Table of Contents

List of Figures

Preface

Chapter 1 — Introduction

Overview

Professional utility of information security knowledge

Brief history

Definition of information security

Summary

Example case – Wikileaks, Cablegate, and free reign over classified networks

Chapter review questions

Example case questions

Hands-on activity – Software Inspector, Steganography

Critical thinking exercise: identifying CIA area(s) affected by sample real-life hacking incidents

Design case

Chapter 2 — System Administration (Part 1)

Overview

Introduction

What is system administration?

System administration and information security

Common system administration tasks

System administration utilities

Summary

Example case – T.J. Maxx

Chapter review questions

Example case questions

Hands-on Activity – Linux system installation

Critical thinking exercise – Google executives sentenced to prison over video

Design case

Chapter 3 — System Administration (Part 2)

Overview

Operating system structure

The command-line interface

Files and directories

Moving around the filesystem – pwd, cd

Listing files and directories

Shell expansions

File management

Viewing files

Searching for files

Access control and user management

Access control lists

File ownership

Editing files

Software installation and updates

Account management

Command-line user administration

Example case – Northwest Florida State College

Summary

Chapter review questions

Example case questions

Hands-on activity – basic Linux system administration

Critical thinking exercise – offensive cyber effects operations (OCEO)

Design Case

Chapter 4 — The Basic Information Security Model

Overview

Introduction

Components of the basic information security model

Common vulnerabilities, threats, and controls

Example case – ILOVEYOU virus

Summary

Chapter review questions

Example case questions

Hands-on activity – web server security

Critical thinking exercise – the internet, “American values,” and security

Design case

Chapter 5 — Asset Identification and Characterization

Overview

Assets overview

Determining assets that are important to the organization

Asset types

Asset characterization

IT asset life cycle and asset identification

System profiling

Asset ownership and operational responsibilities

Example case – Stuxnet

Summary

Chapter review questions

Example case questions

Hands-on activity – course asset identification

Critical thinking exercise – uses of a hacked PC

Design case

Chapter 6 — Threats and Vulnerabilities

Overview

Introduction

Threat models

Threat agent

Threat action

Vulnerabilities

Example case – Gozi

Summary

Chapter review questions

Example case questions

Hands-on activity – Vulnerability scanning

Critical thinking exercise – Iraq cyberwar plans in 2003

Design case

Chapter 7 — Encryption Controls

Overview

Introduction

Encryption basics

Encryption types overview

Encryption types details

Encryption in use

Example case – Nation technologies

Summary

Chapter review questions

Example case questions

Hands-on activity – encryption

Critical thinking exercise – encryption keys embed business models

Design case

Chapter 8 — Identity and Access Management

Overview

Identity management

Access management

Authentication

Single sign-on

Federation

Example case – Markus Hess

Summary

Chapter review questions

Example case questions

Hands-on activity – identity match and merge

Critical thinking exercise – feudalism the security solution for the internet?

Design case

Chapter 9 — Hardware and Software Controls

Overview

Password management

Access control

Firewalls

Intrusion detection/prevention systems

Patch management for operating systems and applications

End-point protection

Example case – AirTight networks

Chapter review questions

Example case questions

Hands-on activity – host-based IDS (OSSEC)

Critical thinking exercise – extra-human security controls

Design case

Chapter 10 — Shell Scripting

Overview

Introduction

Output redirection

Text manipulation

Variables

Conditionals

User input

Loops

Putting it all together

Example case – Max Butler

Summary

Chapter review questions

Example case questions

Hands-on activity – basic scripting

Critical thinking exercise – script security

Design case

Chapter 11 — Incident Handling

Introduction

Incidents overview

Incident handling

The disaster

Example case – on-campus piracy

Summary

Chapter review questions

Example case questions

Hands-on activity – incident timeline using OSSEC

Critical thinking exercise – destruction at the EDA

Design case

Chapter 12 — Incident Analysis

Introduction

Log analysis

Event criticality

General log configuration and maintenance

Live incident response

Timelines

Other forensics topics

Example case – backup server compromise

Chapter review questions

Example case questions

Hands-on activity – server log analysis

Critical thinking exercise – destruction at the EDA

Design case

Chapter 13 — Policies, Standards, and Guidelines

Introduction

Guiding principles

Writing a policy

Impact assessment and vetting

Policy review

Compliance

Key policy issues

Example case – HB Gary

Summary

Reference

Chapter review questions

Example case questions

Hands-on activity – create an AUP

Critical thinking exercise – Aaron Swartz

Design case

Chapter 14 — IT Risk Analysis and Risk Management

Overview

Introduction

Risk management as a component of organizational management

Risk-management framework

The NIST 800-39 framework

Risk assessment

Other risk-management frameworks

IT general controls for Sarbanes – Oxley compliance

Compliance versus risk management

Selling security

Example case – online marketplace purchases

Summary

Chapter review questions

Hands-on activity – risk assessment using LSOF

Critical thinking exercise – risk estimation biases

Design case

Appendix A — Password List for the Linux Virtual Machine

Glossary

Index

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.145.112.187