Lewis Heuermann
Comptia Security+ Sy0-701 Cert Guide
Lewis Heuermann
Comptia Security+ Sy0-701 Cert Guide
- Broschiertes Buch
- Merkliste
- Auf die Merkliste
- Bewerten Bewerten
- Teilen
- Produkt teilen
- Produkterinnerung
- Produkterinnerung
CompTIA Security+ SY0-701 Cert Guide from Pearson IT Certification helps you prepare to succeed on the CompTIA Security+ SY0-701 exam by directly addressing the exams objectives as stated by CompTIA. Leading instructor and cybersecurity professional Lewis Heuermann shares preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills.
Andere Kunden interessierten sich auch für
- Robert ShimonskiComptia Security+ Sy0-701 Exam Cram43,99 €
- Ross BrunsonCompTIA Linux+ XK0-005 Cert Guide40,99 €
- Mike MeyersCompTIA A+ Certification All-in-One Exam Guide, Eleventh Edition (Exams 220-1101 & 220-1102)48,99 €
- Omar SantosCCNP and CCIE Security Core Scor 350-701 Official Cert Guide76,99 €
- Darren HayesA Practical Guide to Digital Forensics Investigations89,99 €
- Easttom, William, IINetwork Defense and Countermeasures93,99 €
- Cheryl SchmidtComplete A+ Guide to It Hardware and Software125,99 €
-
-
-
CompTIA Security+ SY0-701 Cert Guide from Pearson IT Certification helps you prepare to succeed on the CompTIA Security+ SY0-701 exam by directly addressing the exams objectives as stated by CompTIA. Leading instructor and cybersecurity professional Lewis Heuermann shares preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills.
Hinweis: Dieser Artikel kann nur an eine deutsche Lieferadresse ausgeliefert werden.
Hinweis: Dieser Artikel kann nur an eine deutsche Lieferadresse ausgeliefert werden.
Produktdetails
- Produktdetails
- Certification Guide
- Verlag: Pearson Education (US)
- Seitenzahl: 768
- Erscheinungstermin: 22. April 2024
- Englisch
- Abmessung: 231mm x 183mm x 41mm
- Gewicht: 1298g
- ISBN-13: 9780138293086
- ISBN-10: 0138293082
- Artikelnr.: 69724571
- Herstellerkennzeichnung
- Libri GmbH
- Europaallee 1
- 36244 Bad Hersfeld
- 06621 890
- Certification Guide
- Verlag: Pearson Education (US)
- Seitenzahl: 768
- Erscheinungstermin: 22. April 2024
- Englisch
- Abmessung: 231mm x 183mm x 41mm
- Gewicht: 1298g
- ISBN-13: 9780138293086
- ISBN-10: 0138293082
- Artikelnr.: 69724571
- Herstellerkennzeichnung
- Libri GmbH
- Europaallee 1
- 36244 Bad Hersfeld
- 06621 890
Lewis Heuermann, CISSP, PMP, is a Navy submarine veteran and seasoned cybersecurity consultant who combines his extensive practical experience with deep academic insight to make cybersecurity accessible to all learners. His diverse background includes roles in systems and network engineering, network defense analysis, and cyber risk management. As a professor, he has developed and taught courses in cybersecurity and data analytics, utilizing tools like Python, SQL, Power BI, and Tableau. Lewis also holds several key IT certifications.
Introduction xxxix
Part I: General Security Concepts
Chapter 1 Comparing and Contrasting the Various Types of Controls 3
Do I Know This Already? Quiz 3
Foundation Topics 6
Control Categories 6
Technical Controls 6
Managerial Controls 6
Operational Controls 6
Physical Controls 7
Summary of Control Categories 7
Control Types 8
Preventive Controls 8
Deterrent Controls 8
Detective Controls 9
Corrective Controls 9
Compensating Controls 9
Directive Controls 10
Summary of Control Types 10
Chapter Review Activities 11
Chapter 2 Summarizing Fundamental Security Concepts 15
Do I Know This Already? Quiz 15
Foundation Topics 19
Confidentiality, Integrity, and Availability (CIA) 19
Non-repudiation 20
Authentication, Authorization, and Accounting (AAA) 21
Gap Analysis 22
Zero Trust 22
Physical Security 24
Bollards/Barricades 24
Access Control Vestibules 26
Fencing 27
Video Surveillance 28
Security Guards 28
Access Badges 29
Lighting 30
Sensors 30
Deception and Disruption Technology 31
Chapter Review Activities 32
Chapter 3 Understanding Change Managements Security Impact 37
Do I Know This Already? Quiz 37
Foundation Topics 41
Business Processes Impacting Security Operations 41
Approval Process 41
Ownership 41
Stakeholders 42
Impact Analysis 42
Test Results 42
Backout Plan 42
Maintenance Window 43
Standard Operating Procedure 43
Technical Implications 43
Allow Lists 44
Block Lists/Deny Lists 44
Restricted Activities 44
Downtime 45
Service Restart 45
Application Restart 46
Legacy Applications 46
Dependencies 46
Documentation 47
Updating Diagrams 47
Updating Policies/Procedures 48
Version Control 48
Chapter Review Activities 49
Chapter 4 Understanding the Importance of Using Appropriate Cryptographic
Solutions 53
Do I Know This Already? Quiz 53
Foundation Topics 58
Public Key Infrastructure (PKI) 58
Public Key 58
Private and Public Key 58
Encryption 59
Level 59
Full Disk 59
Partition 60
File 60
Volume 60
Database 60
Record 61
Transport/Communication 61
Encryption at Rest, in Transit/Motion, and in Processing 61
Symmetric Versus Asymmetric Encryption 62
Key Exchange 64
Algorithms 65
Key Length 66
Tools 67
Trusted Platform Module 67
Hardware Security Module 68
Key Management System 68
Secure Enclave 69
Obfuscation 70
Steganography 70
Audio Steganography 71
Video Steganography 71
Image Steganography 72
Tokenization 72
Data Masking 74
Hashing 75
Salting 76
Digital Signatures 76
Key Stretching 77
Blockchain 78
Open Public Ledger 78
Certificates 79
Certificate Authorities 79
Certificate Revocation Lists 81
Online Certificate Status Protocol (OCSP) 82
Self-Signed 83
Certificate-Signing Request 90
Wildcard 90
Chapter Review Activities 90
Part II: Threats, Vulnerabilities, and Mitigations
Chapter 5 Comparing and Contrasting Common Threat Actors and Motivations 95
Do I Know This Already? Quiz 95
Foundation Topics 98
Threat Actors 98
Attributes of Actors 99
Motivations 100
War 101
Chapter Review Activities 102
Chapter 6 Understanding Common Threat Vectors and Attack Surfaces 105
Do I Know This Already? Quiz 105
Foundation Topics 109
Message-Based 109
Email 109
Short Message Service (SMS) 109
Instant Messaging (IM) 110
Spam and Spam over Internet Messaging (SPIM) 110
Image-Based 111
File-Based 111
Voice Call 111
Removable Device 111
Vulnerable Software 112
Unsupported Systems and Applications 112
Unsecure Networks 113
Open Service Ports 114
Default Credentials 115
Supply Chain 116
Human Vectors/Social Engineering 116
Phishing 117
Vishing 120
Smishing 121
Misinformation/Disinformation 121
Impersonation 121
Business Email Compromise (BEC) 122
Pretexting 122
Watering Hole Attack 122
Brand Impersonation 123
Typosquatting 123
Chapter Review Activities 123
Chapter 7 Understanding Various Types of Vulnerabilities 127
Do I Know This Already? Quiz 127
Foundation Topics 130
Application 130
Memory Injection 130
Buffer Overflow 131
Race Conditions 132
Malicious Update 132
Operating System (OS)Based 133
Web-Based 133
Structured Query Language Injection (SQLi) Vulnerabilities 133
Cross-Site Scripting (XSS) Vulnerabilities 134
Hardware 134
Firmware 134
End-of-Life (EOL) 134
Legacy 135
Virtualization 135
Virtual Machine (VM) Escape 135
Resource Reuse 135
Cloud Specific 136
Other Cloud-Based Concerns 140
Supply Chain 141
Service Provider 141
Hardware Provider 141
Software Provider 142
Cryptographic 142
Misconfiguration 142
Mobile Device 142
Side Loading 143
Jailbreaking 143
Zero-Day Vulnerabilities 143
Chapter Review Activities 145
Chapter 8 Understanding Indicators of Malicious Activity 149
Do I Know This Already? Quiz 149
Foundation Topics 152
Malware Attacks 152
Ransomware 152
Trojans 153
Worms 154
Spyware 154
Bloatware 155
Virus 155
Keylogger 155
You Cant Save Every Computer from Malware! 156
Logic Bomb 157
Rootkit 157
Physical Attacks 158
Brute-Force Attacks 159
Radio Frequency Identification (RFID) Cloning 159
Environmental 159
Network Attacks 160
Distributed Denial-of-Service (DDoS) Attacks 160
Domain Name System (DNS) Attacks 160
Wireless Attacks 160
On-Path Attacks 161
Credential Replay 161
Malicious Code 161
Application Attacks 162
Injection 162
Buffer Overflow 162
Replay 162
Privilege Escalation 162
Forgery 163
Directory Traversal 163
Cryptographic Attacks 163
Downgrade 163
Collision 163
Birthday 164
Password Attacks 164
Password Spraying 165
Brute-Force Attacks 165
Indicators 165
Account Lockout 166
Concurrent Session Usage 166
Blocked Content 166
Impossible Travel 166
Resource Consumption 166
Resource Inaccessibility 166
Out-of-Cycle Logging 167
Published/Documented Indicators 167
Missing Logs 167
Chapter Review Activities 167
Chapter 9 Understanding the Purpose of Mitigation Techniques Used to Secure
the Enterprise 171
Do I Know This Already? Quiz 171
Foundation Topics 175
Segmentation 175
Access Control 175
Access Control Lists (ACLs) 175
Permissions 176
Application Allow List 178
Isolation 179
Patching 180
Encryption 181
Monitoring 182
Least Privilege 182
Configuration Enforcement 182
Decommissioning 183
Hardening Techniques 183
Encryption 183
Installation of Endpoint Protection 184
Host-Based Firewall 184
Host-Based Intrusion Prevention System (HIPS) 184
Disabling Ports/Protocols 184
Default Password Changes 185
Removal of Unnecessary Software 185
Chapter Review Activities 185
Part III: Security Architecture
Chapter 10 Comparing and Contrasting Security Implications of Different
Architecture Models 189
Do I Know This Already? Quiz 189
Foundation Topics 193
Architecture and Infrastructure Concepts 193
Cloud 193
Infrastructure as Code (IaC) 195
Serverless 196
Microservices 197
Network Infrastructure 197
On-premises 201
Centralized Versus Decentralized 201
Containerization 202
Virtualization 206
IoT 208
Industrial Control Systems (ICS)/Supervisory Control and Data Acquisition
(SCADA) 210
Real-Time Operating System (RTOS) 213
Embedded Systems 214
High Availability 214
Considerations 215
Availability 215
Resilience 215
Cost 216
Responsiveness 216
Scalability 216
Ease of Deployment 216
Risk Transference 217
Ease of Recovery 217
Patch Availability 217
Inability to Patch 218
Power 218
Compute 218
Chapter Review Activities 219
Chapter 11 Applying Security Principles to Secure Enterprise Infrastructure
223
Do I Know This Already? Quiz 223
Foundation Topics 226
Infrastructure Considerations 226
Device Placement 226
Security Zones 226
Attack Surface 227
Connectivity 228
Failure Modes 228
Device Attribute 229
Network Appliances 230
Port Security 235
Firewall Types 239
Secure Communication/Access 249
Virtual Private Network (VPN) 249
Remote Access 251
Tunneling 254
Software-Defined Wide Area Network (SD-WAN) 265
Secure Access Service Edge (SASE) 265
Selection of Effective Controls 266
Chapter Review Activities 266
Chapter 12 Comparing and Contrasting Concepts and Strategies to Protect
Data 271
Do I Know This Already? Quiz 271
Foundation Topics 274
Data Types 274
Data Classifications 275
General Data Considerations 276
Data States 276
Data Sovereignty 278
Geolocation 278
Methods to Secure Data 279
Geographic Restrictions 279
Encryption 279
Hashing 279
Masking 281
Tokenization 281
Obfuscation 281
Segmentation 281
Permission Restrictions 282
Chapter Review Activities 283
Chapter 13 Understanding the Importance of Resilience and Recovery in
Security Architecture 287
Do I Know This Already? Quiz 287
Foundation Topics 291
High Availability 291
Key Components 291
Cloud Environments 291
Site Considerations 292
Platform Diversity 294
Multi-Cloud System 294
Continuity of Operations 294
Capacity Planning 295
Testing 296
Tabletop Exercises 296
Failover 297
Simulations 298
Parallel Processing 299
Backups 299
Power 301
Uninterruptible Power Supply (UPS) 301
Generators 301
Chapter Review Activities 302
Part IV: Security Operations
Chapter 14 Applying Common Security Techniques to Computing Resources 305
Do I Know This Already? Quiz 305
Foundation Topics 309
Secure Baselines 309
Inventory Assessment 309
Vulnerability Scanning 309
Minimum Configuration Standards 310
Documentation 310
Deployment 310
Ongoing Maintenance 311
Hardening Targets 311
Wireless Devices 315
Mobile Solutions 318
Mobile Device Management 318
MDM Security Feature Concerns: Application and Content Management 320
MDM Security Feature Concerns: Remote Wipe, Geofencing, Geolocation, Screen
Locks, Passwords and PINs, and Full Device Encryption 322
Deployment Models 325
Secure Implementation of BYOD, CYOD, and COPE 326
Connection Methods 328
Secure Implementation Best Practices 330
Wireless Security Settings 331
Wi-Fi Protected Access 3 (WPA3) 332
Remote Authentication Dial-In User Service (RADIUS) Federation 332
Cryptographic Protocols 334
Authentication Protocols 335
Application Security 336
Input Validations 337
Secure Cookies 337
Static Code Analysis 338
Code Signing 339
Sandboxing 340
Monitoring 340
Chapter Review Activities 341
Chapter 15 Understanding the Security Implications of Hardware, Software,
and Data Asset Management 345
Do I Know This Already? Quiz 345
Foundation Topics 348
Acquisition/Procurement Process 348
Assignment/Accounting 350
Monitoring/Asset Tracking 350
Inventory 351
Enumeration 351
Disposal/Decommissioning 351
Sanitization 352
Destruction 352
Certification 353
Data Retention 353
Chapter Review Activities 354
Chapter 16 Understanding Various Activities Associated with Vulnerability
Management 357
Do I Know This Already? Quiz 357
Foundation Topics 360
Identification Methods 360
Vulnerability Scan 360
Application Security 362
Threat Feed 364
Penetration Testing 366
Responsible Disclosure Program 366
System/Process Audit 367
Analysis 367
Confirmation 368
Prioritize 368
Common Vulnerability Scoring System (CVSS) 368
Common Vulnerability Enumeration (CVE) 370
Vulnerability Classification 370
Exposure Factor 371
Environmental Variables 372
Industry/Organizational Impact 372
Risk Tolerance 372
Vulnerability Response and Remediation 374
Patching 374
Insurance 374
Segmentation 374
Compensating Controls 375
Exceptions and Exemptions 375
Validation of Remediation 376
Rescanning 376
Audit 376
Verification 376
Reporting 377
Chapter Review Activities 378
Chapter 17 Understanding Security Alerting and Monitoring Concepts and
Tools 381
Do I Know This Already? Quiz 381
Foundation Topics 383
Monitoring and Computing Resources 383
Activities 386
Log Aggregation 386
Alerting 388
Scanning 389
Reporting 390
Archiving 391
Alert Response and Remediation/Validation 392
Tools 392
Security Content Automation Protocol (SCAP) 393
Benchmarks 395
Agents/Agentless 397
Security Information and Event Management (SIEM) 397
NetFlow 399
Antivirus Software 400
Data Loss Prevention (DLP) 401
Simple Network Management Protocol (SNMP) Traps 401
Vulnerability Scanners 403
Chapter Review Activities 405
Chapter 18 Modifying Enterprise Capabilities to Enhance Security 409
Do I Know This Already? Quiz 409
Foundation Topics 413
Firewall 413
Rules 414
Access Lists 415
Ports/Protocols 416
Screened Subnet 417
IDS/IPS 418
Trends 419
Signatures 419
Web Filter 421
Operating System Security 423
Implementation of Secure Protocols 424
DNS Filtering 427
Email Security 427
File Integrity Monitoring 429
DLP 429
Network Access Control (NAC) 430
Endpoint Detection and Response (EDR)/Extended Detection and Response (XDR)
430
User Behavior Analytics 431
Chapter Review Activities 432
Chapter 19 Implementing and Maintaining Identity and Access Management 435
Do I Know This Already? Quiz 435
Foundation Topics 439
Provisioning/De-provisioning User Accounts 439
Permission Assignments and Implications 439
Identity Proofing 441
Federation 441
Single Sign-On (SSO) 443
Lightweight Directory Access Protocol (LDAP) 443
OAuth 444
Security Assertion Markup Language 446
Interoperability 448
Attestation 449
Access Controls 450
Role-Based Access Control 450
Rule-Based Access Control 451
Mandatory Access Control 451
Discretionary Access Control 452
Attribute-Based Access Control (ABAC) 454
Time-of-Day Restrictions 455
Least Privilege 456
Multifactor Authentication (MFA) 456
Implementations 457
Factors 459
Password Concepts 461
Password Best Practices 461
Password Managers 464
Passwordless 465
Privileged Access Management Tools 465
Just-in-Time Permissions 466
Password Vaulting 466
Ephemeral Credentials 466
Chapter Review Activities 467
Chapter 20 Understanding the Importance of Automation and Orchestration
Related to Secure Operations 471
Do I Know This Already? Quiz 471
Foundation Topics 474
Use Cases of Automation and Scripting 474
User Provisioning 474
Resource Provisioning 477
Guard Rails 477
Security Groups 477
Ticket Creation and Escalation 477
Continuous Integration and Testing 478
Integrations and Application Programming Interfaces (APIs) 479
Benefits 480
Efficiency/Time Saving 480
Enforcing Baselines 480
Standard Infrastructure Configurations 481
Scaling in a Secure Manner 481
Employee Retention 481
Reaction Time 482
Workforce Multiplier 482
Other Considerations 482
Complexity 482
Cost 483
Single Point of Failure 483
Technical Debt 483
Ongoing Supportability 484
Chapter Review Activities 485
Chapter 21 Understanding Appropriate Incident Response Activities 489
Do I Know This Already? Quiz 489
Foundation Topics 493
Process 493
Preparation 494
Detection 495
Analysis 496
Containment 496
Eradication 496
Recovery 497
Lessons Learned 497
Training 497
Testing 498
The Anatomy of a Tabletop Exercise 499
The Intricacies of Simulation Exercises 499
Mock Example of a Tabletop Exercise 500
Root Cause Analysis 501
Threat Hunting 502
Digital Forensics 502
Legal Hold 503
Chain of Custody 503
Acquisition 503
Reporting 505
Preservation 505
E-Discovery 506
Chapter Review Activities 506
Chapter 22 Using Data Sources to Support an Investigation 509
Do I Know This Already? Quiz 509
Foundation Topics 512
Log Data 512
Firewall Logs 513
Application Logs 513
Endpoint Logs 515
OS-Specific Security Logs 515
IPS/IDS Logs 517
Network Logs 518
Metadata 518
Data Sources 521
Vulnerability Scans 522
Automated Reports 522
Dashboards 523
Packet Captures 525
Chapter Review Activities 525
Part V: Security Program Management and Oversight
Chapter 23 Summarizing Elements of Effective Security Governance 529
Do I Know This Already? Quiz 529
Foundation Topics 532
Guidelines 532
Policies 532
Acceptable Use 533
Information Security Policies 533
Business Continuity 535
Disaster Recovery 535
Incident Response 535
Software Development Lifecycle (SDLC) 536
Change Management 536
Standards 536
Password Standards 537
Access Control Standards 538
Physical Security Standards 539
Encryption Standards 539
Procedures 541
Change Management 541
Onboarding and Offboarding 542
Playbooks 542
External Considerations 543
Regulatory 543
Legal 544
Industry 544
Local/Regional 544
National 545
Global 545
Monitoring and Revision 545
Types of Governance Structures 546
Boards 546
Committees 547
Government Entities 547
Centralized/Decentralized 548
Roles and Responsibilities for Systems and Data 549
Owners 549
Controllers 550
Processors 551
Custodians/Stewards 552
Chapter Review Activities 553
Chapter 24 Understanding Elements of the Risk Management Process 557
Do I Know This Already? Quiz 557
Foundation Topics 561
Risk Identification 561
Risk Assessment 562
Ad Hoc 562
Recurring 562
One-time 562
Continuous 562
Risk Analysis 563
Qualitative Risk Assessment 565
Quantitative Risk Assessment 565
Probability 567
Likelihood 569
Exposure Factor 570
Impact 571
Risk Register 572
Key Risk Indicators (KRIs) 572
Risk Owners 572
Risk Threshold 572
Risk Tolerance 574
Risk Appetite 574
Expansionary 574
Conservative 575
Neutral 575
Risk Management Strategies 575
Risk Transfer 576
Risk Acceptance 576
Risk Avoidance 576
Risk Mitigation 576
Risk Reporting 577
Business Impact Analysis 578
Recovery Time Objective (RTO) 579
Recovery Point Objective (RPO) 579
Mean Time to Repair (MTTR) 579
Mean Time Between Failures (MTBF) 580
Chapter Review Activities 582
Chapter 25 Understanding the Processes Associated with Third-Party Risk
Assessment and Management 585
Do I Know This Already? Quiz 585
Foundation Topics 588
Vendor Assessment 588
Penetration Testing 589
Right-to-Audit Clause 589
Evidence of Internal Audits 590
Independent Assessments 590
Supply Chain Analysis 591
Vendor Selection 591
Due Diligence 592
Conflict of Interest 592
Agreement Types 593
Vendor Monitoring 594
Questionnaires 594
Rules of Engagement 595
Chapter Review Activities 595
Chapter 26 Summarizing Elements of Effective Security Compliance 599
Do I Know This Already? Quiz 599
Foundation Topics 602
Compliance Reporting 602
Internal Reporting 603
External Reporting 603
Consequences of Non-compliance 603
Fines 603
Sanctions 604
Reputational Damage 604
Loss of License 604
Contractual Impacts 605
Compliance Monitoring 605
Due Diligence/Care 605
Attestation and Acknowledgment 607
Internal and External 608
Automation 608
Privacy 609
Legal Implications 609
Data Subject 611
Controller vs. Processor 611
Ownership 612
Data Inventory and Retention 612
Right to Be Forgotten 613
Chapter Review Activities 613
Chapter 27 Understanding Types and Purposes of Audits and Assessments 617
Do I Know This Already? Quiz 617
Foundation Topics 620
Attestation 620
Internal 621
External 622
Penetration Testing 623
Chapter Review Activities 628
Chapter 28 Implementing Security Awareness Practices 631
Do I Know This Already? Quiz 631
Foundation Topics 634
Phishing 634
Anomalous Behavior Recognition 635
User Guidance and Training 638
Reporting and Monitoring 641
Development 642
Execution 642
Chapter Review Activities 643
Part VI: Final Preparation
Chapter 29 Final Preparation 647
Hands-on Activities 647
Suggested Plan for Final Review and Study 648
Summary 648
Appendix A Answers to the Do I Know This Already? Quizzes and Review
Questions 649
Online Elements
Appendix B Study Planner
Glossary of Key Terms
9780138293086 TOC 3/4/2024
Part I: General Security Concepts
Chapter 1 Comparing and Contrasting the Various Types of Controls 3
Do I Know This Already? Quiz 3
Foundation Topics 6
Control Categories 6
Technical Controls 6
Managerial Controls 6
Operational Controls 6
Physical Controls 7
Summary of Control Categories 7
Control Types 8
Preventive Controls 8
Deterrent Controls 8
Detective Controls 9
Corrective Controls 9
Compensating Controls 9
Directive Controls 10
Summary of Control Types 10
Chapter Review Activities 11
Chapter 2 Summarizing Fundamental Security Concepts 15
Do I Know This Already? Quiz 15
Foundation Topics 19
Confidentiality, Integrity, and Availability (CIA) 19
Non-repudiation 20
Authentication, Authorization, and Accounting (AAA) 21
Gap Analysis 22
Zero Trust 22
Physical Security 24
Bollards/Barricades 24
Access Control Vestibules 26
Fencing 27
Video Surveillance 28
Security Guards 28
Access Badges 29
Lighting 30
Sensors 30
Deception and Disruption Technology 31
Chapter Review Activities 32
Chapter 3 Understanding Change Managements Security Impact 37
Do I Know This Already? Quiz 37
Foundation Topics 41
Business Processes Impacting Security Operations 41
Approval Process 41
Ownership 41
Stakeholders 42
Impact Analysis 42
Test Results 42
Backout Plan 42
Maintenance Window 43
Standard Operating Procedure 43
Technical Implications 43
Allow Lists 44
Block Lists/Deny Lists 44
Restricted Activities 44
Downtime 45
Service Restart 45
Application Restart 46
Legacy Applications 46
Dependencies 46
Documentation 47
Updating Diagrams 47
Updating Policies/Procedures 48
Version Control 48
Chapter Review Activities 49
Chapter 4 Understanding the Importance of Using Appropriate Cryptographic
Solutions 53
Do I Know This Already? Quiz 53
Foundation Topics 58
Public Key Infrastructure (PKI) 58
Public Key 58
Private and Public Key 58
Encryption 59
Level 59
Full Disk 59
Partition 60
File 60
Volume 60
Database 60
Record 61
Transport/Communication 61
Encryption at Rest, in Transit/Motion, and in Processing 61
Symmetric Versus Asymmetric Encryption 62
Key Exchange 64
Algorithms 65
Key Length 66
Tools 67
Trusted Platform Module 67
Hardware Security Module 68
Key Management System 68
Secure Enclave 69
Obfuscation 70
Steganography 70
Audio Steganography 71
Video Steganography 71
Image Steganography 72
Tokenization 72
Data Masking 74
Hashing 75
Salting 76
Digital Signatures 76
Key Stretching 77
Blockchain 78
Open Public Ledger 78
Certificates 79
Certificate Authorities 79
Certificate Revocation Lists 81
Online Certificate Status Protocol (OCSP) 82
Self-Signed 83
Certificate-Signing Request 90
Wildcard 90
Chapter Review Activities 90
Part II: Threats, Vulnerabilities, and Mitigations
Chapter 5 Comparing and Contrasting Common Threat Actors and Motivations 95
Do I Know This Already? Quiz 95
Foundation Topics 98
Threat Actors 98
Attributes of Actors 99
Motivations 100
War 101
Chapter Review Activities 102
Chapter 6 Understanding Common Threat Vectors and Attack Surfaces 105
Do I Know This Already? Quiz 105
Foundation Topics 109
Message-Based 109
Email 109
Short Message Service (SMS) 109
Instant Messaging (IM) 110
Spam and Spam over Internet Messaging (SPIM) 110
Image-Based 111
File-Based 111
Voice Call 111
Removable Device 111
Vulnerable Software 112
Unsupported Systems and Applications 112
Unsecure Networks 113
Open Service Ports 114
Default Credentials 115
Supply Chain 116
Human Vectors/Social Engineering 116
Phishing 117
Vishing 120
Smishing 121
Misinformation/Disinformation 121
Impersonation 121
Business Email Compromise (BEC) 122
Pretexting 122
Watering Hole Attack 122
Brand Impersonation 123
Typosquatting 123
Chapter Review Activities 123
Chapter 7 Understanding Various Types of Vulnerabilities 127
Do I Know This Already? Quiz 127
Foundation Topics 130
Application 130
Memory Injection 130
Buffer Overflow 131
Race Conditions 132
Malicious Update 132
Operating System (OS)Based 133
Web-Based 133
Structured Query Language Injection (SQLi) Vulnerabilities 133
Cross-Site Scripting (XSS) Vulnerabilities 134
Hardware 134
Firmware 134
End-of-Life (EOL) 134
Legacy 135
Virtualization 135
Virtual Machine (VM) Escape 135
Resource Reuse 135
Cloud Specific 136
Other Cloud-Based Concerns 140
Supply Chain 141
Service Provider 141
Hardware Provider 141
Software Provider 142
Cryptographic 142
Misconfiguration 142
Mobile Device 142
Side Loading 143
Jailbreaking 143
Zero-Day Vulnerabilities 143
Chapter Review Activities 145
Chapter 8 Understanding Indicators of Malicious Activity 149
Do I Know This Already? Quiz 149
Foundation Topics 152
Malware Attacks 152
Ransomware 152
Trojans 153
Worms 154
Spyware 154
Bloatware 155
Virus 155
Keylogger 155
You Cant Save Every Computer from Malware! 156
Logic Bomb 157
Rootkit 157
Physical Attacks 158
Brute-Force Attacks 159
Radio Frequency Identification (RFID) Cloning 159
Environmental 159
Network Attacks 160
Distributed Denial-of-Service (DDoS) Attacks 160
Domain Name System (DNS) Attacks 160
Wireless Attacks 160
On-Path Attacks 161
Credential Replay 161
Malicious Code 161
Application Attacks 162
Injection 162
Buffer Overflow 162
Replay 162
Privilege Escalation 162
Forgery 163
Directory Traversal 163
Cryptographic Attacks 163
Downgrade 163
Collision 163
Birthday 164
Password Attacks 164
Password Spraying 165
Brute-Force Attacks 165
Indicators 165
Account Lockout 166
Concurrent Session Usage 166
Blocked Content 166
Impossible Travel 166
Resource Consumption 166
Resource Inaccessibility 166
Out-of-Cycle Logging 167
Published/Documented Indicators 167
Missing Logs 167
Chapter Review Activities 167
Chapter 9 Understanding the Purpose of Mitigation Techniques Used to Secure
the Enterprise 171
Do I Know This Already? Quiz 171
Foundation Topics 175
Segmentation 175
Access Control 175
Access Control Lists (ACLs) 175
Permissions 176
Application Allow List 178
Isolation 179
Patching 180
Encryption 181
Monitoring 182
Least Privilege 182
Configuration Enforcement 182
Decommissioning 183
Hardening Techniques 183
Encryption 183
Installation of Endpoint Protection 184
Host-Based Firewall 184
Host-Based Intrusion Prevention System (HIPS) 184
Disabling Ports/Protocols 184
Default Password Changes 185
Removal of Unnecessary Software 185
Chapter Review Activities 185
Part III: Security Architecture
Chapter 10 Comparing and Contrasting Security Implications of Different
Architecture Models 189
Do I Know This Already? Quiz 189
Foundation Topics 193
Architecture and Infrastructure Concepts 193
Cloud 193
Infrastructure as Code (IaC) 195
Serverless 196
Microservices 197
Network Infrastructure 197
On-premises 201
Centralized Versus Decentralized 201
Containerization 202
Virtualization 206
IoT 208
Industrial Control Systems (ICS)/Supervisory Control and Data Acquisition
(SCADA) 210
Real-Time Operating System (RTOS) 213
Embedded Systems 214
High Availability 214
Considerations 215
Availability 215
Resilience 215
Cost 216
Responsiveness 216
Scalability 216
Ease of Deployment 216
Risk Transference 217
Ease of Recovery 217
Patch Availability 217
Inability to Patch 218
Power 218
Compute 218
Chapter Review Activities 219
Chapter 11 Applying Security Principles to Secure Enterprise Infrastructure
223
Do I Know This Already? Quiz 223
Foundation Topics 226
Infrastructure Considerations 226
Device Placement 226
Security Zones 226
Attack Surface 227
Connectivity 228
Failure Modes 228
Device Attribute 229
Network Appliances 230
Port Security 235
Firewall Types 239
Secure Communication/Access 249
Virtual Private Network (VPN) 249
Remote Access 251
Tunneling 254
Software-Defined Wide Area Network (SD-WAN) 265
Secure Access Service Edge (SASE) 265
Selection of Effective Controls 266
Chapter Review Activities 266
Chapter 12 Comparing and Contrasting Concepts and Strategies to Protect
Data 271
Do I Know This Already? Quiz 271
Foundation Topics 274
Data Types 274
Data Classifications 275
General Data Considerations 276
Data States 276
Data Sovereignty 278
Geolocation 278
Methods to Secure Data 279
Geographic Restrictions 279
Encryption 279
Hashing 279
Masking 281
Tokenization 281
Obfuscation 281
Segmentation 281
Permission Restrictions 282
Chapter Review Activities 283
Chapter 13 Understanding the Importance of Resilience and Recovery in
Security Architecture 287
Do I Know This Already? Quiz 287
Foundation Topics 291
High Availability 291
Key Components 291
Cloud Environments 291
Site Considerations 292
Platform Diversity 294
Multi-Cloud System 294
Continuity of Operations 294
Capacity Planning 295
Testing 296
Tabletop Exercises 296
Failover 297
Simulations 298
Parallel Processing 299
Backups 299
Power 301
Uninterruptible Power Supply (UPS) 301
Generators 301
Chapter Review Activities 302
Part IV: Security Operations
Chapter 14 Applying Common Security Techniques to Computing Resources 305
Do I Know This Already? Quiz 305
Foundation Topics 309
Secure Baselines 309
Inventory Assessment 309
Vulnerability Scanning 309
Minimum Configuration Standards 310
Documentation 310
Deployment 310
Ongoing Maintenance 311
Hardening Targets 311
Wireless Devices 315
Mobile Solutions 318
Mobile Device Management 318
MDM Security Feature Concerns: Application and Content Management 320
MDM Security Feature Concerns: Remote Wipe, Geofencing, Geolocation, Screen
Locks, Passwords and PINs, and Full Device Encryption 322
Deployment Models 325
Secure Implementation of BYOD, CYOD, and COPE 326
Connection Methods 328
Secure Implementation Best Practices 330
Wireless Security Settings 331
Wi-Fi Protected Access 3 (WPA3) 332
Remote Authentication Dial-In User Service (RADIUS) Federation 332
Cryptographic Protocols 334
Authentication Protocols 335
Application Security 336
Input Validations 337
Secure Cookies 337
Static Code Analysis 338
Code Signing 339
Sandboxing 340
Monitoring 340
Chapter Review Activities 341
Chapter 15 Understanding the Security Implications of Hardware, Software,
and Data Asset Management 345
Do I Know This Already? Quiz 345
Foundation Topics 348
Acquisition/Procurement Process 348
Assignment/Accounting 350
Monitoring/Asset Tracking 350
Inventory 351
Enumeration 351
Disposal/Decommissioning 351
Sanitization 352
Destruction 352
Certification 353
Data Retention 353
Chapter Review Activities 354
Chapter 16 Understanding Various Activities Associated with Vulnerability
Management 357
Do I Know This Already? Quiz 357
Foundation Topics 360
Identification Methods 360
Vulnerability Scan 360
Application Security 362
Threat Feed 364
Penetration Testing 366
Responsible Disclosure Program 366
System/Process Audit 367
Analysis 367
Confirmation 368
Prioritize 368
Common Vulnerability Scoring System (CVSS) 368
Common Vulnerability Enumeration (CVE) 370
Vulnerability Classification 370
Exposure Factor 371
Environmental Variables 372
Industry/Organizational Impact 372
Risk Tolerance 372
Vulnerability Response and Remediation 374
Patching 374
Insurance 374
Segmentation 374
Compensating Controls 375
Exceptions and Exemptions 375
Validation of Remediation 376
Rescanning 376
Audit 376
Verification 376
Reporting 377
Chapter Review Activities 378
Chapter 17 Understanding Security Alerting and Monitoring Concepts and
Tools 381
Do I Know This Already? Quiz 381
Foundation Topics 383
Monitoring and Computing Resources 383
Activities 386
Log Aggregation 386
Alerting 388
Scanning 389
Reporting 390
Archiving 391
Alert Response and Remediation/Validation 392
Tools 392
Security Content Automation Protocol (SCAP) 393
Benchmarks 395
Agents/Agentless 397
Security Information and Event Management (SIEM) 397
NetFlow 399
Antivirus Software 400
Data Loss Prevention (DLP) 401
Simple Network Management Protocol (SNMP) Traps 401
Vulnerability Scanners 403
Chapter Review Activities 405
Chapter 18 Modifying Enterprise Capabilities to Enhance Security 409
Do I Know This Already? Quiz 409
Foundation Topics 413
Firewall 413
Rules 414
Access Lists 415
Ports/Protocols 416
Screened Subnet 417
IDS/IPS 418
Trends 419
Signatures 419
Web Filter 421
Operating System Security 423
Implementation of Secure Protocols 424
DNS Filtering 427
Email Security 427
File Integrity Monitoring 429
DLP 429
Network Access Control (NAC) 430
Endpoint Detection and Response (EDR)/Extended Detection and Response (XDR)
430
User Behavior Analytics 431
Chapter Review Activities 432
Chapter 19 Implementing and Maintaining Identity and Access Management 435
Do I Know This Already? Quiz 435
Foundation Topics 439
Provisioning/De-provisioning User Accounts 439
Permission Assignments and Implications 439
Identity Proofing 441
Federation 441
Single Sign-On (SSO) 443
Lightweight Directory Access Protocol (LDAP) 443
OAuth 444
Security Assertion Markup Language 446
Interoperability 448
Attestation 449
Access Controls 450
Role-Based Access Control 450
Rule-Based Access Control 451
Mandatory Access Control 451
Discretionary Access Control 452
Attribute-Based Access Control (ABAC) 454
Time-of-Day Restrictions 455
Least Privilege 456
Multifactor Authentication (MFA) 456
Implementations 457
Factors 459
Password Concepts 461
Password Best Practices 461
Password Managers 464
Passwordless 465
Privileged Access Management Tools 465
Just-in-Time Permissions 466
Password Vaulting 466
Ephemeral Credentials 466
Chapter Review Activities 467
Chapter 20 Understanding the Importance of Automation and Orchestration
Related to Secure Operations 471
Do I Know This Already? Quiz 471
Foundation Topics 474
Use Cases of Automation and Scripting 474
User Provisioning 474
Resource Provisioning 477
Guard Rails 477
Security Groups 477
Ticket Creation and Escalation 477
Continuous Integration and Testing 478
Integrations and Application Programming Interfaces (APIs) 479
Benefits 480
Efficiency/Time Saving 480
Enforcing Baselines 480
Standard Infrastructure Configurations 481
Scaling in a Secure Manner 481
Employee Retention 481
Reaction Time 482
Workforce Multiplier 482
Other Considerations 482
Complexity 482
Cost 483
Single Point of Failure 483
Technical Debt 483
Ongoing Supportability 484
Chapter Review Activities 485
Chapter 21 Understanding Appropriate Incident Response Activities 489
Do I Know This Already? Quiz 489
Foundation Topics 493
Process 493
Preparation 494
Detection 495
Analysis 496
Containment 496
Eradication 496
Recovery 497
Lessons Learned 497
Training 497
Testing 498
The Anatomy of a Tabletop Exercise 499
The Intricacies of Simulation Exercises 499
Mock Example of a Tabletop Exercise 500
Root Cause Analysis 501
Threat Hunting 502
Digital Forensics 502
Legal Hold 503
Chain of Custody 503
Acquisition 503
Reporting 505
Preservation 505
E-Discovery 506
Chapter Review Activities 506
Chapter 22 Using Data Sources to Support an Investigation 509
Do I Know This Already? Quiz 509
Foundation Topics 512
Log Data 512
Firewall Logs 513
Application Logs 513
Endpoint Logs 515
OS-Specific Security Logs 515
IPS/IDS Logs 517
Network Logs 518
Metadata 518
Data Sources 521
Vulnerability Scans 522
Automated Reports 522
Dashboards 523
Packet Captures 525
Chapter Review Activities 525
Part V: Security Program Management and Oversight
Chapter 23 Summarizing Elements of Effective Security Governance 529
Do I Know This Already? Quiz 529
Foundation Topics 532
Guidelines 532
Policies 532
Acceptable Use 533
Information Security Policies 533
Business Continuity 535
Disaster Recovery 535
Incident Response 535
Software Development Lifecycle (SDLC) 536
Change Management 536
Standards 536
Password Standards 537
Access Control Standards 538
Physical Security Standards 539
Encryption Standards 539
Procedures 541
Change Management 541
Onboarding and Offboarding 542
Playbooks 542
External Considerations 543
Regulatory 543
Legal 544
Industry 544
Local/Regional 544
National 545
Global 545
Monitoring and Revision 545
Types of Governance Structures 546
Boards 546
Committees 547
Government Entities 547
Centralized/Decentralized 548
Roles and Responsibilities for Systems and Data 549
Owners 549
Controllers 550
Processors 551
Custodians/Stewards 552
Chapter Review Activities 553
Chapter 24 Understanding Elements of the Risk Management Process 557
Do I Know This Already? Quiz 557
Foundation Topics 561
Risk Identification 561
Risk Assessment 562
Ad Hoc 562
Recurring 562
One-time 562
Continuous 562
Risk Analysis 563
Qualitative Risk Assessment 565
Quantitative Risk Assessment 565
Probability 567
Likelihood 569
Exposure Factor 570
Impact 571
Risk Register 572
Key Risk Indicators (KRIs) 572
Risk Owners 572
Risk Threshold 572
Risk Tolerance 574
Risk Appetite 574
Expansionary 574
Conservative 575
Neutral 575
Risk Management Strategies 575
Risk Transfer 576
Risk Acceptance 576
Risk Avoidance 576
Risk Mitigation 576
Risk Reporting 577
Business Impact Analysis 578
Recovery Time Objective (RTO) 579
Recovery Point Objective (RPO) 579
Mean Time to Repair (MTTR) 579
Mean Time Between Failures (MTBF) 580
Chapter Review Activities 582
Chapter 25 Understanding the Processes Associated with Third-Party Risk
Assessment and Management 585
Do I Know This Already? Quiz 585
Foundation Topics 588
Vendor Assessment 588
Penetration Testing 589
Right-to-Audit Clause 589
Evidence of Internal Audits 590
Independent Assessments 590
Supply Chain Analysis 591
Vendor Selection 591
Due Diligence 592
Conflict of Interest 592
Agreement Types 593
Vendor Monitoring 594
Questionnaires 594
Rules of Engagement 595
Chapter Review Activities 595
Chapter 26 Summarizing Elements of Effective Security Compliance 599
Do I Know This Already? Quiz 599
Foundation Topics 602
Compliance Reporting 602
Internal Reporting 603
External Reporting 603
Consequences of Non-compliance 603
Fines 603
Sanctions 604
Reputational Damage 604
Loss of License 604
Contractual Impacts 605
Compliance Monitoring 605
Due Diligence/Care 605
Attestation and Acknowledgment 607
Internal and External 608
Automation 608
Privacy 609
Legal Implications 609
Data Subject 611
Controller vs. Processor 611
Ownership 612
Data Inventory and Retention 612
Right to Be Forgotten 613
Chapter Review Activities 613
Chapter 27 Understanding Types and Purposes of Audits and Assessments 617
Do I Know This Already? Quiz 617
Foundation Topics 620
Attestation 620
Internal 621
External 622
Penetration Testing 623
Chapter Review Activities 628
Chapter 28 Implementing Security Awareness Practices 631
Do I Know This Already? Quiz 631
Foundation Topics 634
Phishing 634
Anomalous Behavior Recognition 635
User Guidance and Training 638
Reporting and Monitoring 641
Development 642
Execution 642
Chapter Review Activities 643
Part VI: Final Preparation
Chapter 29 Final Preparation 647
Hands-on Activities 647
Suggested Plan for Final Review and Study 648
Summary 648
Appendix A Answers to the Do I Know This Already? Quizzes and Review
Questions 649
Online Elements
Appendix B Study Planner
Glossary of Key Terms
9780138293086 TOC 3/4/2024
Introduction xxxix
Part I: General Security Concepts
Chapter 1 Comparing and Contrasting the Various Types of Controls 3
Do I Know This Already? Quiz 3
Foundation Topics 6
Control Categories 6
Technical Controls 6
Managerial Controls 6
Operational Controls 6
Physical Controls 7
Summary of Control Categories 7
Control Types 8
Preventive Controls 8
Deterrent Controls 8
Detective Controls 9
Corrective Controls 9
Compensating Controls 9
Directive Controls 10
Summary of Control Types 10
Chapter Review Activities 11
Chapter 2 Summarizing Fundamental Security Concepts 15
Do I Know This Already? Quiz 15
Foundation Topics 19
Confidentiality, Integrity, and Availability (CIA) 19
Non-repudiation 20
Authentication, Authorization, and Accounting (AAA) 21
Gap Analysis 22
Zero Trust 22
Physical Security 24
Bollards/Barricades 24
Access Control Vestibules 26
Fencing 27
Video Surveillance 28
Security Guards 28
Access Badges 29
Lighting 30
Sensors 30
Deception and Disruption Technology 31
Chapter Review Activities 32
Chapter 3 Understanding Change Managements Security Impact 37
Do I Know This Already? Quiz 37
Foundation Topics 41
Business Processes Impacting Security Operations 41
Approval Process 41
Ownership 41
Stakeholders 42
Impact Analysis 42
Test Results 42
Backout Plan 42
Maintenance Window 43
Standard Operating Procedure 43
Technical Implications 43
Allow Lists 44
Block Lists/Deny Lists 44
Restricted Activities 44
Downtime 45
Service Restart 45
Application Restart 46
Legacy Applications 46
Dependencies 46
Documentation 47
Updating Diagrams 47
Updating Policies/Procedures 48
Version Control 48
Chapter Review Activities 49
Chapter 4 Understanding the Importance of Using Appropriate Cryptographic
Solutions 53
Do I Know This Already? Quiz 53
Foundation Topics 58
Public Key Infrastructure (PKI) 58
Public Key 58
Private and Public Key 58
Encryption 59
Level 59
Full Disk 59
Partition 60
File 60
Volume 60
Database 60
Record 61
Transport/Communication 61
Encryption at Rest, in Transit/Motion, and in Processing 61
Symmetric Versus Asymmetric Encryption 62
Key Exchange 64
Algorithms 65
Key Length 66
Tools 67
Trusted Platform Module 67
Hardware Security Module 68
Key Management System 68
Secure Enclave 69
Obfuscation 70
Steganography 70
Audio Steganography 71
Video Steganography 71
Image Steganography 72
Tokenization 72
Data Masking 74
Hashing 75
Salting 76
Digital Signatures 76
Key Stretching 77
Blockchain 78
Open Public Ledger 78
Certificates 79
Certificate Authorities 79
Certificate Revocation Lists 81
Online Certificate Status Protocol (OCSP) 82
Self-Signed 83
Certificate-Signing Request 90
Wildcard 90
Chapter Review Activities 90
Part II: Threats, Vulnerabilities, and Mitigations
Chapter 5 Comparing and Contrasting Common Threat Actors and Motivations 95
Do I Know This Already? Quiz 95
Foundation Topics 98
Threat Actors 98
Attributes of Actors 99
Motivations 100
War 101
Chapter Review Activities 102
Chapter 6 Understanding Common Threat Vectors and Attack Surfaces 105
Do I Know This Already? Quiz 105
Foundation Topics 109
Message-Based 109
Email 109
Short Message Service (SMS) 109
Instant Messaging (IM) 110
Spam and Spam over Internet Messaging (SPIM) 110
Image-Based 111
File-Based 111
Voice Call 111
Removable Device 111
Vulnerable Software 112
Unsupported Systems and Applications 112
Unsecure Networks 113
Open Service Ports 114
Default Credentials 115
Supply Chain 116
Human Vectors/Social Engineering 116
Phishing 117
Vishing 120
Smishing 121
Misinformation/Disinformation 121
Impersonation 121
Business Email Compromise (BEC) 122
Pretexting 122
Watering Hole Attack 122
Brand Impersonation 123
Typosquatting 123
Chapter Review Activities 123
Chapter 7 Understanding Various Types of Vulnerabilities 127
Do I Know This Already? Quiz 127
Foundation Topics 130
Application 130
Memory Injection 130
Buffer Overflow 131
Race Conditions 132
Malicious Update 132
Operating System (OS)Based 133
Web-Based 133
Structured Query Language Injection (SQLi) Vulnerabilities 133
Cross-Site Scripting (XSS) Vulnerabilities 134
Hardware 134
Firmware 134
End-of-Life (EOL) 134
Legacy 135
Virtualization 135
Virtual Machine (VM) Escape 135
Resource Reuse 135
Cloud Specific 136
Other Cloud-Based Concerns 140
Supply Chain 141
Service Provider 141
Hardware Provider 141
Software Provider 142
Cryptographic 142
Misconfiguration 142
Mobile Device 142
Side Loading 143
Jailbreaking 143
Zero-Day Vulnerabilities 143
Chapter Review Activities 145
Chapter 8 Understanding Indicators of Malicious Activity 149
Do I Know This Already? Quiz 149
Foundation Topics 152
Malware Attacks 152
Ransomware 152
Trojans 153
Worms 154
Spyware 154
Bloatware 155
Virus 155
Keylogger 155
You Cant Save Every Computer from Malware! 156
Logic Bomb 157
Rootkit 157
Physical Attacks 158
Brute-Force Attacks 159
Radio Frequency Identification (RFID) Cloning 159
Environmental 159
Network Attacks 160
Distributed Denial-of-Service (DDoS) Attacks 160
Domain Name System (DNS) Attacks 160
Wireless Attacks 160
On-Path Attacks 161
Credential Replay 161
Malicious Code 161
Application Attacks 162
Injection 162
Buffer Overflow 162
Replay 162
Privilege Escalation 162
Forgery 163
Directory Traversal 163
Cryptographic Attacks 163
Downgrade 163
Collision 163
Birthday 164
Password Attacks 164
Password Spraying 165
Brute-Force Attacks 165
Indicators 165
Account Lockout 166
Concurrent Session Usage 166
Blocked Content 166
Impossible Travel 166
Resource Consumption 166
Resource Inaccessibility 166
Out-of-Cycle Logging 167
Published/Documented Indicators 167
Missing Logs 167
Chapter Review Activities 167
Chapter 9 Understanding the Purpose of Mitigation Techniques Used to Secure
the Enterprise 171
Do I Know This Already? Quiz 171
Foundation Topics 175
Segmentation 175
Access Control 175
Access Control Lists (ACLs) 175
Permissions 176
Application Allow List 178
Isolation 179
Patching 180
Encryption 181
Monitoring 182
Least Privilege 182
Configuration Enforcement 182
Decommissioning 183
Hardening Techniques 183
Encryption 183
Installation of Endpoint Protection 184
Host-Based Firewall 184
Host-Based Intrusion Prevention System (HIPS) 184
Disabling Ports/Protocols 184
Default Password Changes 185
Removal of Unnecessary Software 185
Chapter Review Activities 185
Part III: Security Architecture
Chapter 10 Comparing and Contrasting Security Implications of Different
Architecture Models 189
Do I Know This Already? Quiz 189
Foundation Topics 193
Architecture and Infrastructure Concepts 193
Cloud 193
Infrastructure as Code (IaC) 195
Serverless 196
Microservices 197
Network Infrastructure 197
On-premises 201
Centralized Versus Decentralized 201
Containerization 202
Virtualization 206
IoT 208
Industrial Control Systems (ICS)/Supervisory Control and Data Acquisition
(SCADA) 210
Real-Time Operating System (RTOS) 213
Embedded Systems 214
High Availability 214
Considerations 215
Availability 215
Resilience 215
Cost 216
Responsiveness 216
Scalability 216
Ease of Deployment 216
Risk Transference 217
Ease of Recovery 217
Patch Availability 217
Inability to Patch 218
Power 218
Compute 218
Chapter Review Activities 219
Chapter 11 Applying Security Principles to Secure Enterprise Infrastructure
223
Do I Know This Already? Quiz 223
Foundation Topics 226
Infrastructure Considerations 226
Device Placement 226
Security Zones 226
Attack Surface 227
Connectivity 228
Failure Modes 228
Device Attribute 229
Network Appliances 230
Port Security 235
Firewall Types 239
Secure Communication/Access 249
Virtual Private Network (VPN) 249
Remote Access 251
Tunneling 254
Software-Defined Wide Area Network (SD-WAN) 265
Secure Access Service Edge (SASE) 265
Selection of Effective Controls 266
Chapter Review Activities 266
Chapter 12 Comparing and Contrasting Concepts and Strategies to Protect
Data 271
Do I Know This Already? Quiz 271
Foundation Topics 274
Data Types 274
Data Classifications 275
General Data Considerations 276
Data States 276
Data Sovereignty 278
Geolocation 278
Methods to Secure Data 279
Geographic Restrictions 279
Encryption 279
Hashing 279
Masking 281
Tokenization 281
Obfuscation 281
Segmentation 281
Permission Restrictions 282
Chapter Review Activities 283
Chapter 13 Understanding the Importance of Resilience and Recovery in
Security Architecture 287
Do I Know This Already? Quiz 287
Foundation Topics 291
High Availability 291
Key Components 291
Cloud Environments 291
Site Considerations 292
Platform Diversity 294
Multi-Cloud System 294
Continuity of Operations 294
Capacity Planning 295
Testing 296
Tabletop Exercises 296
Failover 297
Simulations 298
Parallel Processing 299
Backups 299
Power 301
Uninterruptible Power Supply (UPS) 301
Generators 301
Chapter Review Activities 302
Part IV: Security Operations
Chapter 14 Applying Common Security Techniques to Computing Resources 305
Do I Know This Already? Quiz 305
Foundation Topics 309
Secure Baselines 309
Inventory Assessment 309
Vulnerability Scanning 309
Minimum Configuration Standards 310
Documentation 310
Deployment 310
Ongoing Maintenance 311
Hardening Targets 311
Wireless Devices 315
Mobile Solutions 318
Mobile Device Management 318
MDM Security Feature Concerns: Application and Content Management 320
MDM Security Feature Concerns: Remote Wipe, Geofencing, Geolocation, Screen
Locks, Passwords and PINs, and Full Device Encryption 322
Deployment Models 325
Secure Implementation of BYOD, CYOD, and COPE 326
Connection Methods 328
Secure Implementation Best Practices 330
Wireless Security Settings 331
Wi-Fi Protected Access 3 (WPA3) 332
Remote Authentication Dial-In User Service (RADIUS) Federation 332
Cryptographic Protocols 334
Authentication Protocols 335
Application Security 336
Input Validations 337
Secure Cookies 337
Static Code Analysis 338
Code Signing 339
Sandboxing 340
Monitoring 340
Chapter Review Activities 341
Chapter 15 Understanding the Security Implications of Hardware, Software,
and Data Asset Management 345
Do I Know This Already? Quiz 345
Foundation Topics 348
Acquisition/Procurement Process 348
Assignment/Accounting 350
Monitoring/Asset Tracking 350
Inventory 351
Enumeration 351
Disposal/Decommissioning 351
Sanitization 352
Destruction 352
Certification 353
Data Retention 353
Chapter Review Activities 354
Chapter 16 Understanding Various Activities Associated with Vulnerability
Management 357
Do I Know This Already? Quiz 357
Foundation Topics 360
Identification Methods 360
Vulnerability Scan 360
Application Security 362
Threat Feed 364
Penetration Testing 366
Responsible Disclosure Program 366
System/Process Audit 367
Analysis 367
Confirmation 368
Prioritize 368
Common Vulnerability Scoring System (CVSS) 368
Common Vulnerability Enumeration (CVE) 370
Vulnerability Classification 370
Exposure Factor 371
Environmental Variables 372
Industry/Organizational Impact 372
Risk Tolerance 372
Vulnerability Response and Remediation 374
Patching 374
Insurance 374
Segmentation 374
Compensating Controls 375
Exceptions and Exemptions 375
Validation of Remediation 376
Rescanning 376
Audit 376
Verification 376
Reporting 377
Chapter Review Activities 378
Chapter 17 Understanding Security Alerting and Monitoring Concepts and
Tools 381
Do I Know This Already? Quiz 381
Foundation Topics 383
Monitoring and Computing Resources 383
Activities 386
Log Aggregation 386
Alerting 388
Scanning 389
Reporting 390
Archiving 391
Alert Response and Remediation/Validation 392
Tools 392
Security Content Automation Protocol (SCAP) 393
Benchmarks 395
Agents/Agentless 397
Security Information and Event Management (SIEM) 397
NetFlow 399
Antivirus Software 400
Data Loss Prevention (DLP) 401
Simple Network Management Protocol (SNMP) Traps 401
Vulnerability Scanners 403
Chapter Review Activities 405
Chapter 18 Modifying Enterprise Capabilities to Enhance Security 409
Do I Know This Already? Quiz 409
Foundation Topics 413
Firewall 413
Rules 414
Access Lists 415
Ports/Protocols 416
Screened Subnet 417
IDS/IPS 418
Trends 419
Signatures 419
Web Filter 421
Operating System Security 423
Implementation of Secure Protocols 424
DNS Filtering 427
Email Security 427
File Integrity Monitoring 429
DLP 429
Network Access Control (NAC) 430
Endpoint Detection and Response (EDR)/Extended Detection and Response (XDR)
430
User Behavior Analytics 431
Chapter Review Activities 432
Chapter 19 Implementing and Maintaining Identity and Access Management 435
Do I Know This Already? Quiz 435
Foundation Topics 439
Provisioning/De-provisioning User Accounts 439
Permission Assignments and Implications 439
Identity Proofing 441
Federation 441
Single Sign-On (SSO) 443
Lightweight Directory Access Protocol (LDAP) 443
OAuth 444
Security Assertion Markup Language 446
Interoperability 448
Attestation 449
Access Controls 450
Role-Based Access Control 450
Rule-Based Access Control 451
Mandatory Access Control 451
Discretionary Access Control 452
Attribute-Based Access Control (ABAC) 454
Time-of-Day Restrictions 455
Least Privilege 456
Multifactor Authentication (MFA) 456
Implementations 457
Factors 459
Password Concepts 461
Password Best Practices 461
Password Managers 464
Passwordless 465
Privileged Access Management Tools 465
Just-in-Time Permissions 466
Password Vaulting 466
Ephemeral Credentials 466
Chapter Review Activities 467
Chapter 20 Understanding the Importance of Automation and Orchestration
Related to Secure Operations 471
Do I Know This Already? Quiz 471
Foundation Topics 474
Use Cases of Automation and Scripting 474
User Provisioning 474
Resource Provisioning 477
Guard Rails 477
Security Groups 477
Ticket Creation and Escalation 477
Continuous Integration and Testing 478
Integrations and Application Programming Interfaces (APIs) 479
Benefits 480
Efficiency/Time Saving 480
Enforcing Baselines 480
Standard Infrastructure Configurations 481
Scaling in a Secure Manner 481
Employee Retention 481
Reaction Time 482
Workforce Multiplier 482
Other Considerations 482
Complexity 482
Cost 483
Single Point of Failure 483
Technical Debt 483
Ongoing Supportability 484
Chapter Review Activities 485
Chapter 21 Understanding Appropriate Incident Response Activities 489
Do I Know This Already? Quiz 489
Foundation Topics 493
Process 493
Preparation 494
Detection 495
Analysis 496
Containment 496
Eradication 496
Recovery 497
Lessons Learned 497
Training 497
Testing 498
The Anatomy of a Tabletop Exercise 499
The Intricacies of Simulation Exercises 499
Mock Example of a Tabletop Exercise 500
Root Cause Analysis 501
Threat Hunting 502
Digital Forensics 502
Legal Hold 503
Chain of Custody 503
Acquisition 503
Reporting 505
Preservation 505
E-Discovery 506
Chapter Review Activities 506
Chapter 22 Using Data Sources to Support an Investigation 509
Do I Know This Already? Quiz 509
Foundation Topics 512
Log Data 512
Firewall Logs 513
Application Logs 513
Endpoint Logs 515
OS-Specific Security Logs 515
IPS/IDS Logs 517
Network Logs 518
Metadata 518
Data Sources 521
Vulnerability Scans 522
Automated Reports 522
Dashboards 523
Packet Captures 525
Chapter Review Activities 525
Part V: Security Program Management and Oversight
Chapter 23 Summarizing Elements of Effective Security Governance 529
Do I Know This Already? Quiz 529
Foundation Topics 532
Guidelines 532
Policies 532
Acceptable Use 533
Information Security Policies 533
Business Continuity 535
Disaster Recovery 535
Incident Response 535
Software Development Lifecycle (SDLC) 536
Change Management 536
Standards 536
Password Standards 537
Access Control Standards 538
Physical Security Standards 539
Encryption Standards 539
Procedures 541
Change Management 541
Onboarding and Offboarding 542
Playbooks 542
External Considerations 543
Regulatory 543
Legal 544
Industry 544
Local/Regional 544
National 545
Global 545
Monitoring and Revision 545
Types of Governance Structures 546
Boards 546
Committees 547
Government Entities 547
Centralized/Decentralized 548
Roles and Responsibilities for Systems and Data 549
Owners 549
Controllers 550
Processors 551
Custodians/Stewards 552
Chapter Review Activities 553
Chapter 24 Understanding Elements of the Risk Management Process 557
Do I Know This Already? Quiz 557
Foundation Topics 561
Risk Identification 561
Risk Assessment 562
Ad Hoc 562
Recurring 562
One-time 562
Continuous 562
Risk Analysis 563
Qualitative Risk Assessment 565
Quantitative Risk Assessment 565
Probability 567
Likelihood 569
Exposure Factor 570
Impact 571
Risk Register 572
Key Risk Indicators (KRIs) 572
Risk Owners 572
Risk Threshold 572
Risk Tolerance 574
Risk Appetite 574
Expansionary 574
Conservative 575
Neutral 575
Risk Management Strategies 575
Risk Transfer 576
Risk Acceptance 576
Risk Avoidance 576
Risk Mitigation 576
Risk Reporting 577
Business Impact Analysis 578
Recovery Time Objective (RTO) 579
Recovery Point Objective (RPO) 579
Mean Time to Repair (MTTR) 579
Mean Time Between Failures (MTBF) 580
Chapter Review Activities 582
Chapter 25 Understanding the Processes Associated with Third-Party Risk
Assessment and Management 585
Do I Know This Already? Quiz 585
Foundation Topics 588
Vendor Assessment 588
Penetration Testing 589
Right-to-Audit Clause 589
Evidence of Internal Audits 590
Independent Assessments 590
Supply Chain Analysis 591
Vendor Selection 591
Due Diligence 592
Conflict of Interest 592
Agreement Types 593
Vendor Monitoring 594
Questionnaires 594
Rules of Engagement 595
Chapter Review Activities 595
Chapter 26 Summarizing Elements of Effective Security Compliance 599
Do I Know This Already? Quiz 599
Foundation Topics 602
Compliance Reporting 602
Internal Reporting 603
External Reporting 603
Consequences of Non-compliance 603
Fines 603
Sanctions 604
Reputational Damage 604
Loss of License 604
Contractual Impacts 605
Compliance Monitoring 605
Due Diligence/Care 605
Attestation and Acknowledgment 607
Internal and External 608
Automation 608
Privacy 609
Legal Implications 609
Data Subject 611
Controller vs. Processor 611
Ownership 612
Data Inventory and Retention 612
Right to Be Forgotten 613
Chapter Review Activities 613
Chapter 27 Understanding Types and Purposes of Audits and Assessments 617
Do I Know This Already? Quiz 617
Foundation Topics 620
Attestation 620
Internal 621
External 622
Penetration Testing 623
Chapter Review Activities 628
Chapter 28 Implementing Security Awareness Practices 631
Do I Know This Already? Quiz 631
Foundation Topics 634
Phishing 634
Anomalous Behavior Recognition 635
User Guidance and Training 638
Reporting and Monitoring 641
Development 642
Execution 642
Chapter Review Activities 643
Part VI: Final Preparation
Chapter 29 Final Preparation 647
Hands-on Activities 647
Suggested Plan for Final Review and Study 648
Summary 648
Appendix A Answers to the Do I Know This Already? Quizzes and Review
Questions 649
Online Elements
Appendix B Study Planner
Glossary of Key Terms
9780138293086 TOC 3/4/2024
Part I: General Security Concepts
Chapter 1 Comparing and Contrasting the Various Types of Controls 3
Do I Know This Already? Quiz 3
Foundation Topics 6
Control Categories 6
Technical Controls 6
Managerial Controls 6
Operational Controls 6
Physical Controls 7
Summary of Control Categories 7
Control Types 8
Preventive Controls 8
Deterrent Controls 8
Detective Controls 9
Corrective Controls 9
Compensating Controls 9
Directive Controls 10
Summary of Control Types 10
Chapter Review Activities 11
Chapter 2 Summarizing Fundamental Security Concepts 15
Do I Know This Already? Quiz 15
Foundation Topics 19
Confidentiality, Integrity, and Availability (CIA) 19
Non-repudiation 20
Authentication, Authorization, and Accounting (AAA) 21
Gap Analysis 22
Zero Trust 22
Physical Security 24
Bollards/Barricades 24
Access Control Vestibules 26
Fencing 27
Video Surveillance 28
Security Guards 28
Access Badges 29
Lighting 30
Sensors 30
Deception and Disruption Technology 31
Chapter Review Activities 32
Chapter 3 Understanding Change Managements Security Impact 37
Do I Know This Already? Quiz 37
Foundation Topics 41
Business Processes Impacting Security Operations 41
Approval Process 41
Ownership 41
Stakeholders 42
Impact Analysis 42
Test Results 42
Backout Plan 42
Maintenance Window 43
Standard Operating Procedure 43
Technical Implications 43
Allow Lists 44
Block Lists/Deny Lists 44
Restricted Activities 44
Downtime 45
Service Restart 45
Application Restart 46
Legacy Applications 46
Dependencies 46
Documentation 47
Updating Diagrams 47
Updating Policies/Procedures 48
Version Control 48
Chapter Review Activities 49
Chapter 4 Understanding the Importance of Using Appropriate Cryptographic
Solutions 53
Do I Know This Already? Quiz 53
Foundation Topics 58
Public Key Infrastructure (PKI) 58
Public Key 58
Private and Public Key 58
Encryption 59
Level 59
Full Disk 59
Partition 60
File 60
Volume 60
Database 60
Record 61
Transport/Communication 61
Encryption at Rest, in Transit/Motion, and in Processing 61
Symmetric Versus Asymmetric Encryption 62
Key Exchange 64
Algorithms 65
Key Length 66
Tools 67
Trusted Platform Module 67
Hardware Security Module 68
Key Management System 68
Secure Enclave 69
Obfuscation 70
Steganography 70
Audio Steganography 71
Video Steganography 71
Image Steganography 72
Tokenization 72
Data Masking 74
Hashing 75
Salting 76
Digital Signatures 76
Key Stretching 77
Blockchain 78
Open Public Ledger 78
Certificates 79
Certificate Authorities 79
Certificate Revocation Lists 81
Online Certificate Status Protocol (OCSP) 82
Self-Signed 83
Certificate-Signing Request 90
Wildcard 90
Chapter Review Activities 90
Part II: Threats, Vulnerabilities, and Mitigations
Chapter 5 Comparing and Contrasting Common Threat Actors and Motivations 95
Do I Know This Already? Quiz 95
Foundation Topics 98
Threat Actors 98
Attributes of Actors 99
Motivations 100
War 101
Chapter Review Activities 102
Chapter 6 Understanding Common Threat Vectors and Attack Surfaces 105
Do I Know This Already? Quiz 105
Foundation Topics 109
Message-Based 109
Email 109
Short Message Service (SMS) 109
Instant Messaging (IM) 110
Spam and Spam over Internet Messaging (SPIM) 110
Image-Based 111
File-Based 111
Voice Call 111
Removable Device 111
Vulnerable Software 112
Unsupported Systems and Applications 112
Unsecure Networks 113
Open Service Ports 114
Default Credentials 115
Supply Chain 116
Human Vectors/Social Engineering 116
Phishing 117
Vishing 120
Smishing 121
Misinformation/Disinformation 121
Impersonation 121
Business Email Compromise (BEC) 122
Pretexting 122
Watering Hole Attack 122
Brand Impersonation 123
Typosquatting 123
Chapter Review Activities 123
Chapter 7 Understanding Various Types of Vulnerabilities 127
Do I Know This Already? Quiz 127
Foundation Topics 130
Application 130
Memory Injection 130
Buffer Overflow 131
Race Conditions 132
Malicious Update 132
Operating System (OS)Based 133
Web-Based 133
Structured Query Language Injection (SQLi) Vulnerabilities 133
Cross-Site Scripting (XSS) Vulnerabilities 134
Hardware 134
Firmware 134
End-of-Life (EOL) 134
Legacy 135
Virtualization 135
Virtual Machine (VM) Escape 135
Resource Reuse 135
Cloud Specific 136
Other Cloud-Based Concerns 140
Supply Chain 141
Service Provider 141
Hardware Provider 141
Software Provider 142
Cryptographic 142
Misconfiguration 142
Mobile Device 142
Side Loading 143
Jailbreaking 143
Zero-Day Vulnerabilities 143
Chapter Review Activities 145
Chapter 8 Understanding Indicators of Malicious Activity 149
Do I Know This Already? Quiz 149
Foundation Topics 152
Malware Attacks 152
Ransomware 152
Trojans 153
Worms 154
Spyware 154
Bloatware 155
Virus 155
Keylogger 155
You Cant Save Every Computer from Malware! 156
Logic Bomb 157
Rootkit 157
Physical Attacks 158
Brute-Force Attacks 159
Radio Frequency Identification (RFID) Cloning 159
Environmental 159
Network Attacks 160
Distributed Denial-of-Service (DDoS) Attacks 160
Domain Name System (DNS) Attacks 160
Wireless Attacks 160
On-Path Attacks 161
Credential Replay 161
Malicious Code 161
Application Attacks 162
Injection 162
Buffer Overflow 162
Replay 162
Privilege Escalation 162
Forgery 163
Directory Traversal 163
Cryptographic Attacks 163
Downgrade 163
Collision 163
Birthday 164
Password Attacks 164
Password Spraying 165
Brute-Force Attacks 165
Indicators 165
Account Lockout 166
Concurrent Session Usage 166
Blocked Content 166
Impossible Travel 166
Resource Consumption 166
Resource Inaccessibility 166
Out-of-Cycle Logging 167
Published/Documented Indicators 167
Missing Logs 167
Chapter Review Activities 167
Chapter 9 Understanding the Purpose of Mitigation Techniques Used to Secure
the Enterprise 171
Do I Know This Already? Quiz 171
Foundation Topics 175
Segmentation 175
Access Control 175
Access Control Lists (ACLs) 175
Permissions 176
Application Allow List 178
Isolation 179
Patching 180
Encryption 181
Monitoring 182
Least Privilege 182
Configuration Enforcement 182
Decommissioning 183
Hardening Techniques 183
Encryption 183
Installation of Endpoint Protection 184
Host-Based Firewall 184
Host-Based Intrusion Prevention System (HIPS) 184
Disabling Ports/Protocols 184
Default Password Changes 185
Removal of Unnecessary Software 185
Chapter Review Activities 185
Part III: Security Architecture
Chapter 10 Comparing and Contrasting Security Implications of Different
Architecture Models 189
Do I Know This Already? Quiz 189
Foundation Topics 193
Architecture and Infrastructure Concepts 193
Cloud 193
Infrastructure as Code (IaC) 195
Serverless 196
Microservices 197
Network Infrastructure 197
On-premises 201
Centralized Versus Decentralized 201
Containerization 202
Virtualization 206
IoT 208
Industrial Control Systems (ICS)/Supervisory Control and Data Acquisition
(SCADA) 210
Real-Time Operating System (RTOS) 213
Embedded Systems 214
High Availability 214
Considerations 215
Availability 215
Resilience 215
Cost 216
Responsiveness 216
Scalability 216
Ease of Deployment 216
Risk Transference 217
Ease of Recovery 217
Patch Availability 217
Inability to Patch 218
Power 218
Compute 218
Chapter Review Activities 219
Chapter 11 Applying Security Principles to Secure Enterprise Infrastructure
223
Do I Know This Already? Quiz 223
Foundation Topics 226
Infrastructure Considerations 226
Device Placement 226
Security Zones 226
Attack Surface 227
Connectivity 228
Failure Modes 228
Device Attribute 229
Network Appliances 230
Port Security 235
Firewall Types 239
Secure Communication/Access 249
Virtual Private Network (VPN) 249
Remote Access 251
Tunneling 254
Software-Defined Wide Area Network (SD-WAN) 265
Secure Access Service Edge (SASE) 265
Selection of Effective Controls 266
Chapter Review Activities 266
Chapter 12 Comparing and Contrasting Concepts and Strategies to Protect
Data 271
Do I Know This Already? Quiz 271
Foundation Topics 274
Data Types 274
Data Classifications 275
General Data Considerations 276
Data States 276
Data Sovereignty 278
Geolocation 278
Methods to Secure Data 279
Geographic Restrictions 279
Encryption 279
Hashing 279
Masking 281
Tokenization 281
Obfuscation 281
Segmentation 281
Permission Restrictions 282
Chapter Review Activities 283
Chapter 13 Understanding the Importance of Resilience and Recovery in
Security Architecture 287
Do I Know This Already? Quiz 287
Foundation Topics 291
High Availability 291
Key Components 291
Cloud Environments 291
Site Considerations 292
Platform Diversity 294
Multi-Cloud System 294
Continuity of Operations 294
Capacity Planning 295
Testing 296
Tabletop Exercises 296
Failover 297
Simulations 298
Parallel Processing 299
Backups 299
Power 301
Uninterruptible Power Supply (UPS) 301
Generators 301
Chapter Review Activities 302
Part IV: Security Operations
Chapter 14 Applying Common Security Techniques to Computing Resources 305
Do I Know This Already? Quiz 305
Foundation Topics 309
Secure Baselines 309
Inventory Assessment 309
Vulnerability Scanning 309
Minimum Configuration Standards 310
Documentation 310
Deployment 310
Ongoing Maintenance 311
Hardening Targets 311
Wireless Devices 315
Mobile Solutions 318
Mobile Device Management 318
MDM Security Feature Concerns: Application and Content Management 320
MDM Security Feature Concerns: Remote Wipe, Geofencing, Geolocation, Screen
Locks, Passwords and PINs, and Full Device Encryption 322
Deployment Models 325
Secure Implementation of BYOD, CYOD, and COPE 326
Connection Methods 328
Secure Implementation Best Practices 330
Wireless Security Settings 331
Wi-Fi Protected Access 3 (WPA3) 332
Remote Authentication Dial-In User Service (RADIUS) Federation 332
Cryptographic Protocols 334
Authentication Protocols 335
Application Security 336
Input Validations 337
Secure Cookies 337
Static Code Analysis 338
Code Signing 339
Sandboxing 340
Monitoring 340
Chapter Review Activities 341
Chapter 15 Understanding the Security Implications of Hardware, Software,
and Data Asset Management 345
Do I Know This Already? Quiz 345
Foundation Topics 348
Acquisition/Procurement Process 348
Assignment/Accounting 350
Monitoring/Asset Tracking 350
Inventory 351
Enumeration 351
Disposal/Decommissioning 351
Sanitization 352
Destruction 352
Certification 353
Data Retention 353
Chapter Review Activities 354
Chapter 16 Understanding Various Activities Associated with Vulnerability
Management 357
Do I Know This Already? Quiz 357
Foundation Topics 360
Identification Methods 360
Vulnerability Scan 360
Application Security 362
Threat Feed 364
Penetration Testing 366
Responsible Disclosure Program 366
System/Process Audit 367
Analysis 367
Confirmation 368
Prioritize 368
Common Vulnerability Scoring System (CVSS) 368
Common Vulnerability Enumeration (CVE) 370
Vulnerability Classification 370
Exposure Factor 371
Environmental Variables 372
Industry/Organizational Impact 372
Risk Tolerance 372
Vulnerability Response and Remediation 374
Patching 374
Insurance 374
Segmentation 374
Compensating Controls 375
Exceptions and Exemptions 375
Validation of Remediation 376
Rescanning 376
Audit 376
Verification 376
Reporting 377
Chapter Review Activities 378
Chapter 17 Understanding Security Alerting and Monitoring Concepts and
Tools 381
Do I Know This Already? Quiz 381
Foundation Topics 383
Monitoring and Computing Resources 383
Activities 386
Log Aggregation 386
Alerting 388
Scanning 389
Reporting 390
Archiving 391
Alert Response and Remediation/Validation 392
Tools 392
Security Content Automation Protocol (SCAP) 393
Benchmarks 395
Agents/Agentless 397
Security Information and Event Management (SIEM) 397
NetFlow 399
Antivirus Software 400
Data Loss Prevention (DLP) 401
Simple Network Management Protocol (SNMP) Traps 401
Vulnerability Scanners 403
Chapter Review Activities 405
Chapter 18 Modifying Enterprise Capabilities to Enhance Security 409
Do I Know This Already? Quiz 409
Foundation Topics 413
Firewall 413
Rules 414
Access Lists 415
Ports/Protocols 416
Screened Subnet 417
IDS/IPS 418
Trends 419
Signatures 419
Web Filter 421
Operating System Security 423
Implementation of Secure Protocols 424
DNS Filtering 427
Email Security 427
File Integrity Monitoring 429
DLP 429
Network Access Control (NAC) 430
Endpoint Detection and Response (EDR)/Extended Detection and Response (XDR)
430
User Behavior Analytics 431
Chapter Review Activities 432
Chapter 19 Implementing and Maintaining Identity and Access Management 435
Do I Know This Already? Quiz 435
Foundation Topics 439
Provisioning/De-provisioning User Accounts 439
Permission Assignments and Implications 439
Identity Proofing 441
Federation 441
Single Sign-On (SSO) 443
Lightweight Directory Access Protocol (LDAP) 443
OAuth 444
Security Assertion Markup Language 446
Interoperability 448
Attestation 449
Access Controls 450
Role-Based Access Control 450
Rule-Based Access Control 451
Mandatory Access Control 451
Discretionary Access Control 452
Attribute-Based Access Control (ABAC) 454
Time-of-Day Restrictions 455
Least Privilege 456
Multifactor Authentication (MFA) 456
Implementations 457
Factors 459
Password Concepts 461
Password Best Practices 461
Password Managers 464
Passwordless 465
Privileged Access Management Tools 465
Just-in-Time Permissions 466
Password Vaulting 466
Ephemeral Credentials 466
Chapter Review Activities 467
Chapter 20 Understanding the Importance of Automation and Orchestration
Related to Secure Operations 471
Do I Know This Already? Quiz 471
Foundation Topics 474
Use Cases of Automation and Scripting 474
User Provisioning 474
Resource Provisioning 477
Guard Rails 477
Security Groups 477
Ticket Creation and Escalation 477
Continuous Integration and Testing 478
Integrations and Application Programming Interfaces (APIs) 479
Benefits 480
Efficiency/Time Saving 480
Enforcing Baselines 480
Standard Infrastructure Configurations 481
Scaling in a Secure Manner 481
Employee Retention 481
Reaction Time 482
Workforce Multiplier 482
Other Considerations 482
Complexity 482
Cost 483
Single Point of Failure 483
Technical Debt 483
Ongoing Supportability 484
Chapter Review Activities 485
Chapter 21 Understanding Appropriate Incident Response Activities 489
Do I Know This Already? Quiz 489
Foundation Topics 493
Process 493
Preparation 494
Detection 495
Analysis 496
Containment 496
Eradication 496
Recovery 497
Lessons Learned 497
Training 497
Testing 498
The Anatomy of a Tabletop Exercise 499
The Intricacies of Simulation Exercises 499
Mock Example of a Tabletop Exercise 500
Root Cause Analysis 501
Threat Hunting 502
Digital Forensics 502
Legal Hold 503
Chain of Custody 503
Acquisition 503
Reporting 505
Preservation 505
E-Discovery 506
Chapter Review Activities 506
Chapter 22 Using Data Sources to Support an Investigation 509
Do I Know This Already? Quiz 509
Foundation Topics 512
Log Data 512
Firewall Logs 513
Application Logs 513
Endpoint Logs 515
OS-Specific Security Logs 515
IPS/IDS Logs 517
Network Logs 518
Metadata 518
Data Sources 521
Vulnerability Scans 522
Automated Reports 522
Dashboards 523
Packet Captures 525
Chapter Review Activities 525
Part V: Security Program Management and Oversight
Chapter 23 Summarizing Elements of Effective Security Governance 529
Do I Know This Already? Quiz 529
Foundation Topics 532
Guidelines 532
Policies 532
Acceptable Use 533
Information Security Policies 533
Business Continuity 535
Disaster Recovery 535
Incident Response 535
Software Development Lifecycle (SDLC) 536
Change Management 536
Standards 536
Password Standards 537
Access Control Standards 538
Physical Security Standards 539
Encryption Standards 539
Procedures 541
Change Management 541
Onboarding and Offboarding 542
Playbooks 542
External Considerations 543
Regulatory 543
Legal 544
Industry 544
Local/Regional 544
National 545
Global 545
Monitoring and Revision 545
Types of Governance Structures 546
Boards 546
Committees 547
Government Entities 547
Centralized/Decentralized 548
Roles and Responsibilities for Systems and Data 549
Owners 549
Controllers 550
Processors 551
Custodians/Stewards 552
Chapter Review Activities 553
Chapter 24 Understanding Elements of the Risk Management Process 557
Do I Know This Already? Quiz 557
Foundation Topics 561
Risk Identification 561
Risk Assessment 562
Ad Hoc 562
Recurring 562
One-time 562
Continuous 562
Risk Analysis 563
Qualitative Risk Assessment 565
Quantitative Risk Assessment 565
Probability 567
Likelihood 569
Exposure Factor 570
Impact 571
Risk Register 572
Key Risk Indicators (KRIs) 572
Risk Owners 572
Risk Threshold 572
Risk Tolerance 574
Risk Appetite 574
Expansionary 574
Conservative 575
Neutral 575
Risk Management Strategies 575
Risk Transfer 576
Risk Acceptance 576
Risk Avoidance 576
Risk Mitigation 576
Risk Reporting 577
Business Impact Analysis 578
Recovery Time Objective (RTO) 579
Recovery Point Objective (RPO) 579
Mean Time to Repair (MTTR) 579
Mean Time Between Failures (MTBF) 580
Chapter Review Activities 582
Chapter 25 Understanding the Processes Associated with Third-Party Risk
Assessment and Management 585
Do I Know This Already? Quiz 585
Foundation Topics 588
Vendor Assessment 588
Penetration Testing 589
Right-to-Audit Clause 589
Evidence of Internal Audits 590
Independent Assessments 590
Supply Chain Analysis 591
Vendor Selection 591
Due Diligence 592
Conflict of Interest 592
Agreement Types 593
Vendor Monitoring 594
Questionnaires 594
Rules of Engagement 595
Chapter Review Activities 595
Chapter 26 Summarizing Elements of Effective Security Compliance 599
Do I Know This Already? Quiz 599
Foundation Topics 602
Compliance Reporting 602
Internal Reporting 603
External Reporting 603
Consequences of Non-compliance 603
Fines 603
Sanctions 604
Reputational Damage 604
Loss of License 604
Contractual Impacts 605
Compliance Monitoring 605
Due Diligence/Care 605
Attestation and Acknowledgment 607
Internal and External 608
Automation 608
Privacy 609
Legal Implications 609
Data Subject 611
Controller vs. Processor 611
Ownership 612
Data Inventory and Retention 612
Right to Be Forgotten 613
Chapter Review Activities 613
Chapter 27 Understanding Types and Purposes of Audits and Assessments 617
Do I Know This Already? Quiz 617
Foundation Topics 620
Attestation 620
Internal 621
External 622
Penetration Testing 623
Chapter Review Activities 628
Chapter 28 Implementing Security Awareness Practices 631
Do I Know This Already? Quiz 631
Foundation Topics 634
Phishing 634
Anomalous Behavior Recognition 635
User Guidance and Training 638
Reporting and Monitoring 641
Development 642
Execution 642
Chapter Review Activities 643
Part VI: Final Preparation
Chapter 29 Final Preparation 647
Hands-on Activities 647
Suggested Plan for Final Review and Study 648
Summary 648
Appendix A Answers to the Do I Know This Already? Quizzes and Review
Questions 649
Online Elements
Appendix B Study Planner
Glossary of Key Terms
9780138293086 TOC 3/4/2024