List of Figures

Figure 1.1:     Classification of information security analysts
Figure 1.2:     Time-consuming activities for information security professionals
Figure 1.3:     Training needs identified by information security professionals
Figure 1.4:     ILOVEYOU virus
Figure 1.5:     T.J. Maxx
Figure 1.6:     Defaced Georgian foreign ministry website
Figure 1.7:     Google-China offices
Figure 1.8:     Online Software Inspector
Figure 1.9:     PC audit report
Figure 1.10:   Contents of Downloads folder for Steganography exercise
Figure 1.11:   Commands to hide text files at the end of image files
Figure 1.12:   Manipulated images among original images
Figure 1.13:   Opening image files in Notepad
Figure 1.14:   Secret message hidden at the end of the image file
Figure 1.15:   Sunshine State University funding sources
Figure 1.16:   Extract from the organization structure of Sunshine State University
Figure 2.1:     Paul Ceglia
Figure 2.2:     Windows desktop usage—April 2013
Figure 2.3:     System Center Operation Manager
Figure 2.4:     Unix family tree
Figure 2.5:     Albert Gonzalez, at the time of his indictment in August 2009
Figure 2.6:     T J Maxx sales (2005–2010)
Figure 2.7:     Virtual machine structure
Figure 2.8:     VirtualBox download page
Figure 2.9:     VirtualBox installer welcome screen
Figure 2.10:   Default install Location
Figure 2.11:   VirtualBox install confirmation
Figure 2.12:   VirtualBox manager
Figure 2.13:   Default setting for OS import
Figure 2.14:   Virtual machine in Virtual machine manager
Figure 2.15:   CPU error
Figure 2.16:   Enabling PAE
Figure 2.17:   Attach the VM to NAT
Figure 2.18:   CentOS VM login screen
Figure 2.19:   CentOS Linux desktop
Figure 2.20:   Sunshine State University email infrastructure
Figure 3.1:     Operating system structure
Figure 3.2:     Reaching the command prompt window
Figure 3.3:     Unix file hierarchy
Figure 3.4:     vimtutor interface
Figure 3.5:     Reaching users and groups manager
Figure 3.6:     Adding users
Figure 3.7:     Group manager
Figure 4.1:     The basic information security model
Figure 4.2:     Example CVE listing at the time of reporting
Figure 4.3:     NVD entry for the CVE listing
Figure 4.4:     ATLAS web interface
Figure 4.5:     Phishing example
Figure 4.6:     Adobe Flash zero-day exploit launched on February 28, 2011
Figure 4.7:     Exploit usage
Figure 4.8:     Using a browser on the VM
Figure 5.1:     J-20 fighter
Figure 5.2:     The elements of asset characterization
Figure 5.3:     Generic IT asset life cycle
Figure 5.4:     Student Information System
Figure 5.5:     Uses of a hacked PC
Figure 6.1:     Threat model
Figure 6.2:     Threat agents over time by percent of breaches
Figure 6.3:     External agents
Figure 6.4A:   Chinese J-20 jet
Figure 6.4B:   Lockheed F-22 jet
Figure 6.5:     Internal agents
Figure 6.6:     Partners
Figure 6.7:     Edward Snowden
Figure 6.8:     Datagram ISP goes down with Hurricane Sandy
Figure 6.9:     Melissa error message
Figure 6.10:   High level XSS attack
Figure 6.11:   Bonzi buddy
Figure 6.12:   Top vendor vulnerability breakdown
Figure 6.13:   Firefox certificate exception
Figure 6.14:   GSA main screen
Figure 6.15:   New Task configuration
Figure 6.16:   Starting a new scan
Figure 6.17:   Viewing scan details
Figure 6.18:   Report page
Figure 7.1:     Encryption and decryption in context
Figure 7.2:     Reference to Caesar cipher
Figure 7.3:     Secret key cryptography overview
Figure 7.4:     Public-key cryptography overview for data transmission
Figure 7.5:     Using public-key encryption for digital signatures
Figure 7.6:     Checksums example
Figure 7.7:     Generic form of block encryption
Figure 7.8:     Electronic code book
Figure 7.9:     Cipher block chaining
Figure 7.10:   Hash functions
Figure 7.11:   Public-key certification process
Figure 7.12:   CAs in browser
Figure 7.13:   Untrusted certificate
Figure 7.14:   GPG passphrase dialog
Figure 8.1:     Identity and access management
Figure 8.2:     Match/Merge flowchart
Figure 8.3:     Smart card in a USB card reader
Figure 8.4:     Hardware token
Figure 8.5:     Fingerprint with minutia highlighted
Figure 8.6:     Iris scanning in the Dubai Airport
Figure 8.7:     Kerberos ticket exchange
Figure 8.8:     Token-based authentication
Figure 8.9:     Central authentication service
Figure 8.10:   Discovery service for the InCommon federation
Figure 8.11:   SSO with a SAML federation
Figure 8.12:   OpenID
Figure 8.13:   OpenID 2.0 provider selection screen
Figure 8.14:   http://trendsmap.com
Figure 8.15:   OAuth token passing
Figure 8.16:   Application UserId and ProviderUserId
Figure 8.17:   Intruder's attack path to military establishments
Figure 8.18:   Configuration QR code
Figure 8.19:   Google Authenticator (iOS)
Figure 9.1:     Access matrix example
Figure 9.2:     Typical firewall
Figure 9.3:     Perimeter firewalls and demilitarized zones
Figure 9.4:     Windows firewall blocking http
Figure 9.5:     Windows firewall allowing http
Figure 9.6:     Typical competitor console, circa 2003
Figure 9.7:     AirTight console, circa 2005
Figure 9.8:     /var/ossec/etc/ossec.conf (after change)
Figure 9.9:     OSSEC-WebUI
Figure 9.10:   Superb Fairy-Wrens, 40% success rate with security controls
Figure 11.1:   IRT interactions
Figure 11.2:   IRT communications
Figure 11.3:   DollSays
Figure 11.4:   Website defacement example
Figure 11.5:   PII search
Figure 11.6:   OSSEC, a popular file integrity tool
Figure 11.7:   Typical logs consolidated
Figure 11.8:   Log analysis
Figure 11.9:   End point protection example
Figure 11.10: Containment, eradication, and recovery timeline
Figure 12.1:   Event Viewer Screen on Windows 8
Figure 12.2:   Summary of Administrative Events pane
Figure 12.3:   Recently viewed nodes
Figure 12.4:   Log Summary pane
Figure 12.5:   - Informational event screenshot
Figure 12.6:   Windows Administrative Events view
Figure 12.7:   syslog file evidence
Figure 12.8:   auth.log file
Figure 12.9:   Sample run of last
Figure 12.10: Output of w command
Figure 12.11: Security Log snapshot
Figure 12.12: Log consolidation
Figure 12.13: Output of system info program
Figure 12.14: The sfc command
Figure 12.15: Windows MAC timestamps
Figure 12.16: File Explorer with timestamps
Figure 12.17: Sample timeline
Figure 12.18: Information Security and IT Risk Management is not affiliated with or otherwise sponsored by Dropbox, Inc.
Figure 13.1:   Policy, standard, and guideline
Figure 13.2:   Compliance
Figure 14.1:   NIST 800-39 risk-management framework
Figure 14.2:   Threat model
Figure 14.3:   Risk assessment model
Figure 14.4:   Sarbanes–Oxley auditing guidelines workflow for impact on IT
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
13.59.114.228