Wm. Arthur Conklin, Greg White, Chuck Cothren
Principles of Computer Security: CompTIA Security+ and Beyond, Sixth Edition (Exam SY0-601)
Wm. Arthur Conklin, Greg White, Chuck Cothren
Principles of Computer Security: CompTIA Security+ and Beyond, Sixth Edition (Exam SY0-601)
- Broschiertes Buch
- Merkliste
- Auf die Merkliste
- Bewerten Bewerten
- Teilen
- Produkt teilen
- Produkterinnerung
- Produkterinnerung
This fully revised four color textbook covers every topic on the current version of the CompTIA Security+ exam Prepare for a career in computer and network security while also studying for professional certification. Take the latest version of the challenging CompTIA Security+ exam with complete confidence using the detailed information contained in this comprehensive classroom-based solution. Written and edited by leaders in the field, the book gets candidates fully prepared for the test and contains the essential fundamentals of computer and network security skills. Principles of Computer…mehr
Andere Kunden interessierten sich auch für
- Jonathan WeissmanPrinciples of Computer Security: CompTIA Security+ and Beyond Lab Manual (Exam SY0-601)59,99 €
- Mike MeyersMike Meyers' CompTIA Security+ Certification Guide, Third Edition (Exam SY0-601)36,99 €
- Wm. Arthur ConklinCompTIA Security+ All-in-One Exam Guide, Sixth Edition (Exam SY0-601)52,99 €
- Glen ClarkeCompTIA Security+ Certification Study Guide, Fourth Edition (Exam SY0-601)43,99 €
- Robert ShimonskiComptia Security+ Sy0-701 Exam Cram43,99 €
- Mike MeyersITF+ CompTIA IT Fundamentals All-in-One Exam Guide, Second Edition (Exam FC0-U61)42,99 €
- Mike MeyersMike Meyers' CompTIA A+ Guide to Managing and Troubleshooting PCs Lab Manual, Sixth Edition (Exams 220-1001 & 220-1002)46,99 €
-
-
-
This fully revised four color textbook covers every topic on the current version of the CompTIA Security+ exam Prepare for a career in computer and network security while also studying for professional certification. Take the latest version of the challenging CompTIA Security+ exam with complete confidence using the detailed information contained in this comprehensive classroom-based solution. Written and edited by leaders in the field, the book gets candidates fully prepared for the test and contains the essential fundamentals of computer and network security skills. Principles of Computer Security: CompTIA Security+ and Beyond, Sixth Edition (Exam SY0-601) is presented in an engaging style and features full-color illustrations. Targeted sidebars throughout encourage readers to apply concepts in real-world settings, while other special elements bring the focus back to study with specific test-related advice and information. The textbook features engaging end of chapter sections that help you review the content covered in each chapter while also drilling you on the essentials and providing unique hands-on lab projects. * Provides 100% coverage of every objective on exam SY0-601 * Online content includes 200 practice questions in the Total Tester exam engine * Written by a team of the most well-respected upper-level IT security educators * Instructor Materials are available for adopting schools-contact your McGraw Hill sales representative * Answers and solutions to the end of chapter sections are only available to adopting instructors Publisher's Note: Products purchased from Third Party sellers are not guaranteed by the publisher for quality, authenticity, or access to any online entitlements included with the product.
Hinweis: Dieser Artikel kann nur an eine deutsche Lieferadresse ausgeliefert werden.
Hinweis: Dieser Artikel kann nur an eine deutsche Lieferadresse ausgeliefert werden.
Produktdetails
- Produktdetails
- Verlag: McGraw-Hill Education
- 6 ed
- Seitenzahl: 1072
- Erscheinungstermin: 29. November 2021
- Englisch
- Abmessung: 275mm x 215mm x 40mm
- Gewicht: 2088g
- ISBN-13: 9781260474312
- ISBN-10: 1260474313
- Artikelnr.: 60601475
- Herstellerkennzeichnung
- Libri GmbH
- Europaallee 1
- 36244 Bad Hersfeld
- 06621 890
- Verlag: McGraw-Hill Education
- 6 ed
- Seitenzahl: 1072
- Erscheinungstermin: 29. November 2021
- Englisch
- Abmessung: 275mm x 215mm x 40mm
- Gewicht: 2088g
- ISBN-13: 9781260474312
- ISBN-10: 1260474313
- Artikelnr.: 60601475
- Herstellerkennzeichnung
- Libri GmbH
- Europaallee 1
- 36244 Bad Hersfeld
- 06621 890
Wm. Arthur Conklin (Houston, TX), Security+, CISSP, is an Assistant Professor in the Information and Logistics Technology department at the University of Houston. In addition to his PhD, Mr. Conklin has a MBA from UTSA, and two graduate degrees in Electrical Engineering from the Naval Postgraduate School in Monterey, California. Dr. Conklin's interests are information security, systems theory, and secure software design.
Foreword
Preface
Introduction
Instructor Website
Chapter 1 Introduction and Security Trends
The Computer Security Problem
Threats to Security
Attributes of Actors
Security Trends
Targets and Attacks
Approaches to Computer Security
Ethics
Additional References
Chapter 1 Review
Chapter 2 General Security Concepts
Basic Security Terminology
Formal Security Models
Additional References
Chapter 2 Review
Chapter 3 Operational and Organizational Security
Policies, Procedures, Standards, and Guidelines
Organizational Policies
Security Policies
Human Resources Policies
Security Awareness and Training
Standard Operating Procedures
Third-Party Risk Management
Interoperability Agreements
Chapter 3 Review
Chapter 4 The Role of People in Security
People-A Security Problem
Tools
Attacks
Poor Security Practices
People as a Security Tool
Chapter 4 Review
Chapter 5 Cryptography
Cryptography in Practice
Cryptographic Objectives
Historical Perspectives
Hashing Functions
Symmetric Encryption
Asymmetric Encryption
Quantum Cryptography
Post-Quantum
Lightweight Cryptography
Homomorphic Encryption
For More Information
Chapter 5 Review
Chapter 6 Applied Cryptography
Cryptography Use
Cipher Suites
S/MIME
PGP
Steganography
Secure Protocols
Secure Protocol Use Cases
Cryptographic Attacks
Other Standards
Chapter 6 Review
Chapter 7 Public Key Infrastructure
The Basics of Public Key Infrastructures
Certificate Authorities
Trust Models
Digital Certificates
Certificate Lifecycles
Certificate Repositories
Centralized and Decentralized Infrastructures
Certificate-Based Threats
PKIX and PKCS
ISAKMP
CMP
XKMS
CEP
Chapter 7 Review
Chapter 8 Physical Security
The Security Problem
Physical Security Safeguards
Environmental Controls
Fire Suppression
Electromagnetic Environment
Power Protection
Drones/UAVs
Chapter 8 Review
Chapter 9 Network Fundamentals
Network Architectures
Network Topology
Segregation/Segmentation/Isolation
Security Zones
Network Protocols
Internet Protocol
IPv4 vs. IPv6
Packet Delivery
Inter-Networking
MPLS
Software-Defined Networking (SDN)
Quality of Service (QoS)
Traffic Engineering
Route Security
For More Information
Chapter 9 Review
Chapter 10 Infrastructure Security
Devices
Virtualization
Networking
Security Devices
Security Device/Technology Placement
Tunneling/VPN
Storage Area Networks
Media
Removable Media
Security Concerns for Transmission Media
Physical Security Concerns
Chapter 10 Review
Chapter 11 Authentication and Remote Access
User, Group, and Role Management
Account Policies
Authorization
Identity
Authentication Methods
Biometric Factors
Biometric Efficacy Rates
Multifactor Authentication
Remote Access
Preventing Data Loss or Theft
Database Security
Cloud vs. On-premises Requirements
Connection Summary
For More Information
Chapter 11 Review
Chapter 12 Wireless Security and Mobile Devices
Connection Methods and Receivers
Wireless Protocols
Wireless Systems Configuration
Wireless Attacks
Mobile Device Management Concepts
Mobile Application Security
Mobile Devices
Policies for Enforcement and Monitoring
Deployment Models
Chapter 12 Review
Chapter 13 Intrusion Detection Systems and Network Security
History of Intrusion Detection Systems
IDS Overview
Network-Based IDSs
Host-Based IDSs
Intrusion Prevention Systems
Network Security Monitoring
Deception and Disruption Technologies
Analytics
SIEM
DLP
Tools
Indicators of Compromise
For More Information
Chapter 13 Review
Chapter 14 System Hardening and Baselines
Overview of Baselines
Hardware/Firmware Security
Operating System and Network Operating System Hardening
Secure Baseline
Endpoint Protection
Network Hardening
Application Hardening
Data-Based Security Controls
Environment
Automation/Scripting
Alternative Environments
Industry-Standard Frameworks and Reference Architectures
Benchmarks/Secure Configuration Guides
For More Information
Chapter 14 Review
Chapter 15 Types of Attacks and Malicious Software
Avenues of Attack
Malicious Code
Malware
Attacking Computer Systems and Networks
Advanced Persistent Threat
Password Attacks
Chapter 15 Review
Chapter 16 Security Tools and Techniques
Network Reconnaissance and Discovery Tools
File Manipulation Tools
Shell and Script Environments
Packet Capture and Replay Tools
Forensic Tools
Tool Suites
Penetration Testing
Vulnerability Testing
Auditing
Vulnerabilities
Chapter 16 Review
Chapter 17 Web Components, E-mail, and Instant Messaging
Current Web Components and Concerns
Web Protocols
Code-Based Vulnerabilities
Application-Based Weaknesses
How E-mail Works
Security of E-mail
Mail Gateway
Mail Encryption
Instant Messaging
Chapter 17 Review
Chapter 18 Cloud Computing
Cloud Computing
Cloud Types
Cloud Service Providers
Cloud Security Controls
Security as a Service
Cloud Security Solutions
Virtualization
VDI/VDE
Fog Computing
Edge Computing
Thin Client
Containers
Microservices/API
Serverless Architecture
Chapter 18 Review
Chapter 19 Secure Software Development
The Software Engineering Process
Secure Coding Concepts
Application Attacks
Application Hardening
Code Quality and Testing
Compiled Code vs. Runtime Code
Software Diversity
Secure DevOps
Elasticity
Scalability
Version Control and Change Management
Provisioning and Deprovisioning
Integrity Measurement
For More Information
Chapter 19 Review
Chapter 20 Risk Management
An Overview of Risk Management
Risk Management Vocabulary
What Is Risk Management?
Security Controls
Business Risks
Third-party Risks
Risk Mitigation Strategies
Risk Management Models
Risk Assessment
Qualitatively Assessing Risk
Quantitatively Assessing Risk
Qualitative vs. Quantitative Risk Assessment
Tools
Risk Management Best Practices
Additional References
Chapter 20 Review
Chapter 21 Business Continuity, Disaster Recovery, and Change Management
Business Continuity
Continuity of Operations Planning (COOP)
Disaster Recovery
Why Change Management?
The Key Concept: Separation of Duties
Elements of Change Management
Implementing Change Management
The Purpose of a Change Control Board
The Capability Maturity Model Integration
Environment
Secure Baseline
Sandboxing
Integrity Measurement
Chapter 21 Review
Chapter 22 Incident Response
Foundations of Incident Response
Attack Frameworks
Threat Intelligence
Incident Response Process
Exercises
Stakeholder Management
Communication Plan
Data Sources
Log Files
Data Collection Models
Standards and Best Practices
For More Information
Chapter 22 Review
Chapter 23 Computer Forensics
Evidence
Chain of Custody
Forensic Process
Message Digest and Hash
Analysis
Host Forensics
Device Forensics
Network Forensics
Legal Hold
Chapter 23 Review
Chapter 24 Legal Issues and Ethics
Cybercrime
Ethics
Chapter 24 Review
Chapter 25 Privacy
Data Handling
Organizational Consequences of Privacy Breaches
Data Sensitivity Labeling and Handling
Data Roles
Data Destruction and Media Sanitization
U.S. Privacy Laws
International Privacy Laws
Privacy-Enhancing Technologies
Privacy Policies
Privacy Impact Assessment
Web Privacy Issues
Privacy in Practice
For More Information
Chapter 25 Review
Appendix A CompTIA Security+ Exam Objectives: SY0-601
Appendix B About the Online Content
System Requirements
Your Total Seminars Training Hub Account
Single User License Terms and Conditions
TotalTester Online
Technical Support
Glossary
Index
Preface
Introduction
Instructor Website
Chapter 1 Introduction and Security Trends
The Computer Security Problem
Threats to Security
Attributes of Actors
Security Trends
Targets and Attacks
Approaches to Computer Security
Ethics
Additional References
Chapter 1 Review
Chapter 2 General Security Concepts
Basic Security Terminology
Formal Security Models
Additional References
Chapter 2 Review
Chapter 3 Operational and Organizational Security
Policies, Procedures, Standards, and Guidelines
Organizational Policies
Security Policies
Human Resources Policies
Security Awareness and Training
Standard Operating Procedures
Third-Party Risk Management
Interoperability Agreements
Chapter 3 Review
Chapter 4 The Role of People in Security
People-A Security Problem
Tools
Attacks
Poor Security Practices
People as a Security Tool
Chapter 4 Review
Chapter 5 Cryptography
Cryptography in Practice
Cryptographic Objectives
Historical Perspectives
Hashing Functions
Symmetric Encryption
Asymmetric Encryption
Quantum Cryptography
Post-Quantum
Lightweight Cryptography
Homomorphic Encryption
For More Information
Chapter 5 Review
Chapter 6 Applied Cryptography
Cryptography Use
Cipher Suites
S/MIME
PGP
Steganography
Secure Protocols
Secure Protocol Use Cases
Cryptographic Attacks
Other Standards
Chapter 6 Review
Chapter 7 Public Key Infrastructure
The Basics of Public Key Infrastructures
Certificate Authorities
Trust Models
Digital Certificates
Certificate Lifecycles
Certificate Repositories
Centralized and Decentralized Infrastructures
Certificate-Based Threats
PKIX and PKCS
ISAKMP
CMP
XKMS
CEP
Chapter 7 Review
Chapter 8 Physical Security
The Security Problem
Physical Security Safeguards
Environmental Controls
Fire Suppression
Electromagnetic Environment
Power Protection
Drones/UAVs
Chapter 8 Review
Chapter 9 Network Fundamentals
Network Architectures
Network Topology
Segregation/Segmentation/Isolation
Security Zones
Network Protocols
Internet Protocol
IPv4 vs. IPv6
Packet Delivery
Inter-Networking
MPLS
Software-Defined Networking (SDN)
Quality of Service (QoS)
Traffic Engineering
Route Security
For More Information
Chapter 9 Review
Chapter 10 Infrastructure Security
Devices
Virtualization
Networking
Security Devices
Security Device/Technology Placement
Tunneling/VPN
Storage Area Networks
Media
Removable Media
Security Concerns for Transmission Media
Physical Security Concerns
Chapter 10 Review
Chapter 11 Authentication and Remote Access
User, Group, and Role Management
Account Policies
Authorization
Identity
Authentication Methods
Biometric Factors
Biometric Efficacy Rates
Multifactor Authentication
Remote Access
Preventing Data Loss or Theft
Database Security
Cloud vs. On-premises Requirements
Connection Summary
For More Information
Chapter 11 Review
Chapter 12 Wireless Security and Mobile Devices
Connection Methods and Receivers
Wireless Protocols
Wireless Systems Configuration
Wireless Attacks
Mobile Device Management Concepts
Mobile Application Security
Mobile Devices
Policies for Enforcement and Monitoring
Deployment Models
Chapter 12 Review
Chapter 13 Intrusion Detection Systems and Network Security
History of Intrusion Detection Systems
IDS Overview
Network-Based IDSs
Host-Based IDSs
Intrusion Prevention Systems
Network Security Monitoring
Deception and Disruption Technologies
Analytics
SIEM
DLP
Tools
Indicators of Compromise
For More Information
Chapter 13 Review
Chapter 14 System Hardening and Baselines
Overview of Baselines
Hardware/Firmware Security
Operating System and Network Operating System Hardening
Secure Baseline
Endpoint Protection
Network Hardening
Application Hardening
Data-Based Security Controls
Environment
Automation/Scripting
Alternative Environments
Industry-Standard Frameworks and Reference Architectures
Benchmarks/Secure Configuration Guides
For More Information
Chapter 14 Review
Chapter 15 Types of Attacks and Malicious Software
Avenues of Attack
Malicious Code
Malware
Attacking Computer Systems and Networks
Advanced Persistent Threat
Password Attacks
Chapter 15 Review
Chapter 16 Security Tools and Techniques
Network Reconnaissance and Discovery Tools
File Manipulation Tools
Shell and Script Environments
Packet Capture and Replay Tools
Forensic Tools
Tool Suites
Penetration Testing
Vulnerability Testing
Auditing
Vulnerabilities
Chapter 16 Review
Chapter 17 Web Components, E-mail, and Instant Messaging
Current Web Components and Concerns
Web Protocols
Code-Based Vulnerabilities
Application-Based Weaknesses
How E-mail Works
Security of E-mail
Mail Gateway
Mail Encryption
Instant Messaging
Chapter 17 Review
Chapter 18 Cloud Computing
Cloud Computing
Cloud Types
Cloud Service Providers
Cloud Security Controls
Security as a Service
Cloud Security Solutions
Virtualization
VDI/VDE
Fog Computing
Edge Computing
Thin Client
Containers
Microservices/API
Serverless Architecture
Chapter 18 Review
Chapter 19 Secure Software Development
The Software Engineering Process
Secure Coding Concepts
Application Attacks
Application Hardening
Code Quality and Testing
Compiled Code vs. Runtime Code
Software Diversity
Secure DevOps
Elasticity
Scalability
Version Control and Change Management
Provisioning and Deprovisioning
Integrity Measurement
For More Information
Chapter 19 Review
Chapter 20 Risk Management
An Overview of Risk Management
Risk Management Vocabulary
What Is Risk Management?
Security Controls
Business Risks
Third-party Risks
Risk Mitigation Strategies
Risk Management Models
Risk Assessment
Qualitatively Assessing Risk
Quantitatively Assessing Risk
Qualitative vs. Quantitative Risk Assessment
Tools
Risk Management Best Practices
Additional References
Chapter 20 Review
Chapter 21 Business Continuity, Disaster Recovery, and Change Management
Business Continuity
Continuity of Operations Planning (COOP)
Disaster Recovery
Why Change Management?
The Key Concept: Separation of Duties
Elements of Change Management
Implementing Change Management
The Purpose of a Change Control Board
The Capability Maturity Model Integration
Environment
Secure Baseline
Sandboxing
Integrity Measurement
Chapter 21 Review
Chapter 22 Incident Response
Foundations of Incident Response
Attack Frameworks
Threat Intelligence
Incident Response Process
Exercises
Stakeholder Management
Communication Plan
Data Sources
Log Files
Data Collection Models
Standards and Best Practices
For More Information
Chapter 22 Review
Chapter 23 Computer Forensics
Evidence
Chain of Custody
Forensic Process
Message Digest and Hash
Analysis
Host Forensics
Device Forensics
Network Forensics
Legal Hold
Chapter 23 Review
Chapter 24 Legal Issues and Ethics
Cybercrime
Ethics
Chapter 24 Review
Chapter 25 Privacy
Data Handling
Organizational Consequences of Privacy Breaches
Data Sensitivity Labeling and Handling
Data Roles
Data Destruction and Media Sanitization
U.S. Privacy Laws
International Privacy Laws
Privacy-Enhancing Technologies
Privacy Policies
Privacy Impact Assessment
Web Privacy Issues
Privacy in Practice
For More Information
Chapter 25 Review
Appendix A CompTIA Security+ Exam Objectives: SY0-601
Appendix B About the Online Content
System Requirements
Your Total Seminars Training Hub Account
Single User License Terms and Conditions
TotalTester Online
Technical Support
Glossary
Index
Foreword
Preface
Introduction
Instructor Website
Chapter 1 Introduction and Security Trends
The Computer Security Problem
Threats to Security
Attributes of Actors
Security Trends
Targets and Attacks
Approaches to Computer Security
Ethics
Additional References
Chapter 1 Review
Chapter 2 General Security Concepts
Basic Security Terminology
Formal Security Models
Additional References
Chapter 2 Review
Chapter 3 Operational and Organizational Security
Policies, Procedures, Standards, and Guidelines
Organizational Policies
Security Policies
Human Resources Policies
Security Awareness and Training
Standard Operating Procedures
Third-Party Risk Management
Interoperability Agreements
Chapter 3 Review
Chapter 4 The Role of People in Security
People-A Security Problem
Tools
Attacks
Poor Security Practices
People as a Security Tool
Chapter 4 Review
Chapter 5 Cryptography
Cryptography in Practice
Cryptographic Objectives
Historical Perspectives
Hashing Functions
Symmetric Encryption
Asymmetric Encryption
Quantum Cryptography
Post-Quantum
Lightweight Cryptography
Homomorphic Encryption
For More Information
Chapter 5 Review
Chapter 6 Applied Cryptography
Cryptography Use
Cipher Suites
S/MIME
PGP
Steganography
Secure Protocols
Secure Protocol Use Cases
Cryptographic Attacks
Other Standards
Chapter 6 Review
Chapter 7 Public Key Infrastructure
The Basics of Public Key Infrastructures
Certificate Authorities
Trust Models
Digital Certificates
Certificate Lifecycles
Certificate Repositories
Centralized and Decentralized Infrastructures
Certificate-Based Threats
PKIX and PKCS
ISAKMP
CMP
XKMS
CEP
Chapter 7 Review
Chapter 8 Physical Security
The Security Problem
Physical Security Safeguards
Environmental Controls
Fire Suppression
Electromagnetic Environment
Power Protection
Drones/UAVs
Chapter 8 Review
Chapter 9 Network Fundamentals
Network Architectures
Network Topology
Segregation/Segmentation/Isolation
Security Zones
Network Protocols
Internet Protocol
IPv4 vs. IPv6
Packet Delivery
Inter-Networking
MPLS
Software-Defined Networking (SDN)
Quality of Service (QoS)
Traffic Engineering
Route Security
For More Information
Chapter 9 Review
Chapter 10 Infrastructure Security
Devices
Virtualization
Networking
Security Devices
Security Device/Technology Placement
Tunneling/VPN
Storage Area Networks
Media
Removable Media
Security Concerns for Transmission Media
Physical Security Concerns
Chapter 10 Review
Chapter 11 Authentication and Remote Access
User, Group, and Role Management
Account Policies
Authorization
Identity
Authentication Methods
Biometric Factors
Biometric Efficacy Rates
Multifactor Authentication
Remote Access
Preventing Data Loss or Theft
Database Security
Cloud vs. On-premises Requirements
Connection Summary
For More Information
Chapter 11 Review
Chapter 12 Wireless Security and Mobile Devices
Connection Methods and Receivers
Wireless Protocols
Wireless Systems Configuration
Wireless Attacks
Mobile Device Management Concepts
Mobile Application Security
Mobile Devices
Policies for Enforcement and Monitoring
Deployment Models
Chapter 12 Review
Chapter 13 Intrusion Detection Systems and Network Security
History of Intrusion Detection Systems
IDS Overview
Network-Based IDSs
Host-Based IDSs
Intrusion Prevention Systems
Network Security Monitoring
Deception and Disruption Technologies
Analytics
SIEM
DLP
Tools
Indicators of Compromise
For More Information
Chapter 13 Review
Chapter 14 System Hardening and Baselines
Overview of Baselines
Hardware/Firmware Security
Operating System and Network Operating System Hardening
Secure Baseline
Endpoint Protection
Network Hardening
Application Hardening
Data-Based Security Controls
Environment
Automation/Scripting
Alternative Environments
Industry-Standard Frameworks and Reference Architectures
Benchmarks/Secure Configuration Guides
For More Information
Chapter 14 Review
Chapter 15 Types of Attacks and Malicious Software
Avenues of Attack
Malicious Code
Malware
Attacking Computer Systems and Networks
Advanced Persistent Threat
Password Attacks
Chapter 15 Review
Chapter 16 Security Tools and Techniques
Network Reconnaissance and Discovery Tools
File Manipulation Tools
Shell and Script Environments
Packet Capture and Replay Tools
Forensic Tools
Tool Suites
Penetration Testing
Vulnerability Testing
Auditing
Vulnerabilities
Chapter 16 Review
Chapter 17 Web Components, E-mail, and Instant Messaging
Current Web Components and Concerns
Web Protocols
Code-Based Vulnerabilities
Application-Based Weaknesses
How E-mail Works
Security of E-mail
Mail Gateway
Mail Encryption
Instant Messaging
Chapter 17 Review
Chapter 18 Cloud Computing
Cloud Computing
Cloud Types
Cloud Service Providers
Cloud Security Controls
Security as a Service
Cloud Security Solutions
Virtualization
VDI/VDE
Fog Computing
Edge Computing
Thin Client
Containers
Microservices/API
Serverless Architecture
Chapter 18 Review
Chapter 19 Secure Software Development
The Software Engineering Process
Secure Coding Concepts
Application Attacks
Application Hardening
Code Quality and Testing
Compiled Code vs. Runtime Code
Software Diversity
Secure DevOps
Elasticity
Scalability
Version Control and Change Management
Provisioning and Deprovisioning
Integrity Measurement
For More Information
Chapter 19 Review
Chapter 20 Risk Management
An Overview of Risk Management
Risk Management Vocabulary
What Is Risk Management?
Security Controls
Business Risks
Third-party Risks
Risk Mitigation Strategies
Risk Management Models
Risk Assessment
Qualitatively Assessing Risk
Quantitatively Assessing Risk
Qualitative vs. Quantitative Risk Assessment
Tools
Risk Management Best Practices
Additional References
Chapter 20 Review
Chapter 21 Business Continuity, Disaster Recovery, and Change Management
Business Continuity
Continuity of Operations Planning (COOP)
Disaster Recovery
Why Change Management?
The Key Concept: Separation of Duties
Elements of Change Management
Implementing Change Management
The Purpose of a Change Control Board
The Capability Maturity Model Integration
Environment
Secure Baseline
Sandboxing
Integrity Measurement
Chapter 21 Review
Chapter 22 Incident Response
Foundations of Incident Response
Attack Frameworks
Threat Intelligence
Incident Response Process
Exercises
Stakeholder Management
Communication Plan
Data Sources
Log Files
Data Collection Models
Standards and Best Practices
For More Information
Chapter 22 Review
Chapter 23 Computer Forensics
Evidence
Chain of Custody
Forensic Process
Message Digest and Hash
Analysis
Host Forensics
Device Forensics
Network Forensics
Legal Hold
Chapter 23 Review
Chapter 24 Legal Issues and Ethics
Cybercrime
Ethics
Chapter 24 Review
Chapter 25 Privacy
Data Handling
Organizational Consequences of Privacy Breaches
Data Sensitivity Labeling and Handling
Data Roles
Data Destruction and Media Sanitization
U.S. Privacy Laws
International Privacy Laws
Privacy-Enhancing Technologies
Privacy Policies
Privacy Impact Assessment
Web Privacy Issues
Privacy in Practice
For More Information
Chapter 25 Review
Appendix A CompTIA Security+ Exam Objectives: SY0-601
Appendix B About the Online Content
System Requirements
Your Total Seminars Training Hub Account
Single User License Terms and Conditions
TotalTester Online
Technical Support
Glossary
Index
Preface
Introduction
Instructor Website
Chapter 1 Introduction and Security Trends
The Computer Security Problem
Threats to Security
Attributes of Actors
Security Trends
Targets and Attacks
Approaches to Computer Security
Ethics
Additional References
Chapter 1 Review
Chapter 2 General Security Concepts
Basic Security Terminology
Formal Security Models
Additional References
Chapter 2 Review
Chapter 3 Operational and Organizational Security
Policies, Procedures, Standards, and Guidelines
Organizational Policies
Security Policies
Human Resources Policies
Security Awareness and Training
Standard Operating Procedures
Third-Party Risk Management
Interoperability Agreements
Chapter 3 Review
Chapter 4 The Role of People in Security
People-A Security Problem
Tools
Attacks
Poor Security Practices
People as a Security Tool
Chapter 4 Review
Chapter 5 Cryptography
Cryptography in Practice
Cryptographic Objectives
Historical Perspectives
Hashing Functions
Symmetric Encryption
Asymmetric Encryption
Quantum Cryptography
Post-Quantum
Lightweight Cryptography
Homomorphic Encryption
For More Information
Chapter 5 Review
Chapter 6 Applied Cryptography
Cryptography Use
Cipher Suites
S/MIME
PGP
Steganography
Secure Protocols
Secure Protocol Use Cases
Cryptographic Attacks
Other Standards
Chapter 6 Review
Chapter 7 Public Key Infrastructure
The Basics of Public Key Infrastructures
Certificate Authorities
Trust Models
Digital Certificates
Certificate Lifecycles
Certificate Repositories
Centralized and Decentralized Infrastructures
Certificate-Based Threats
PKIX and PKCS
ISAKMP
CMP
XKMS
CEP
Chapter 7 Review
Chapter 8 Physical Security
The Security Problem
Physical Security Safeguards
Environmental Controls
Fire Suppression
Electromagnetic Environment
Power Protection
Drones/UAVs
Chapter 8 Review
Chapter 9 Network Fundamentals
Network Architectures
Network Topology
Segregation/Segmentation/Isolation
Security Zones
Network Protocols
Internet Protocol
IPv4 vs. IPv6
Packet Delivery
Inter-Networking
MPLS
Software-Defined Networking (SDN)
Quality of Service (QoS)
Traffic Engineering
Route Security
For More Information
Chapter 9 Review
Chapter 10 Infrastructure Security
Devices
Virtualization
Networking
Security Devices
Security Device/Technology Placement
Tunneling/VPN
Storage Area Networks
Media
Removable Media
Security Concerns for Transmission Media
Physical Security Concerns
Chapter 10 Review
Chapter 11 Authentication and Remote Access
User, Group, and Role Management
Account Policies
Authorization
Identity
Authentication Methods
Biometric Factors
Biometric Efficacy Rates
Multifactor Authentication
Remote Access
Preventing Data Loss or Theft
Database Security
Cloud vs. On-premises Requirements
Connection Summary
For More Information
Chapter 11 Review
Chapter 12 Wireless Security and Mobile Devices
Connection Methods and Receivers
Wireless Protocols
Wireless Systems Configuration
Wireless Attacks
Mobile Device Management Concepts
Mobile Application Security
Mobile Devices
Policies for Enforcement and Monitoring
Deployment Models
Chapter 12 Review
Chapter 13 Intrusion Detection Systems and Network Security
History of Intrusion Detection Systems
IDS Overview
Network-Based IDSs
Host-Based IDSs
Intrusion Prevention Systems
Network Security Monitoring
Deception and Disruption Technologies
Analytics
SIEM
DLP
Tools
Indicators of Compromise
For More Information
Chapter 13 Review
Chapter 14 System Hardening and Baselines
Overview of Baselines
Hardware/Firmware Security
Operating System and Network Operating System Hardening
Secure Baseline
Endpoint Protection
Network Hardening
Application Hardening
Data-Based Security Controls
Environment
Automation/Scripting
Alternative Environments
Industry-Standard Frameworks and Reference Architectures
Benchmarks/Secure Configuration Guides
For More Information
Chapter 14 Review
Chapter 15 Types of Attacks and Malicious Software
Avenues of Attack
Malicious Code
Malware
Attacking Computer Systems and Networks
Advanced Persistent Threat
Password Attacks
Chapter 15 Review
Chapter 16 Security Tools and Techniques
Network Reconnaissance and Discovery Tools
File Manipulation Tools
Shell and Script Environments
Packet Capture and Replay Tools
Forensic Tools
Tool Suites
Penetration Testing
Vulnerability Testing
Auditing
Vulnerabilities
Chapter 16 Review
Chapter 17 Web Components, E-mail, and Instant Messaging
Current Web Components and Concerns
Web Protocols
Code-Based Vulnerabilities
Application-Based Weaknesses
How E-mail Works
Security of E-mail
Mail Gateway
Mail Encryption
Instant Messaging
Chapter 17 Review
Chapter 18 Cloud Computing
Cloud Computing
Cloud Types
Cloud Service Providers
Cloud Security Controls
Security as a Service
Cloud Security Solutions
Virtualization
VDI/VDE
Fog Computing
Edge Computing
Thin Client
Containers
Microservices/API
Serverless Architecture
Chapter 18 Review
Chapter 19 Secure Software Development
The Software Engineering Process
Secure Coding Concepts
Application Attacks
Application Hardening
Code Quality and Testing
Compiled Code vs. Runtime Code
Software Diversity
Secure DevOps
Elasticity
Scalability
Version Control and Change Management
Provisioning and Deprovisioning
Integrity Measurement
For More Information
Chapter 19 Review
Chapter 20 Risk Management
An Overview of Risk Management
Risk Management Vocabulary
What Is Risk Management?
Security Controls
Business Risks
Third-party Risks
Risk Mitigation Strategies
Risk Management Models
Risk Assessment
Qualitatively Assessing Risk
Quantitatively Assessing Risk
Qualitative vs. Quantitative Risk Assessment
Tools
Risk Management Best Practices
Additional References
Chapter 20 Review
Chapter 21 Business Continuity, Disaster Recovery, and Change Management
Business Continuity
Continuity of Operations Planning (COOP)
Disaster Recovery
Why Change Management?
The Key Concept: Separation of Duties
Elements of Change Management
Implementing Change Management
The Purpose of a Change Control Board
The Capability Maturity Model Integration
Environment
Secure Baseline
Sandboxing
Integrity Measurement
Chapter 21 Review
Chapter 22 Incident Response
Foundations of Incident Response
Attack Frameworks
Threat Intelligence
Incident Response Process
Exercises
Stakeholder Management
Communication Plan
Data Sources
Log Files
Data Collection Models
Standards and Best Practices
For More Information
Chapter 22 Review
Chapter 23 Computer Forensics
Evidence
Chain of Custody
Forensic Process
Message Digest and Hash
Analysis
Host Forensics
Device Forensics
Network Forensics
Legal Hold
Chapter 23 Review
Chapter 24 Legal Issues and Ethics
Cybercrime
Ethics
Chapter 24 Review
Chapter 25 Privacy
Data Handling
Organizational Consequences of Privacy Breaches
Data Sensitivity Labeling and Handling
Data Roles
Data Destruction and Media Sanitization
U.S. Privacy Laws
International Privacy Laws
Privacy-Enhancing Technologies
Privacy Policies
Privacy Impact Assessment
Web Privacy Issues
Privacy in Practice
For More Information
Chapter 25 Review
Appendix A CompTIA Security+ Exam Objectives: SY0-601
Appendix B About the Online Content
System Requirements
Your Total Seminars Training Hub Account
Single User License Terms and Conditions
TotalTester Online
Technical Support
Glossary
Index