Оглавление
Mike Wills. The Official (ISC)2 SSCP CBK Reference
Table of Contents
List of Tables
List of Illustrations
Guide
Pages
The Official (ISC)2® SSCP® CBK® Reference
Acknowledgments
About the Author
About the Technical Editor
Foreword
Introduction
ABOUT THIS BOOK
The SSCP Seven Domains
Using This Book to Defeat the Cybersecurity Kill Chain
WHERE DO YOU GO FROM HERE?
The SSCP CBK and Your Professional Growth Path
Maintaining the SSCP Certification
Join a Local Chapter
LET'S GET STARTED!
HOW TO CONTACT THE PUBLISHER
NOTES
CHAPTER 1 SSCP® Security Operations and Administration
COMPLY WITH CODES OF ETHICS
Understand, Adhere to, and Promote Professional Ethics
(ISC)2 Code of Ethics
Organizational Code of Ethics
UNDERSTAND SECURITY CONCEPTS
Conceptual Models for Information Security
Confidentiality
Intellectual Property
Protect IP by Labeling It
Software, Digital Expression, and Copyright
Copyleft?
Industrial or Corporate Espionage
Integrity
REAL WORLD EXAMPLE: Trustworthiness Is Perceptual
Availability
Accountability
Privacy
Privacy Is Not Confidentiality
Privacy: In Law, in Practice, in Information Systems
Universal Declaration of Human Rights
OECD and Privacy
OECD Privacy Principles: Basic Principles of National Application
Asia-Pacific Economic Cooperation Privacy Framework
PII and NPI
Private and Public Places
Privacy versus Security, or Privacy and Security
Nonrepudiation
Authentication
Safety
Fundamental Security Control Principles
Need to Know
Least Privilege
Separation of Duties
Separation of Duties and Least Privilege: It's Not Just About Your People!
Access Control and Need-to-Know
Job Rotation and Privilege Creep
DOCUMENT, IMPLEMENT, AND MAINTAIN FUNCTIONAL SECURITY CONTROLS
Deterrent Controls
Preventative Controls
Detective Controls
Corrective Controls
Compensating Controls
Residual Risk Isn't “Compensated For”
The Lifecycle of a Control
PARTICIPATE IN ASSET MANAGEMENT
Parts or Assets?
Asset Inventory
Inventory Tool/System of Record
Process Considerations
Lifecycle (Hardware, Software, and Data)
Hardware Inventory
Software Inventory and Licensing
Data Storage
Information Lifecycle
Apply Resource Protection Techniques to Media
Marking
Colorize to Classify
Protecting
Transport
Sanitization and Disposal
Media Disposal and Information Retention Must Match
IMPLEMENT SECURITY CONTROLS AND ASSESS COMPLIANCE
Technical Controls
Physical Controls
Human Vigilance—Keep It Working for You
Administrative Controls
Policies
Standards
Procedures
Baselines
Guidelines
Periodic Audit and Review
Audits
Exercises and Operational Evaluations
PARTICIPATE IN CHANGE MANAGEMENT. Change Management or Configuration Management?
Execute Change Management Process
Identify Security Impact
Testing/Implementing Patches, Fixes, and Updates
PARTICIPATE IN SECURITY AWARENESS AND TRAINING
Security Awareness Overview
Competency as the Criterion
Build a Security Culture, One Awareness Step at a Time
PARTICIPATE IN PHYSICAL SECURITY OPERATIONS
Physical Access Control
Don't Fail to Imagine
Property Approach
Perimeter
Parking
Facility Entrance
Internal Access Controls
The Data Center
Service Level Agreements
Specific Terms and Metrics
Mechanism for Monitoring Service
SUMMARY
CHAPTER 2 SSCP® Access Controls
ACCESS CONTROL CONCEPTS
Subjects and Objects
Privileges: What Subjects Can Do with Objects
Data Classification, Categorization, and Access Control
Access Control via Formal Security Models
Star or Simple? Which Way?
IMPLEMENT AND MAINTAIN AUTHENTICATION METHODS
Single-Factor/Multifactor Authentication
Type I: Something You Know
Passwords
Classical Password Policies—and Pitfalls
Stay Current on Best Password Practices
Passphrases
Salt What You Know Before You Hash It
Security Questions
Personal Identification Numbers or Memorable Information
Recent Access History
Escrow, Recovery, and Reset
Type II: Something You Have
Smart Cards
Security Tokens
Type III: Something You Are
New Factor Type: Something You Do
Distress Codes
Considerations When Using Biometric Methods
New Factor Type: Somewhere You Are
Accountability
Single Sign-On
Device Authentication
Removable Media: A Mixed Blessing or Only a Curse?
Federated Access
Using SAML for Federated Identity Management
SUPPORT INTERNETWORK TRUST ARCHITECTURES
Trust Relationships (One-Way, Two-Way, Transitive)
Extranet
Third-Party Connections
Zero Trust Architectures
PARTICIPATE IN THE IDENTITY MANAGEMENT LIFECYCLE
Authorization
How Useful Is Your Identity Management and Access Control System?
Proofing
Provisioning/Deprovisioning
Revoking vs. Deleting an Identity
Identity and Access Maintenance
User Access Review
System Account Access Review
Auditing
Enforcement
Entitlement
Are You Positive?
Manage by Groups, Not by Individual Accounts
Manage Devices in Groups, Too
Identity and Access Management Systems
IMPLEMENT ACCESS CONTROLS
Mandatory vs. Discretionary Access Control
“Built-In” Solutions?
Role-Based
Attribute-Based
Subject-Based
Object-Based
SUMMARY
CHAPTER 3 SSCP® Risk Identification, Monitoring, and Analysis
DEFEATING THE KILL CHAIN ONE SKIRMISH AT A TIME
REAL WORLD EXAMPLE: Identity Theft as an APT Tactical Weapon
Kill Chains: Reviewing the Basics
Avoid Stereotyping the APTs
Events vs. Incidents
UNDERSTAND THE RISK MANAGEMENT PROCESS
Who Owns Risk Management?
Risk Visibility and Reporting
Risk Register
Threat Intelligence Sharing
CVSS: Sharing Vulnerability and Risk Insight
Start with the CVE?
Risk Management Concepts
Information Security: Cost Center or Profit Center?
Paybacks via Cost Avoidance
How Do We Look at Risk?
Outcomes-Based Risk
Process-Based Risk
Asset-Based Risk
Threat-Based (or Vulnerability-Based) Risk
Impact Assessments
Quantitative Risk Assessment: Risk by the Numbers
Qualitative Risk Assessment
Threat Modeling
Secure Development Lifecycle and STRIDE
NIST 800-154 Data-Centric Threat Modeling
PASTA
OCTAVE
Other Models
Business Impact Analysis
Compliance as a Risk to Manage?
Risk Management Frameworks
Standards: Not Just for the Compliant
Comprehensive Frameworks
NIST Cybersecurity Framework
U.S. Federal Information Processing Standards
Committee of Sponsoring Organizations
ITIL
COBIT and RiskIT
Industry-Specific Risk Frameworks
Health Information Trust Alliance Common Security Framework
North American Electric Reliability Corporation Critical Infrastructure Protection
ISA-99 and ISA/IEC 62443
Payment Card Industry Data Security Standard
Risk Treatment
Accept
Share or Transfer
Remediate or Mitigate (also Known as Reduce or Treat)
When in Doubt, What's the Requirement Say?
Avoid or Eliminate
Recast
Residual Risk
Risk Treatment Controls
Physical Controls
Logical (or Technical) Controls
Administrative Controls
Choosing a Control
Build and Maintain User Engagement with Risk Controls
PERFORM SECURITY ASSESSMENT ACTIVITIES
Attackers Are Outspending You on Their Assessments!
Security Assessment Workflow Management
Participate in Security Testing
Black-Box, White-Box, or Gray-Box Testing
Look or Touch?
Vulnerability Scanning
Scanners Can't Protect You Against Zero-Day Exploits
Adding a Security Emphasis to OT&E
Ethical Penetration Testing
Pen Testing and Moral Hazards
Assessment-Driven Training
Design and Validate Assessment, Test, and Audit Strategies
Interpretation and Reporting of Scanning and Testing Results
Remediation Validation
Audit Finding Remediation
Manage the Architectures: Asset Management and Configuration Control
What's at Risk with Uncontrolled and Unmanaged Baselines?
Auditing Controlled Baselines
OPERATE AND MAINTAIN MONITORING SYSTEMS
ISCM Is a Strategy; SIEM Is Just One Tool
Events of Interest
Anomalies
Intrusions
Unauthorized Changes
Compliance Monitoring Events
Synthetic Transactions
Real User Monitoring
Logging
CIANA+PS Applies to Log Files Too!
Source Systems
Data Collection and Processing: Probably Cheaper Than Disaster Recovery
On-Premises Servers and Services
Applications and Platforms
External Servers and Services
Workstations and Endpoints
Network Infrastructure Devices
IoT Devices
Legal and Regulatory Concerns
Your Logbooks as Your Lifeline
ANALYZE MONITORING RESULTS
Anomaly Detection: UEBA Takes Center Stage
Security Baselines and Anomalies
Define the Behavioral Baselines
Finding the Anomalies
Do You Allow or Block Behaviors?
Visualizations, Metrics, and Trends
Event Data Analysis
Document and Communicate Findings
SUMMARY
NOTES
CHAPTER 4 SSCP® Incident Response and Recovery
SUPPORT THE INCIDENT LIFECYCLE
Think like a Responder
Physical, Logical, and Administrative Surfaces
Incident Response: Measures of Merit
The Lifecycle of a Security Incident
Which Frameworks?
Preparation
Tests and Exercises
Incident Response Team: Roles and Structures
Incident Response Priorities
Detection, Analysis, and Escalation
Watching for Kill Chains in Action
Filtering to Detect: How Many Signals?
Human Observation and Reporting
Correlation
Security Event Triage
Declaring an Incident: Alarm!
Log It!
Visually Mapping an Incident
Containment
Eradication
Don't Let Eradication Become a Self-Inflicted Attack
Recovery
Data Recovery
Backups: They Exist Only When You Plan for Business Continuity
Post-Recovery: Notification and Monitoring
Lessons Learned; Implementation of New Countermeasures
Third-Party Considerations
Real-Time Notification and Coordination: Set These Up Before the First Incident
UNDERSTAND AND SUPPORT FORENSIC INVESTIGATIONS
Call in the Lawyers and the Experts
Legal and Ethical Principles
Logistics Support to Investigations
Evidence Handling
Data Cleaning at a Crime Scene?
Controlling and Preserving the Scene
The Chain of Custody
Evidence Collection
Tools
Triage and Evidence?
Techniques and Procedures
Forensics in the Cloud
UNDERSTAND AND SUPPORT BUSINESS CONTINUITY PLAN AND DISASTER RECOVERY PLAN ACTIVITIES
Emergency Response Plans and Procedures
Security and the Continuity Planning Process
Interim or Alternate Processing Strategies
Restoration Planning
Backup and Redundancy Implementation
Managing the Data Backup Process
Platform and Database Backup
Storage Redundancy
Backup Protection at Rest and in Motion
Data Recovery and Restoration
Training and Awareness
Testing and Drills
Test Environments
Read-Through or Tabletop Assessment
Walk-Through
Simulation or Drill
Parallel
Full Interruption
CIANA+PS AT LAYER 8 AND ABOVE
Remember CIANA?
It Is a Dangerous World Out There
People Power and Business Continuity
SUMMARY
CHAPTER 5 SSCP® Cryptography
UNDERSTAND FUNDAMENTAL CONCEPTS OF CRYPTOGRAPHY
Privacy and Confidentiality
Plaintext or Cleartext?
Building Blocks of Digital Cryptographic Systems
Cryptographic Algorithms: The Basics
Symmetric vs. Asymmetric Encryption
Cryptovariables Are Not Keys
Cryptographic Keys
“The Enemy Knows Your System!”
Protocols and Modules
Sets and Functions
Cryptography, Cryptology, or ?
Hashing
Pseudorandom and Determinism
Salting
Symmetric Block and Stream Ciphers
Stream vs. Streaming
Block Cipher Basics
Padding and Block Ciphers
Cipher Block and Feedback Chaining
Electronic Code Book
Block Ciphers: Symmetric and Asymmetric?
Data Encryption Standard and Triple
Advanced Encryption Standard
Blowfish and Twofish
International Data Encryption Algorithm
CAST
PGP, OpenPGP, and GnuPG
Stream Ciphers
A5/1, A5/2
RC4
Salsa20/ChaCha20
EU ECRYPT
Asymmetric Encryption
Forward Secrecy
Discrete Logarithm Problems
Factoring Problems
Diffie-Hellman-Merkle
RSA
ElGamal
Quantum Cryptography
Hybrid Cryptosystems
Elliptical Curve Cryptography
The Modulus (Mod)
Nonrepudiation
Registered Email
Digital Signatures and Nonrepudiation
Hashed Message Authentication Codes
Digital Signature Algorithm
Digital Certificates
Encryption Algorithms
Key Strength
Sometimes 256 May Not Be Greater Than 128
Cryptographic Safety Factor
CRYPTOGRAPHIC ATTACKS, CRYPTANALYSIS, AND COUNTERMEASURES
Cryptologic Hygiene as Countermeasures
A Starter Set of Crypto-Hygiene Practices
Cryptography Is Not a Standalone Answer
Common Attack Patterns and Methods
Attacks Against the Human Element
Algorithm Attacks
Heartbleed—An Implementation Flaw Case Study
Brute Force
Man-in-the-Middle Attack
Side-Channel Attacks
Differential Fault Analysis
Birthday Attack
Related-Key Attack
Meet-in-the-Middle Attack
Replay Attack
Cryptanalytic Attacks
Linear Cryptanalysis
Differential Cryptanalysis
Quantum Cryptanalysis
Secure Cryptoprocessors, Hardware Security Modules, and Trusted Platform Modules
Trusted Platform Module
Cryptographic Module
Hardware Security Module
UNDERSTAND THE REASONS AND REQUIREMENTS FOR CRYPTOGRAPHY
Confidentiality
Integrity and Authenticity
Data Sensitivity
Availability
Nonrepudiation
Authentication
Privacy
Safety
Regulatory and Compliance
Transparency and Auditability
Competitive Edge
UNDERSTAND AND SUPPORT SECURE PROTOCOLS
Services and Protocols
IPsec
TLS
Pretty Good Privacy
OpenPGP
Hypertext Transfer Protocol Secure
Secure Multipurpose Internet Mail Extensions
DomainKeys Identified Mail
Blockchain
Common Use Cases
Federated Systems
Transaction and Workflow Processing
Integrated Logistics Support
Secure Collaboration
IoT, UAS, and ICS: The Untended Endpoints
Deploying Cryptography: Some Challenging Scenarios
Trusting SOHO
On-Premises Data Center
High-Compliance Architectures
Limitations and Vulnerabilities
UNDERSTAND PUBLIC KEY INFRASTRUCTURE SYSTEMS
Fundamental Key Management Concepts
Key Strength and Key Generation
Secure Key Storage and Use
Key Distribution, Exchange, and Trust
Distribution, Exchange, or Infrastructure?
Key Rotation, Expiration, and Revocation
“Rotate” Does Not Mean “Reuse”
Key Destruction
Key Management Vulnerabilities
Escrow and Key Recovery
Separation of Duties, Dual Control, and Split Knowledge
Hierarchies of Trust
Web of Trust
SUMMARY
NOTES
CHAPTER 6 SSCP® Network and Communications Security
UNDERSTAND AND APPLY FUNDAMENTAL CONCEPTS OF NETWORKING
Complementary, Not Competing, Frameworks
Why Master Both Frameworks?
OSI and TCP/IP Models
Datagrams and Protocol Data Units
Handshakes
Packets and Encapsulation
Addressing, Routing, and Switching Concepts
Name Resolution in TCP/IP
DNS Security Extensions
Address Resolution
Routing
Switching
Network Segmentation
URLs and the Web
OSI Reference Model
Please Do Not Throw Sausage Pizza Away
Layer 1: The Physical Layer
Security Risks Create Opportunities
Layer 2: The Data Link Layer
Layer 3: The Network Layer
Layer 4: The Transport Layer
Layer 5: Session Layer
RPC or API?
Layer 6: Presentation Layer
Layer 7: Application Layer
TCP/IP Reference Model
TCP/IP Is Not TCP!
The Link Layer
The Internet Layer
The Transport Layer
The Application Layer
Converged Protocols
Software-Defined Networks
IPV4 ADDRESSES, DHCP, AND SUBNETS
IPv4 Address Classes
Subnetting in IPv4
Running Out of Addresses?
IPV4 VS. IPV6: KEY DIFFERENCES AND OPTIONS
Network Topographies
Network Relationships
Client-Server
Peer to Peer
P2P Implementations
Trusting the Endpoints
Transmission Media Types
Ethernet Basics
Network Cabling
Fire Safety and Cable Types
Commonly Used Ports and Protocols
Cross-Layer Protocols and Services
IPsec
UNDERSTAND NETWORK ATTACKS AND COUNTERMEASURES
REAL WORLD EXAMPLE: The Largest Financial Industry Data Breach: An Inside Job?
CIANA+PS Layer by Layer
Layer 1: Physical
Accidents as “Attackers”
Layer 2: Link
Layer 3: Internetworking (IP)
Layer 4: Transport
Layer 5: Session
Layer 6: Presentation
Layer 7: Applications
Vulnerabilities and Assessment
Beyond Layer 7
Common Network Attack Types
Distributed Denial-of-Service Attacks
Man-in-the-Middle Attacks
DNS Cache Poisoning
DHCP Attacks
SYN Flooding
Smurfing
Internet Control Message Protocol
Attacks on Large (Enterprise) Networks
Border Gateway Protocol Attacks
Open Shortest Path First Versions 1 and 2
SCADA, IoT, and the Implications of Multilayer Protocols
SCADA and Industrial Control Systems Attacks
DDoS and IoT Device Attacks
MANAGE NETWORK ACCESS CONTROLS
Endpoint Security Is Not Enough
Network Access Control and Monitoring
Admission
Remediation
Monitoring
Network Access Control Standards and Protocols
Single Sign Off?
Remote Access Operation and Configuration
Thin Clients
Remote Access Security Management
Centralized Remote Authentication Services
Virtual Private Networks
Tunneling
The Proliferation of Tunneling
Common VPN Protocols
Point-to-Point Tunneling Protocol (PPTP)
Layer 2 Tunneling Protocol
IPsec VPN
MANAGE NETWORK SECURITY
Logical and Physical Placement of Network Devices
Segmentation
Virtual LANs
Demilitarized Zones
Segmentation: Not Secure Enough?
Zero-Trust Network Architectures
Secure Device Management
Thorough Monitoring, or Self-Inflicted Cyberattacks?
OPERATE AND CONFIGURE NETWORK-BASED SECURITY DEVICES
Network Address Translation
Additional Security Device Considerations
Securing Cloud-Hosted “Devices”
Endpoints as Security Devices
Jump Boxes and Servers
Firewalls and Proxies
Firewalls
Types of Firewalls
Multihomed Firewalls
Gateways
Proxies
Firewall Deployment Architectures
Disruptions to Firewalled Thinking
Network Intrusion Detection/Prevention Systems
Silent Alarms Can Be False Alarms
Security Information and Event Management Systems
Routers and Switches
Network Security from Other Hardware Devices
Traffic-Shaping Devices
OPERATE AND CONFIGURE WIRELESS TECHNOLOGIES
Wireless: Common Characteristics
LIGHT and LiFi
Wireless Radio as a Medium
Unlicensed Radios
Wireless Endpoints: Are All of These Part of the Network?
Mobile Device Management and Endpoint Security
Wi-Fi
Wireless Standards and Protocols
Wired Equivalent Privacy and Wi-Fi Protected Access
IEE 802.11i and WPA2, and then WPA3
WPA Authentication and Encryption
Wireless Access Points
Which WAP?
Five Myths About Wi-Fi Security
Captive Wireless Portals
Wireless Attacks
Bluetooth
Near-Field Communications
Cellular/Mobile Phone Networks
Ad Hoc Wireless Networks
Transmission Security
Anonymity Networks and Privacy-Enhancing Systems
Malicious Use of Anonymous Services
Frequency-Hopping Spread Spectrum
Direct Sequence Spread Spectrum
Orthogonal Frequency-Division Multiplexing
Wireless Security Devices
SUMMARY
NOTES
CHAPTER 7 SSCP® Systems and Application Security
SYSTEMS AND SOFTWARE INSECURITY
Software Vulnerabilities Across the Lifecycle
Software Development as a Networked Sport
Vulnerability Management: Another Network Team Sport
Cybersecurity Bill of Materials and Open Source Risk
Data-Driven Risk: The SDLC Perspective
Coping with SDLC Risks
Access Control
Lateral Data and Code Movement Control
Hardware and Software Supply Chain Security
Applications Designed with Security in Mind
Listen to the Voice of the User
Risks of Poorly Merged Systems
Hard to Design It Right, Easy to Fix It?
Security Requirements: Functional or Nonfunctional?
Hardware and Software Supply Chain Security
Positive and Negative Models for Software Security
Is Blocked Listing Dead? Or Dying?
INFORMATION SECURITY = INFORMATION QUALITY + INFORMATION INTEGRITY
Be Prepared for Ransom Attacks!
Data Modeling
Zero Trust and Data Protection: Encrypt, Tokenize, or Isolate?
Preserving Data Across the Lifecycle
Preventing a Blast from the Past
IDENTIFY AND ANALYZE MALICIOUS CODE AND ACTIVITY
Malware
Malicious Code Countermeasures
Anti-Malware Under Another Name?
Malicious Activity
What Kinds of Activities?
Beware Attackers Living Off the Land
Who's Doing It?
The Insider Threat
Malicious Activity Countermeasures
IMPLEMENT AND OPERATE ENDPOINT DEVICE SECURITY
When Is “The Cloud” an Endpoint?
HIDS
Host-Based Firewalls
Allowed Lists: Positive Control for App Execution
Endpoint Encryption
Trusted Platform Module
Mobile Device Management
Avoiding Covert Channels of the Mind
Secure Browsing
The Downside of a VPN
IoT Endpoint Security
Endpoint Security: EDR, MDR, XDR, UEM, and Others
OPERATE AND CONFIGURE CLOUD SECURITY
Deployment Models
Service Models
Virtualization
Virtual Machines
Security for Virtual Machines
Serverless Services
Legal and Regulatory Concerns
Jurisdiction and Electronic Discovery in the Cloud
Beware the Constraints on Discussing E-Discovery Processes
Cooperative E-Discovery for Regulatory, Audit, and Insurance Purposes
Ownership, Control, and Custody of Data
Privacy Considerations
Blockchain, Immutable Ledgers, and the Right to Be Forgotten
Surveillance Data and the Cloud
Data Storage and Transmission
Third-Party/Outsourcing Requirements
Lifecycles in the Cloud
Shared Responsibility Model
Layered Redundancy as a Survival Strategy
OPERATE AND SECURE VIRTUAL ENVIRONMENTS
Software-Defined Networking
Hypervisor
Virtual Appliances
Continuity and Resilience
Attacks and Countermeasures
Shared Storage
SUMMARY
NOTES
Appendix: Cross-Domain Challenges
PARADIGM SHIFTS IN INFORMATION SECURITY?
PIVOT 1: TURN THE ATTACKERS' PLAYBOOKS AGAINST THEM
ATT&CK: Pivoting Threat Intelligence
Analysis: Real-Time and Retrospective
The SOC as a Fusion Center
All-Source, Proactive Intelligence: Part of the Fusion Center
PIVOT 2: CYBERSECURITY HYGIENE: THINK SMALL, ACT SMALL
CIS IG 1 for the SMB and SME
Hardening Individual Cybersecurity
WARNING Updated “Top Ten” Threat Lists: Be Wary, but Don't Be Hasty
Assume the Breach
PIVOT 3: FLIP THE “DATA-DRIVEN VALUE FUNCTION”
Data-Centric Defense and Resiliency
Ransomware as a Service
Supply Chains, Security, and the SSCP
The Uncontrollable Marketplaces for Zero-Day Exploits
ICS, IoT, and SCADA: More Than SUNBURST
Extending Physical Security: More Than Just Badges and Locks
The IoRT: Robots Learning via the Net
PIVOT 4: OPERATIONALIZE SECURITY ACROSS THE IMMEDIATE AND LONGER TERM
Continuous Assessment and Continuous Compliance
SDNs and SDS
Software-Defined Networks
Software-Defined Security
SOAR: Strategies for Focused Security Effort
A “DevSecOps” Culture: SOAR for Software Development
PIVOT 5: ZERO-TRUST ARCHITECTURES AND OPERATIONS
NOTE ISO and ZTA?
FIDO and Passwordless Authentication
Threat Hunting, Indicators, and Signature Dependence
OTHER DANGERS ON THE WEB AND NET
Surface, Deep, and Dark Webs
The Dark Web: Many Dynamic Marketplaces
Deep and Dark: Risks and Countermeasures
DNS and Namespace Exploit Risks
Cloud Security: Edgier and Foggier
CURIOSITY AS COUNTERMEASURE
NOTES
Index
WILEY END USER LICENSE AGREEMENT
