Оглавление
Mike Chapple. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide
Table of Contents
List of Tables
List of Illustrations
Guide
Pages
(ISC)2® CISSP® Certified Information Systems Security Professional. Official Study Guide
Acknowledgments
About the Authors
About the Technical Editors
Foreword
Introduction
(ISC)2
Topical Domains
Prequalifications
Overview of the CISSP Exam
CISSP Exam Question Types
Advice on Taking the Exam
Study and Exam Preparation Tips
Completing the Certification Process
The Elements of This Study Guide
Interactive Online Learning Environment and TestBank
Study Guide Exam Objectives
Objective Map
Reader Support for This Book. How to Contact the Publisher
Assessment Test
Answers to Assessment Test
Chapter 1 Security Governance Through Principles and Policies
Security 101
Understand and Apply Security Concepts
Confidentiality
Integrity
Availability
DAD, Overprotection, Authenticity, Non-repudiation, and AAA Services
Identification
Authentication
Authorization
Auditing
Accountability
Protection Mechanisms
Defense in Depth
Abstraction
Data Hiding
Encryption
Security Boundaries
Evaluate and Apply Security Governance Principles
Third-Party Governance
Documentation Review
Manage the Security Function
Alignment of Security Function to Business Strategy, Goals, Mission, and Objectives
Organizational Processes
Organizational Roles and Responsibilities
Security Control Frameworks
Due Diligence and Due Care
Security Policy, Standards, Procedures, and Guidelines
Security Policies
Acceptable Use Policy
Security Standards, Baselines, and Guidelines
Security Procedures
Threat Modeling
Identifying Threats
Be Alert for Individual Threats
Determining and Diagramming Potential Attacks
Performing Reduction Analysis
Prioritization and Response
Supply Chain Risk Management
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 2 Personnel Security and Risk Management Concepts
Personnel Security Policies and Procedures
Job Descriptions and Responsibilities
Candidate Screening and Hiring
Onboarding: Employment Agreements and Policies
Employee Oversight
Offboarding, Transfers, and Termination Processes
Firing: Timing Is Everything
Vendor, Consultant, and Contractor Agreements and Controls
Compliance Policy Requirements
Privacy Policy Requirements
Understand and Apply Risk Management Concepts
Risk Terminology and Concepts
Asset Valuation
Identify Threats and Vulnerabilities
The Consultant Cavalry
Risk Assessment/Analysis
Qualitative Risk Analysis
Scenarios
Delphi Technique
Quantitative Risk Analysis
Risk Responses
Legal and in Compliance
Cost vs. Benefit of Security Controls
Yikes, So Much Math!
Countermeasure Selection and Implementation
Administrative
Technical or Logical
Physical
Applicable Types of Controls
Preventive
Deterrent
Detective
Compensating
Corrective
Recovery
Directive
Security Control Assessment
Monitoring and Measurement
Risk Reporting and Documentation
Continuous Improvement
Risk Frameworks
Social Engineering
Social Engineering Principles
Authority
Intimidation
Consensus
Scarcity
Familiarity
Trust
Urgency
Eliciting Information
Prepending
Phishing
Spear Phishing
Whaling
Smishing
Vishing
Spam
Shoulder Surfing
Invoice Scams
Hoax
Impersonation and Masquerading
Tailgating and Piggybacking
Baiting
Dumpster Diving
Identity Fraud
Typo Squatting
Influence Campaigns
Hybrid Warfare
Social Media
Establish and Maintain a Security Awareness, Education, and Training Program
Awareness
Training
Education
Improvements
Effectiveness Evaluation
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 3 Business Continuity Planning
Planning for Business Continuity
Business Continuity Planning vs. Disaster Recovery Planning
Project Scope and Planning
Organizational Review
BCP Team Selection
Tips for Selecting an Effective BCP Team
Senior Management and BCP
Resource Requirements
Real World Scenario. Explaining the Benefits of BCP
Legal and Regulatory Requirements
Business Impact Analysis
Identifying Priorities
Risk Identification
Business Impact Analysis and the Cloud
Likelihood Assessment
Impact Analysis
Resource Prioritization
Continuity Planning
Strategy Development
Provisions and Processes
People
Buildings and Facilities
Infrastructure
Plan Approval and Implementation
Plan Approval
Plan Implementation
Training and Education
BCP Documentation
Continuity Planning Goals
Statement of Importance
Statement of Priorities
Statement of Organizational Responsibility
Statement of Urgency and Timing
Risk Assessment
Risk Acceptance/Mitigation
Vital Records Program
Emergency Response Guidelines
Maintenance
Testing and Exercises
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 4 Laws, Regulations, and Compliance
Categories of Laws
Criminal Law
Real World Scenario. Don't Underestimate Technology Crime Investigators
Civil Law
Administrative Law
Laws
Computer Crime
Computer Fraud and Abuse Act
CFAA Amendments
National Information Infrastructure Protection Act of 1996
Federal Sentencing Guidelines
Federal Information Security Management Act
Federal Cybersecurity Laws of 2014
Intellectual Property (IP)
Copyright and the Digital Millennium Copyright Act
Trademarks
Patents
Protecting Software
Design Patents
Trade Secrets
Economic Espionage Act of 1996
Licensing
Import/Export
Countries of Concern
Encryption Export Controls
Privacy
U.S. Privacy Law
Data Breach Notification Laws
Real World Scenario. Privacy in the Workplace
European Union Privacy Law
European Union Data Protection Directive (DPD)
European Union General Data Protection Regulation
Cross-Border Information Sharing
Canadian Privacy Law
State Privacy Laws
Compliance
Real World Scenario. Payment Card Industry Data Security Standard
Contracting and Procurement
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 5 Protecting Security of Assets
Identifying and Classifying Information and Assets
Defining Sensitive Data
Personally Identifiable Information
Protected Health Information
Proprietary Data
Defining Data Classifications
Defining Asset Classifications
Understanding Data States
Determining Compliance Requirements
Determining Data Security Controls
Establishing Information and Asset Handling Requirements
Data Maintenance
Data Loss Prevention
Marking Sensitive Data and Assets
Handling Sensitive Information and Assets
Data Collection Limitation
Data Location
Storing Sensitive Data
Data Destruction
Eliminating Data Remanence
Common Data Destruction Methods
Cryptographic Erasure
Ensuring Appropriate Data and Asset Retention
Real World Scenario. Retention Policies Can Reduce Liabilities
Data Protection Methods
Digital Rights Management
Cloud Access Security Broker
Pseudonymization
Tokenization
Anonymization
Understanding Data Roles
Data Owners
Asset Owners
Business/Mission Owners
Data Processors and Data Controllers
Data Custodians
Administrators
Users and Subjects
Using Security Baselines
Comparing Tailoring and Scoping
Standards Selection
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 6 Cryptography and Symmetric Key Algorithms
Cryptographic Foundations
Goals of Cryptography
Confidentiality
Integrity
Authentication
Nonrepudiation
Cryptography Concepts
Kerckhoffs's Principle
Cryptographic Mathematics
Boolean Mathematics
Logical Operations
AND
OR
NOT
Exclusive OR
Modulo Function
One-Way Functions
Nonce
Zero-Knowledge Proof
Split Knowledge
Work Function
Ciphers
Codes vs. Ciphers
Transposition Ciphers
Substitution Ciphers
One-Time Pads
Running Key Ciphers
Block Ciphers
Stream Ciphers
Confusion and Diffusion
Modern Cryptography
Cryptographic Keys
Symmetric Key Algorithms
Asymmetric Key Algorithms
Real World Scenario. Key Requirements
Hashing Algorithms
Symmetric Cryptography
Cryptographic Modes of Operation
Electronic Code Book Mode
Cipher Block Chaining Mode
Cipher Feedback Mode
Output Feedback Mode
Counter Mode
Galois/Counter Mode
Counter with Cipher Block Chaining Message Authentication Code Mode
Data Encryption Standard
Triple DES
International Data Encryption Algorithm
Blowfish
Skipjack
Rivest Ciphers
Rivest Cipher 4 (RC4)
Rivest Cipher 5 (RC5)
Rivest Cipher 6 (RC6)
Advanced Encryption Standard
CAST
Twofish
Comparison of Symmetric Encryption Algorithms
Symmetric Key Management
Creation and Distribution of Symmetric Keys
Storage and Destruction of Symmetric Keys
Key Escrow and Recovery
Cryptographic Lifecycle
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 7 PKI and Cryptographic Applications
Asymmetric Cryptography
Public and Private Keys
RSA
Merkle–Hellman Knapsack
Importance of Key Length
ElGamal
Elliptic Curve
Diffie–Hellman Key Exchange
Quantum Cryptography
Post-Quantum Cryptography
Hash Functions
SHA
MD5
RIPEMD
Comparison of Hash Algorithm Value Lengths
Digital Signatures
HMAC
Which Key Should I Use?
Digital Signature Standard
Public Key Infrastructure
Certificates
Certificate Authorities
Certificate Lifecycle
Enrollment
Verification
Revocation
Certificate Formats
Asymmetric Key Management
Hybrid Cryptography
Applied Cryptography
Portable Devices
Trusted Platform Module
Email
Pretty Good Privacy
S/MIME
Web Applications
Secure Sockets Layer (SSL)
Transport Layer Security (TLS)
Tor and the Dark Web
Steganography and Watermarking
Networking
Circuit Encryption
IPsec
Emerging Applications
Blockchain
Lightweight Cryptography
Homomorphic Encryption
Cryptographic Attacks
Salting Saves Passwords
Ultra vs. Enigma
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 8 Principles of Security Models, Design, and Capabilities
Secure Design Principles
Objects and Subjects
Closed and Open Systems
Open Source vs. Closed Source
Secure Defaults
Fail Securely
Keep It Simple
Zero Trust
Privacy by Design
Trust but Verify
Techniques for Ensuring CIA
Confinement
Bounds
Isolation
Access Controls
Trust and Assurance
Understand the Fundamental Concepts of Security Models
Tokens, Capabilities, and Labels
Trusted Computing Base
Security Perimeter
Reference Monitors and Kernels
State Machine Model
Information Flow Model
Noninterference Model
Real World Scenario. Composition Theories
Take-Grant Model
Access Control Matrix
Bell– LaPadula Model
Lattice-Based Access Control
Biba Model
Clark–Wilson Model
Brewer and Nash Model
Goguen–Meseguer Model
Sutherland Model
Graham–Denning Model
Harrison–Ruzzo–Ullman Model
Disambiguating the Word “Star” in Models
Select Controls Based on Systems Security Requirements
Common Criteria
Authorization to Operate
Understand Security Capabilities of Information Systems
Memory Protection
Meltdown and Spectre
Virtualization
Trusted Platform Module
Interfaces
Fault Tolerance
Encryption/Decryption
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 9 Security Vulnerabilities, Threats, and Countermeasures
Shared Responsibility
Assess and Mitigate the Vulnerabilities of Security Architectures, Designs, and Solution Elements
Hardware
Processor
Execution Types
Protection Mechanisms
PROTECTION RINGS
Rings Compared to Levels
PROCESS STATES
Operating Modes
Memory
Read-Only Memory
Random Access Memory
Real World Scenario. Dynamic vs. Static RAM
Registers
Memory Addressing
Secondary Memory
Data Storage Devices
Primary vs. Secondary
Volatile vs. Nonvolatile
Random vs. Sequential
Memory Security Issues
Storage Media Security
Emanation Security
Input and Output Devices
Monitors
Printers
Keyboards/Mice
Modems
Firmware
Client-Based Systems
Mobile Code
Local Caches
Server-Based Systems
Large-Scale Parallel Data Systems
Grid Computing
Peer to Peer
Industrial Control Systems
Distributed Systems
What is blockchain?
High-Performance Computing (HPC) Systems
Internet of Things
Edge and Fog Computing
Embedded Devices and Cyber-Physical Systems
Microcontrollers
Static Systems
Network-Enabled Devices
Cyber-Physical Systems
Elements Related to Embedded and Static Systems
Security Concerns of Embedded and Static Systems
Specialized Devices
Microservices
Infrastructure as Code
Immutable Architecture
Virtualized Systems
Virtual Software
Virtualized Networking
Software-Defined Everything
Anything as a Service (XaaS)
Services Integration
Virtualization Security Management
Server Sprawl and Shadow IT
Containerization
Serverless Architecture
Mobile Devices
Android and iOS
Android
iOS
Mobile Device Security Features
Mobile Device Management
Device Authentication
Full-Device Encryption
Communication Protection
Remote Wiping
Device Lockout
Screen Locks
GPS and Location Services
Other Location Services
Content Management
Application Control
Push Notifications
Third-Party Application Stores
Storage Segmentation
Asset Tracking and Inventory Control
Removable Storage
Connection Methods
Disabling Unused Features
Rooting or Jailbreaking
Sideloading
Custom Firmware
Carrier Unlocking
Firmware Over-the-Air (OTA) Updates
Key Management
Credential Management
Text Messaging
Mobile Device Deployment Policies
Bring Your Own Device (BYOD)
Corporate-Owned, Personally Enabled (COPE)
Choose Your Own Device (CYOD)
Corporate-Owned Mobile Strategy (COMS)
Mobile Device Deployment Policy Details
Data Ownership
Support Ownership
Patch and Update Management
Security Product Management
Forensics
Privacy
Onboarding/Offboarding
Adherence to Corporate Policies
User Acceptance
Architecture/Infrastructure Considerations
Legal Concerns
Acceptable Use Policy
Onboard Camera/Video
Recording Microphone
Wi-Fi Direct
Tethering and Hotspots
Contactless Payment Methods
SIM Cloning
Essential Security Protection Mechanisms
Process Isolation
Hardware Segmentation
System Security Policy
Common Security Architecture Flaws and Issues
Covert Channels
Attacks Based on Design or Coding Flaws
Rootkits
Incremental Attacks
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 10 Physical Security Requirements
Apply Security Principles to Site and Facility Design
Secure Facility Plan
Site Selection
Facility Design
Implement Site and Facility Security Controls
Equipment Failure
Wiring Closets
Server Rooms/Data Centers
Smartcards and Badges
Proximity Devices
Intrusion Detection Systems
Motion Detectors
Intrusion Alarms
Secondary Verification Mechanisms
Cameras
Access Abuses
Media Storage Facilities
Evidence Storage
Restricted and Work Area Security
Utility Considerations
Power Considerations
Noise
Temperature, Humidity, and Static
Water Issues
Fire Prevention, Detection, and Suppression
Fire Extinguishers
Fire Detection Systems
Water Suppression Systems
Gas Discharge Systems
Damage
Implement and Manage Physical Security
Perimeter Security Controls
Fences, Gates, Turnstiles, and Access Control Vestibules
Lighting
Security Guards and Guard Dogs
Internal Security Controls
Keys and Combination Locks
Environment and Life Safety
Regulatory Requirements
Key Performance Indicators of Physical Security
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 11 Secure Network Architecture and Components
OSI Model
History of the OSI Model
OSI Functionality
Encapsulation/Deencapsulation
OSI Layers
Remember the OSI
Application Layer
Presentation Layer
Session Layer
Transport Layer
Network Layer
Non-IP, or Legacy, Protocols
Routing Protocols
Data Link Layer
Physical Layer
TCP/IP Model
Analyzing Network Traffic
Common Application Layer Protocols
SNMPv3
Transport Layer Protocols
Domain Name System
“Permanent” and “Temporary” Addresses
DNS Poisoning
Rogue DNS Server
Performing DNS Cache Poisoning
DNS Pharming
Altering the Hosts File
Corrupt the IP Configuration
DNS Query Spoofing
Use Proxy Falsification
Defenses to DNS Poisoning
Domain Hijacking
Typosquatting
Homograph Attack
URL Hijacking
Clickjacking
Internet Protocol (IP) Networking
IPv4 vs. IPv6
IP Classes
ICMP
IGMP
ARP Concerns
Secure Communication Protocols
Implications of Multilayer Protocols
DNP3
Converged Protocols
Voice over Internet Protocol (VoIP)
Software-Defined Networking
Microsegmentation
Wireless Networks
Securing the SSID
Wireless Channels
Conducting a Site Survey
Wireless Security
Wired Equivalent Privacy (WEP)
Wi-Fi Protected Access (WPA)
Wi-Fi Protected Access 2 (WPA2)
Wi-Fi Protected Access 3 (WPA3)
802.1X/EAP
LEAP
PEAP
Wi-Fi Protected Setup (WPS)
Wireless MAC Filter
Wireless Antenna Management
Using Captive Portals
General Wi-Fi Security Procedure
Wireless Communications
General Wireless Concepts
Bluetooth (802.15)
RFID
NFC
Wireless Attacks
Wi-Fi Scanners
Rogue Access Points
Evil Twin
Disassociation
Jamming
Initialization Vector (IV) Abuse
Replay
Other Communication Protocols
Cellular Networks
Content Distribution Networks (CDNs)
Secure Network Components
Secure Operation of Hardware
Common Network Equipment
Network Access Control
Firewalls
Proxy
Content/URL Filter
Endpoint Security
Cabling, Topology, and Transmission Media Technology
LANs vs. WANs
Transmission Media
Coaxial Cable
Baseband and Broadband Cables
Twisted-Pair
Conductors
5-4-3 Rule
Fiber-Optic Cables
Network Topologies
Ethernet
Sub-Technologies
Carrier-Sense Multiple Access (CSMA)
Carrier-Sense Multiple Access with Collision Detection (CSMA/CD)
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 12 Secure Communications and Network Attacks
Protocol Security Mechanisms
Authentication Protocols
EAP Derivatives
Port Security
Quality of Service ( QoS )
Secure Voice Communications
Public Switched Telephone Network
Voice over Internet Protocol (VoIP)
Vishing and Phreaking
PBX Fraud and Abuse
Remote Access Security Management
Remote Access and Telecommuting Techniques
Remote Connection Security
Plan a Remote Access Security Policy
Multimedia Collaboration
Remote Meeting
Instant Messaging and Chat
Load Balancing
Virtual IPs and Load Persistence
Active-Active vs. Active-Passive
Manage Email Security
Email Security Goals
Understand Email Security Issues
Email Security Solutions
Free PGP Solution
Fax Security
Virtual Private Network
Tunneling
How VPNs Work
Always-On
Split Tunnel vs. Full Tunnel
Common VPN Protocols
Point-to-Point Tunneling Protocol
Layer 2 Tunneling Protocol (L2TP)
SSH
OpenVPN
IP Security Protocol
Switching and Virtual LANs
Switch Eavesdropping
MAC Flooding Attack
MAC Cloning
Network Address Translation
Are You Using NAT?
Private IP Addresses
Can't NAT Again!
Stateful NAT
Automatic Private IP Addressing
The Loopback Address
Third-Party Connectivity
Switching Technologies
Circuit Switching
Real-World Circuit Switching
Packet Switching
Virtual Circuits
WAN Technologies
Fault Tolerance with Carrier Network Connections
Fiber-Optic Links
Security Control Characteristics
Transparency
Transmission Management Mechanisms
Prevent or Mitigate Network Attacks
Eavesdropping
Modification Attacks
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 13 Managing Identity and Authentication
Controlling Access to Assets
Controlling Physical and Logical Access
The CIA Triad and Access Controls
Managing Identification and Authentication
Comparing Subjects and Objects
Registration, Proofing, and Establishment of Identity
Authorization and Accountability
Authorization
Accountability
Authentication Factors Overview
Somewhere You Aren't
Something You Know
Password Policy Components
Authoritative Password Recommendations
NIST Password Recommendations
NIST Rules Aren't Applied Consistently
PCI DSS Password Requirements
Something You Have
Smartcards
Tokens
Something You Are
Biometric Factor Error Ratings
Biometric Registration
Multifactor Authentication (MFA)
Two-Factor Authentication with Authenticator Apps
NIST Deprecates SMS for 2FA
Passwordless Authentication
Device Authentication
Service Authentication
Mutual Authentication
Implementing Identity Management
Single Sign-On
LDAP and Centralized Access Control
LDAP and PKIs
SSO and Federated Identities
Cloud-Based Federation
On-Premise Federation
Hybrid Federation
Just-in-Time
Credential Management Systems
Credential Manager Apps
Scripted Access
Session Management
Managing the Identity and Access Provisioning Lifecycle
Provisioning and Onboarding
Deprovisioning and Offboarding
Defining New Roles
Account Maintenance
Account Access Review
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 14 Controlling and Monitoring Access
Comparing Access Control Models
Comparing Permissions, Rights, and Privileges
Understanding Authorization Mechanisms
Defining Requirements with a Security Policy
Introducing Access Control Models
Discretionary Access Control
Nondiscretionary Access Control
Role-Based Access Control
Application Roles
Rule-Based Access Control
Attribute-Based Access Control
Mandatory Access Controls
Risk-Based Access Control
Implementing Authentication Systems
Implementing SSO on the Internet
XML
SAML
OAuth
OpenID
OIDC
Comparing SAML, OAuth, OpenID, and OIDC
Implementing SSO on Internal Networks
AAA Protocols
Kerberos
RADIUS
RADIUS/TLS or RadSec
TACACS+
Understanding Access Control Attacks
Crackers, Hackers, and Attackers
Risk Elements
Common Access Control Attacks
Privilege Escalation
Using the su and sudo Commands
Minimizing the Use of sudo
Privilege Escalation with PowerShell
Password Attacks
Dictionary Attack
Brute-Force Attack
Spraying Attack
Credential Stuffing Attack
Birthday Attack
Rainbow Table Attack
Mimikatz
Pass-the-Hash Attack
Kerberos Exploitation Attack
Sniffer Attack
Spoofing Attacks
Core Protection Methods
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 15 Security Assessment and Testing
Building a Security Assessment and Testing Program
Security Testing
Security Assessments
NIST SP 800-53A
Security Audits
Real World Scenario. Government Auditors Discover Air Traffic Control Security Vulnerabilities
Internal Audits
External Audits
Third-Party Audits
Real World Scenario. When Audits Go Wrong
Auditing Standards
Performing Vulnerability Assessments
Describing Vulnerabilities
Vulnerability Scans
Network Discovery Scanning
Network Vulnerability Scanning
Learning TCP Ports
Web Vulnerability Scanning
Database Vulnerability Scanning
Vulnerability Management Workflow
Penetration Testing
Breach and Attack Simulations
Compliance Checks
Testing Your Software
Code Review and Testing
Code Review
Static Testing
Dynamic Testing
Ethical Disclosure
Fuzz Testing
Interface Testing
Misuse Case Testing
Test Coverage Analysis
Website Monitoring
Implementing Security Management Processes
Log Reviews
Account Management
Disaster Recovery and Business Continuity
Training and Awareness
Key Performance and Risk Indicators
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 16 Managing Security Operations
Apply Foundational Security Operations Concepts
Need to Know and Least Privilege
Need-to-Know Access
The Principle of Least Privilege
Separation of Duties (SoD) and Responsibilities
Two-Person Control
Job Rotation
Mandatory Vacations
Privileged Account Management
Detecting APTs
Service Level Agreements (SLAs)
Addressing Personnel Safety and Security
Duress
Travel
Emergency Management
Security Training and Awareness
Provision Resources Securely
Information and Asset Ownership
Asset Management
Hardware Asset Inventories
Software Asset Inventories
Intangible Inventories
Apply Resource Protection
Media Management
Media Protection Techniques
Controlling USB Flash Drives
Tape Media
Mobile Devices
Managing Media Lifecycle
Managed Services in the Cloud
Shared Responsibility with Cloud Service Models
Scalability and Elasticity
Perform Configuration Management (CM)
Provisioning
Baselining
Using Images for Baselining
Automation
Managing Change
Change Management
Versioning
Configuration Documentation
Managing Patches and Reducing Vulnerabilities
Systems to Manage
Patch Management
Patch Tuesday and Exploit Wednesday
Vulnerability Management
Vulnerability Scans
Common Vulnerabilities and Exposures
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 17 Preventing and Responding to Incidents
Conducting Incident Management
Defining an Incident
Incident Management Steps
Detection
Response
Mitigation
Reporting
Recovery
Remediation
Lessons Learned
Delegating Incident Management to Users
Implementing Detective and Preventive Measures
Basic Preventive Measures
Understanding Attacks
Botnets
Real World Scenario. Botnets, IoT, and Embedded Systems
Denial-of-Service Attacks
SYN Flood Attack
TCP Reset Attack
Smurf and Fraggle Attacks
Ping Flood
Legacy Attacks
Zero-Day Exploit
Man-in-the-Middle Attacks
Sabotage
Intrusion Detection and Prevention Systems
Knowledge- and Behavior-Based Detection
False Positive or True Negative?
Real World Scenario. False Alarms
IDS Response
Host- and Network-Based IDSs
Monitoring Encrypted Traffic
Intrusion Prevention Systems
Specific Preventive Measures
Honeypots and Honeynets
Warning Banners
Antimalware
Education, Policy, and Tools
Whitelisting and Blacklisting
Firewalls
Sandboxing
Third-Party Security Services
Logging and Monitoring
Logging Techniques
Common Log Types
Protecting Log Data
The Role of Monitoring
Audit Trails
Monitoring and Accountability
Real World Scenario. Monitoring Activity
Monitoring and Investigations
Monitoring and Problem Identification
Monitoring Techniques
Security Information and Event Management
Syslog
Sampling
Clipping Levels
Other Monitoring Tools
Log Management
Egress Monitoring
Automating Incident Response
Understanding SOAR
Machine Learning and AI Tools
Threat Intelligence
Understanding the Kill Chain
Understanding the MITRE ATT&CK
Threat Feeds
Threat Hunting
The Intersection of SOAR, Machine Learning, AI, and Threat Feeds
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 18 Disaster Recovery Planning
The Nature of Disaster
Natural Disasters
Earthquakes
Floods
Storms
Fires
Pandemics
Other Natural Events
Human-Made Disasters
Fires
Acts of Terrorism
Bombings/Explosions
Power Outages
Network, Utility, and Infrastructure Failures
Hardware/Software Failures
Real World Scenario. NYC Blackout
Strikes/Picketing
Theft/Vandalism
Real World Scenario. Offsite Challenges to Security
Understand System Resilience, High Availability, and Fault Tolerance
Protecting Hard Drives
Protecting Servers
Protecting Power Sources
Trusted Recovery
Quality of Service
Recovery Strategy
Business Unit and Functional Priorities
Crisis Management
Emergency Communications
Workgroup Recovery
Alternate Processing Sites
Cold Sites
Real World Scenario. Cold Site Setup
Hot Sites
Warm Sites
Mobile Sites
Hardware Replacement Options
Cloud Computing
Mutual Assistance Agreements
Database Recovery
Electronic Vaulting
Remote Journaling
Remote Mirroring
Recovery Plan Development
Emergency Response
Personnel and Communications
The Power of Checklists
Assessment
Backups and Off-site Storage
Using Backups
Real World Scenario. The Oft-Neglected Backup
Disk-to-Disk Backup
Backup Best Practices
Tape Rotation
Software Escrow Arrangements
Utilities
Logistics and Supplies
Recovery vs. Restoration
Training, Awareness, and Documentation
Testing and Maintenance
Read-Through Test
Structured Walk-Through
Simulation Test
Parallel Test
Full-Interruption Test
Lessons Learned
Maintenance
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 19 Investigations and Ethics
Investigations
Investigation Types
Administrative Investigations
Criminal Investigations
Civil Investigations
Regulatory Investigations
Industry Standards
Electronic Discovery
Evidence
Admissible Evidence
Types of Evidence
Chain of Evidence
Hearsay Rule
Artifacts, Evidence Collection, and Forensic Procedures
Investigation Process
Gathering Evidence
Calling in Law Enforcement
Search Warrants
Conducting the Investigation
Interviewing Individuals
Data Integrity and Retention
Reporting and Documenting Investigations
Major Categories of Computer Crime
Military and Intelligence Attacks
Advanced Persistent Threats
Business Attacks
Financial Attacks
Terrorist Attacks
Grudge Attacks
Real World Scenario. The Insider Threat
Thrill Attacks
Hacktivists
Ethics
Organizational Code of Ethics
(ISC)2 Code of Ethics
Code of Ethics Preamble
Code of Ethics Canons
Code of Ethics Complaints
Ethics and the Internet
RFC 1087
Ten Commandments of Computer Ethics
Code of Fair Information Practices
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 20 Software Development Security
Introducing Systems Development Controls
Software Development
Programming Languages
Libraries
Development Toolsets
Object-Oriented Programming
Assurance
Avoiding and Mitigating System Failure
Systems Development Lifecycle
Conceptual Definition
Functional Requirements Determination
Control Specifications Development
Design Review
Coding
Code Review Walk-Through
Testing
Maintenance and Change Management
Lifecycle Models
Waterfall Model
Spiral Model
Agile Software Development
Integrated Product Teams
Capability Maturity Model (CMM)
Software Assurance Maturity Model (SAMM)
IDEAL Model
SW-CMM and IDEAL Model Memorization
Gantt Charts and PERT
Change and Configuration Management
Change Management as a Security Tool
The DevOps Approach
Application Programming Interfaces
Software Testing
Code Repositories
Sensitive Information and Code Repositories
Service-Level Agreements
Third-Party Software Acquisition
Establishing Databases and Data Warehousing
Database Management System Architecture
Hierarchical and Distributed Databases
Relational Databases
Object-Oriented Programming and Databases
Database Normalization
Database Transactions
Security for Multilevel Databases
Restricting Access with Views
Concurrency
Aggregation
Inference
Other Security Mechanisms
Open Database Connectivity
NoSQL
Storage Threats
Understanding Knowledge-Based Systems
Expert Systems
Machine Learning
Neural Networks
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 21 Malicious Code and Application Attacks
Malware
Sources of Malicious Code
Viruses
Virus Propagation Techniques
The Boot Sector and the Master Boot Record
Virus Technologies
Hoaxes
Logic Bombs
Trojan Horses
Botnets
Worms
Code Red Worm
RTM and the Internet Worm
Stuxnet
Spyware and Adware
Ransomware
Paying Ransom May Be Illegal!
Malicious Scripts
Zero-Day Attacks
Malware Prevention
Platforms Vulnerable to Malware
Antimalware Software
Integrity Monitoring
Advanced Threat Protection
Application Attacks
Buffer Overflows
Time of Check to Time of Use
Backdoors
Privilege Escalation and Rootkits
Injection Vulnerabilities
SQL Injection Attacks
Blind Content-Based SQL Injection
Blind Timing-Based SQL Injection
Code Injection Attacks
Command Injection Attacks
Exploiting Authorization Vulnerabilities
OWASP
Insecure Direct Object References
Canadian Teenager Arrested for Exploiting Insecure Direct Object Reference
Directory Traversal
File Inclusion
Exploiting Web Application Vulnerabilities
Cross-Site Scripting (XSS)
Reflected XSS
Stored/Persistent XSS
Request Forgery
Cross-Site Request Forgery (CSRF/XSRF)
Server-Side Request Forgery (SSRF)
Session Hijacking
Application Security Controls
Input Validation
Metacharacters
Parameter Pollution
Web Application Firewalls
Database Security
Parameterized Queries and Stored Procedures
Obfuscation and Camouflage
Code Security
Code Signing
Code Reuse
Software Diversity
Code Repositories
Integrity Measurement
Application Resilience
Secure Coding Practices
Source Code Comments
Error Handling
Hard-Coded Credentials
Memory Management
Resource Exhaustion
Pointer Dereferencing
Summary
Exam Essentials
Written Lab
Review Questions
Appendix A Answers to Review Questions. Chapter 1: Security Governance Through Principles and Policies
Chapter 2: Personnel Security and Risk Management Concepts
Chapter 3: Business Continuity Planning
Chapter 4: Laws, Regulations, and Compliance
Chapter 5: Protecting Security of Assets
Chapter 6: Cryptography and Symmetric Key Algorithms
Chapter 7: PKI and Cryptographic Applications
Chapter 8: Principles of Security Models, Design, and Capabilities
Chapter 9: Security Vulnerabilities, Threats, and Countermeasures
Chapter 10: Physical Security Requirements
Chapter 11: Secure Network Architecture and Components
Chapter 12: Secure Communications and Network Attacks
Chapter 13: Managing Identity and Authentication
Chapter 14: Controlling and Monitoring Access
Chapter 15: Security Assessment and Testing
Chapter 16: Managing Security Operations
Chapter 17: Preventing and Responding to Incidents
Chapter 18: Disaster Recovery Planning
Chapter 19: Investigations and Ethics
Chapter 20: Software Development Security
Chapter 21: Malicious Code and Application Attacks
Appendix B Answers to Written Labs. Chapter 1: Security Governance Through Principles and Policies
Chapter 2: Personnel Security and Risk Management Concepts
Chapter 3: Business Continuity Planning
Chapter 4: Laws, Regulations, and Compliance
Chapter 5: Protecting Security of Assets
Chapter 6: Cryptography and Symmetric Key Algorithms
Chapter 7: PKI and Cryptographic Applications
Chapter 8: Principles of Security Models, Design, and Capabilities
Chapter 9: Security Vulnerabilities, Threats, and Countermeasures
Chapter 10: Physical Security Requirements
Chapter 11: Secure Network Architecture and Components
Chapter 12: Secure Communications and Network Attacks
Chapter 13: Managing Identity and Authentication
Chapter 14: Controlling and Monitoring Access
Chapter 15: Security Assessment and Testing
Chapter 16: Managing Security Operations
Chapter 17: Preventing and Responding to Incidents
Chapter 18: Disaster Recovery Planning
Chapter 19: Investigations and Ethics
Chapter 20: Software Development Security
Chapter 21: Malicious Code and Application Attacks
Index
Comprehensive Online Learning Environment
Register and Access the Online Test Bank
WILEY END USER LICENSE AGREEMENT
