31,95 €
31,95 €
inkl. MwSt.
Sofort per Download lieferbar
16 °P sammeln
31,95 €
Als Download kaufen
31,95 €
inkl. MwSt.
Sofort per Download lieferbar
16 °P sammeln
Jetzt verschenken
Alle Infos zum eBook verschenken
31,95 €
inkl. MwSt.
Sofort per Download lieferbar
Alle Infos zum eBook verschenken
16 °P sammeln
- Format: PDF
- Merkliste
- Auf die Merkliste
- Bewerten Bewerten
- Teilen
- Produkt teilen
- Produkterinnerung
- Produkterinnerung
Bitte loggen Sie sich zunächst in Ihr Kundenkonto ein oder registrieren Sie sich bei
bücher.de, um das eBook-Abo tolino select nutzen zu können.
Hier können Sie sich einloggen
Hier können Sie sich einloggen
Sie sind bereits eingeloggt. Klicken Sie auf 2. tolino select Abo, um fortzufahren.
Bitte loggen Sie sich zunächst in Ihr Kundenkonto ein oder registrieren Sie sich bei bücher.de, um das eBook-Abo tolino select nutzen zu können.
The Practical, Comprehensive Guide to Applying Cybersecurity Best Practices and Standards in Real Environments In Effective Cybersecurity, William Stallings introduces the technology, operational procedures, and management practices needed for successful cybersecurity. Stallings makes extensive use of standards and best practices documents that are often used to guide or mandate cybersecurity implementation. Going beyond these, he offers in-depth tutorials on the "how" of implementation, integrated into a unified framework and realistic plan of action. Each chapter contains a clear technical…mehr
- Geräte: PC
- ohne Kopierschutz
- eBook Hilfe
- Größe: 35.75MB
The Practical, Comprehensive Guide to Applying Cybersecurity Best Practices and Standards in Real Environments In Effective Cybersecurity, William Stallings introduces the technology, operational procedures, and management practices needed for successful cybersecurity. Stallings makes extensive use of standards and best practices documents that are often used to guide or mandate cybersecurity implementation. Going beyond these, he offers in-depth tutorials on the "how" of implementation, integrated into a unified framework and realistic plan of action. Each chapter contains a clear technical overview, as well as a detailed discussion of action items and appropriate policies. Stallings offers many pedagogical features designed to help readers master the material: clear learning objectives, keyword lists, review questions, and QR codes linking to relevant standards documents and web resources. Effective Cybersecurity aligns with the comprehensive Information Security Forum document "The Standard of Good Practice for Information Security," extending ISF's work with extensive insights from ISO, NIST, COBIT, other official standards and guidelines, and modern professional, academic, and industry literature. . Understand the cybersecurity discipline and the role of standards and best practices . Define security governance, assess risks, and manage strategy and tactics . Safeguard information and privacy, and ensure GDPR compliance . Harden systems across the system development life cycle (SDLC) . Protect servers, virtualized systems, and storage . Secure networks and electronic communications, from email to VoIP . Apply the most appropriate methods for user authentication . Mitigate security risks in supply chains and cloud environments This knowledge is indispensable to every cybersecurity professional. Stallings presents it systematically and coherently, making it practical and actionable.
Dieser Download kann aus rechtlichen Gründen nur mit Rechnungsadresse in A, B, BG, CY, CZ, D, DK, EW, E, FIN, F, GR, HR, H, IRL, I, LT, L, LR, M, NL, PL, P, R, S, SLO, SK ausgeliefert werden.
Produktdetails
- Produktdetails
- Verlag: Pearson ITP
- Seitenzahl: 650
- Altersempfehlung: ab 18 Jahre
- Erscheinungstermin: 20. Juli 2018
- Englisch
- ISBN-13: 9780134772967
- Artikelnr.: 56965087
- Verlag: Pearson ITP
- Seitenzahl: 650
- Altersempfehlung: ab 18 Jahre
- Erscheinungstermin: 20. Juli 2018
- Englisch
- ISBN-13: 9780134772967
- Artikelnr.: 56965087
- Herstellerkennzeichnung Die Herstellerinformationen sind derzeit nicht verfügbar.
Dr. William Stallings has made a unique contribution to understanding the broad sweep of technical developments in computer security, computer networking, and computer architecture. He has authored 18 textbooks, and, counting revised editions, a total of 70 books on various aspects of these subjects. His writings have appeared in numerous ACM and IEEE publications, including the Proceedings of the IEEE and ACM Computing Reviews. He is a 13-time recipient of the award for the best computer science textbook of the year from the Text and Academic Authors Association.
In more than 30 years in the field, he has been a technical contributor, technical manager, and an executive with several high-technology firms. He has designed and implemented both TCP/IP-based and OSI-based protocol suites on a variety of computers and operating systems, ranging from microcomputers to mainframes. Currently, he is an independent consultant whose clients have included computer and networking manufacturers and customers, software development firms, and leading-edge government research institutions.
He created and maintains the Computer Science Student Resource Site at ComputerScienceStudent.com/. This site provides documents and links on a variety of subjects of general interest to computer science students (and professionals). He is a member of the editorial board of Cryptologia, a scholarly journal devoted to all aspects of cryptology.
Dr. Stallings holds a Ph.D. from M.I.T. in Computer Science and a B.S. from Notre Dame in Electrical Engineering.
In more than 30 years in the field, he has been a technical contributor, technical manager, and an executive with several high-technology firms. He has designed and implemented both TCP/IP-based and OSI-based protocol suites on a variety of computers and operating systems, ranging from microcomputers to mainframes. Currently, he is an independent consultant whose clients have included computer and networking manufacturers and customers, software development firms, and leading-edge government research institutions.
He created and maintains the Computer Science Student Resource Site at ComputerScienceStudent.com/. This site provides documents and links on a variety of subjects of general interest to computer science students (and professionals). He is a member of the editorial board of Cryptologia, a scholarly journal devoted to all aspects of cryptology.
Dr. Stallings holds a Ph.D. from M.I.T. in Computer Science and a B.S. from Notre Dame in Electrical Engineering.
Preface xxvii Chapter 1: Best Practices, Standards, and a Plan of Action 2
1.1 Defining Cyberspace and Cybersecurity 3 1.2 The Value of Standards and
Best Practices Documents 6 1.3 The Standard of Good Practice for
Information Security 7 1.4 The ISO/IEC 27000 Suite of Information Security
Standards 12 ISO 27001 15 ISO 27002 17 1.5 Mapping the ISO 27000 Series to
the ISF SGP 18 1.6 NIST Cybersecurity Framework and Security Documents 21
NIST Cybersecurity Framework 22 NIST Security Documents 25 1.7 The CIS
Critical Security Controls for Effective Cyber Defense 27 1.8 COBIT 5 for
Information Security 29 1.9 Payment Card Industry Data Security Standard
(PCI DSS) 30 1.10 ITU-T Security Documents 32 1.11 Effective Cybersecurity
34 The Cybersecurity Management Process 34 Using Best Practices and
Standards Documents 36 1.12 Key Terms and Review Questions 38 Key Terms 38
Review Questions 38 1.13 References 39 PART I: PLANNING FOR CYBERSECURITY
41 Chapter 2: Security Governance 42 2.1 Security Governance and Security
Management 43 2.2 Security Governance Principles and Desired Outcomes 45
Principles 45 Desired Outcomes 46 2.3 Security Governance Components 47
Strategic Planning 47 Organizational Structure 51 Roles and
Responsibilities 55 Integration with Enterprise Architecture 58 Policies
and Guidance 63 2.4 Security Governance Approach 63 Security Governance
Framework 63 Security Direction 64 Responsible, Accountable, Consulted, and
Informed (RACI) Charts 66 2.5 Security Governance Evaluation 68 2.6
Security Governance Best Practices 69 2.7 Key Terms and Review Questions 70
Key Terms 70 Review Questions 71 2.8 References 71 Chapter 3: Information
Risk Assessment 74 3.1 Risk Assessment Concepts 75 Risk Assessment
Challenges 78 Risk Management 80 Structure of This 84 3.2 Asset
Identification 85 Hardware Assets 85 Software Assets 85 Information Assets
86 Business Assets 87 Asset Register 87 3.3 Threat Identification 89 The
STRIDE Threat Model 89 Threat Types 90 Sources of Information 92 3.4
Control Identification 98 3.5 Vulnerability Identification 102
Vulnerability Categories 103 National Vulnerability Database and Common
Vulnerability Scoring System 103 3.6 Risk Assessment Approaches 107
Quantitative Versus Qualitative Risk Assessment 107 Simple Risk Analysis
Worksheet 113 Factor Analysis of Information Risk 114 3.7 Likelihood
Assessment 116 Estimating Threat Event Frequency 118 Estimating
Vulnerability 119 Loss Event Frequency 121 3.8 Impact Assessment 122
Estimating the Primary Loss 124 Estimating the Secondary Loss 125 Business
Impact Reference Table 126 3.9 Risk Determination 128 3.10 Risk Evaluation
128 3.11 Risk Treatment 129 Risk Reduction 130 Risk Retention 130 Risk
Avoidance 130 Risk Transfer 131 3.12 Risk Assessment Best Practices 131
3.13 Key Terms and Review Questions 132 Key Terms 132 Review Questions 133
3.14 References 134 Chapter 4: Security Management 136 4.1 The Security
Management Function 137 Security Planning 140 Capital Planning 142 4.2
Security Policy 145 Security Policy Categories 146 Security Policy Document
Content 147 Management Guidelines for Security Policies 151 Monitoring the
Policy 151 4.3 Acceptable Use Policy 152 4.4 Security Management Best
Practices 154 4.5 Key Terms and Review Questions 154 Key Terms 154 Review
Questions 155 4.6 References 155 PART II: MANAGING THE CYBERSECURITY
FUNCTION 157 Chapter 5: People Management 160 5.1 Human Resource Security
161 Security in the Hiring Process 162 During Employment 164 Termination of
Employment 165 5.2 Security Awareness and Education 166 Security Awareness
168 Cybersecurity Essentials Program 173 Role-Based Training 173 Education
and Certification 174 5.3 People Management Best Practices 175 5.4 Key
Terms and Review Questions 176 Key Terms 176 Review Questions 176 5.5
References 177 Chapter 6: Information Management 178 6.1 Information
Classification and Handling 179 Information Classification 179 Information
Labeling 185 Information Handling 186 6.2 Privacy 186 Privacy Threats 189
Privacy Principles and Policies 191 Privacy Controls 196 6.3 Document and
Records Management 198 Document Management 200 Records Management 202 6.4
Sensitive Physical Information 204 6.5 Information Management Best
Practices 205 6.6 Key Terms and Review Questions 206 Key Terms 206 Review
Questions 207 6.7 References 208 Chapter 7: Physical Asset Management 210
7.1 Hardware Life Cycle Management 211 Planning 213 Acquisition 214
Deployment 214 Management 215 Disposition 216 7.2 Office Equipment 217
Threats and Vulnerabilities 217 Security Controls 219 Equipment Disposal
222 7.3 Industrial Control Systems 223 Differences Between IT Systems and
Industrial Control Systems 225 ICS Security 227 7.4 Mobile Device Security
231 Mobile Device Technology 233 Mobile Ecosystem 234 Vulnerabilities 236
Mobile Device Security Strategy 238 Resources for Mobile Device Security
243 7.5 Physical Asset Management Best Practices 244 7.6 Key Terms and
Review Questions 245 Key Terms 245 Review Questions 245 7.7 References 246
Chapter 8: System Development 248 8.1 System Development Life Cycle 248
NIST SDLC Model 249 The SGP's SDLC Model 252 DevOps 254 8.2 Incorporating
Security into the SDLC 259 Initiation Phase 260 Development/Acquisition
Phase 264 Implementation/Assessment Phase 266 Operations and Maintenance
Phase 270 Disposal Phase 272 8.3 System Development Management 273 System
Development Methodology 274 System Development Environments 275 Quality
Assurance 277 8.4 System Development Best Practices 278 8.5 Key Terms and
Review Questions 278 Key Terms 278 Review Questions 279 8.6 References 279
Chapter 9: Business Application Management 280 9.1 Application Management
Concepts 281 Application Life Cycle Management 281 Application Portfolio
Management 283 Application Performance Management 285 9.2 Corporate
Business Application Security 287 Business Application Register 287
Business Application Protection 288 Browser-Based Application Protection
289 9.3 End User-Developed Applications (EUDAs) 295 Benefits of EUDAs 296
Risks of EUDAs 296 EUDA Security Framework 297 9.4 Business Application
Management Best Practices 300 9.5 Key Terms and Review Questions 301 Key
Terms 301 Review Questions 302 9.6 References 302 Chapter 10: System Access
304 10.1 System Access Concepts 304 Authorization 306 10.2 User
Authentication 307 A Model for Electronic User Authentication 307 Means of
Authentication 310 Multifactor Authentication 311 10.3 Password-Based
Authentication 312 The Vulnerability of Passwords 313 The Use of Hashed
Passwords 315 Password Cracking of User-Chosen Passwords 317 Password File
Access Control 319 Password Selection 320 10.4 Possession-Based
Authentication 322 Memory Cards 322 Smart Cards 323 Electronic Identity
Cards 325 One-Time Password Device 328 Threats to Possession-Based
Authentication 329 Security Controls for Possession-Based Authentication
330 10.5 Biometric Authentication 330 Criteria for Biometric
Characteristics 331 Physical Characteristics Used in Biometric Applications
332 Operation of a Biometric Authentication System 333 Biometric Accuracy
335 Threats to Biometric Authentication 337 Security Controls for Biometric
Authentication 339 10.6 Risk Assessment for User Authentication 341
Authenticator Assurance Levels 341 Selecting an AAL 342 Choosing an
Authentication Method 345 10.7 Access Control 347 Subjects, Objects, and
Access Rights 348 Access Control Policies 349 Discretionary Access Control
350 Role-Based Access Control 351 Attribute-Based Access Control 353 Access
Control Metrics 358 10.8 Customer Access 360 Customer Access Arrangements
360 Customer Contracts 361 Customer Connections 361 Protecting Customer
Data 361 10.9 System Access Best Practices 362 10.10 Key Terms and Review
Questions 363 Key Terms 363 Review Questions 363 10.11 References 364
Chapter 11: System Management 366 11.1 Server Configuration 368 Threats to
Servers 368 Requirements for Server Security 368 11.2 Virtual Servers 370
Virtualization Alternatives 371 Virtualization Security Issues 374 Securing
Virtualization Systems 376 11.3 Network Storage Systems 377 11.4 Service
Level Agreements 379 Network Providers 379 Computer Security Incident
Response Team 381 Cloud Service Providers 382 11.5 Performance and Capacity
Management 383 11.6 Backup 384 11.7 Change Management 386 11.8 System
Management Best Practices 389 11.9 Key Terms and Review Questions 390 Key
Terms 390 Review Questions 390 11.10 References 391 Chapter 12: Networks
and Communications 392 12.1 Network Management Concepts 393 Network
Management Functions 393 Network Management Systems 399 Network Management
Architecture 402 12.2 Firewalls 404 Firewall Characteristics 404 Types of
Firewalls 406 Next-Generation Firewalls 414 DMZ Networks 414 The Modern IT
Perimeter 416 12.3 Virtual Private Networks and IP Security 417 Virtual
Private Networks 417 IPsec 418 Firewall-Based VPNs 420 12.4 Security
Considerations for Network Management 421 Network Device Configuration 421
Physical Network Management 423 Wireless Access 426 External Network
Connections 427 Firewalls 428 Remote Maintenance 429 12.5 Electronic
Communications 430 Email 430 Instant Messaging 436 Voice over IP (VoIP)
Networks 438 Telephony and Conferencing 444 12.6 Networks and
Communications Best Practices 444 12.7 Key Terms and Review Questions 445
Key Terms 445 Review Questions 445 12.8 References 446 Chapter 13: Supply
Chain Management and Cloud Security 448 13.1 Supply Chain Management
Concepts 449 The Supply Chain 449 Supply Chain Management 451 13.2 Supply
Chain Risk Management 453 Supply Chain Threats 456 Supply Chain
Vulnerabilities 459 Supply Chain Security Controls 460 SCRM Best Practices
463 13.3 Cloud Computing 466 Cloud Computing Elements 466 Cloud Computing
Reference Architecture 470 13.4 Cloud Security 473 Security Considerations
for Cloud Computing 473 Threats for Cloud Service Users 474 Risk Evaluation
475 Best Practices 476 Cloud Service Agreement 477 13.5 Supply Chain Best
Practices 478 13.6 Key Terms and Review Questions 479 Key Terms 479 Review
Questions 479 13.7 References 480 Chapter 14: Technical Security Management
482
14.1 Security Architecture 483 14.2 Malware Protection Activities 487 Types
of Malware 487 The Nature of the Malware Threat 490 Practical Malware
Protection 490 14.3 Malware Protection Software 494 Capabilities of Malware
Protection Software 494 Managing Malware Protection Software 495 14.4
Identity and Access Management 496 IAM Architecture 497 Federated Identity
Management 498 IAM Planning 500 IAM Best Practices 501 14.5 Intrusion
Detection 502 Basic Principles 503 Approaches to Intrusion Detection 504
Host-Based Intrusion Detection Techniques 505 Network-Based Intrusion
Detection Systems 506 IDS Best Practices 508 14.6 Data Loss Prevention 509
Data Classification and Identification 509 Data States 510 14.7 Digital
Rights Management 512 DRM Structure and Components 513 DRM Best Practices
515 14.8 Cryptographic Solutions 517 Uses of Cryptography 517 Cryptographic
Algorithms 518 Selection of Cryptographic Algorithms and Lengths 525
Cryptography Implementation Considerations 526 14.9 Cryptographic Key
Management 528 Key Types 530 Cryptoperiod 532 Key Life Cycle 534 14.10
Public Key Infrastructure 536 Public Key Certificates 536 PKI Architecture
538 Management Issues 540 14.11 Technical Security Management Best
Practices 541 14.12 Key Terms and Review Questions 543 Key Terms 543 Review
Questions 543 14.13 References 544 Chapter 15: Threat and Incident
Management 546 15.1 Technical Vulnerability Management 547 Plan
Vulnerability Management 547 Discover Known Vulnerabilities 548 Scan for
Vulnerabilities 549 Log and Report 551 Remediate Vulnerabilities 551 15.2
Security Event Logging 554 Security Event Logging Objective 556 Potential
Security Log Sources 556 What to Log 557 Protection of Log Data 557 Log
Management Policy 558 15.3 Security Event Management 559 SEM Functions 560
SEM Best Practices 561 15.4 Threat Intelligence 563 Threat Taxonomy 564 The
Importance of Threat Intelligence 566 Gathering Threat Intelligence 568
Threat Analysis 569 15.5 Cyber Attack Protection 570 Cyber Attack Kill
Chain 570 Protection and Response Measures 573 Non-Malware Attacks 576 15.6
Security Incident Management Framework 577 Objectives of Incident
Management 579 Relationship to Information Security Management System 579
Incident Management Policy 580 Roles and Responsibilities 581 Incident
Management Information 583 Incident Management Tools 583 15.7 Security
Incident Management Process 584 Preparing for Incident Response 585
Detection and Analysis 586 Containment, Eradication, and Recovery 587
Post-Incident Activity 588 15.8 Emergency Fixes 590 15.9 Forensic
Investigations 592 Prepare 593 Identify 594 Collect 594 Preserve 595
Analyze 595 Report 596 15.10 Threat and Incident Management Best Practices
597 15.11 Key Terms and Review Questions 598 Key Terms 598 Review Questions
599 15.12 References 599 Chapter 16: Local Environment Management 602 16.1
Local Environment Security 602 Local Environment Profile 603 Local Security
Coordination 604 16.2 Physical Security 606 Physical Security Threats 606
Physical Security Officer 609 Defense in Depth 610 Physical Security:
Prevention and Mitigation Measures 612 Physical Security Controls 615 16.3
Local Environment Management Best Practices 619 16.4 Key Terms and Review
Questions 620 Key Terms 620 Review Questions 620 16.5 References 621
Chapter 17: Business Continuity 622 17.1 Business Continuity Concepts 625
Threats 626 Business Continuity in Operation 628 Business Continuity
Objectives 629 Essential Components for Maintaining Business Continuity 630
17.2 Business Continuity Program 630 Governance 631 Business Impact
Analysis 631 Risk Assessment 632 Business Continuity Strategy 634 17.3
Business Continuity Readiness 637 Awareness 637 Training 638 Resilience 639
Control Selection 640 Business Continuity Plan 642 Exercising and Testing
647 Performance Evaluation 650 17.4 Business Continuity Operations 655
Emergency Response 655 Crisis Management 656 Business Recovery/Restoration
657 17.5 Business Continuity Best Practices 660 17.6 Key Terms and Review
Questions 661 Key Terms 661 Review Questions 661 17.7 References 662 PART
III: SECURITY ASSESSMENT 665 Chapter 18: Security Monitoring and
Improvement 666 18.1 Security Audit 666 Security Audit and Alarms Model 667
Data to Collect for Auditing 668 Internal and External Audit 672 Security
Audit Controls 673 18.2 Security Performance 678 Security Performance
Measurement 678 Security Monitoring and Reporting 686 Information Risk
Reporting 688 Information Security Compliance Monitoring 690 18.3 Security
Monitoring and Improvement Best Practices 691 18.4 Key Terms and Review
Questions 692 Key Terms 692 Review Questions 692 18.5 References 693
Appendix A: References and Standards 694 Appendix B: Glossary 708 Index 726
Appendix C: Answers to Review Questions (Online Only)
1.1 Defining Cyberspace and Cybersecurity 3 1.2 The Value of Standards and
Best Practices Documents 6 1.3 The Standard of Good Practice for
Information Security 7 1.4 The ISO/IEC 27000 Suite of Information Security
Standards 12 ISO 27001 15 ISO 27002 17 1.5 Mapping the ISO 27000 Series to
the ISF SGP 18 1.6 NIST Cybersecurity Framework and Security Documents 21
NIST Cybersecurity Framework 22 NIST Security Documents 25 1.7 The CIS
Critical Security Controls for Effective Cyber Defense 27 1.8 COBIT 5 for
Information Security 29 1.9 Payment Card Industry Data Security Standard
(PCI DSS) 30 1.10 ITU-T Security Documents 32 1.11 Effective Cybersecurity
34 The Cybersecurity Management Process 34 Using Best Practices and
Standards Documents 36 1.12 Key Terms and Review Questions 38 Key Terms 38
Review Questions 38 1.13 References 39 PART I: PLANNING FOR CYBERSECURITY
41 Chapter 2: Security Governance 42 2.1 Security Governance and Security
Management 43 2.2 Security Governance Principles and Desired Outcomes 45
Principles 45 Desired Outcomes 46 2.3 Security Governance Components 47
Strategic Planning 47 Organizational Structure 51 Roles and
Responsibilities 55 Integration with Enterprise Architecture 58 Policies
and Guidance 63 2.4 Security Governance Approach 63 Security Governance
Framework 63 Security Direction 64 Responsible, Accountable, Consulted, and
Informed (RACI) Charts 66 2.5 Security Governance Evaluation 68 2.6
Security Governance Best Practices 69 2.7 Key Terms and Review Questions 70
Key Terms 70 Review Questions 71 2.8 References 71 Chapter 3: Information
Risk Assessment 74 3.1 Risk Assessment Concepts 75 Risk Assessment
Challenges 78 Risk Management 80 Structure of This 84 3.2 Asset
Identification 85 Hardware Assets 85 Software Assets 85 Information Assets
86 Business Assets 87 Asset Register 87 3.3 Threat Identification 89 The
STRIDE Threat Model 89 Threat Types 90 Sources of Information 92 3.4
Control Identification 98 3.5 Vulnerability Identification 102
Vulnerability Categories 103 National Vulnerability Database and Common
Vulnerability Scoring System 103 3.6 Risk Assessment Approaches 107
Quantitative Versus Qualitative Risk Assessment 107 Simple Risk Analysis
Worksheet 113 Factor Analysis of Information Risk 114 3.7 Likelihood
Assessment 116 Estimating Threat Event Frequency 118 Estimating
Vulnerability 119 Loss Event Frequency 121 3.8 Impact Assessment 122
Estimating the Primary Loss 124 Estimating the Secondary Loss 125 Business
Impact Reference Table 126 3.9 Risk Determination 128 3.10 Risk Evaluation
128 3.11 Risk Treatment 129 Risk Reduction 130 Risk Retention 130 Risk
Avoidance 130 Risk Transfer 131 3.12 Risk Assessment Best Practices 131
3.13 Key Terms and Review Questions 132 Key Terms 132 Review Questions 133
3.14 References 134 Chapter 4: Security Management 136 4.1 The Security
Management Function 137 Security Planning 140 Capital Planning 142 4.2
Security Policy 145 Security Policy Categories 146 Security Policy Document
Content 147 Management Guidelines for Security Policies 151 Monitoring the
Policy 151 4.3 Acceptable Use Policy 152 4.4 Security Management Best
Practices 154 4.5 Key Terms and Review Questions 154 Key Terms 154 Review
Questions 155 4.6 References 155 PART II: MANAGING THE CYBERSECURITY
FUNCTION 157 Chapter 5: People Management 160 5.1 Human Resource Security
161 Security in the Hiring Process 162 During Employment 164 Termination of
Employment 165 5.2 Security Awareness and Education 166 Security Awareness
168 Cybersecurity Essentials Program 173 Role-Based Training 173 Education
and Certification 174 5.3 People Management Best Practices 175 5.4 Key
Terms and Review Questions 176 Key Terms 176 Review Questions 176 5.5
References 177 Chapter 6: Information Management 178 6.1 Information
Classification and Handling 179 Information Classification 179 Information
Labeling 185 Information Handling 186 6.2 Privacy 186 Privacy Threats 189
Privacy Principles and Policies 191 Privacy Controls 196 6.3 Document and
Records Management 198 Document Management 200 Records Management 202 6.4
Sensitive Physical Information 204 6.5 Information Management Best
Practices 205 6.6 Key Terms and Review Questions 206 Key Terms 206 Review
Questions 207 6.7 References 208 Chapter 7: Physical Asset Management 210
7.1 Hardware Life Cycle Management 211 Planning 213 Acquisition 214
Deployment 214 Management 215 Disposition 216 7.2 Office Equipment 217
Threats and Vulnerabilities 217 Security Controls 219 Equipment Disposal
222 7.3 Industrial Control Systems 223 Differences Between IT Systems and
Industrial Control Systems 225 ICS Security 227 7.4 Mobile Device Security
231 Mobile Device Technology 233 Mobile Ecosystem 234 Vulnerabilities 236
Mobile Device Security Strategy 238 Resources for Mobile Device Security
243 7.5 Physical Asset Management Best Practices 244 7.6 Key Terms and
Review Questions 245 Key Terms 245 Review Questions 245 7.7 References 246
Chapter 8: System Development 248 8.1 System Development Life Cycle 248
NIST SDLC Model 249 The SGP's SDLC Model 252 DevOps 254 8.2 Incorporating
Security into the SDLC 259 Initiation Phase 260 Development/Acquisition
Phase 264 Implementation/Assessment Phase 266 Operations and Maintenance
Phase 270 Disposal Phase 272 8.3 System Development Management 273 System
Development Methodology 274 System Development Environments 275 Quality
Assurance 277 8.4 System Development Best Practices 278 8.5 Key Terms and
Review Questions 278 Key Terms 278 Review Questions 279 8.6 References 279
Chapter 9: Business Application Management 280 9.1 Application Management
Concepts 281 Application Life Cycle Management 281 Application Portfolio
Management 283 Application Performance Management 285 9.2 Corporate
Business Application Security 287 Business Application Register 287
Business Application Protection 288 Browser-Based Application Protection
289 9.3 End User-Developed Applications (EUDAs) 295 Benefits of EUDAs 296
Risks of EUDAs 296 EUDA Security Framework 297 9.4 Business Application
Management Best Practices 300 9.5 Key Terms and Review Questions 301 Key
Terms 301 Review Questions 302 9.6 References 302 Chapter 10: System Access
304 10.1 System Access Concepts 304 Authorization 306 10.2 User
Authentication 307 A Model for Electronic User Authentication 307 Means of
Authentication 310 Multifactor Authentication 311 10.3 Password-Based
Authentication 312 The Vulnerability of Passwords 313 The Use of Hashed
Passwords 315 Password Cracking of User-Chosen Passwords 317 Password File
Access Control 319 Password Selection 320 10.4 Possession-Based
Authentication 322 Memory Cards 322 Smart Cards 323 Electronic Identity
Cards 325 One-Time Password Device 328 Threats to Possession-Based
Authentication 329 Security Controls for Possession-Based Authentication
330 10.5 Biometric Authentication 330 Criteria for Biometric
Characteristics 331 Physical Characteristics Used in Biometric Applications
332 Operation of a Biometric Authentication System 333 Biometric Accuracy
335 Threats to Biometric Authentication 337 Security Controls for Biometric
Authentication 339 10.6 Risk Assessment for User Authentication 341
Authenticator Assurance Levels 341 Selecting an AAL 342 Choosing an
Authentication Method 345 10.7 Access Control 347 Subjects, Objects, and
Access Rights 348 Access Control Policies 349 Discretionary Access Control
350 Role-Based Access Control 351 Attribute-Based Access Control 353 Access
Control Metrics 358 10.8 Customer Access 360 Customer Access Arrangements
360 Customer Contracts 361 Customer Connections 361 Protecting Customer
Data 361 10.9 System Access Best Practices 362 10.10 Key Terms and Review
Questions 363 Key Terms 363 Review Questions 363 10.11 References 364
Chapter 11: System Management 366 11.1 Server Configuration 368 Threats to
Servers 368 Requirements for Server Security 368 11.2 Virtual Servers 370
Virtualization Alternatives 371 Virtualization Security Issues 374 Securing
Virtualization Systems 376 11.3 Network Storage Systems 377 11.4 Service
Level Agreements 379 Network Providers 379 Computer Security Incident
Response Team 381 Cloud Service Providers 382 11.5 Performance and Capacity
Management 383 11.6 Backup 384 11.7 Change Management 386 11.8 System
Management Best Practices 389 11.9 Key Terms and Review Questions 390 Key
Terms 390 Review Questions 390 11.10 References 391 Chapter 12: Networks
and Communications 392 12.1 Network Management Concepts 393 Network
Management Functions 393 Network Management Systems 399 Network Management
Architecture 402 12.2 Firewalls 404 Firewall Characteristics 404 Types of
Firewalls 406 Next-Generation Firewalls 414 DMZ Networks 414 The Modern IT
Perimeter 416 12.3 Virtual Private Networks and IP Security 417 Virtual
Private Networks 417 IPsec 418 Firewall-Based VPNs 420 12.4 Security
Considerations for Network Management 421 Network Device Configuration 421
Physical Network Management 423 Wireless Access 426 External Network
Connections 427 Firewalls 428 Remote Maintenance 429 12.5 Electronic
Communications 430 Email 430 Instant Messaging 436 Voice over IP (VoIP)
Networks 438 Telephony and Conferencing 444 12.6 Networks and
Communications Best Practices 444 12.7 Key Terms and Review Questions 445
Key Terms 445 Review Questions 445 12.8 References 446 Chapter 13: Supply
Chain Management and Cloud Security 448 13.1 Supply Chain Management
Concepts 449 The Supply Chain 449 Supply Chain Management 451 13.2 Supply
Chain Risk Management 453 Supply Chain Threats 456 Supply Chain
Vulnerabilities 459 Supply Chain Security Controls 460 SCRM Best Practices
463 13.3 Cloud Computing 466 Cloud Computing Elements 466 Cloud Computing
Reference Architecture 470 13.4 Cloud Security 473 Security Considerations
for Cloud Computing 473 Threats for Cloud Service Users 474 Risk Evaluation
475 Best Practices 476 Cloud Service Agreement 477 13.5 Supply Chain Best
Practices 478 13.6 Key Terms and Review Questions 479 Key Terms 479 Review
Questions 479 13.7 References 480 Chapter 14: Technical Security Management
482
14.1 Security Architecture 483 14.2 Malware Protection Activities 487 Types
of Malware 487 The Nature of the Malware Threat 490 Practical Malware
Protection 490 14.3 Malware Protection Software 494 Capabilities of Malware
Protection Software 494 Managing Malware Protection Software 495 14.4
Identity and Access Management 496 IAM Architecture 497 Federated Identity
Management 498 IAM Planning 500 IAM Best Practices 501 14.5 Intrusion
Detection 502 Basic Principles 503 Approaches to Intrusion Detection 504
Host-Based Intrusion Detection Techniques 505 Network-Based Intrusion
Detection Systems 506 IDS Best Practices 508 14.6 Data Loss Prevention 509
Data Classification and Identification 509 Data States 510 14.7 Digital
Rights Management 512 DRM Structure and Components 513 DRM Best Practices
515 14.8 Cryptographic Solutions 517 Uses of Cryptography 517 Cryptographic
Algorithms 518 Selection of Cryptographic Algorithms and Lengths 525
Cryptography Implementation Considerations 526 14.9 Cryptographic Key
Management 528 Key Types 530 Cryptoperiod 532 Key Life Cycle 534 14.10
Public Key Infrastructure 536 Public Key Certificates 536 PKI Architecture
538 Management Issues 540 14.11 Technical Security Management Best
Practices 541 14.12 Key Terms and Review Questions 543 Key Terms 543 Review
Questions 543 14.13 References 544 Chapter 15: Threat and Incident
Management 546 15.1 Technical Vulnerability Management 547 Plan
Vulnerability Management 547 Discover Known Vulnerabilities 548 Scan for
Vulnerabilities 549 Log and Report 551 Remediate Vulnerabilities 551 15.2
Security Event Logging 554 Security Event Logging Objective 556 Potential
Security Log Sources 556 What to Log 557 Protection of Log Data 557 Log
Management Policy 558 15.3 Security Event Management 559 SEM Functions 560
SEM Best Practices 561 15.4 Threat Intelligence 563 Threat Taxonomy 564 The
Importance of Threat Intelligence 566 Gathering Threat Intelligence 568
Threat Analysis 569 15.5 Cyber Attack Protection 570 Cyber Attack Kill
Chain 570 Protection and Response Measures 573 Non-Malware Attacks 576 15.6
Security Incident Management Framework 577 Objectives of Incident
Management 579 Relationship to Information Security Management System 579
Incident Management Policy 580 Roles and Responsibilities 581 Incident
Management Information 583 Incident Management Tools 583 15.7 Security
Incident Management Process 584 Preparing for Incident Response 585
Detection and Analysis 586 Containment, Eradication, and Recovery 587
Post-Incident Activity 588 15.8 Emergency Fixes 590 15.9 Forensic
Investigations 592 Prepare 593 Identify 594 Collect 594 Preserve 595
Analyze 595 Report 596 15.10 Threat and Incident Management Best Practices
597 15.11 Key Terms and Review Questions 598 Key Terms 598 Review Questions
599 15.12 References 599 Chapter 16: Local Environment Management 602 16.1
Local Environment Security 602 Local Environment Profile 603 Local Security
Coordination 604 16.2 Physical Security 606 Physical Security Threats 606
Physical Security Officer 609 Defense in Depth 610 Physical Security:
Prevention and Mitigation Measures 612 Physical Security Controls 615 16.3
Local Environment Management Best Practices 619 16.4 Key Terms and Review
Questions 620 Key Terms 620 Review Questions 620 16.5 References 621
Chapter 17: Business Continuity 622 17.1 Business Continuity Concepts 625
Threats 626 Business Continuity in Operation 628 Business Continuity
Objectives 629 Essential Components for Maintaining Business Continuity 630
17.2 Business Continuity Program 630 Governance 631 Business Impact
Analysis 631 Risk Assessment 632 Business Continuity Strategy 634 17.3
Business Continuity Readiness 637 Awareness 637 Training 638 Resilience 639
Control Selection 640 Business Continuity Plan 642 Exercising and Testing
647 Performance Evaluation 650 17.4 Business Continuity Operations 655
Emergency Response 655 Crisis Management 656 Business Recovery/Restoration
657 17.5 Business Continuity Best Practices 660 17.6 Key Terms and Review
Questions 661 Key Terms 661 Review Questions 661 17.7 References 662 PART
III: SECURITY ASSESSMENT 665 Chapter 18: Security Monitoring and
Improvement 666 18.1 Security Audit 666 Security Audit and Alarms Model 667
Data to Collect for Auditing 668 Internal and External Audit 672 Security
Audit Controls 673 18.2 Security Performance 678 Security Performance
Measurement 678 Security Monitoring and Reporting 686 Information Risk
Reporting 688 Information Security Compliance Monitoring 690 18.3 Security
Monitoring and Improvement Best Practices 691 18.4 Key Terms and Review
Questions 692 Key Terms 692 Review Questions 692 18.5 References 693
Appendix A: References and Standards 694 Appendix B: Glossary 708 Index 726
Appendix C: Answers to Review Questions (Online Only)
Preface xxvii Chapter 1: Best Practices, Standards, and a Plan of Action 2
1.1 Defining Cyberspace and Cybersecurity 3 1.2 The Value of Standards and
Best Practices Documents 6 1.3 The Standard of Good Practice for
Information Security 7 1.4 The ISO/IEC 27000 Suite of Information Security
Standards 12 ISO 27001 15 ISO 27002 17 1.5 Mapping the ISO 27000 Series to
the ISF SGP 18 1.6 NIST Cybersecurity Framework and Security Documents 21
NIST Cybersecurity Framework 22 NIST Security Documents 25 1.7 The CIS
Critical Security Controls for Effective Cyber Defense 27 1.8 COBIT 5 for
Information Security 29 1.9 Payment Card Industry Data Security Standard
(PCI DSS) 30 1.10 ITU-T Security Documents 32 1.11 Effective Cybersecurity
34 The Cybersecurity Management Process 34 Using Best Practices and
Standards Documents 36 1.12 Key Terms and Review Questions 38 Key Terms 38
Review Questions 38 1.13 References 39 PART I: PLANNING FOR CYBERSECURITY
41 Chapter 2: Security Governance 42 2.1 Security Governance and Security
Management 43 2.2 Security Governance Principles and Desired Outcomes 45
Principles 45 Desired Outcomes 46 2.3 Security Governance Components 47
Strategic Planning 47 Organizational Structure 51 Roles and
Responsibilities 55 Integration with Enterprise Architecture 58 Policies
and Guidance 63 2.4 Security Governance Approach 63 Security Governance
Framework 63 Security Direction 64 Responsible, Accountable, Consulted, and
Informed (RACI) Charts 66 2.5 Security Governance Evaluation 68 2.6
Security Governance Best Practices 69 2.7 Key Terms and Review Questions 70
Key Terms 70 Review Questions 71 2.8 References 71 Chapter 3: Information
Risk Assessment 74 3.1 Risk Assessment Concepts 75 Risk Assessment
Challenges 78 Risk Management 80 Structure of This 84 3.2 Asset
Identification 85 Hardware Assets 85 Software Assets 85 Information Assets
86 Business Assets 87 Asset Register 87 3.3 Threat Identification 89 The
STRIDE Threat Model 89 Threat Types 90 Sources of Information 92 3.4
Control Identification 98 3.5 Vulnerability Identification 102
Vulnerability Categories 103 National Vulnerability Database and Common
Vulnerability Scoring System 103 3.6 Risk Assessment Approaches 107
Quantitative Versus Qualitative Risk Assessment 107 Simple Risk Analysis
Worksheet 113 Factor Analysis of Information Risk 114 3.7 Likelihood
Assessment 116 Estimating Threat Event Frequency 118 Estimating
Vulnerability 119 Loss Event Frequency 121 3.8 Impact Assessment 122
Estimating the Primary Loss 124 Estimating the Secondary Loss 125 Business
Impact Reference Table 126 3.9 Risk Determination 128 3.10 Risk Evaluation
128 3.11 Risk Treatment 129 Risk Reduction 130 Risk Retention 130 Risk
Avoidance 130 Risk Transfer 131 3.12 Risk Assessment Best Practices 131
3.13 Key Terms and Review Questions 132 Key Terms 132 Review Questions 133
3.14 References 134 Chapter 4: Security Management 136 4.1 The Security
Management Function 137 Security Planning 140 Capital Planning 142 4.2
Security Policy 145 Security Policy Categories 146 Security Policy Document
Content 147 Management Guidelines for Security Policies 151 Monitoring the
Policy 151 4.3 Acceptable Use Policy 152 4.4 Security Management Best
Practices 154 4.5 Key Terms and Review Questions 154 Key Terms 154 Review
Questions 155 4.6 References 155 PART II: MANAGING THE CYBERSECURITY
FUNCTION 157 Chapter 5: People Management 160 5.1 Human Resource Security
161 Security in the Hiring Process 162 During Employment 164 Termination of
Employment 165 5.2 Security Awareness and Education 166 Security Awareness
168 Cybersecurity Essentials Program 173 Role-Based Training 173 Education
and Certification 174 5.3 People Management Best Practices 175 5.4 Key
Terms and Review Questions 176 Key Terms 176 Review Questions 176 5.5
References 177 Chapter 6: Information Management 178 6.1 Information
Classification and Handling 179 Information Classification 179 Information
Labeling 185 Information Handling 186 6.2 Privacy 186 Privacy Threats 189
Privacy Principles and Policies 191 Privacy Controls 196 6.3 Document and
Records Management 198 Document Management 200 Records Management 202 6.4
Sensitive Physical Information 204 6.5 Information Management Best
Practices 205 6.6 Key Terms and Review Questions 206 Key Terms 206 Review
Questions 207 6.7 References 208 Chapter 7: Physical Asset Management 210
7.1 Hardware Life Cycle Management 211 Planning 213 Acquisition 214
Deployment 214 Management 215 Disposition 216 7.2 Office Equipment 217
Threats and Vulnerabilities 217 Security Controls 219 Equipment Disposal
222 7.3 Industrial Control Systems 223 Differences Between IT Systems and
Industrial Control Systems 225 ICS Security 227 7.4 Mobile Device Security
231 Mobile Device Technology 233 Mobile Ecosystem 234 Vulnerabilities 236
Mobile Device Security Strategy 238 Resources for Mobile Device Security
243 7.5 Physical Asset Management Best Practices 244 7.6 Key Terms and
Review Questions 245 Key Terms 245 Review Questions 245 7.7 References 246
Chapter 8: System Development 248 8.1 System Development Life Cycle 248
NIST SDLC Model 249 The SGP's SDLC Model 252 DevOps 254 8.2 Incorporating
Security into the SDLC 259 Initiation Phase 260 Development/Acquisition
Phase 264 Implementation/Assessment Phase 266 Operations and Maintenance
Phase 270 Disposal Phase 272 8.3 System Development Management 273 System
Development Methodology 274 System Development Environments 275 Quality
Assurance 277 8.4 System Development Best Practices 278 8.5 Key Terms and
Review Questions 278 Key Terms 278 Review Questions 279 8.6 References 279
Chapter 9: Business Application Management 280 9.1 Application Management
Concepts 281 Application Life Cycle Management 281 Application Portfolio
Management 283 Application Performance Management 285 9.2 Corporate
Business Application Security 287 Business Application Register 287
Business Application Protection 288 Browser-Based Application Protection
289 9.3 End User-Developed Applications (EUDAs) 295 Benefits of EUDAs 296
Risks of EUDAs 296 EUDA Security Framework 297 9.4 Business Application
Management Best Practices 300 9.5 Key Terms and Review Questions 301 Key
Terms 301 Review Questions 302 9.6 References 302 Chapter 10: System Access
304 10.1 System Access Concepts 304 Authorization 306 10.2 User
Authentication 307 A Model for Electronic User Authentication 307 Means of
Authentication 310 Multifactor Authentication 311 10.3 Password-Based
Authentication 312 The Vulnerability of Passwords 313 The Use of Hashed
Passwords 315 Password Cracking of User-Chosen Passwords 317 Password File
Access Control 319 Password Selection 320 10.4 Possession-Based
Authentication 322 Memory Cards 322 Smart Cards 323 Electronic Identity
Cards 325 One-Time Password Device 328 Threats to Possession-Based
Authentication 329 Security Controls for Possession-Based Authentication
330 10.5 Biometric Authentication 330 Criteria for Biometric
Characteristics 331 Physical Characteristics Used in Biometric Applications
332 Operation of a Biometric Authentication System 333 Biometric Accuracy
335 Threats to Biometric Authentication 337 Security Controls for Biometric
Authentication 339 10.6 Risk Assessment for User Authentication 341
Authenticator Assurance Levels 341 Selecting an AAL 342 Choosing an
Authentication Method 345 10.7 Access Control 347 Subjects, Objects, and
Access Rights 348 Access Control Policies 349 Discretionary Access Control
350 Role-Based Access Control 351 Attribute-Based Access Control 353 Access
Control Metrics 358 10.8 Customer Access 360 Customer Access Arrangements
360 Customer Contracts 361 Customer Connections 361 Protecting Customer
Data 361 10.9 System Access Best Practices 362 10.10 Key Terms and Review
Questions 363 Key Terms 363 Review Questions 363 10.11 References 364
Chapter 11: System Management 366 11.1 Server Configuration 368 Threats to
Servers 368 Requirements for Server Security 368 11.2 Virtual Servers 370
Virtualization Alternatives 371 Virtualization Security Issues 374 Securing
Virtualization Systems 376 11.3 Network Storage Systems 377 11.4 Service
Level Agreements 379 Network Providers 379 Computer Security Incident
Response Team 381 Cloud Service Providers 382 11.5 Performance and Capacity
Management 383 11.6 Backup 384 11.7 Change Management 386 11.8 System
Management Best Practices 389 11.9 Key Terms and Review Questions 390 Key
Terms 390 Review Questions 390 11.10 References 391 Chapter 12: Networks
and Communications 392 12.1 Network Management Concepts 393 Network
Management Functions 393 Network Management Systems 399 Network Management
Architecture 402 12.2 Firewalls 404 Firewall Characteristics 404 Types of
Firewalls 406 Next-Generation Firewalls 414 DMZ Networks 414 The Modern IT
Perimeter 416 12.3 Virtual Private Networks and IP Security 417 Virtual
Private Networks 417 IPsec 418 Firewall-Based VPNs 420 12.4 Security
Considerations for Network Management 421 Network Device Configuration 421
Physical Network Management 423 Wireless Access 426 External Network
Connections 427 Firewalls 428 Remote Maintenance 429 12.5 Electronic
Communications 430 Email 430 Instant Messaging 436 Voice over IP (VoIP)
Networks 438 Telephony and Conferencing 444 12.6 Networks and
Communications Best Practices 444 12.7 Key Terms and Review Questions 445
Key Terms 445 Review Questions 445 12.8 References 446 Chapter 13: Supply
Chain Management and Cloud Security 448 13.1 Supply Chain Management
Concepts 449 The Supply Chain 449 Supply Chain Management 451 13.2 Supply
Chain Risk Management 453 Supply Chain Threats 456 Supply Chain
Vulnerabilities 459 Supply Chain Security Controls 460 SCRM Best Practices
463 13.3 Cloud Computing 466 Cloud Computing Elements 466 Cloud Computing
Reference Architecture 470 13.4 Cloud Security 473 Security Considerations
for Cloud Computing 473 Threats for Cloud Service Users 474 Risk Evaluation
475 Best Practices 476 Cloud Service Agreement 477 13.5 Supply Chain Best
Practices 478 13.6 Key Terms and Review Questions 479 Key Terms 479 Review
Questions 479 13.7 References 480 Chapter 14: Technical Security Management
482
14.1 Security Architecture 483 14.2 Malware Protection Activities 487 Types
of Malware 487 The Nature of the Malware Threat 490 Practical Malware
Protection 490 14.3 Malware Protection Software 494 Capabilities of Malware
Protection Software 494 Managing Malware Protection Software 495 14.4
Identity and Access Management 496 IAM Architecture 497 Federated Identity
Management 498 IAM Planning 500 IAM Best Practices 501 14.5 Intrusion
Detection 502 Basic Principles 503 Approaches to Intrusion Detection 504
Host-Based Intrusion Detection Techniques 505 Network-Based Intrusion
Detection Systems 506 IDS Best Practices 508 14.6 Data Loss Prevention 509
Data Classification and Identification 509 Data States 510 14.7 Digital
Rights Management 512 DRM Structure and Components 513 DRM Best Practices
515 14.8 Cryptographic Solutions 517 Uses of Cryptography 517 Cryptographic
Algorithms 518 Selection of Cryptographic Algorithms and Lengths 525
Cryptography Implementation Considerations 526 14.9 Cryptographic Key
Management 528 Key Types 530 Cryptoperiod 532 Key Life Cycle 534 14.10
Public Key Infrastructure 536 Public Key Certificates 536 PKI Architecture
538 Management Issues 540 14.11 Technical Security Management Best
Practices 541 14.12 Key Terms and Review Questions 543 Key Terms 543 Review
Questions 543 14.13 References 544 Chapter 15: Threat and Incident
Management 546 15.1 Technical Vulnerability Management 547 Plan
Vulnerability Management 547 Discover Known Vulnerabilities 548 Scan for
Vulnerabilities 549 Log and Report 551 Remediate Vulnerabilities 551 15.2
Security Event Logging 554 Security Event Logging Objective 556 Potential
Security Log Sources 556 What to Log 557 Protection of Log Data 557 Log
Management Policy 558 15.3 Security Event Management 559 SEM Functions 560
SEM Best Practices 561 15.4 Threat Intelligence 563 Threat Taxonomy 564 The
Importance of Threat Intelligence 566 Gathering Threat Intelligence 568
Threat Analysis 569 15.5 Cyber Attack Protection 570 Cyber Attack Kill
Chain 570 Protection and Response Measures 573 Non-Malware Attacks 576 15.6
Security Incident Management Framework 577 Objectives of Incident
Management 579 Relationship to Information Security Management System 579
Incident Management Policy 580 Roles and Responsibilities 581 Incident
Management Information 583 Incident Management Tools 583 15.7 Security
Incident Management Process 584 Preparing for Incident Response 585
Detection and Analysis 586 Containment, Eradication, and Recovery 587
Post-Incident Activity 588 15.8 Emergency Fixes 590 15.9 Forensic
Investigations 592 Prepare 593 Identify 594 Collect 594 Preserve 595
Analyze 595 Report 596 15.10 Threat and Incident Management Best Practices
597 15.11 Key Terms and Review Questions 598 Key Terms 598 Review Questions
599 15.12 References 599 Chapter 16: Local Environment Management 602 16.1
Local Environment Security 602 Local Environment Profile 603 Local Security
Coordination 604 16.2 Physical Security 606 Physical Security Threats 606
Physical Security Officer 609 Defense in Depth 610 Physical Security:
Prevention and Mitigation Measures 612 Physical Security Controls 615 16.3
Local Environment Management Best Practices 619 16.4 Key Terms and Review
Questions 620 Key Terms 620 Review Questions 620 16.5 References 621
Chapter 17: Business Continuity 622 17.1 Business Continuity Concepts 625
Threats 626 Business Continuity in Operation 628 Business Continuity
Objectives 629 Essential Components for Maintaining Business Continuity 630
17.2 Business Continuity Program 630 Governance 631 Business Impact
Analysis 631 Risk Assessment 632 Business Continuity Strategy 634 17.3
Business Continuity Readiness 637 Awareness 637 Training 638 Resilience 639
Control Selection 640 Business Continuity Plan 642 Exercising and Testing
647 Performance Evaluation 650 17.4 Business Continuity Operations 655
Emergency Response 655 Crisis Management 656 Business Recovery/Restoration
657 17.5 Business Continuity Best Practices 660 17.6 Key Terms and Review
Questions 661 Key Terms 661 Review Questions 661 17.7 References 662 PART
III: SECURITY ASSESSMENT 665 Chapter 18: Security Monitoring and
Improvement 666 18.1 Security Audit 666 Security Audit and Alarms Model 667
Data to Collect for Auditing 668 Internal and External Audit 672 Security
Audit Controls 673 18.2 Security Performance 678 Security Performance
Measurement 678 Security Monitoring and Reporting 686 Information Risk
Reporting 688 Information Security Compliance Monitoring 690 18.3 Security
Monitoring and Improvement Best Practices 691 18.4 Key Terms and Review
Questions 692 Key Terms 692 Review Questions 692 18.5 References 693
Appendix A: References and Standards 694 Appendix B: Glossary 708 Index 726
Appendix C: Answers to Review Questions (Online Only)
1.1 Defining Cyberspace and Cybersecurity 3 1.2 The Value of Standards and
Best Practices Documents 6 1.3 The Standard of Good Practice for
Information Security 7 1.4 The ISO/IEC 27000 Suite of Information Security
Standards 12 ISO 27001 15 ISO 27002 17 1.5 Mapping the ISO 27000 Series to
the ISF SGP 18 1.6 NIST Cybersecurity Framework and Security Documents 21
NIST Cybersecurity Framework 22 NIST Security Documents 25 1.7 The CIS
Critical Security Controls for Effective Cyber Defense 27 1.8 COBIT 5 for
Information Security 29 1.9 Payment Card Industry Data Security Standard
(PCI DSS) 30 1.10 ITU-T Security Documents 32 1.11 Effective Cybersecurity
34 The Cybersecurity Management Process 34 Using Best Practices and
Standards Documents 36 1.12 Key Terms and Review Questions 38 Key Terms 38
Review Questions 38 1.13 References 39 PART I: PLANNING FOR CYBERSECURITY
41 Chapter 2: Security Governance 42 2.1 Security Governance and Security
Management 43 2.2 Security Governance Principles and Desired Outcomes 45
Principles 45 Desired Outcomes 46 2.3 Security Governance Components 47
Strategic Planning 47 Organizational Structure 51 Roles and
Responsibilities 55 Integration with Enterprise Architecture 58 Policies
and Guidance 63 2.4 Security Governance Approach 63 Security Governance
Framework 63 Security Direction 64 Responsible, Accountable, Consulted, and
Informed (RACI) Charts 66 2.5 Security Governance Evaluation 68 2.6
Security Governance Best Practices 69 2.7 Key Terms and Review Questions 70
Key Terms 70 Review Questions 71 2.8 References 71 Chapter 3: Information
Risk Assessment 74 3.1 Risk Assessment Concepts 75 Risk Assessment
Challenges 78 Risk Management 80 Structure of This 84 3.2 Asset
Identification 85 Hardware Assets 85 Software Assets 85 Information Assets
86 Business Assets 87 Asset Register 87 3.3 Threat Identification 89 The
STRIDE Threat Model 89 Threat Types 90 Sources of Information 92 3.4
Control Identification 98 3.5 Vulnerability Identification 102
Vulnerability Categories 103 National Vulnerability Database and Common
Vulnerability Scoring System 103 3.6 Risk Assessment Approaches 107
Quantitative Versus Qualitative Risk Assessment 107 Simple Risk Analysis
Worksheet 113 Factor Analysis of Information Risk 114 3.7 Likelihood
Assessment 116 Estimating Threat Event Frequency 118 Estimating
Vulnerability 119 Loss Event Frequency 121 3.8 Impact Assessment 122
Estimating the Primary Loss 124 Estimating the Secondary Loss 125 Business
Impact Reference Table 126 3.9 Risk Determination 128 3.10 Risk Evaluation
128 3.11 Risk Treatment 129 Risk Reduction 130 Risk Retention 130 Risk
Avoidance 130 Risk Transfer 131 3.12 Risk Assessment Best Practices 131
3.13 Key Terms and Review Questions 132 Key Terms 132 Review Questions 133
3.14 References 134 Chapter 4: Security Management 136 4.1 The Security
Management Function 137 Security Planning 140 Capital Planning 142 4.2
Security Policy 145 Security Policy Categories 146 Security Policy Document
Content 147 Management Guidelines for Security Policies 151 Monitoring the
Policy 151 4.3 Acceptable Use Policy 152 4.4 Security Management Best
Practices 154 4.5 Key Terms and Review Questions 154 Key Terms 154 Review
Questions 155 4.6 References 155 PART II: MANAGING THE CYBERSECURITY
FUNCTION 157 Chapter 5: People Management 160 5.1 Human Resource Security
161 Security in the Hiring Process 162 During Employment 164 Termination of
Employment 165 5.2 Security Awareness and Education 166 Security Awareness
168 Cybersecurity Essentials Program 173 Role-Based Training 173 Education
and Certification 174 5.3 People Management Best Practices 175 5.4 Key
Terms and Review Questions 176 Key Terms 176 Review Questions 176 5.5
References 177 Chapter 6: Information Management 178 6.1 Information
Classification and Handling 179 Information Classification 179 Information
Labeling 185 Information Handling 186 6.2 Privacy 186 Privacy Threats 189
Privacy Principles and Policies 191 Privacy Controls 196 6.3 Document and
Records Management 198 Document Management 200 Records Management 202 6.4
Sensitive Physical Information 204 6.5 Information Management Best
Practices 205 6.6 Key Terms and Review Questions 206 Key Terms 206 Review
Questions 207 6.7 References 208 Chapter 7: Physical Asset Management 210
7.1 Hardware Life Cycle Management 211 Planning 213 Acquisition 214
Deployment 214 Management 215 Disposition 216 7.2 Office Equipment 217
Threats and Vulnerabilities 217 Security Controls 219 Equipment Disposal
222 7.3 Industrial Control Systems 223 Differences Between IT Systems and
Industrial Control Systems 225 ICS Security 227 7.4 Mobile Device Security
231 Mobile Device Technology 233 Mobile Ecosystem 234 Vulnerabilities 236
Mobile Device Security Strategy 238 Resources for Mobile Device Security
243 7.5 Physical Asset Management Best Practices 244 7.6 Key Terms and
Review Questions 245 Key Terms 245 Review Questions 245 7.7 References 246
Chapter 8: System Development 248 8.1 System Development Life Cycle 248
NIST SDLC Model 249 The SGP's SDLC Model 252 DevOps 254 8.2 Incorporating
Security into the SDLC 259 Initiation Phase 260 Development/Acquisition
Phase 264 Implementation/Assessment Phase 266 Operations and Maintenance
Phase 270 Disposal Phase 272 8.3 System Development Management 273 System
Development Methodology 274 System Development Environments 275 Quality
Assurance 277 8.4 System Development Best Practices 278 8.5 Key Terms and
Review Questions 278 Key Terms 278 Review Questions 279 8.6 References 279
Chapter 9: Business Application Management 280 9.1 Application Management
Concepts 281 Application Life Cycle Management 281 Application Portfolio
Management 283 Application Performance Management 285 9.2 Corporate
Business Application Security 287 Business Application Register 287
Business Application Protection 288 Browser-Based Application Protection
289 9.3 End User-Developed Applications (EUDAs) 295 Benefits of EUDAs 296
Risks of EUDAs 296 EUDA Security Framework 297 9.4 Business Application
Management Best Practices 300 9.5 Key Terms and Review Questions 301 Key
Terms 301 Review Questions 302 9.6 References 302 Chapter 10: System Access
304 10.1 System Access Concepts 304 Authorization 306 10.2 User
Authentication 307 A Model for Electronic User Authentication 307 Means of
Authentication 310 Multifactor Authentication 311 10.3 Password-Based
Authentication 312 The Vulnerability of Passwords 313 The Use of Hashed
Passwords 315 Password Cracking of User-Chosen Passwords 317 Password File
Access Control 319 Password Selection 320 10.4 Possession-Based
Authentication 322 Memory Cards 322 Smart Cards 323 Electronic Identity
Cards 325 One-Time Password Device 328 Threats to Possession-Based
Authentication 329 Security Controls for Possession-Based Authentication
330 10.5 Biometric Authentication 330 Criteria for Biometric
Characteristics 331 Physical Characteristics Used in Biometric Applications
332 Operation of a Biometric Authentication System 333 Biometric Accuracy
335 Threats to Biometric Authentication 337 Security Controls for Biometric
Authentication 339 10.6 Risk Assessment for User Authentication 341
Authenticator Assurance Levels 341 Selecting an AAL 342 Choosing an
Authentication Method 345 10.7 Access Control 347 Subjects, Objects, and
Access Rights 348 Access Control Policies 349 Discretionary Access Control
350 Role-Based Access Control 351 Attribute-Based Access Control 353 Access
Control Metrics 358 10.8 Customer Access 360 Customer Access Arrangements
360 Customer Contracts 361 Customer Connections 361 Protecting Customer
Data 361 10.9 System Access Best Practices 362 10.10 Key Terms and Review
Questions 363 Key Terms 363 Review Questions 363 10.11 References 364
Chapter 11: System Management 366 11.1 Server Configuration 368 Threats to
Servers 368 Requirements for Server Security 368 11.2 Virtual Servers 370
Virtualization Alternatives 371 Virtualization Security Issues 374 Securing
Virtualization Systems 376 11.3 Network Storage Systems 377 11.4 Service
Level Agreements 379 Network Providers 379 Computer Security Incident
Response Team 381 Cloud Service Providers 382 11.5 Performance and Capacity
Management 383 11.6 Backup 384 11.7 Change Management 386 11.8 System
Management Best Practices 389 11.9 Key Terms and Review Questions 390 Key
Terms 390 Review Questions 390 11.10 References 391 Chapter 12: Networks
and Communications 392 12.1 Network Management Concepts 393 Network
Management Functions 393 Network Management Systems 399 Network Management
Architecture 402 12.2 Firewalls 404 Firewall Characteristics 404 Types of
Firewalls 406 Next-Generation Firewalls 414 DMZ Networks 414 The Modern IT
Perimeter 416 12.3 Virtual Private Networks and IP Security 417 Virtual
Private Networks 417 IPsec 418 Firewall-Based VPNs 420 12.4 Security
Considerations for Network Management 421 Network Device Configuration 421
Physical Network Management 423 Wireless Access 426 External Network
Connections 427 Firewalls 428 Remote Maintenance 429 12.5 Electronic
Communications 430 Email 430 Instant Messaging 436 Voice over IP (VoIP)
Networks 438 Telephony and Conferencing 444 12.6 Networks and
Communications Best Practices 444 12.7 Key Terms and Review Questions 445
Key Terms 445 Review Questions 445 12.8 References 446 Chapter 13: Supply
Chain Management and Cloud Security 448 13.1 Supply Chain Management
Concepts 449 The Supply Chain 449 Supply Chain Management 451 13.2 Supply
Chain Risk Management 453 Supply Chain Threats 456 Supply Chain
Vulnerabilities 459 Supply Chain Security Controls 460 SCRM Best Practices
463 13.3 Cloud Computing 466 Cloud Computing Elements 466 Cloud Computing
Reference Architecture 470 13.4 Cloud Security 473 Security Considerations
for Cloud Computing 473 Threats for Cloud Service Users 474 Risk Evaluation
475 Best Practices 476 Cloud Service Agreement 477 13.5 Supply Chain Best
Practices 478 13.6 Key Terms and Review Questions 479 Key Terms 479 Review
Questions 479 13.7 References 480 Chapter 14: Technical Security Management
482
14.1 Security Architecture 483 14.2 Malware Protection Activities 487 Types
of Malware 487 The Nature of the Malware Threat 490 Practical Malware
Protection 490 14.3 Malware Protection Software 494 Capabilities of Malware
Protection Software 494 Managing Malware Protection Software 495 14.4
Identity and Access Management 496 IAM Architecture 497 Federated Identity
Management 498 IAM Planning 500 IAM Best Practices 501 14.5 Intrusion
Detection 502 Basic Principles 503 Approaches to Intrusion Detection 504
Host-Based Intrusion Detection Techniques 505 Network-Based Intrusion
Detection Systems 506 IDS Best Practices 508 14.6 Data Loss Prevention 509
Data Classification and Identification 509 Data States 510 14.7 Digital
Rights Management 512 DRM Structure and Components 513 DRM Best Practices
515 14.8 Cryptographic Solutions 517 Uses of Cryptography 517 Cryptographic
Algorithms 518 Selection of Cryptographic Algorithms and Lengths 525
Cryptography Implementation Considerations 526 14.9 Cryptographic Key
Management 528 Key Types 530 Cryptoperiod 532 Key Life Cycle 534 14.10
Public Key Infrastructure 536 Public Key Certificates 536 PKI Architecture
538 Management Issues 540 14.11 Technical Security Management Best
Practices 541 14.12 Key Terms and Review Questions 543 Key Terms 543 Review
Questions 543 14.13 References 544 Chapter 15: Threat and Incident
Management 546 15.1 Technical Vulnerability Management 547 Plan
Vulnerability Management 547 Discover Known Vulnerabilities 548 Scan for
Vulnerabilities 549 Log and Report 551 Remediate Vulnerabilities 551 15.2
Security Event Logging 554 Security Event Logging Objective 556 Potential
Security Log Sources 556 What to Log 557 Protection of Log Data 557 Log
Management Policy 558 15.3 Security Event Management 559 SEM Functions 560
SEM Best Practices 561 15.4 Threat Intelligence 563 Threat Taxonomy 564 The
Importance of Threat Intelligence 566 Gathering Threat Intelligence 568
Threat Analysis 569 15.5 Cyber Attack Protection 570 Cyber Attack Kill
Chain 570 Protection and Response Measures 573 Non-Malware Attacks 576 15.6
Security Incident Management Framework 577 Objectives of Incident
Management 579 Relationship to Information Security Management System 579
Incident Management Policy 580 Roles and Responsibilities 581 Incident
Management Information 583 Incident Management Tools 583 15.7 Security
Incident Management Process 584 Preparing for Incident Response 585
Detection and Analysis 586 Containment, Eradication, and Recovery 587
Post-Incident Activity 588 15.8 Emergency Fixes 590 15.9 Forensic
Investigations 592 Prepare 593 Identify 594 Collect 594 Preserve 595
Analyze 595 Report 596 15.10 Threat and Incident Management Best Practices
597 15.11 Key Terms and Review Questions 598 Key Terms 598 Review Questions
599 15.12 References 599 Chapter 16: Local Environment Management 602 16.1
Local Environment Security 602 Local Environment Profile 603 Local Security
Coordination 604 16.2 Physical Security 606 Physical Security Threats 606
Physical Security Officer 609 Defense in Depth 610 Physical Security:
Prevention and Mitigation Measures 612 Physical Security Controls 615 16.3
Local Environment Management Best Practices 619 16.4 Key Terms and Review
Questions 620 Key Terms 620 Review Questions 620 16.5 References 621
Chapter 17: Business Continuity 622 17.1 Business Continuity Concepts 625
Threats 626 Business Continuity in Operation 628 Business Continuity
Objectives 629 Essential Components for Maintaining Business Continuity 630
17.2 Business Continuity Program 630 Governance 631 Business Impact
Analysis 631 Risk Assessment 632 Business Continuity Strategy 634 17.3
Business Continuity Readiness 637 Awareness 637 Training 638 Resilience 639
Control Selection 640 Business Continuity Plan 642 Exercising and Testing
647 Performance Evaluation 650 17.4 Business Continuity Operations 655
Emergency Response 655 Crisis Management 656 Business Recovery/Restoration
657 17.5 Business Continuity Best Practices 660 17.6 Key Terms and Review
Questions 661 Key Terms 661 Review Questions 661 17.7 References 662 PART
III: SECURITY ASSESSMENT 665 Chapter 18: Security Monitoring and
Improvement 666 18.1 Security Audit 666 Security Audit and Alarms Model 667
Data to Collect for Auditing 668 Internal and External Audit 672 Security
Audit Controls 673 18.2 Security Performance 678 Security Performance
Measurement 678 Security Monitoring and Reporting 686 Information Risk
Reporting 688 Information Security Compliance Monitoring 690 18.3 Security
Monitoring and Improvement Best Practices 691 18.4 Key Terms and Review
Questions 692 Key Terms 692 Review Questions 692 18.5 References 693
Appendix A: References and Standards 694 Appendix B: Glossary 708 Index 726
Appendix C: Answers to Review Questions (Online Only)