Figure 1.1: | Classification of information security analysts |
Figure 1.2: | Time-consuming activities for information security professionals |
Figure 1.3: | Training needs identified by information security professionals |
Figure 1.4: | ILOVEYOU virus |
Figure 1.5: | T.J. Maxx |
Figure 1.6: | Defaced Georgian foreign ministry website |
Figure 1.7: | Google-China offices |
Figure 1.8: | Online Software Inspector |
Figure 1.9: | PC audit report |
Figure 1.10: | Contents of Downloads folder for Steganography exercise |
Figure 1.11: | Commands to hide text files at the end of image files |
Figure 1.12: | Manipulated images among original images |
Figure 1.13: | Opening image files in Notepad |
Figure 1.14: | Secret message hidden at the end of the image file |
Figure 1.15: | Sunshine State University funding sources |
Figure 1.16: | Extract from the organization structure of Sunshine State University |
Figure 2.1: | Paul Ceglia |
Figure 2.2: | Windows desktop usage—April 2013 |
Figure 2.3: | System Center Operation Manager |
Figure 2.4: | Unix family tree |
Figure 2.5: | Albert Gonzalez, at the time of his indictment in August 2009 |
Figure 2.6: | T J Maxx sales (2005–2010) |
Figure 2.7: | Virtual machine structure |
Figure 2.8: | VirtualBox download page |
Figure 2.9: | VirtualBox installer welcome screen |
Figure 2.10: | Default install Location |
Figure 2.11: | VirtualBox install confirmation |
Figure 2.12: | VirtualBox manager |
Figure 2.13: | Default setting for OS import |
Figure 2.14: | Virtual machine in Virtual machine manager |
Figure 2.15: | CPU error |
Figure 2.16: | Enabling PAE |
Figure 2.17: | Attach the VM to NAT |
Figure 2.18: | CentOS VM login screen |
Figure 2.19: | CentOS Linux desktop |
Figure 2.20: | Sunshine State University email infrastructure |
Figure 3.1: | Operating system structure |
Figure 3.2: | Reaching the command prompt window |
Figure 3.3: | Unix file hierarchy |
Figure 3.4: | vimtutor interface |
Figure 3.5: | Reaching users and groups manager |
Figure 3.6: | Adding users |
Figure 3.7: | Group manager |
Figure 4.1: | The basic information security model |
Figure 4.2: | Example CVE listing at the time of reporting |
Figure 4.3: | NVD entry for the CVE listing |
Figure 4.4: | ATLAS web interface |
Figure 4.5: | Phishing example |
Figure 4.6: | Adobe Flash zero-day exploit launched on February 28, 2011 |
Figure 4.7: | Exploit usage |
Figure 4.8: | Using a browser on the VM |
Figure 5.1: | J-20 fighter |
Figure 5.2: | The elements of asset characterization |
Figure 5.3: | Generic IT asset life cycle |
Figure 5.4: | Student Information System |
Figure 5.5: | Uses of a hacked PC |
Figure 6.1: | Threat model |
Figure 6.2: | Threat agents over time by percent of breaches |
Figure 6.3: | External agents |
Figure 6.4A: | Chinese J-20 jet |
Figure 6.4B: | Lockheed F-22 jet |
Figure 6.5: | Internal agents |
Figure 6.6: | Partners |
Figure 6.7: | Edward Snowden |
Figure 6.8: | Datagram ISP goes down with Hurricane Sandy |
Figure 6.9: | Melissa error message |
Figure 6.10: | High level XSS attack |
Figure 6.11: | Bonzi buddy |
Figure 6.12: | Top vendor vulnerability breakdown |
Figure 6.13: | Firefox certificate exception |
Figure 6.14: | GSA main screen |
Figure 6.15: | New Task configuration |
Figure 6.16: | Starting a new scan |
Figure 6.17: | Viewing scan details |
Figure 6.18: | Report page |
Figure 7.1: | Encryption and decryption in context |
Figure 7.2: | Reference to Caesar cipher |
Figure 7.3: | Secret key cryptography overview |
Figure 7.4: | Public-key cryptography overview for data transmission |
Figure 7.5: | Using public-key encryption for digital signatures |
Figure 7.6: | Checksums example |
Figure 7.7: | Generic form of block encryption |
Figure 7.8: | Electronic code book |
Figure 7.9: | Cipher block chaining |
Figure 7.10: | Hash functions |
Figure 7.11: | Public-key certification process |
Figure 7.12: | CAs in browser |
Figure 7.13: | Untrusted certificate |
Figure 7.14: | GPG passphrase dialog |
Figure 8.1: | Identity and access management |
Figure 8.2: | Match/Merge flowchart |
Figure 8.3: | Smart card in a USB card reader |
Figure 8.4: | Hardware token |
Figure 8.5: | Fingerprint with minutia highlighted |
Figure 8.6: | Iris scanning in the Dubai Airport |
Figure 8.7: | Kerberos ticket exchange |
Figure 8.8: | Token-based authentication |
Figure 8.9: | Central authentication service |
Figure 8.10: | Discovery service for the InCommon federation |
Figure 8.11: | SSO with a SAML federation |
Figure 8.12: | OpenID |
Figure 8.13: | OpenID 2.0 provider selection screen |
Figure 8.14: | http://trendsmap.com |
Figure 8.15: | OAuth token passing |
Figure 8.16: | Application UserId and ProviderUserId |
Figure 8.17: | Intruder's attack path to military establishments |
Figure 8.18: | Configuration QR code |
Figure 8.19: | Google Authenticator (iOS) |
Figure 9.1: | Access matrix example |
Figure 9.2: | Typical firewall |
Figure 9.3: | Perimeter firewalls and demilitarized zones |
Figure 9.4: | Windows firewall blocking http |
Figure 9.5: | Windows firewall allowing http |
Figure 9.6: | Typical competitor console, circa 2003 |
Figure 9.7: | AirTight console, circa 2005 |
Figure 9.8: | /var/ossec/etc/ossec.conf (after change) |
Figure 9.9: | OSSEC-WebUI |
Figure 9.10: | Superb Fairy-Wrens, 40% success rate with security controls |
Figure 11.1: | IRT interactions |
Figure 11.2: | IRT communications |
Figure 11.3: | DollSays |
Figure 11.4: | Website defacement example |
Figure 11.5: | PII search |
Figure 11.6: | OSSEC, a popular file integrity tool |
Figure 11.7: | Typical logs consolidated |
Figure 11.8: | Log analysis |
Figure 11.9: | End point protection example |
Figure 11.10: | Containment, eradication, and recovery timeline |
Figure 12.1: | Event Viewer Screen on Windows 8 |
Figure 12.2: | Summary of Administrative Events pane |
Figure 12.3: | Recently viewed nodes |
Figure 12.4: | Log Summary pane |
Figure 12.5: | - Informational event screenshot |
Figure 12.6: | Windows Administrative Events view |
Figure 12.7: | syslog file evidence |
Figure 12.8: | auth.log file |
Figure 12.9: | Sample run of last |
Figure 12.10: | Output of w command |
Figure 12.11: | Security Log snapshot |
Figure 12.12: | Log consolidation |
Figure 12.13: | Output of system info program |
Figure 12.14: | The sfc command |
Figure 12.15: | Windows MAC timestamps |
Figure 12.16: | File Explorer with timestamps |
Figure 12.17: | Sample timeline |
Figure 12.18: | Information Security and IT Risk Management is not affiliated with or otherwise sponsored by Dropbox, Inc. |
Figure 13.1: | Policy, standard, and guideline |
Figure 13.2: | Compliance |
Figure 14.1: | NIST 800-39 risk-management framework |
Figure 14.2: | Threat model |
Figure 14.3: | Risk assessment model |
Figure 14.4: | Sarbanes–Oxley auditing guidelines workflow for impact on IT |
13.59.114.228