Mandatory Access Control (MAC)
Discretionary Access Control (DAC)
Role-Based Access Control (RBAC)
Rule-Based Access Control
Attribute-Based Access Control (ABAC)
Conditional Access
Identity
Identity Provider (IdP)
Identity Attributes
Certificates
Identity Tokens
SSH Keys
Smart Cards
Authentication Methods
Authentication
Directory Services
Federation
Attestation
Transitive Trust
Technologies
Biometric Factors
Fingerprint Scanner
Retinal Scanner
Iris Scanner
Voice Recognition
Facial Recognition
Vein
Gait Analysis
Biometric Efficacy Rates
False Positives and False Negatives
False Acceptance Rate
False Rejection Rate
Crossover Error Rate
Biometrics Calculation Example
Multifactor Authentication
Factors
Attributes
Remote Access
IEEE 802.1X
LDAP
RADIUS
TACACS+
Authentication Protocols
FTP/FTPS/SFTP
VPNs
Vulnerabilities of Remote Access Methods
Preventing Data Loss or Theft
Database Security
Cloud vs. On-premises Requirements
Connection Summary
For More Information
Chapter 11 Review
Chapter 12 Wireless Security and Mobile Devices
Connection Methods and Receivers
Cellular
Wi-Fi
Bluetooth
NFC
Infrared
USB
Point-to-Point
Point-to-Multipoint
Global Positioning System (GPS)
RFID
SATCOM
Wireless Protocols
802.11: Individual Standards
WEP
Current Security Methods
Authentication Protocols
Wireless Systems Configuration
Access Point
SSID
Fat vs. Thin
Controller Based vs. Standalone
Signal Strength
Band Selection/Width
Antenna Types and Placement
Power-Level Controls
Wi-Fi Analyzers
Channel Overlays
Wireless Access Point (WAP) Placement
Site Surveys
Heat Maps
Controller and Access Point Security
MAC Filtering
Captive Portals
Securing Public Wi-Fi
Wireless Attacks
Attacking 802.11
Replay
IV
Evil Twin
Rogue AP
Jamming
Bluetooth Attacks
Bluejacking
Bluesnarfing
Bluebugging
RFID
Disassociation
Mobile Device Management Concepts
Application Management
Full Device Encryption (FDE)
Content Management
Remote Wipe
Geofencing
Geolocation
Geo-Tagging
Screen Locks
Push Notification Services
Passwords and PINs
Biometrics
Context-Aware Authentication
Containerization
Storage Segmentation
Asset Control
Device Access Control
Removable Storage
Disabling Unused Features
Mobile Application Security
Application Control
Key and Credential Management
Authentication
Application Whitelisting
Encryption
Transitive Trust/Authentication
Mobile Devices
MicroSD Hardware Security Module (HSM)
MDM/Unified Endpoint Management (UEM)
Mobile Application Management (MAM)
SEAndroid/SELinux
Policies for Enforcement and Monitoring
Third-party App Stores
Rooting/Jailbreaking
Sideloading
Custom Firmware
Carrier Unlocking
Firmware OTA Updates
Camera Use
SMS/MMS/RCS
External Media
USB On-The-Go (USB OTG)
Recording Microphone
GPS Tagging
Wi-Fi Direct/Ad Hoc
Tethering
Hotspot
Payment Methods
Deployment Models
CYOD
COPE
Corporate-Owned
BYOD
Virtual Desktop Infrastructure (VDI)
Chapter 12 Review
Chapter 13 Intrusion Detection Systems and Network Security
History of Intrusion Detection Systems
IDS Overview
IDS Models
Signatures
False Positives and False Negatives
Network-Based IDSs
Advantages of a NIDS
Disadvantages of a NIDS
Active vs. Passive NIDSs
NIDS Tools
Host-Based IDSs
Advantages of HIDSs
Disadvantages of HIDSs
Active vs. Passive HIDSs
Resurgence and Advancement of HIDSs
Intrusion Prevention Systems
Network Security Monitoring
Deception and Disruption Technologies
Honeypots and Honeynets
Honeyfiles/Honeyrecords
Fake Telemetry
DNS Sinkhole
Analytics
SIEM
SIEM Dashboards
Sensors
Sensitivity
Trends
Alerts
Correlation
Aggregation
Automated Alerting and Triggers
Time Synchronization
Event Deduplication
Logs/WORM
DLP
USB Blocking
Cloud-Based DLP
E-mail
Tools
Protocol Analyzer
Network Placement
In-Band vs. Out-of-Band NIDS/NIPS
Switched Port Analyzer
Port Scanner
Passive vs. Active Tools
Banner Grabbing
Indicators of Compromise
Advanced Malware Tools
For More Information
Chapter 13 Review
Chapter 14 System Hardening and Baselines
Overview of Baselines
Hardware/Firmware Security
FDE/SED
TPM
Hardware Root of Trust
HSM
UEFI BIOS
Measured Boot
Secure Boot and Attestation
Integrity Measurement
Firmware Version Control
EMI/EMP
Supply Chain
Operating System and Network Operating System Hardening
Protection Rings
OS Security
OS Types
Trusted Operating System
Patch Management
Disabling Unnecessary Ports and Services
Secure Configurations
Disable Default Accounts/Passwords
Application Whitelisting/Blacklisting
Sandboxing
Secure Baseline
Machine Hardening
Hardening Microsoft Operating Systems
Hardening UNIX- or Linux-Based Operating Systems
Endpoint Protection
Antivirus
Anti-Malware
Endpoint Detection and Response (EDR)
DLP
Next-Generation Firewall (NGFW)
Host-based Intrusion Detection System (HIDS)
Host-based Intrusion Prevention System (HIPS)
Host-based Firewall
Whitelisting vs. Blacklisting Applications
AppLocker
Hardware Security
Network Hardening
Software Updates
Device Configuration
Securing Management Interfaces
VLAN Management
Network Segmentation
IPv4 vs. IPv6
Application Hardening
Application Configuration Baseline
Application Patches
Patch Management
Host Software Baselining
Vulnerability Scanner
Data-Based Security Controls
Data Security
Data Encryption
Handling Big Data
Cloud Storage
Storage Area Network
Permissions/ACL
Environment
Development
Test
Staging
Production
Automation/Scripting
Automated Courses of Action
Continuous Monitoring
Configuration Validation
Templates
Master Image
Nonpersistence
Wrappers
Elasticity
Scalability
Distributive Allocation
Alternative Environments
Alternative Environment Methods
Peripherals
Phones and Mobile Devices
Embedded Systems
Camera Systems
Game Consoles
Mainframes
SCADA/ICS
HVAC
Smart Devices/IoT
Special-Purpose Systems
Industry-Standard Frameworks and Reference Architectures
Regulatory
Nonregulatory
National vs. International
Industry-Specific Frameworks
Benchmarks/Secure Configuration Guides
Platform/Vendor-Specific Guides
General-Purpose Guides
For More Information
Chapter 14 Review
Chapter 15 Types of Attacks and Malicious Software
Avenues of Attack
Minimizing Possible Avenues of Attack
Malicious Code
Malware
Ransomware
Trojans
Worms
Viruses
Polymorphic Malware
Potentially Unwanted Programs
Command and Control
Botnets
Crypto-Malware
Logic Bombs
Spyware
Adware
Keyloggers
Remote-Access Trojans (RATs)
Rootkit
Backdoors and Trapdoors
Application-Level Attacks
Malware Defenses
Attacking Computer Systems and Networks
Denial-of-Service Attacks
Social Engineering
Sniffing
Spoofing
MAC Spoofing
TCP/IP Hijacking
Man-in-the-Middle Attacks
Man-in-the-Browser
Replay Attacks
Transitive Access
Scanning Attacks
Attacks on Encryption
Address System Attacks
Cache Poisoning
Amplification
Domain Hijacking
Pass-the-Hash Attacks
Software Exploitation
Client-Side Attacks
Driver Manipulation
Advanced Persistent Threat
Password Attacks
Password Guessing
Poor Password Choices
Spraying
Dictionary Attack
Brute Force Attack
Rainbow Tables
Plaintext/Unencrypted
Chapter 15 Review
Chapter 16 Security Tools and Techniques
Network Reconnaissance and Discovery Tools
tracert/traceroute
nslookup/dig
ipconfig/ifconfig
nmap
ping/pathping
hping
netstat
netcat (nc)
IP Scanners
arp
route
curl
theHarvester
sn1per
scanless
dnsenum
Nessus
Cuckoo
File Manipulation Tools
head
tail
cat
grep
chmod
logger
Shell and Script Environments
SSH
PowerShell
Python
OpenSSL
Packet Capture and Replay Tools
tcpreplay
tcpdump
Wireshark
Forensic Tools
dd
memdump
WinHex
FTK Imager
Autopsy
Tool Suites
Metasploit
Kali
Parrot OS
Security Onion
Social-Engineering Toolkit
Cobalt Strike
Core Impact
Burp Suite
Penetration Testing
Penetration Testing Authorization
Reconnaissance
Passive vs. Active Tools
Pivoting
Initial Exploitation
Persistence
Escalation of Privilege
Vulnerability Testing
Vulnerability Scanning Concepts
False Positives
False Negatives
Log Reviews
Credentialed vs. Non-Credentialed
Intrusive vs. Non-Intrusive
Applications
Web Applications
Network
Common Vulnerabilities and Exposures (CVE)/Common Vulnerability Scoring System (CVSS)
Configuration Review
System Testing
Auditing
Performing Routine Audits
Vulnerabilities
Cloud-based vs. On-premises Vulnerabilities
Zero Day
Weak Configurations
Open Permissions
Unsecure Root Accounts
Errors
Weak Encryption
Unsecure Protocols
Default Settings
Open Ports and Services
Improper or Weak Patch Management
Chapter 16 Review
Chapter 17 Web Components, E-mail, and Instant Messaging
Current Web Components and Concerns
Web Protocols
Encryption (SSL and TLS)
How TLS Works
The Web (HTTP and HTTPS)
HTTPS Everywhere
HTTP Strict Transport Security
Directory Services (DAP and LDAP)
File Transfer (FTP and SFTP)
Vulnerabilities
Code-Based Vulnerabilities
Java
JavaScript
Securing the Browser
Server-Side Scripts
Cookies
Browser Plug-Ins
Malicious Add-Ons
Code Signing
Application-Based Weaknesses
Session Hijacking
Client-Side Attacks
Web 2.0 and Security
How E-mail Works
E-mail Structure
MIME
Security of E-mail
Spam
Malicious Code
Hoax E-mails
Mail Gateway
Spam Filter
Mail Relaying
Greylisting
Spam URI Real-time Block Lists
Sender Policy Framework (SPF)
Sender ID Framework
DomainKeys Identified Mail
DLP
Mail Encryption
S/MIME
PGP
Instant Messaging
Modern Instant Messaging Systems
Chapter 17 Review
Chapter 18 Cloud Computing
Cloud Computing
Cloud Characteristics
Cloud Computing Service Models
Level of Control in the Hosting Models
Services Integration
Cloud Types
Private
Public
Hybrid
Community
On-premises vs. Hosted vs. Cloud
Cloud Service Providers
Transit Gateway
Cloud Security Controls
High Availability Across Zones
Resource Policies
Secrets Management
Integration and Auditing
Storage
Network
Compute
Security as a Service
Managed Security Service Provider (MSSP)
Cloud Security Solutions
Cloud Access Security Broker (CASB)
Application Security
Firewall Considerations in a Cloud Environment
Cloud-native Controls vs. Third-party Solutions
Virtualization
Type I
Type II
Virtual Machine (VM) Sprawl Avoidance
VM Escape Protection
VDI/VDE
Fog Computing
Edge Computing
Thin Client
Containers
Microservices/API
Serverless Architecture
Chapter 18 Review
Chapter 19 Secure Software Development
The Software Engineering Process
Process Models
Secure Development Lifecycle
Environments
Secure Coding Concepts
Error and Exception Handling
Input and Output Validation
Normalization
Bug Tracking
Application Attacks
Cross-Site Scripting
Injections
Directory Traversal/Command Injection
Buffer Overflow
Integer Overflow
Cross-Site Request Forgery
Zero Day
Attachments
Locally Shared Objects
Client-Side Attacks
Arbitrary/Remote Code Execution
Open Vulnerability and Assessment Language
Application Hardening
Application Configuration Baseline
Application Patch Management
NoSQL Databases vs. SQL Databases
Server-Side vs. Client-Side Validation
Code Signing
Encryption
Obfuscation/Camouflage
Code Reuse/Dead Code
Memory Management
Use of Third-Party Libraries and SDKs
Data Exposure
Code Quality and Testing
Static Code Analyzers
Dynamic Analysis (Fuzzing)
Stress Testing
Sandboxing
Model Verification
Compiled Code vs. Runtime Code
Software Diversity
Compiler
Binary
Secure DevOps
Automation/Scripting
Continuous Monitoring
Continuous Validation
Continuous Integration
Continuous Delivery
Continuous Deployment
Infrastructure as Code
Elasticity
Scalability
Version Control and Change Management
Baselining
Immutable Systems
Provisioning and Deprovisioning
Integrity Measurement
For More Information
Chapter 19 Review
Chapter 20 Risk Management
An Overview of Risk Management
Example of Risk Management at the International Banking Level
Risk Management Vocabulary
What Is Risk Management?
Risk Management Culture
Risk Response Techniques
Risk Management Frameworks
Security Controls
Categories
Control Types
Business Risks
Examples of Business Risks
Examples of Technology Risks
Business Impact Analysis
Mission-Essential Functions
Identification of Critical Systems
Single Point of Failure
Impact
Third-party Risks
Vendor Management
Supply Chain
Outsourced Code Development
Data Storage
Risk Mitigation Strategies
Change Management
Incident Management
User Rights and Permissions Reviews
Data Loss or Theft
Risk Management Models
General Risk Management Model
Software Engineering Institute Model
NIST Risk Models
Model Application
Risk Assessment
Qualitatively Assessing Risk
Risk Matrix/Heat Map
Quantitatively Assessing Risk
Adding Objectivity to a Qualitative Assessment
Risk Calculation
Qualitative vs. Quantitative Risk Assessment
Tools
Cost-Effectiveness Modeling
Risk Management Best Practices
System Vulnerabilities
Threat Vectors
Probability/Threat Likelihood
Risks Associated with Cloud Computing and Virtualization
Additional References
Chapter 20 Review
Chapter 21 Business Continuity, Disaster Recovery, and Change Management
Business Continuity
Business Continuity Plans
Business Impact Analysis
Identification of Critical Systems and Components
Removing Single Points of Failure
Risk Assessment
Succession Planning
After-Action Reports
Failover
Backups
Alternative Sites
Order of Restoration
Utilities
Secure Recovery
Continuity of Operations Planning (COOP)
Disaster Recovery
Disaster Recovery Plans/Process
Categories of Business Functions
IT Contingency Planning
Test, Exercise, and Rehearse
Recovery Time Objective and Recovery Point Objective
Why Change Management?
The Key Concept: Separation of Duties
Elements of Change Management
Implementing Change Management
Backout Plan
The Purpose of a Change Control Board
Code Integrity
The Capability Maturity Model Integration
Environment
Development
Test
Staging
Production
Secure Baseline
Sandboxing
Integrity Measurement
Chapter 21 Review
Chapter 22 Incident Response
Foundations of Incident Response
Incident Management
Goals of Incident Response
Attack Frameworks
Anatomy of an Attack
Cyber Kill Chain
MITRE ATT&CK
The Diamond Model of Intrusion Analysis
Threat Intelligence
Threat Hunting
Security Orchestration, Automation, and Response (SOAR)
Incident Response Process
Preparation
Incident Response Plan
Incident Identification/Detection
Identification
Initial Response
Containment/Incident Isolation
Strategy Formulation
Investigation
Eradication
Recovery
Reporting
Lessons Learned
Incident Response Team
Exercises
Tabletop
Walkthroughs
Simulations
Stakeholder Management
Communication Plan
Data Sources
Log Files
Network
System
Application
Security
Web
DNS
Authentication
Dump Files
VoIP and Call Managers
Session Initiation Protocol (SIP) Traffic
Syslog/Rsyslog/Syslog-ng
Journalctl
NXLog
Bandwidth Monitors
NetFlow/sFlow
Metadata
Data Collection Models
Collection Inventory Matrix
Collection Management Framework
Standards and Best Practices
State of Compromise
NIST
Department of Justice
Indicators of Compromise
Security Measure Implementation
Making Security Measurable
Retention Policies
For More Information
Chapter 22 Review
Chapter 23 Computer Forensics
Evidence
Types of Evidence
Standards for Evidence
Three Rules Regarding Evidence
Chain of Custody
Tags
Forensic Process
Data Recovery
Acquiring Evidence
Identifying Evidence
Protecting Evidence
Transporting Evidence
Storing Evidence
Conducting the Investigation
Message Digest and Hash
Analysis
Timelines of Sequence of Events
Provenance
Recovery
Strategic Intelligence/Counterintelligence Gathering
Active Logging
Track Man-Hours
Reports
Host Forensics
Filesystems
Artifacts
Swap/Pagefile
Firmware
Snapshot
Cache
Windows Metadata
Linux Metadata
Timestamps
Device Forensics
Network Forensics
Legal Hold
E-discovery
Big Data
Cloud
Right to Audit Clauses
Regulatory/Jurisdiction
Chapter 23 Review
Chapter 24 Legal Issues and Ethics
Cybercrime
U.S. Law Enforcement Encryption Debate
Common Internet Crime Schemes
Sources of Laws
Computer Trespass
Convention on Cybercrime
Significant U.S. Laws
Payment Card Industry Data Security Standard (PCI DSS)
Import/Export Encryption Restrictions
Digital Signature Laws
Digital Rights Management
Ethics
Chapter 24 Review
Chapter 25 Privacy
Data Handling
Organizational Consequences of Privacy Breaches
Reputation Damage
Identity Theft
Fines
IP Theft
Data Sensitivity Labeling and Handling
Public
Private
Sensitive
Confidential
Critical
Proprietary
Personally Identifiable Information (PII)
Data Roles
Data Owner
Data Controller
Data Processor
Data Custodian/Steward
Data Privacy Officer
Data Destruction and Media Sanitization
Data/Information Lifecycle
Burning
Shredding
Pulping
Pulverizing
Degaussing
Purging
Wiping
U.S. Privacy Laws
Fair Information Practice Principles (FIPPs)
Privacy Act of 1974
Freedom of Information Act (FOIA)
Family Education Records and Privacy Act (FERPA)
U.S. Computer Fraud and Abuse Act (CFAA)
U.S. Children’s Online Privacy Protection Act (COPPA)
Video Privacy Protection Act (VPPA)
Health Insurance Portability and Accountability Act (HIPAA)
Gramm-Leach-Bliley Act (GLBA)
California Senate Bill 1386 (SB 1386)
U.S. Banking Rules and Regulations
Payment Card Industry Data Security Standard (PCI DSS)
Fair Credit Reporting Act (FCRA)
Fair and Accurate Credit Transactions Act (FACTA)
International Privacy Laws
OECD Fair Information Practices
European Laws
Canadian Law
Asian Laws
Privacy-Enhancing Technologies
Data Minimization
Data Masking
Tokenization
Anonymization
Pseudo-Anonymization
Privacy Policies
Terms of Agreement
Privacy Notice
Privacy Impact Assessment
Web Privacy Issues
Cookies
Privacy in Practice
User Actions
Data Breaches
For More Information
Chapter 25 Review
Appendix A CompTIA Security+ Exam Objectives: SY0-601
Appendix B About the Online Content
System Requirements
Your Total Seminars Training Hub Account
Privacy Notice
Single User License Terms and Conditions
TotalTester Online
Technical Support
Glossary
Index
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Next
Next Chapter
About the Authors
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset