Please note that index links point to page beginnings from the print edition. Locations are approximate in e-readers, and you may need to page down one or more times after clicking a link to get to the indexed material.
Numbers
2.5G mobile wireless, 683
3DES (Triple-DES), 370, 377–378
3.5G mobile wireless, 684
4G mobile wireless, 684
5G mobile wireless, 683
6to4 tunneling, 508
10Base-T, 532
10GBase-T, 533–534
32-bit addressing, 259
32-bit operating system, 298
64-bit addressing, 259
64-bit operating system, 298
100Base-TX, 532
802.1AF standard, 510
802.1X standard, 669–671
802.1X technology, 667
802.11a standard, 672–673
802.11ac standard, 674
802.11b standard, 672
802.11e standard, 673
802.11f standard, 673
802.11g standard, 673–674
802.11h standard, 674
802.11i standard, 667–668, 669, 671
802.11j standard, 674
802.11n standard, 674
802.15.4 standard, 676
802.16 standard, 675
1000Base-T, 532–533
A
AAA (authentication, authorization, and accounting/audit) protocols, 800–806
ABR (available bit rate), 631
abstraction, 280–281, 1117, 1119, 1125
academic software, 68
acceptable use policy (AUP), 887, 939
access
default settings and, 1082–1083
described, 722
local, 940–941
access control
access control matrix, 797
access criteria, 762–763
considerations, 194, 730–732, 807–808
constrained user interfaces, 796–797
content-dependent, 325, 798, 1170–1171
context-dependent, 325, 799, 1170–1171
DAC model, 787–789, 790, 794, 795
defaulting to no access, 763–764
identity based, 787–789
information disclosure, 819–820
layers, 808–809
markup languages and, 779–784
media, 222
methods, 807–814
monitoring, 822–834
need-to-know principle, 765
networks, 813–814
nondiscretionary, 789
personnel, 949–950
physical, 222, 422–424, 941–949
practices, 819–822
RB-RBAC model, 794–795
reference monitor and, 304–305
regular tasks, 819
resources, 929–930
single sign-on, 766–776
system access, 812
technical, 222
techniques, 800
threats, 834–840
web environment, 1147–1148
access control lists (ACLs), 594, 764, 798
access control matrix, 797
access control models, 787–795
access points (APs), 664–665, 666, 673
account management, 742–743, 886–889
accountability, 814–818, 929–930, 1056
accreditation, 318–320
ACID test, 1174
ACK packets, 500, 586–587, 697
ACLs (access control lists), 594, 764, 798
acquisition phase, 190–191
active attacks, 408
ActiveX controls, 1144–1146
ActiveX Data Objects (ADO), 1162–1163
ActiveX technology, 1138
AD (architecture description), 248, 250
ad hoc WLANs, 664
Address Resolution Protocol (ARP), 539–540
address space layout randomization (ASLR), 269–270
ADM (Architecture Development Method), 24–25
administration
of locks, 947
administrative access controls, 222
administrative controls, 886–905
account management, 886–889
backup verification, 889–892
disaster recovery/business continuity, 892–898
functionality, 12
administrative interfaces, 822, 1147
administrative management, 925–930
administrative/regulatory law, 60, 62
administrators
administrative interfaces, 822, 1157
considerations, 1183
monitoring and, 930
network, 14, 803, 926, 928–930
roles/tasks, 926
running as root, 888
security, 205, 789, 926–930, 1080, 1081
security vs. network administrators, 928–930
separation of duties and, 926
ADO (ActiveX Data Objects), 1162–1163
ADO API, 1162–1163
ADSL (Asymmetric DSL), 648
Advanced Encryption Standard. See AES
advanced persistent threat (APT), 51–52
advisory policies, 90
adware, 1184
AES (Advanced Encryption Standard), 93, 371, 378
AES algorithm, 668
aggregation, 324–325, 1169–1170
agile models, 1105–1108
AH (Authentication Header), 653
AIC (availability, integrity, and confidentiality), 3
AIC triad, 3–6
AIK (Attestation Identity Key), 408
air quality, 446
ALE (annual loss expectancy), 114, 115, 120
alerts
audit trails, 815
Google Alerts, 902
IDS, 121, 825, 826, 833, 903–904
algebraic attacks, 413
algorithm/key relationship, 352
algorithms. See also ciphers
asymmetric. See asymmetric algorithms
broken, 371
hashing, 393–396
overview, 340–342
patents and, 66
public vs. secret, 411
symmetric. See symmetric algorithms
ALU (arithmetic logic unit), 253–256
America Online (AOL), 837
American National Standards Institute (ANSI), 534
American Society for Testing and Materials (ASTM), 450
amplitude, 660
analog transmission, 512–514
analysis, functional, 146
analytic attacks, 413
annual loss expectancy (ALE), 114, 115, 120
annualized rate of occurrence (ARO), 114
ANSI (American National Standards Institute), 534
answers, 1249–1268
antimalware, 1187–1190
immunizers, 1189
keeping up to date, 7
policies/procedures, 1192–1193
tunneling virus and, 1181
viruses and, 1180
antivirus software, 924, 988. See also antimalware
anycast address, 506
AOL (America Online), 837
APIs (application programming interfaces)
ADO, 1162–1163
JDBC, 1163–1164
ODBC, 1162
SDN approach and, 612
applets, 1142–1144
appliances, 595
application controls, 1081–1082
application error, 94
application layer, 480, 483–484, 492
application programmers, 926
application programming interfaces. See APIs
application-based IDS, 830
application-level events, 816
application-level proxy firewalls, 590–593, 596
applications. See also software
classifications, 197
communications between, 486
connections between, 488
crashes/freezes, 933–935
default settings and, 1082–1083
I/O issues, 936–937
legacy, 299
licensing issues, 938–939, 965
maintenance hooks, 333
multi-threaded, 276
user friendliness, 1083
web. See web applications
whitelisting, 966
APs (access points), 664–665, 666, 673
APT (advanced persistent threat), 51–52
architecture
computer. See computer architecture
defined, 250
described, 248
operating system, 291–300
system, 248–252
system security, 301–307
architecture description (AD), 248, 250
Architecture Development Method (ADM), 24–25
architecture frameworks, 20
architecture views, 251
archive bit, 1023
arithmetic logic unit (ALU), 253–256
ARO (annualized rate of occurrence), 114
ARP (Address Resolution Protocol), 539–540
ARP poisoning attack, 540
ASLR (address space layout randomization), 269–270
ASOR (authoritative system of record), 744
ASs (autonomous systems), 562–563
assembly language, 1117
assessment plans, 129
asset inventory, 964–966
asset protection, 215–224
data at rest, 216–217
data in motion, 217–218
data in use, 218–219
data security controls, 216–219
location of data, 217
media controls, 219–224
mobile devices, 234–235
paper records, 235–236
real loss, 215
safes, 236
assets
assigning values to, 149–152
cloud, 969–970
costs associated with, 105
data leakage, 225–234
defined, 189
electronic, 49–50
loss of, 106–107
protecting. See asset protection
security, 189–236
tangible vs. intangible, 105
types of, 189
associations, 882
assurance evaluation, 313
assurance levels, 930–931
assurance rating, 315
ASTM (American Society for Testing and Materials), 450
asymmetric algorithms, 380–388
Diffie-Hellman algorithm, 380–383
El Gamal algorithm, 386
elliptic curve cryptosystem, 386–387
knapsack algorithms, 387
one-way functions, 385–386
PKI and, 399
pros/cons, 358
RSA algorithm, 383–386
vs. symmetric algorithms, 353, 357, 358
using with symmetric algorithms, 364–366
zero knowledge proof, 387–388
Asymmetric DSL (ADSL), 648
asymmetric keys, 353, 356, 358, 364–366, 398
asynchronous attacks, 334
asynchronous token device, 756–757
Asynchronous Transfer Mode. See ATM
asynchronous transmission, 514–515
ATM (Asynchronous Transfer Mode), 618–619, 629–631, 643
ATM packets, 618
atomic transactions, 936
atoms, 221
attack chain, 101
attack surface, 1087–1089
attack trees, 101–102
attackers, 2, 14, 48–54, 106. See also hackers
attacks, 100–101. See also specific attacks
active, 408
algebraic, 413
analytic, 413
asynchronous, 334
birthday, 396
brute-force, 371, 752, 835–836
ciphertext, 410–411
cryptography, 409–414
from different countries, 53, 54–58
at different layers, 483
double tagging, 575
electromagnetic analysis, 760
e-mail spoofing, 559–560
evolution of, 50–53
fault generation, 760
file descriptor, 875
fragmentation, 603
honeypots and, 607
ICMP, 543–545
“in the wild,” 824
input validation, 1149–1152
“low and slow,” 825
man-in-the-middle, 217–218
meet-in-the-middle, 414
network. See network attacks
passive, 408
password-guessing, 772
phishing, 559–560, 836–840, 1178
plaintext, 410
POODLE, 693
routing protocol, 566
side-channel, 412
sniffing, 698–699
social engineering. See social engineering
statistical, 413
teardrop, 603
techniques for, 826
timing, 760
TOC/TOU, 333–335
VLAN hopping, 575
on websites, 1154
wormhold, 566
XSS, 1150–1151
attenuation, 521
Attestation Identity Key (AIK), 408
attributes, 1160
audit logging, 221
audit logs, 814–818, 878–881, 929
audit process, 861
audit trails, 814–818
auditing
access control and, 814
log reviews, 878–881
physical access, 963–964
strategies, 860–865
technical controls, 865–866
war dialing, 874
audit-reduction tools, 817
audits. See also testing
communicating results of, 862
compliance, 864
described, 860
documenting, 861–862
goals of, 860
internal, 863–864
password usage, 752
planning for, 861–862
postmortem, 876–877
protecting audit/log data, 818
reviewing, 814–818
scope of, 860–861
service organization controls, 864–865
third-party, 863–865
AUP (acceptable use policy), 887, 939
authentication, 739–761
CHAP, 657–658
considerations, 727–728
cryptographic keys, 757
cryptosystems, 344
data origin, 391
EAP, 658–659
memory cards, 758
multifactor, 728
mutual, 728
passphrase, 757
passwords. See passwords
remote connections, 657–659
RPC, 487
SASL, 557
smart cards, 758–761
SMTP-AUTH, 559
strong, 727–728
system, 391
system-based, 728
three-factor, 728
web environment, 1147–1148
authentication, authorization, and accounting/audit (AAA) protocols, 800–806
authentication by characteristic, 727
authentication by knowledge, 727, 754
authentication by ownership, 727
Authentication Header (AH), 653
authenticators, 770
Authenticode technology, 1145
authoritative source, 743
authoritative system of record (ASOR), 744
authorization, 762–776
access criteria, 762–763
cryptosystems, 344
defaulting to no access, 763–764
e-mail, 557
Kerberos and, 768–776
need-to-know principle, 765
overview, 762
single sign-on, 766–776
authorization creep, 765
automated risk analysis methods, 113
automatic tunneling, 508
automation, 405, 610–611, 780, 1114
autonomous systems (ASs), 562–563
availability
business continuity planning and, 131, 132
considerations, 970
networks, 970–984
availability controls, 5–6
availability, integrity, and confidentiality. See AIC
available bit rate (ABR), 631
avalanche effect, 360
B
back doors, 827
background checks, 156–157
backup facilities, 1010, 1011, 1018–1021
backups
alternatives, 1021–1025
automatic, 981
clearance level, 196
considerations, 192
data leakage and, 228
differential, 1023
documenting procedures, 1024
electronic solutions, 1025–1028
full, 1023
hardware, 1015–1016
HSM system, 982–983
incremental, 1023
integrity of, 981
offsite storage, 1010, 1011, 1023–1025
onsite copies, 1023–1024
overview, 981
policies, 981
software, 1016–1018
tape media, 1016
testing, 892
tracking, 222
virtualization and, 890–891
badge reader, 949
base register, 282
baseband transmission, 516–517
baselines
evaluating security via, 417–419, 903–904
implementation, 93–94
overview, 91–92
verifying security effectiveness, 31
baselining, 987
Basic Rate Interface (BRI) ISDN, 646, 647
Basic Service Set (BSS), 665
batch processing, 1169
Bayesian filtering, 1190–1192
BCM (business continuity management), 131, 134–139, 140
BCP (business continuity plan), 134–148. See also DRP; risk management
advantages of, 133
assigning values to assets, 149–152
automated/manual tasks, 131
business impact analysis, 146–152
considerations, 131–132
vs. contingency plan, 984
vs. COOP, 1038
cost considerations, 138–139, 141, 143, 150
critical functions, 133, 134, 138, 146–152
data backup options, 1021–1025
definition of terms, 144
described, 130–131
vs. disaster recovery, 130–131
drills, 893–896
due diligence/due care, 145
end-user environment and, 1021
enterprise-wide, 142
establishing, 138
general structure of, 1037
goal setting, 1034–1036
hardware backups, 1015–1016
human resources and, 1019–1021
identifying priorities, 138, 140, 146
initiation process for, 140
insurance options, 1030–1031
integration of, 137
interdependencies, 153–154
life cycle of, 897–898
loss criteria, 150
maintenance of, 138–139, 892–893, 896–897
management support, 138–139, 145–146, 154
maximum tolerable downtime, 150–151
personnel, 153
planning requirements, 145–146
policy for, 142
progress reviews, 140
project components, 139–154
project management, 143–144
project plan, 144
recovery/restoration, 1031–1038
scope, 141–144
senior management and, 137, 138–141, 145, 154
software backups, 1016–1018
software tools, 154
standards/best practices, 133–136
storing plans for, 1020
SWOT analysis, 143–144
team members, 139–140, 141, 142, 154
testing/revising plans, 892–895
BCP committee, 139
BCP coordinator, 139, 140, 144
BCP development procedures, 1035
BCP team, 139–142, 154, 1005, 1006
beamforming, 674
BEDO DRAM (burst EDO DRAM), 259
behavior blocking, 1189–1190
behavioral model, 1087
behavioral-based IDS, 825–826
Bell-LaPadula model, 307–308, 309, 312
best-effort service, QoS, 631
BGP (Border Gateway Protocol), 565–566
BIA (business impact analysis), 146–152, 1030–1031
big data, 1177
birthday attack, 395–396
BISDN (Broadband ISDN), 646
bits, 341, 359–363, 374–375, 514
BitTorrent protocol, 64
black box testing, 869
blacklists, 987
blind test, 873
Blowfish algorithm, 379
Bluesnarfing, 677
Bluetooth technology, 676–677
BOOTP (Bootstrap Protocol), 543
BOOTP servers, 543
boot-sector viruses, 820
Bootstrap Protocol (BOOTP), 543
bootup sequence, 935
Border Gateway Protocol (BGP), 565–566
border routers, 569
boundary conditions, 886
bounds checking, 267
Brewer and Nash model, 311, 313
BRI (Basic Rate Interface) ISDN, 646, 647
British Standard 7799 (BS7799), 16–18
Broadband ISDN (BISDN), 646
broadband transmission, 516–517
broadband wireless access, 675
broadcast domains, 530
broadcast storms, 568
broadcast transmission, 536, 537
browsers
accessing data via, 1155
ActiveX and, 1145
certificate authorities, 738
cookies and, 693–694
drive-by downloads, 699, 700, 900, 901–902
security and, 690–691
web access management, 738
brute-force attacks, 371, 752, 835–836
BS7799 (British Standard 7799), 16–18
BSA (Business Software Alliance), 68–69
BSA Global Software Survey, 68–69
BSI (Build Security In), 1098
BSS (Basic Service Set), 665
buffer overflows, 265–269, 875, 1092
buffers, 265
Build and Fix model, 1099
Build Security In (BSI), 1098
building codes, 429
bulletproof material, 433
bump key, 949
burst EDO DRAM (BEDO DRAM), 259
business continuity, 137, 153, 892. See also BCP/BCM entries
business continuity coordinator, 139, 140, 144
Business Continuity Institute, 135
business continuity management. See BCM
business continuity plan. See BCP
business enablement, 30–31
business functions, outsourcing, 126
business impact analysis (BIA), 146–152, 1030–1031
business process recovery, 1006
Business Software Alliance (BSA), 68–69
businesses. See organizations
bytecode, 1143
C
C&A (certification and accreditation), 320
cable modems, 648–649
cabling, 517–522
attenuation, 521
bandwidth values, 517
considerations, 811
copper, 519
crosstalk, 521–522
fire ratings, 522
noise, 520–521
plenum space and, 522
problems with, 520–522
twisted-pair, 518–519
cache memory, 261
call-processing manager, 636
CAN bus (Controller Area Network bus) protocol, 496–497
Capability Maturity Model Integration. See CMMI
capability maturity models (CMMs), 1112–1113
capability tables, 797–798
CAPTCHA, 754
card badge reader, 949
care-of address, 805
carrier, 527
carrier sense multiple access (CSMA), 527–528
carrier sense multiple access with collision avoidance (CSMA/CA), 527, 528, 660
carrier sense multiple access with collision detection (CSMA/CD), 527–528, 660
carrier signal, 512
carrier-sensing access methods, 528
CAs (certificate authorities), 399–404, 689, 690
CASE (computer-aided software engineering) tools, 1089–1091
catastrophes, 1007
CBC (Cipher Block Chaining) mode, 373–374
CBC-MAC (Cipher Block Chaining Message Authentication Code), 391–392, 393
CBK (Common Body of Knowledge), xxx, xxxiv, 137
CBK domains, xxxi–xxxii
CBR (constant bit rate), 630
C&C (command-and-control) servers, 1185
CCDs (charged-coupled devices), 957
CCTV (closed-circuit TV) system, 955–960
CDDI (Copper Distributed Data Interface), 536
CDMA (code division multiple access), 681–682, 683
CDN (content distribution network), 608–609, 697–698
CDs, 223
ceiling panels, 435
cell phones. See mobile devices
cell suppression, 325–326, 1171
cells, 1161
cellular networks, 679–681
Central Computing & Telecommunications Agency Risk Analysis & Management Method (CRAMM), 111
central processing unit. See CPU
CEO (chief executive officer), 199–200
CEO role, 199–200
CER (crossover error rate), 746–747
CERT (Computer Emergency Response Team), 996
certificate authorities (CAs), 399–404, 689, 690
certificate revocation list (CRL), 401–402
certificates, 399–404
certification, 318–320
certification and accreditation (C&A), 320
Certified Information Systems Security Professional. See CISSP
CFB (Cipher Feedback) mode, 374–375
CFO (chief financial officer), 200–201
CFO role, 200–201
chain of custody, 1047–1049
Challenge Handshake Authentication Protocol (CHAP), 657–658
change control, 1113–1116
change control analyst role, 205
change control documentation, 968–969
change control process, 967–968
channel service unit/data service unit (CSU/DSU), 624–625
channels, 664
CHAP (Challenge Handshake Authentication Protocol), 657–658
charged-coupled devices (CCDs), 957
checklist test, 894
checkpoints, 1168
checksums, 935
chief executive officer (CEO), 199–200
chief financial officer (CFO), 200–201
chief information officer (CIO), 201–202
chief information security officer (CISO), 161, 164, 203
chief privacy officer (CPO), 202
chief security officer (CSO), 202–203
Chinese Wall model, 311
chipping code, 662
chips, 662
CIA (confidentiality, integrity, and availability), 3
CIDR (classless interdomain routing), 505
CIO (chief information officer), 201–202
CIO role, 201–202
Cipher Block Chaining. See CBC
Cipher Feedback (CFB) mode, 374–375
cipher locks, 945–946
Cipher-Based Message Authentication Code (CMAC), 391–392, 393
ciphers, 345–353. See also algorithms; cryptography
concealment ciphers, 347–348, 350
null ciphers, 348
overview, 350–351
RC4/RC5/RC6 ciphers, 379–380
ROT13 cipher, 337
running, 347–348
scytale cipher, 336
stream ciphers, 359, 360–362, 363
substitution ciphers, 335, 337, 350–353
transposition ciphers, 351–353
Vernam cipher, 345
Vigenère cipher, 337
ciphertext attacks, 410–411
CIR (committed information rate), 627, 628
circuit switching, 625–627
circuit-level proxy firewalls, 590–593, 596
CIS (computer information system), 99
CISO (chief information security officer), 161, 164, 203
CISSP (Certified Information Systems Security Professional), xxix–xxxiv
CISSP certification, xxix
civil law, 62
civil law system, 58
civil legal systems, 58
civil/tort law, 59–60
Clark-Wilson model, 309–310, 313
classes, 503
classification. See information classification
classification controls, 197–198
classless interdomain routing (CIDR), 505
classless IP addresses, 505
cleanroom approach, 1109
cleartext, 1153
cleartext passwords, 835
clients
honeyclients, 992
network, 542
proxy servers and, 605–606
session IDs, 1153
SQL, 1160
thin, 775–776
web-based, 612
client/server model, 1132, 1133, 1135, 1141
client-side validation, 1149–1150
climate issues, 446–447
Clinger-Cohen Act, 22
closed systems, 320–321
closed-circuit TV (CCTV) system, 955–960
cloud assets, 969–970
cloud computing, 322, 969–970, 1141
cloud network, 628
clustered servers, 1029
clustering, 979–980
CM. See configuration management
CMAC (Cipher-Based Message Authentication Code), 391–392, 393
CMMI (Capability Maturity Model Integration), 16, 39–40, 1111–1113
CMMI model, 1111–1113
CMMs (capability maturity models), 1112–1113
COBIT (Control Objectives for Information and related Technology), 33–34
COBIT 5 framework, 15
COBIT framework, 33–34
code, 1122–1123. See also programming
compiled, 1115
debugging, 300, 1089, 1092, 1117
exploiting security holes, 70
high-quality, 1077–1078
mobile, 1142–1146
open-source, 13
sandboxes, 991
testing/validating, 1084, 1093–1095, 1097
“tight code,” 1131
unsigned, 937
“code bloat,” 884
code division multiple access (CDMA), 681–682, 683
code obfuscation, 990
Code of Ethics, 165
code repositories, 1116
code reviews, 884–886
code signing, 937
code stubs, 884
CoE (Council of Europe), 54–55
cognitive passwords, 754
cold sites, 1008–1011
cold starts, 934
collections, 271
collision domains, 529–530
COM (Component Object Model), 1136–1137
command-and-control (C&C) servers, 1185
commercial off-the-shelf (COTS) products, 1016
commercial software, 68
commit operation, 1168
committed information rate (CIR), 627, 628
Committee of Sponsoring Organizations. See COSO
Common Body of Knowledge. See CBK
common controls, 128–129
common law system, 59–60
Common Object Request Broker Architecture (CORBA), 1134–1136
Common Weakness Enumeration (CWE), 1091–1092
communications
analog/digital, 512–514
broadband/baseband, 516–517
synchronous/asynchronous, 514–515
communities, 546–547
community strings, 546–547
companies. See organizations
compensating controls, 10, 11–13
compiled code, 1115
compilers, 1119
compliance audits, 864
compliance programs, 1060–1063
Component Object Model (COM), 1136–1137
components, trusted, 262, 288, 304
compression, 363, 485, 514, 515, 957
computer architecture, 252–270. See also architecture
central processing unit, 252–257
memory types, 258–270
multiprocessing, 257–258
computer controls, 811
computer crime. See also cybercrime
criminal behavior, 1042
forensics. See computer forensics
incident investigators, 1042–1043
interviewing suspects, 1052–1053
investigating. See investigations
motive/opportunity/means, 1041–1042
surveillance. See surveillance
computer crime laws (cyberlaw), 45–47
computer criminal behavior, 1042
Computer Emergency Response Team (CERT), 996
Computer Ethics Institute, 166
computer forensics, 1039–1041
forensic software, 1044–1045
forensics field kits, 1046–1047
investigation process, 1043–1049
overview, 1039–1040
SWGDE attributes/principles, 1040–1041
computer information system (CIS), 99
computer is incidental crime, 46
computer systems. See systems
computer-aided software engineering (CASE) tools, 1089–1091
computer-assisted crimes, 45, 46
computer/equipment rooms, 435–439
computers
disposal/destruction of, 220–221
laptop. See laptop computers
mainframes, 522
microcomputers, 522
obsolete, 220
computer-targeted crime, 45–46
concealment ciphers, 347, 348, 350
concentrators, 567
concurrency problems, 1166–1167
Confidential data classification, 195, 196
confidentiality
Bell-LaPadula model, 307–308
business continuity planning and, 131, 132
cryptosystems, 344
confidentiality controls, 6
confidentiality, integrity, and availability (CIA), 3
configuration management (CM), 933–940
change control documentation, 968–969
change control process, 967–968
input/output controls, 936–937
remote access security, 939–940
remote systems administration, 939–940
resource provisioning and, 966–970
security concerns, 935
system hardening, 937–939
trusted recovery, 933–935
confusion, 359–360
connectionless protocols, 488, 497, 498
connection-oriented protocols, 488, 497, 498
connections
dial-up, 644–645
half-duplex, 486
remote. See remote connectivity
between systems, 488
connectivity, 786
consistency, 1174
consortium, 1012
constant bit rate (CBR), 630
constrained user interfaces, 796–797
content distribution network (CDN), 608–609, 697–698
content-dependent access control, 325, 798, 1170–1171
contention-based environments, 529
context-dependent access control, 325, 799, 1170–1171
contingencies, 984–992
contingency companies, 1009
contingency planning, 983–984
continuity, business. See BCP/BCM entries
continuity of operations (COOP), 1038
continuity planning. See BCP
contractors, 106
contractual agreements, 1058–1059
control group, 926
Control Objectives for Information and related Technology. See COBIT
control plane, 610
control unit, 254
Controller Area Network bus (CAN bus) protocol, 496–497
controls, 102. See also security controls
administrative. See administrative controls
application, 1081–1082
availability, 5–6
categorization of, 35
common, 128–129
computer controls, 811
considerations, 985
diversity of, 941
hybrid, 129
input/output, 936–937
security. See security controls
service organization, 864–865
system-specific, 129
technical, 8–12, 811–814, 865–866
Convention on Cybercrime, 54–55
convergence, 203
cookies, 693–694, 738, 1152, 1154
COOP (continuity of operations), 1038
Copper Distributed Data Interface (CDDI), 536
Copyright Directive, 70
copyright law, 64–65
CORBA (Common Object Request Broker Architecture), 1134–1136
Core RBAC, 792–793
corporate ethics, 168
COSO (Committee of Sponsoring Organizations), 15, 36–37
cost/benefit analysis, 102, 120
COTS (commercial off-the-shelf) products, 1016
Council of Europe (CoE), 54–55
Counter (CTR) mode, 376–377
countermeasures, 7, 102, 121–122. See also safeguards; security controls
counter-synchronization, 755
coupling, 1130–1131
covert channels, 310–311
CPO (chief privacy officer), 202
CPO role, 202
CPTED (Crime Prevention Through Environmental Design), 420–426
CPU (central processing unit)
architecture integration, 287–291
memory and, 261–265
multiple cores, 279
operation modes, 290
overview, 252–257
CPU time, 271–272
CRAMM (Central Computing & Telecommunications Agency Risk Analysis & Management Method), 111
credit card fraud, 79–80
Crime Prevention Through Environmental Design (CPTED), 420–426
crimes. See computer crime; cybercrime
crimeware toolkits, 1186–1187
CRL (certificate revocation list), 401–402
CRM (customer relationship management), 128, 783, 784
cross-certification, 401
crossover error rate (CER), 746–747
cross-site scripting. See XSS
crosstalk, 521–522
cryptanalysis, 339–340, 411, 412
cryptographic algorithms, 14
cryptographic checksums, 935
cryptographic hash chaining, 880
cryptographic keys, 757
cryptography, 335–350. See also cryptosystems; encryption
asymmetric. See asymmetric algorithms
attacks on, 409–414
ciphers. See ciphers
considerations, 404
definitions/concepts, 340–350
digital signatures, 396–399
hardware vs. software, 687
history of, 335–340
key management, 404–407
message integrity and, 388–399
overview, 335
public key, 383
steganography, 348–350
symmetric. See symmetric algorithms
transformation techniques, 363
Trusted Platform Module, 407–409
zero knowledge proof, 387–388
cryptography notation, 380
cryptography systems, 687
cryptosystems. See also ciphers; cryptography
asymmetric, 356
cybertext/plaintext attacks, 410–411
Kerckhoffs’ principle, 342–343
services, 344–345
strength of, 343–344
symmetric, 355
synchronous vs. asynchronous, 377
CSMA (carrier sense multiple access), 527–528
CSMA/CA (carrier sense multiple access with collision avoidance), 527, 528, 660
CSMA/CD (carrier sense multiple access with collision detection), 527–528, 660
CSO (chief security officer), 202–203
CSO role, 202–203
CSU/DSU (channel service unit/data service unit), 624–625
CTR (Counter) mode, 376–377
culture, 902–903
customer data, 215
customer relationship management (CRM), 128, 783, 784
customary law system, 60
CWE (Common Weakness Enumeration), 1091–1092
cyber kill chains, 997–998
cyber squatting, 554–555
cybercrime, 48–62. See also computer crime
common Internet schemes, 53
complexities in, 48–62
computer-assisted crimes, 45, 46
computer-targeted crimes, 45–46
electronic assets, 49–50
import/export legal issues, 57–58
inside jobs, 54
international issues, 54–58
overview, 48–49
perpetrators, 50–54
cyberlaw, 45–47
cyber-physical systems, 328–330
D
DAC (discretionary access control), 787–790, 794, 795, 1171
DAC (dual-attached concentrator), 536
damage assessment, 1032
DAS (data acquisition servers), 331
DAS (dual-attachment station), 536
DASDs (direct access storage devices), 976–977
data. See also information
backing up. See backups
big data, 1177
biometric, 747–748
changing format, 222
classification. See information classification
confidentiality, 307–308
customer, 215
database, 890
described, 21–22
destruction of. See data disposal/destruction
employee, 215
encapsulation, 279, 481–482, 502, 1124–1127
high-value, 227
integrity, 4, 308–309, 723–724, 1166–1169
location of, 217
locking, 1167
loss of, 94
mailbox, 890
malicious, 820
metadata. See metadata
misuse of, 94
ownership, 228
private, 215
replication of, 1027
at rest, 693
retaining. See data retention
sensitive, 820
states of, 216–219
in transit, 693
transmission. See data transmission
types of, 890
user, 890
data access, 194
data acquisition servers (DAS), 331
data analyst roles, 205
data archive, 192
data buses, 256–257
data circuit-terminating equipment (DCE) device, 625, 627–628
data control language (DCL), 1164
data custodian role, 204
data definition language (DDL), 1164
data dictionaries, 1161, 1164, 1165
data diode, 880
data disposal/destruction
considerations, 190
data remanence and, 211–214
destroying physical media, 214, 223
encryption, 214
overview, 192–193
overwriting data, 214
Data Encryption Algorithm (DEA), 370, 378
Data Encryption Standard. See DES
data execution prevention (DEP), 270
data files, 890
data flows, 228
data frames, 526
data inventories, 227–228
data leak prevention (DLP), 226–234
data leakage, 225–234
data life cycle, 229
data link layer, 490–491, 493, 509–511
data link protocols, 515, 633–634
data loss prevention (DLP), 902
data manipulation language (DML), 1164
data modeling, 1129
data origin authentication, 391
data owner role, 203–204
data owners
described, 203–204
privacy issues and, 210–211
data ownership, 203–204
data parallelism, 323
data processors, 211
data protection strategy, 228–229
data remanence, 211–214
data retention. See also archival
classification and, 208
considerations, 191–192
e-discovery, 209–210
indexing and, 208
normalization and, 208
period of retention, 208–209
policies, 206–210
taxonomies, 208
type of data retained, 209
data security controls, 216–219
data storage, 206
data structures, 502–503, 1129–1130
data transmission
analog/digital, 512–514
asynchronous/synchronous, 514–515
broadband/baseband, 516–517
methods, 536–538
types of, 512–517
data warehousing, 1174–1177
database administrator, 796, 926, 1155
database management, 1155–1177
data warehousing/mining, 1174–1177
database models, 1157–1161
integrity, 1166–1169
overview, 1155
programming interfaces, 1161–1164
relational databases, 1164–1166
security issues, 324–326, 1169–1174
database management system (DBMS), 1155–1157, 1160
database models, 1157–1161
database programming interfaces, 1161–1164
database security, 1169–1174
aggregation, 324–325, 1169–1170
considerations, 1171
database views, 1171–1172
OLTP, 1173–1174
overview, 1169–1171
polyinstantiation, 1172–1173
database views, 796, 1171–1172
databases
aggregation, 324–325
batch processing, 1169
characteristics, 1156
checkpoints, 1168
commits, 1168
described, 1160
hierarchical, 1158–1159
integrity, 1166–1169
interference, 325
locking data, 1167
network, 1159–1160
risk, 1155
rollbacks, 1168
savepoints, 1168
security issues. See database security
terminology, 1160–1161
two-phase commits, 1169
types of data, 890
using browser to access, 1155
datagrams, 502
data-mining, 1174–1177
Data-Over-Cable Service Interface Specifications (DOCSIS), 649
DBMS (database management system), 1155–1157, 1160
DCE (Distributed Computing Environment), 1132–1133
DCE (data circuit-terminating equipment) device, 625, 627–628
DCL (data control language), 1164
DCOM (Distributed Component Object Model), 1132–1133, 1136–1137
DCS (distributed control system), 331
DDL (data definition language), 1164
DDoS attacks, 603, 649, 697–698
DDR (dial-on-demand routing), 647
DDR SDRAM (double data rate SDRAM), 260
DEA (Data Encryption Algorithm), 370, 378
debugging, 300, 1089, 1092, 1117
dedicated links, 620–624
defense-in-depth, 9–10
delayed binding, 698
delayed loss, 106–107
Delphi technique, 118
demilitarized zone. See DMZ
DEP (data execution prevention), 270
Department of Defense Architecture Framework (DoDAF), 25–26
Department of Veterans Affairs Information Security Protection Act, 77
DES (Data Encryption Standard), 339, 370–377
DES (Triple-DES), 370, 377–378
DES modes, 372–377
design phase, 249, 1084, 1086–1089, 1096
desk check test, 894
deterrent controls, 10
development, defined, 249
development phase, 1084, 1089–1093, 1097
devices. See also hardware
automated scanning of, 966
fail-safe, 1063
input/output, 285–287
mean time between failures, 971–972, 973
mean time to repair, 972–973
mobile. See mobile devices
near-line, 982
networking. See networking devices
potable, 937–938
RAID, 974–976
single points of failure, 973–980
storage. See storage devices
surveillance, 955–960
DevOps, 1109–1110
DFRWS (Digital Forensic Research Workshop), 1041
DHCP (Dynamic Host Configuration Protocol), 540–543
DHCP clients, 541–542
DHCP snooping, 542
DHS (U.S. Department of Homeland Security), 1098
diagnostic logs, 935
dialog management, 486
dial-on-demand routing (DDR), 647
dial-up connections, 644–645
Diameter protocol, 805–807
differential backups, 1023
differential cryptanalysis, 411
differential power analysis attacks, 760
differentiated service, QoS, 631
Diffie-Hellman algorithm, 380–383
digital certificates, 399–404
digital envelopes, 367
digital evidence, 1040. See also evidence
Digital Forensic Research Workshop (DFRWS), 1041
digital forensics, 1039. See also computer forensics
digital identities, 776–777
Digital Millennium Copyright Act (DMCA), 70
Digital Signature Algorithm (DSA), 399
Digital Signature Standard (DSS), 395, 398–399
digital signatures, 396–399, 757
digital subscriber line (DSL), 647–648, 649
digital transmission, 512–514
direct access storage devices (DASDs), 976–977
direct memory access (DMA), 286
direct sequence spread spectrum (DSSS), 661, 662–663
directories
IdM, 733–734
LDAP, 735–736
meta-directories, 734–735, 736
overview, 732–736
permissions, 876
structure, 734–735
directory services, 732–733, 775, 776
directory traversal, 1149
disaster recovery, 130–154. See also DRP; recovery entries
catastrophes, 1007
vs. continuity planning, 130–131
described, 892
goal of, 130
management support, 145–146
disaster recovery plan. See DRP
disasters
actions taken after, 138
damage assessment, 1032
defined, 1006
natural, 100
vs. nondisasters, 1006
planning for. See DRP
discretionary access control (DAC), 787–790, 794, 795, 1171
disk duplexing, 1025
disk shadowing, 1025
diskless workstations, 542–543
disks
DASDs, 976–977
HSM system, 982–983
MAID, 977–978
mirroring, 1025
SASDs, 976–977
distance-vector routing protocols, 564, 565
distinguished names (DNs), 732
Distributed Component Object Model (DCOM), 1132–1133, 1136–1137
distributed computing, 1132–1142
COM/DCOM, 1136–1137
considerations, 1142
CORBA/ORBs, 1134–1136
DCE, 1132–1133
Java EE, 1138
OLE, 1137–1138
overview, 1132
SOA, 1138–1142
Distributed Computing Environment (DCE), 1132–1133
distributed control system (DCS), 331
Distributed Network Protocol 3 (DNP3), 496
distributed system security, 321–332
cloud computing, 322
cyber-physical systems, 328–330
databases, 324–326
industrial control systems, 330–332
mobile devices, 327–328
parallel computing, 323
web applications, 326–327
distributed systems, 321
DLL (dynamic link library), 282
DLP (data leak prevention), 226–234
DLP (data loss prevention), 902
DLP resiliency, 231
DLP solutions, 227, 228, 230, 231
DMA (direct memory access), 286
DMCA (Digital Millennium Copyright Act), 70
DML (data manipulation language), 1164
DMZ (demilitarized zone)
considerations, 812, 1061–1062
firewalls and, 581–582, 597–599, 600
illustrated, 813
WLANs and, 677
DNP3 (Distributed Network Protocol 3), 496
DNs (distinguished names), 732
DNS (Domain Name Service), 547–555
naming hierarchy, 549–550
overview, 547–548
threats, 552–554
DNS hijacking, 699–700
DNS namespaces, 548
DNS poisoning, 838–839
DNS proxy servers, 606
DNS resolver, 551
DNS security (DNSSEC), 552–553
DNS servers, 548–555, 699, 838–839
DNS splitting, 553
DNSSEC (DNS security), 552–553
DoAF framework, 15
DOCSIS (Data-Over-Cable Service Interface Specifications), 649
documentation
audits, 861–862
backups, 1024
for business continuity, 1018–1019
change control, 968–969
for disaster recovery, 1018–1019
restoring data, 1024
security programs, 87
templates, 1033
DoDAF (Department of Defense Architecture Framework), 25–26
dogs, guard, 963
domain grabbing, 554–555
Domain Name Service. See DNS
domain names, 554–555
domain registration, 554–555
CBK, xxxi–xxxii
described, 291
Internet, 549–552
security, xxxi–xxxii, 772–775, 776
single sign-on and, 772–775, 776
DOM-based XSS vulnerabilities, 1150
DoS attacks, 566, 588, 603, 696–698
“dot dot slash” attack, 1149
double data rate SDRAM (DDR SDRAM), 260
double tagging attacks, 575
double-blind test, 873
DRAM (dynamic RAM), 258–259
DRI International Institute, 135
drive-by downloads, 699, 700, 900, 901–902
drives
floppy, 272
tape, 978
USB, 820
DRP (disaster recovery plan), 1002–1030. See also business continuity; disasters; recovery process
backup facility options, 1010, 1011, 1018–1021
business continuity plan. See BCP entries
business process recovery, 1006
communications, 132
damage assessment, 1032
data backup options, 1021–1025
described, 1038
disasters vs. nondisasters, 1006
documentation and, 1018–1019
end-user environment and, 1021
facility recovery, 1006–1013
goal setting, 1034–1036
hardware backups, 1015–1016
high availability and, 1028–1030
human resources and, 1019–1021
implementing strategies for, 1036–1038
insurance options, 1030–1031
maximum tolerable downtime, 1002–1005
Occupant Emergency Plan, 1063–1064
outsourcing and, 1014
overview, 1002–1005
preventive measures, 984–992
preventive vs. recovery strategies, 1005
purpose of, 130
reconstitution phase, 1033–1034
recovery activation criteria, 1032–1033
recovery time objective, 1002–1005
recovery/restoration, 1031–1038
redundant sites, 1012–1013
software backups, 1016–1018
storing plans for, 1020
supply/technology recovery, 1013–1015
vulnerabilities after disaster, 132
DSA (Digital Signature Algorithm), 399
DSL (digital subscriber line), 647–648, 649
DSS (Digital Signature Standard), 395, 398–399
DSSS (direct sequence spread spectrum), 661, 662–663
dual control, 155
dual-attached concentrator (DAC), 536
dual-attachment station (DAS), 536
dual-homed firewalls, 597–598, 600
due care, 145, 924, 1053, 1054
due diligence, 145, 924, 1053, 1054
durability, 1174
dust, 222
DVDs, 223
Dynamic Host Configuration Protocol. See DHCP
dynamic link library (DLL), 282
dynamic mapping, 561
dynamic packet-filtering firewalls, 593–594, 596
dynamic passwords, 754
dynamic ports, 500
dynamic RAM (DRAM), 258–259
dynamic routing protocols, 563
E
EAC (electronic access control) tokens, 950
EAL (Evaluation Assurance Level), 92, 314
EAP (Extensible Authentication Protocol), 658–659, 669–670
EAP-TLS (Extensible Authentication Protocol-Transport Layer Security), 510, 511, 670
EAP-TTLS (EAP-Tunneled Transport Layer Security), 670
EAP-Tunneled Transport Layer Security (EAP-TTLS), 670
e-carriers, 621–622
ECB (Electronic Code Book) mode, 372–373
ECC (elliptic curve cryptosystem), 386–387
Economic Espionage Act of 1996, 85
EDI (electronic data interchange), 613, 614
e-discovery, 209–210
EDLP (endpoint DLP), 232–233
EDO DRAM (extended data out DRAM), 259
EDRM (Electronic Discovery Reference Model), 209–210
EEPROM (electrically erasable programmable read-only memory), 260–261
EER (equal error rate), 746
EF (exposure factor), 114
EGPs (exterior gateway protocols), 565–566
egress filtering, 584
EIGRP (Enhanced Interior Gateway Routing Protocol), 565
EK (Endorsement Key), 408
El Gamal algorithm, 386
electric power, 441–446
best practices, 446
fluctuations in, 444–445
generators, 443
in-rush current, 445
interference, 443–444
power failure, 441, 442–443, 945
power grid, 441–442
power losses, 440–441
power protection, 442–443
smart grid, 441–442
electrically erasable programmable read-only memory (EEPROM), 260–261
electromagnetic analysis attacks, 760
electromagnetic interference (EMI), 443–444, 517–518
electronic access control (EAC) tokens, 950
electronic assets, 49–50
Electronic Code Book (ECB) mode, 372–373
electronic data interchange (EDI), 613, 614
Electronic Discovery Reference Model (EDRM), 209–210
electronic vaulting, 1026–1027
electronically stored information (ESI), 209–210
electrostatic IDS, 962
e-mail, 555–560
authorization, 557
encryption, 687–690
IMAP, 556–557
monitoring of, 81–83
overview, 555–556
PGP, 689–690
POP, 556
relaying, 557–559
viruses/worms in, 1178
e-mail clients, 484
e-mail gateways, 577
e-mail policy, 89
e-mail spoofing attacks, 559–560
emanation security, 820–822
embedded systems, 329
embedding, 1138
emergencies, 138
emergency responders, 1063
emergency response procedures, 895–896
emergency system restart, 934
EMI (electromagnetic interference), 443–444, 517–518
employees. See personnel
emulation buffer, 1188
encapsulated processes, 279
Encapsulating Security Payload (ESP), 653
encapsulation, 279, 481–482, 502, 1124–1127
encryption. See also cryptography
asymmetric. See asymmetric algorithms
considerations, 814
digital signatures, 396–399
e-mail, 687–690
hybrid methods, 364–369
importance of, 937
methods of, 353–369
networks. See network encryption
passwords, 753
presentation layer and, 485
rendering data unrecoverable, 214
RSA public key, 689
session keys, 367–369
steganography, 348–350
storage devices, 216–217
swap space and, 285
symmetric. See symmetric algorithms
symmetric vs. asymmetric, 353–359
websites, 1154
End User License Agreement (EULA), 68
Endorsement Key (EK), 408
endpoint DLP (EDLP), 232–233
end-to-end encryption, 685–687
end-user environment, 1021
Enhanced Interior Gateway Routing Protocol (EIGRP), 565
Enhanced Performance Architecture (EPA), 496
Enigma machine, 338–339
enterprise architecture development, 19–32
enterprise security architecture, 26–32
enterprise vs. system architectures, 32
frameworks, 21–26
military-oriented frameworks, 25–26
overview, 19–21
TOGAF, 24–25
enterprise architecture frameworks, 21–22
enterprise security architecture, 26–32
entity integrity, 1167
environmental conditions, 222
environmental controls/issues
CPTED concepts, 420–426
electric power, 441–446
fire suppression, 448–449, 452–453
overview, 446–448
Environmental Protection Agency (EPA), 427
EPA (Enhanced Performance Architecture), 496
EPA (Environmental Protection Agency), 427
EPROM (erasable programmable read-only memory), 260
equal error rate (EER), 746
equipment. See also devices; hardware
damage to, 439
malfunction, 94
obsolete, 220
stolen, 439
equipment rooms, 435–439
erasable programmable read-only memory (EPROM), 260
errors, software, 1091–1092
ESI (electronically stored information), 209–210
ESP (Encapsulating Security Payload), 653
Ethernet networks, 490, 531–534
Ethernet technology
characteristics, 537
Metro Ethernet, 615–617
ethical fallacies, 165–166
ethics, 165–168
EU (European Union), 56–57
EU laws, 85–86
EULA (End User License Agreement), 68
European Union. See EU
Evaluation Assurance Level (EAL), 92, 314
event management, 932
events
application-level, 816
described, 993
vs. incidents, 993
system-level, 815–816
user-level, 816
evidence
admissibility of, 1049–1051
analysis, 1049
chain of custody, 1047–1049
collection of, 1040–1041, 1047–1049
considerations, 1039–1041, 1049
life cycle, 1050–1051
search and seizure, 1051–1052
exclusive-OR (XOR), 345
execution domain, 303
executive management
abuse of roles, 200–201
business continuity plan, 137, 138–141, 145, 154
CEO, 199–200
CFO, 200–201
CIO, 201–202
CPO, 202
CSO, 202–203
layers of responsibility, 199–203
liability issues and, 1055
roles, 199–203
security and, 87
succession planning, 1020–1021
executive summaries, 907–908
exigent circumstances, 1052
exploratory model, 1108
exposure, defined, 7
exposure factor (EF), 114
extended data out DRAM (EDO DRAM), 259
Extended TACACS (XTACACS), 802
Extensible Access Control Markup Language (XACML), 783–784
Extensible Authentication Protocol (EAP), 658–659, 669–670
Extensible Authentication Protocol-Transport Layer Security (EAP-TLS), 510, 511, 670
Extensible Markup Language. See XML
exterior gateway protocols (EGPs), 565–566
extranets, 612–614
Extreme Programming (XP), 1107
F
facial scans, 750
Facilitated Risk Analysis Process (FRAP), 108
facilities
access controls, 941–949, 1063
building codes, 429
cold sites, 1008–1011
construction materials, 429–432
data center, 436–437
doors, 429, 430, 433–434, 436, 439
electric power, 441–446
entry points, 432–433
environmental planning, 446–448
hot sites, 1007–1009, 1011, 1013
load, 429
location, 428–429
locks, 941–949
moving back after disaster, 1033–1034
Occupant Emergency Plan, 1063–1064
reciprocal agreements, 1011
recovery operations, 1006–1013
redundant sites, 1012–1013
reinforcement, 432
restricted areas, 436
security. See facility security
structure, 429
types of disruptions, 1006–1007
warm sites, 1008–1011
facility safety officer, 427
facility security, 414–439. See also physical security
assessing protection level of, 426–428
computer/equipment rooms, 435–439
considerations, 428–429
construction issues, 429–432
doors, 429, 430, 433–434, 436, 439
entry points, 429–432
internal compartments, 435
internal support systems, 440–454
overview, 414–415
protecting assets, 439–440
site planning process, 415–439
threats, 414
windows, 434
factors, 903
failover capability, 1029
fail-safe devices, 1063
fail-safe setting, 434
fail-secure setting, 434
failure modes, 109
Failure Modes and Effect Analysis (FMEA), 109–110
false positives/negatives, 987, 998
Faraday cage, 821
FAST (Federation Against Software Theft), 69
Fast Ethernet, 532
fast flux, 1185
FAT (File Allocation Table) file system, 211–214
fault generation attacks, 760
fault tree analysis, 110
fault trees, 110–111
fax machines, 874
FCC (Federal Communications Commission), 479
FCoE (Fibre Channel over Ethernet), 511
FCS (frame check sequence) numbers, 626
FDDI rings, 534, 535, 536, 537, 614
FDDI (Fiber Distributed Data Interface) technology, 534–536
FDDI-2, 536
FDM (frequency-division multiplexing), 623
FDMA (frequency division multiple access), 681
Federal Communications Commission (FCC), 479
Federal Information Security Management Act (FISMA), 75–76
Federal Privacy Act of 1974, 75
federated identities, 776–785
federation, 776–785
Federation Against Software Theft (FAST), 69
fencing, 951–953
fetch request, 255–256
FHSS (frequency hopping spread spectrum), 661–662, 663
fiber cables, 648
Fiber Distributed Data Interface. See FDDI
fiber-optic cables, 519–520
Fibre Channel over Ethernet (FCoE), 511
File Allocation Table (FAT) file system, 211–214
file descriptor attacks, 875
file descriptors, 875
file integrity checkers, 876
File Transfer Protocol (FTP), 586–587
files
database, 1160
log. See log files
permissions, 876
recovering, 934
shadow, 753
FILO (first in, last out), 266
financial institutions, 79
financial privacy rule, 79
fingerprint detection, 1187
fingerprint systems, 748
fingerprints, 1187
fire, 106
fire detection, 448, 449–451, 453
fire extinguishers, 448, 449–450, 454, 895
fire prevention, 448
fire resistance ratings, 450
fire suppression, 448–449, 452–453
fire-resistant materials, 432
firewalls, 581–605
appliances, 595
architecture, 596–599
best practices/rules, 603–605
considerations, 13, 14, 605, 986
DMZ and, 581–582, 597–599, 600
dynamic packet-filtering, 593–594, 596
issues, 604
packet-filtering, 582–585, 596
proxy, 589–593
SOCKS, 592
software-based, 595
stateless, 584
types of, 582
virtual, 599–603
WAFs, 327
first in, last out (FILO), 266
FISMA (Federal Information Security Management Act), 75–76
flooding attacks, 696–697, 698
floppy drives, 272
FMEA (Failure Modes and Effect Analysis), 109–110
footprint, satellite, 678
foreign keys
considerations, 1167–1168
vs. primary key, 1164–1166
unmatched values, 1167–1168
forensics. See computer forensics
forensics field kits, 1046–1047
forwarding plane, 610
forwarding proxies, 604–605
forwarding tables, 568–569
fragmentation attacks, 603
frame check sequence (FCS) numbers, 626
frameworks
described, 126
enterprise architecture, 20
risk management, 126–130
security governance, 159–165
framing, 491
FRAP (Facilitated Risk Analysis Process), 108
free-space optics (FSO), 675–676
freeware, 68
frequency, 660
frequency analysis, 352–353
frequency division multiple access (FDMA), 681
frequency hopping spread spectrum (FHSS), 661–662, 663
frequency-division multiplexing (FDM), 623
FSO (free-space optics), 675–676
FTP (File Transfer Protocol), 586–587
full backups, 1023
full-duplex communication option, 486, 502
full-interruption test, 894–895
fully mapped I/O, 287
function logs, 929
functional analysis, 146
functional model, 1087
functional policies, 88–89
functionality vs. security, 45
fuzzing, 1094
G
gateways, 576–577, 578, 636–638
Generalized Markup Language (GML), 779
generators, 443
Generic Routing Encapsulation (GRE), 650
Gigabit Ethernet, 532–533
glare protection, 954
GLBA (Gramm-Leach-Bliley Act), 78–79, 85
Global Positioning System (GPS), 515
globally unique identifier (GUID), 1133
GML (Generalized Markup Language), 779
Good Practice Guidelines (GPG), 135
Google Alerts, 902
governance, risk, and compliance (GRC) programs, 1060–1063
GPG (Good Practice Guidelines), 135
GPS (Global Positioning System), 515
Graham-Denning model, 311–312, 313
Gramm-Leach-Bliley Act (GLBA), 78–79, 85
graphical user interface (GUI), 886
gray box testing, 869
GRC (governance, risk, and compliance) programs, 1060–1063
GRE (Generic Routing Encapsulation), 650
grep process, 272–273
grid computing, 980
ground, 430
ground connector, 430
groups, access control, 763
guaranteed service, QoS, 631
guard dogs, 963
guards, security, 962–963
GUI (graphical user interface), 886
GUID (globally unique identifier), 1133
guidelines, 92–94
H
H.323 gateways, 636–638
HA (high availability), 1028–1030
hackers, 50–54. See also attackers
advanced persistent threat, 51–52
considerations, 48
evolution of, 50–51
international, 54–56
liability scenario, 1057–1058
mobile phones, 682
script kiddies, 50
shotgun approach, 50
as threat agent, 106
hacktivists/hacktivism, 46
HAIPE (High Assurance Internet Protocol Encryptor), 654
half-duplex communication option, 486
halon gas, 453
hand geometry, 749
hand topology, 750–751
hardware. See also devices; equipment
architecture. See computer architecture
backing up for disaster recovery, 1015–1016
segmentation, 260
tracking, 964–965
hardware backups, 1015–1016
hardware cryptography methods, 687
Harris, Shon, xxi–xxii
Harrison-Ruzzo-Ullman (HRU) model, 312, 313
Hash Message Authentication Code (HMAC), 389–391, 393
hashes/hashing
birthday attacks, 396
compared, 398
considerations, 388
cryptographic, 936
digital signatures, 396–399
MD4, 394
MD5, 394–395
one-way hash functions, 388–389, 395–396
overview, 393–394
SHA, 395
hashing algorithms, 393–396
HDLC (High-level Data Link Control), 629, 632, 633–634
HDSL (High-Bit-Rate DSL), 648
Health Information Technology for Economic and Clinical Health (HITECH), 77–78, 84–85
Health Insurance Portability & Accountability Act (HIPAA), 72, 77, 84
heartbeat messages, 219
Heartbleed security bug, 219
heat-activated detectors, 450
help desk, 926
heuristic capabilities, 826
heuristic detection, 1188
HIDS (host-based IDS), 822, 823, 986
hierarchical databases, 1158–1159
hierarchical RBAC, 793–794
hierarchical storage management (HSM), 982–983
hierarchies, 793–794
High Assurance Internet Protocol Encryptor (HAIPE), 654
high availability (HA), 1028–1030
High-Bit-Rate DSL (HDSL), 648
High-level Data Link Control (HDLC), 629, 632, 633–634
high-level languages, 1117–1118
High-Speed Serial Interface (HSSI), 634–635, 644
HIPAA (Health Insurance Portability and Accountability Act), 72, 77, 84
hiring practices, 155–157
HITECH (Health Information Technology for Economic and Clinical Health), 77–78, 84–85
HMAC (Hash Message Authentication Code), 389–391, 393
HMI (human-machine interface), 331
holistic risk management, 95
home IP address, 805
honeyclients, 992
honeynets, 991–992
honeypots, 607, 832–833, 991–992
hop sequence, 661
hops, 686
host address, 504
hostage alarm, 945
host-based IDS (HIDS), 822, 823, 986
HOSTS files, 553–554
hot sites, 1007–1009, 1011, 1013
hot swap capability, 971, 975–976
HRU (Harrison-Ruzzo-Ullman) model, 312, 313
HSM (hierarchical storage management), 982–983
HSSI (High-Speed Serial Interface), 634–635, 644
HTML (HyperText Markup Language), 779
HTML code, 1152
HTML documents, 554
HTTP (Hypertext Transfer Protocol), 593, 691–692, 1148
HTTP communication, 1141
HTTP protocol, 1152
HTTP Secure (HTTPS), 691–692
HTTPS (HTTP Secure), 691–692
hubs, 567
human interaction, 94
human resources, 1019–1021
human-machine interface (HMI), 331
hybrid controls, 129
hybrid DLP, 233–234
hybrid microkernel OS model, 295, 296, 297
hygrometers, 448
hyperlinks, 554
HyperText Markup Language. See HTML
Hypertext Transfer Protocol. See HTTP
hypervisors, 298, 299, 602–603
I
IaaS (Infrastructure as a Service), 322, 969–970
IAB (Internet Architecture Board), 166–168
ICANN (Internet Corporation for Assigned Names and Numbers), 500
ICMP (Internet Control Message Protocol), 543–545, 586–587
ICMP attacks, 543–545
ICMP Echo Requests, 696
ICMP messages, 543–545
ICMP packets, 696
ICMP tunneling, 543–545
ICS (industrial control systems), 330–332
ICVs (integrity check values), 509–510, 666–667
IDaaS (Identity as a Service), 785–786
IDEA (International Data Encryption Algorithm), 378–379, 689
identification, 727–739
considerations, 728
digital identities, 776–777
federated identities, 776–785
key aspects, 728
requirements, 728
verification of, 727, 746, 747
Identity as a Service (IDaaS), 785–786
identity federation, 776–785
identity management (IdM), 729–739
identity repository, 743
identity services, 786–795
identity theft, 1178
iDevID (initial secure device identity), 510
IdM (identity management), 729–739
IDS sensors, 830
IDS/IPS rules, 987
IDSs (intrusion detection systems), 822–830
alerts, 825, 826, 833, 903–904
application-based, 830
baselining, 987
behavioral-based, 825–826
characteristics, 962
considerations, 7
costs associated with, 120–121
false positives/negatives, 987, 998
HIDS, 986
vs. IPSs, 986
knowledge-based, 823–824
network security, 986–987
network traffic volume and, 830
network-based, 822–823
NIDS, 986
protocol anomaly–based, 826–827
rule-based, 827–829
state-based, 824–825
statistical anomaly–based, 825–826
traffic anomaly–based, 827, 829
types of, 829
WIDS, 986
IEC (International Electrotechnical Commission), 16–17
IEEE 802.1AR standard, 510
IEEE 802.3 standard, 531
IEEE standards. See numerical entries
IETF (Internet Engineering Task Force), 166, 502
IGMP (Internet Group Management Protocol), 538
IGP (Interior Gateway Protocol), 562
IGRP (Interior Gateway Routing Protocol), 565
IKE (Internet Key Exchange), 653
IMAP (Internet Message Access Protocol), 556–557
immunization, 1189
immunizers, 1189
implementation, 93–94
import/export issues, 57–58
IMSI (International Mobile Subscriber Identity) catchers, 682
incident handling, 995–998
incident intrusion stages, 997–998
incident investigators, 1042–1043
incident management, 993–1002
incident response, 164, 994, 995–996. See also incidents
incident response teams, 994–995, 996, 998–999
incidents
considerations, 993–994
contingency plans, 983–984
cyber kill chains, 997–998
described, 993
detecting, 998
vs. events, 993
learning from, 1002
mitigating, 999–1000
overview, 993
public disclosure, 996
recovery, 1001
remediation, 1001–1002
responding to. See incident response
types of, 993
incremental backups, 1023
incremental model, 1101–1102
indexing, described, 208
indicators, 904
indicators of attack (IOA), 1001
indicators of compromise (IOC), 1001
industrial control systems (ICS), 330–332
inference, 1169–1170, 1171, 1173
information. See also data
accessing. See data access
acquisition of, 190–191
classification. See information classification
copying, 190
criticality of, 193
destruction of. See data disposal/destruction
indexing, 190
layers of responsibility, 199–206
retaining, 192
sensitivity of, 193–198
unauthorized disclosure of, 819–820
value of, 104–105
vulnerabilities, 99
information assets, 16, 189, 193, 217. See also assets
information classification, 193–198
applications, 197
levels of, 194–197
overview, 193–194
procedures, 198
systems, 197
information life cycle, 190–193
information security management system. See ISMS
information systems, 128, 130, 860
Information Systems Audit and Control Association. See ISACA
information systems risk management. See ISRM
information technology. See IT
Information Technology Infrastructure Library (ITIL), 16, 37–38
informational model, 1087
informative policies, 90
Infrastructure as a Service (IaaS), 322, 969–970
infrastructure WLANs, 664
ingress filtering, 584
initial program load (IPL), 932–933
initial secure device identity (iDevID), 510
initialization vectors (IVs), 362–363, 666
input validation, 1092, 1148–1152
input validation attacks, 1149–1152
input/output. See I/O
instantiation, 1121–1122, 1126
instruction set, 252, 255, 287
insurance options, 1030–1031
integrated product team (IPT), 1109–1110
Integrated Services Digital Network (ISDN), 645–647
integration testing, 886
integrity
backups, 981
business continuity planning and, 131, 132
cryptosystems, 344
data, 4, 308–309, 723–724, 1166–1169
database, 1166–1169
entity, 1167
media, 223
message, 388–399
referential, 1167
semantic, 1167
integrity check values (ICVs), 509–510, 666–667
integrity controls, 6
intellectual property (IP)
data breaches and, 84
espionage and, 85
internal protection of, 67–68
patent law, 65–67
software piracy, 68–70
intellectual property laws, 62–70
copyright law, 64–65
overview, 62–63
patent law, 65–67
trade secret law, 63–64
trademark law, 65
interface testing, 886
interference, 325, 443–444, 514, 661–662
Interior Gateway Protocol (IGP), 562
Interior Gateway Routing Protocol (IGRP), 565
Intermediate System to Intermediate System (IS-IS), 565
international cybercrime, 54–58
International Data Encryption Algorithm (IDEA), 378–379, 689
International Electrotechnical Commission (IEC), 16–17
International Information Systems Security Certification Consortium (ISC), xxx
international issues, 54–57
international laws
data breaches, 85–86
import/export legal requirements, 57–58
Safe Harbor pact, 56–57
Wassenaar Arrangement, 57–58
International Mobile Subscriber Identity (IMSI) catchers, 682
International Organization for Standardization. See ISO
International Telecommunication Union (ITU), 479
Internet. See also websites
data in motion, 217–218
markup languages and, 779–784
naming hierarchy, 549–550
online safety, 901–902
Internet Architecture Board (IAB), 166–168
Internet Control Message Protocol. See ICMP
Internet Corporation for Assigned Names and Numbers (ICANN), 500
Internet Engineering Task Force (IETF), 166, 502
Internet Group Management Protocol (IGMP), 538
Internet Key Exchange (IKE), 653
Internet Message Access Protocol (IMAP), 556–557
Internet of Things (IoT), 329–330, 495
Internet Protocol. See IP
Internet Protocol Security. See IPSec
Internet Relay Chat (IRC), 52
Internet security, 690–695
browsers and, 690–691
cookies, 693–694
HTTP, 691
HTTPS, 691–692
overview, 690–691
SSH, 694–695
Internet Security Association and Key Management Protocol (ISAKMP), 653
Internet service providers (ISPs), 548
Internet services, 691
Internet Small Computer System Interface (iSCSI), 512
internetworks, 569
interpreters, 1120
interrupt vector, 285
interrupt-driven I/O, 286
interrupts, 273, 274–275, 285–287
intranets, 612–614
intraorganizational configuration, 638
Intra-Site Automatic Tunnel Addressing Protocol (ISATAP), 508
intruders, 106
intrusion detection, 822
intrusion detection systems. See IDSs
intrusion prevention systems. See IPSs
assets, 964–966
data, 227–228
investigations, 1038–1053. See also computer crime
chain of custody, 1047–1049
computer criminal behavior, 1042
computer forensics, 1039–1041
controlling crime scene, 1045
evidence. See evidence
forensic software, 1044–1045
forensics field kits, 1046–1047
forensics investigation process, 1043–1049
incident investigators, 1042–1043
interviewing suspects, 1052–1053
law enforcement agencies, 1039
motive/opportunity/means, 1041–1042
overview, 1038–1039
photographing crime scene, 1048
profiling and, 1042
surveillance. See surveillance
I/O (input/output)
fully mapped, 287
interrupt-driven, 286
premapped, 286–287
programmable, 286
using DMA, 286
I/O controls, 936–937
I/O device management, 285–287
I/O devices, 285–287
IOA (indicators of attack), 1001
IOC (indicators of compromise), 1001
IoT (Internet of Things), 329–330, 495
IP. See intellectual property
IP (Internet Protocol), 497, 691, 805
IP addresses
ARP and, 539
classless, 505
DHCP and, 540–543
NAT and, 560–562
private, 560–562
public, 561
IP addressing, 503–506
IP convergence, 512
IP fragmentation, 603
IP next generation (IPng), 506–509
IP telephony device, 636
IP version 4. See IPv4
IP version 6. See IPv6
IPL (initial program load), 932–933
IPng (IP next generation), 506–509
IPSec (Internet Protocol Security), 653–654
configuration options, 655
data in motion and, 217
IPSs (intrusion prevention systems), 830–834
honeypots, 832–833
vs. IDSs, 986
network security, 986–987
overview, 830–832
IPT (integrated product team), 1109–1110
IPv4 (IP version 4), 503, 507, 538
addresses, 506
traffic, 509
tunneling, 508
addressing, 506–509
specification, 506–507
traffic, 509
tunneling, 508
IRC (Internet Relay Chat), 52
iris scans, 749
ISACA (Information Systems Audit and Control Association), 33
ISACA Risk IT framework, 127
ISAKMP (Internet Security Association and Key Management Protocol), 653
ISATAP (Intra-Site Automatic Tunnel Addressing Protocol), 508
ISC (International Information Systems Security Certification Consortium), xxx
iSCSI (Internet Small Computer System Interface), 512
ISDN (Integrated Services Digital Network), 645–647
IS-IS (Intermediate System to Intermediate System), 565
ISMS (information security management system), 16, 17, 30, 108–109, 903–905
ISMS team, 910
ISO (International Organization for Standardization), 16, 17, 313, 479
ISO 22301:2012 standard, 134
ISO 31000:2009 standard, 127
ISO/IEC 14443 standard, 761
ISO/IEC 27000 series, 15, 16–19, 30
ISO/IEC 27001 standard, 163
ISO/IEC 27004 standard, 163
ISO/IEC 27004:2009 standard, 163
ISO/IEC 27031:2011 standard, 134
ISO/IEC 27034 standard, 1098
ISO/IEC standards, 17–18, 163, 250, 317, 761, 1098
isolation, 1174
ISPs (Internet service providers), 548
ISRM (information systems risk management) policy, 95–96
ISRM team, 96–97
IT engineer, 926
IT Governance Institute (ITGI), 33
IT team, 1109–1110
ITGI (IT Governance Institute), 33
ITIL (Information Technology Infrastructure Library), 16, 37–38
ITU (International Telecommunication Union), 479
IVs (initialization vectors), 362–363, 666
J
JAD (Joint Application Development), 1109
Java Applets, 1142–1144
Java Database Connectivity. See JDBC
Java EE (Java Platform, Enterprise Edition), 1138
Java language, 1138, 1142–1144
Java Platform, Enterprise Edition (Java EE), 1138
Java programming language, 1120
Java Virtual Machine (JVM), 1120, 1143
JavaScript, 1150
JDBC (Java Database Connectivity), 1163–1164
JDBC API, 1163–1164
jitter, 635–636
job rotation, 926–927
Joint Application Development (JAD), 1109
jumbograms, 507