Index
A
ABAC (attribute-based access control), 510, 512
acceptable use policy. See AUP
access
administration, 477
aggregation, 522
authentication, 480-507, 515-516
denying, 702
IDaaS, 507
managing, 600
Pearson Test Prep practice test engine, 714
reviews, 516
access control, 645
matrices, 513
policies, 514
services, 196
access control lists. See ACLs
access points. See APs
accessibility, 310
accounting, 6
accounts
access reviews, 516
privileges, 595
revocation, 516
root, 488
accreditation, 217
Accreditation/Certification phase (SDLC), 674
ACID tests, 159
ACLs (access control lists), 346, 477-478, 514
acoustical detection systems, 643
Acquire/Develop stage (System Development Life Cycle), 669
acquired software, impact of, 696-697
active states, 290
active vulnerability scanners. See AVSs
ACV (actual cost valuation), 631
Ad Hoc mode, 384
Address Resolution Protocol. See ARP
addresses
IP, 461
IPv4, 348
Adleman, Leonard, 277
administration. See also managing
access, 477
administrative controls, 85
administrative investigations, 581-582
administrative law, 39
Advanced Encryption Standard. See AES
advanced persistent threat. See APT
adware, 691
AES (Advanced Encryption Standard), 274
agent-based log reviews, 543-544
agentless log reviews, 543
Agile model, 679
AH (authentication header), 361
alarms, environmental, 320
ALE (annual loss expectancy), 79
algebraic attacks, 303
algorithms, 252
MD2, 296
selecting, 262
SHA, 296
AES, 274
Blowfish, 275
Diffie-Hellman, 277
ECC, 278
El Gamal, 278
IDEA, 274
Knapsack, 279
RC4/RC5/RC6/RC7, 275
RSA, 277
Skipjack, 274
Twofish, 275
zero-knowledge proof, 279
alignment, security functions, 9-11
analog signaling, 353
analysis
evidence, 569
media, 577
risk management, 73-90, 93-106, 695-696
vulnerabilities, 74
security, 553
source code tools, 688
analytic attacks, 304
annual loss expectancy. See ALE, 79
antenna placements, 391
antenna types, 392
antivirus applications, 614, 693
anycast addresses, IPv6, 368
APIs (application programming interfaces), 700-701
APIPA (Automatic Private IP Addressing), 352
applets, Java, 664
Application layer (Layer 7), 336-337
application programming interfaces. See APIs
applications
owners, 17
provisioning, 591
applied cryptography, 300
APT (advanced persistent threat), 523
architecture, 192
COBRA, 663
cryptography, 250
NIST SP 800-175A and B, 257-258
ISO/IEC 42010:2011, 193
maintenance, 223
SOA, 664
vulnerabilities, 224-230, 233-242
archiving, privacy, 168
ARP (Address Resolution Protocol), 343, 372, 454
AS (authentication server), 500
assemblers, 660
assembly languages, 660
assertions, 481
assessments
controls, 89
disaster recovery, 636
risk, 78. See also risk, management
strategies, 533
assets
cloud computing, 591
costs, 78
information, 599
physical, 591
security
baselines, 169
custodians, 161
data access/sharing, 167
data custodians, 143
data documentation, 145
data ownership, 143
data protection methods, 171-172
data quality, 144
handling requirements, 172-173
private sector classification, 151-152
roles/responsibilities, 143-144
scoping, 170
standards selection, 170
tailoring, 170
virtual, 591
assurance, 185
asymmetric algorithms, 251, 268-269, 276
Diffie-Hellman, 277
ECC, 278
El Gamal, 278
Knapsack, 279
RSA, 277
zero-knowledge proof, 279
asynchronous, 251
asynchronous tokens, 488
Asynchronous Transfer Mode. See ATM
asynchronous transmissions, 354
ATM (Asynchronous Transfer Mode), 433
atomicity, 159
attacks, 76
threat modeling, 120
time-of-check/time-of-use, 243
Web-based, 243
OWASP, 244
SAML, 244
XML, 244
attenuation, 452
attribute-based access control. See ABAC
auditing, 6, 505, 585-587, 695
classification, 160
committees, 15
logs, 505
services, 196
types of, 587
auditors, 17
AUP (acceptable use policy), 567
authentication, 256, 480, 486-496, 515-516
Open System Authentication, 387
periods, 487
Shared Key Authentication, 387
authentication header. See AH
authentication server. See AS
Authenticode technology, 665
authorization, 257, 508-514, 609
autoconfiguration, IPv6, 360
Automatic Private IP Addressing. See APIPA
avalanche effect, 252
AVSs (active vulnerability scanners), 538
B
backups
hardware, 621
software, 621
storage, 626
systems, 600
types of, 625
verification data, 553
barriers, 641
base relation, 155
baseband, 355
Basel II, 49
BCPs (business continuity plans), 60, 62-68, 639-640
behavior, 661
behavioral systems, 491
Bell-LaPadula model, 189
best evidence, 575
best practices, software development security, 686-687
BGP (Border Gateway Protocol), 415
BIA (business impact analysis), 61, 65-68, 618
Biba model, 190
big data, 145
biometric technologies, 492-493
biometrics, 315
BIOS, 203
bits
clocking, 354
host/networks, 349
black-box testing, 547
blacklisting, 613
blackouts, 319
blind spoofing attacks, 453
blind tests, 540
block ciphers, 267
Blowfish, 275
Bluetooth, 386
Board Briefing on IT Governance, 9
board of directors, 14
bollards, 641
bombing, 115
Boolean systems, 258
BOOP (bootstrap protocol), 373
Border Gateway Protocol. See BGP
botnets, 691
bottom-up approach, 31
boundary control services, 196
bounds, 183
breaches, 76
data, 44
Brewer-Nash (Chinese Wall) model, 192
bridges, 399
British Ministry of Defence Architecture Framework. See MODAF
broadband, 355
broadcast transmissions, 355
brownouts, 319
BSI (Build Security In), 687
budgets, security, 11
Build and Fix approach, 675
Build Security In. See BSI
building security controls, 645
bus topologies, 420
business cases, 10
business continuity plans. See BCPs
business impact analysis. See BIA
business interruption insurance, 632
business/mission ownership, 161
business process recovery, 620
C
CA (certificate authority), 279
cable communication connections, 443
cabling, 415
coaxial, 416
fiber optic, 418
caching
DNS poisoning, 456
web, 404
Caesar cipher, 253
campus area networks. See CANs
CANs (campus area networks), 371
candidate keys, 156
capabilities, tables, 514
Capability Maturity Model Integration. See CMMI
capacitance detector, 643
CAPTCHA, 486
cardinality, 155
Carlisle Adams and Stafford Tavares. See CAST
Carrier Sense Multiple Access/Collision Avoidance. See CSMA/CA
Carrier Sense Multiple Access/Collision Detection. See CSMA/CD
CASE (common application service element), 337
CASE (Computer-Aided Software Engineering), 681
CAST (Carlisle Adams and Stafford Tavares), 275
categories, access control, 83-84
CBC-MAC (Cipher Block Chaining MAC), 298
CCTA Risk Analysis and Management Method. See CRAMM
CCTV (closed-circuit television system), 643
CDMA (code division multiple access), 383
CDNs (content distribution networks), 438
CDP (Cisco Discovery Protocol), 413
cellular wireless, 383
Center for Internet Security. See CIS
central processing units. See CPUs
centralized access control, 478
certificate authority. See CA
certificate revocation list (CRL), 283
certification, 217
chain of custody, 573
channel service unit/data service unit. See CSU/DSU
characteristic factor authentication, 489-493
checklist tests, 638
chosen ciphertext attacks, 302
chosen plaintext attack, 302
CIA (confidentiality, integrity, and availability), 5-6, 61, 146, 182, 669
CIDR (Classless Inter-Domain Routing), 349
CIFS/SMB (Common Internet File System/Server Message Block), 377
CIP (critical infrastructure protection) plan, 64
Cipher-Based MAC (CMAC), 299
Cipher Block Chaining MAC (CBC-MAC), 298
ciphertext, 251
ciphertext-only attacks, 302
circuit-switching networks, 432
circumstantial evidence, 576
CIS (Center for Internet Security), 27
Cisco Discovery Protocol. See CDP
civil code law, 38
civil disobedience, 114
civil investigations, 582
civil law, 39
Clark-Wilson Integrity model, 190-191
classification
Classless Inter-Domain Routing. See CIDR
Cleanroom model, 681
client-based system vulnerabilities, 224-225
clocking bits, 354
closed-circuit television system. See CCTV
closed systems, 182
cloud-based system vulnerabilities, 230, 233-237
cloud computing assets, 591
clustering, 633
CMaaS (Continuous Monitoring as a Service), 588
CMAC (Cipher-Based MAC), 299
CMMI (Capability Maturity Model Integration), 31, 682
coaxial cabling, 416
COBIT (Control Objectives for Information and Related Technology), 23
COBRA (Common Object Request Broker Architecture), 663
code
repository security, 688
secure coding practices, 701-702
source code analysis tools, 688
code division multiple access (CDMA), 383
cognitive passwords, 486
cohesion, 662
cold sites, 629
collecting
privacy, 163
security process data, 550
backing up, 553
disaster recovery, 553
KRIs, 552
managing accounts, 551
training, 553
collusion, 113
COM (Component Object Model), 663
combination passwords, 485
commercial software, 43
Committee of Sponsoring Organizations. See COSO
committees
audit, 15
governance, 14
common application service element. See CASE
Common Criteria. See CC
common law, 38
Common Object Request Broker Architecture. See COBRA
Common Security Framework. See CSF
common TCP/UDP ports, 346
communications
multimedia collaboration, 439
voice, 439
disaster recovery, 636
Communications Assistance for Law Enforcement Act (CALEA) of 1994, 49
comparing
asynchronous/synchronous transmissions, 354
broadband/baseband, 355
wired/wireless transmissions, 356-357
compartmented security mode, 184
compensative controls, 83
complex passwords, 485
complexity of passwords, 487
compliance
personnel, 72
laws/regulations, 34
privacy, 35
Component-Based Development method, 682, 710
Component Object Model. See COM
networks, 396, 403, 415, 424, 432
compromised states, 291
Computer-Aided Software Engineering. See CASE
Computer Ethics Institute, 52-53
Computer Fraud and Abuse Act (CFAA), 48
computer rooms, 311
Computer Security Act of 1987, 49
Computer Security Technology Planning Study, 694
concealment ciphers, 263
conclusive evidence, 576
confidentiality, integrity, and availability. See CIA
configuration management, 592-593, 674
configuring
applications, 246
assets. See assets, security
auditing, 535
baselines, 169
capabilities, 219
encryption/decryption, 223
fault tolerance, 221
interfaces, 221
policy mechanisms, 222
virtualization, 220
laws/regulations, 34
privacy, 35
cryptography, 267
data breaches, 44
device, 245
documentation, 54
baselines, 58
guidelines, 58
procedures, 57
processes, 57
standards, 57
domains, 502
education, 126
email, 300
endpoint, 437
engineering
closed/open systems, 182
objects/subjects, 181
equipment, 321
facility and site design, 307-323
control frameworks, 17-18, 21, 24-33
roles and responsibilities, 14-17
security function alignment, 9-11
import/export controls, 45, 49
Internet, 300
kernels, 694
life cycles, 31
logs, 545
Bell-LaPadula model, 189
Biba model, 190
bounds, 183
Brewer-Nash (Chinese Wall) model, 192
CIA, 182
Clark-Wilson Integrity model, 190-191
confinement, 183
defense in depth, 185
Goguen-Meseguer model, 192
Graham-Denning model, 192
Harrison-Ruzzo-Ullman model, 192
ISO/IEC 42010:2011, 193
isolation, 183
Lipner model, 191
services, 196
Sutherland model, 192
networks, 335, 382, 386, 403, 415, 424, 432, 441-443, 451, 454-462
communication channels, 438-451
operations, 571-576, 579, 589-592, 595, 602, 605, 608, 611, 614, 617-619, 637
asset management, 599-603, 606-607
authorization, 609
change management, 618
concepts, 593
configuration management, 592-593
continuous monitoring, 588
eDiscovery, 585
IDSs, 587
information life cycles, 596-597
job rotation, 595
managing accounts, 594
managing privileges, 595
need to know/least privilege, 593
patches, 617
record retention, 596
resource provisioning, 589-591
sensitive information procedures, 596
separation of duties, 594
SIEM, 588
SLAs, 597
testing disaster recovery plans, 637-639
two-person controls, 596
types of investigations, 581-582
perimeters, 694
personnel, 68
compliance, 72
employee onboarding/offboarding, 71-72
employment agreements/policies, 70
job rotation, 73
privacy, 72
separation of duties, 73
third party access, 72
process data, collecting, 550-551
backing up, 553
disaster recovery, 553
KRIs, 552
managing accounts, 551
training, 553
requirements, 123
risk management, 73-90, 93-106
vulnerabilities, 74
risks in acquisitions, 121-123
software development, 659-668, 700
impact of acquired software, 696-697
operation/maintenance, 684-686
symmetric algorithms, 275
system architecture, 192
terms, 5
abstraction, 8
accounting, 6
auditing, 6
data hiding, 8
default security posture, 7
defense-in-depth strategy, 7
encryption, 8
non-repudiation, 7
testing, 534-535, 553-556, 563
trans-border data flow, 45
vulnerabilities, 224-230, 233-237
confinement, 183
confusion, 252
consistency, 159
constrained data item (CDI), 191
contamination, 226
content-dependent access control, 158, 513
content distribution networks. See CDNs
contention methods, 426
context-dependent access control, 159, 513
contingency plans, 61
continuity of operations (COOP) plan, 63
continuous improvement, 89
continuous monitoring, 588
Continuous Monitoring as a Service. See CMaaS
control frameworks, NIST SP, 94-95
Control Objectives for Information and Related Technology. See COBIT
controls, 217
assessments, 89
compensative, 83
corrective, 83
deterrent, 84
directive, 84
input/output, 616
logical, 86
physical, 87
preventive, 84
security, 17-18, 21, 24-33, 562, 686, 700
code repository security, 688
environments, 687
software effectiveness assessments, 695-696
source code analysis tools, 688
converged protocols, 379
FCoE, 379
iSCSI, 381
MOPLS, 380
MPLS, 381
VoIP, 381
cookies, 396
COOP (continuity of operations), 63
copyrights, 42
corporate procedures, 321
corrective controls, 83
corroborative evidence, 576
COSO (Committee of Sponsoring Organizations), 28
costs, assets, 78
countermeasures, 75, 81, 138, 217
coupling, 662
CPS (cyber-physical systems), 240
CPTED (Crime Prevention Through Environmental Design), 307
CPUs (central processing units), 197
crackers, 37
CRAMM (CCTA Risk Analysis and Management Method), 31
CRC (cyclic redundancy check), 354
credentials, 504
Crime Prevention Through Environmental Design (CPTED), 307
crime scenes, 572. See also investigations
criminal investigations, 582
criminal laws, 39
crisis communications plan, 63
critical infrastructure protection (CIP) plan, 64
critical processes, 66
criticality (data classification), 147
CRLs (certificate revocation lists), 283
cross-certification, 285
crosstalk, 452
cryptographic system vulnerabilities, 227
applied, 300
end-to-end encryption, 393
link encryption, 392
NIST SP 800-175A and B, 257-258
quantum, 394
services, 196
symmetric algorithms, 267
cryptology, 252
cryptoperiods, 287
cryptosystem, 251
CSF (Common Security Framework), 26
CSMA/CA (Carrier Sense Multiple Access/Collision Avoidance), 426, 429
CSMA/CD (Carrier Sense Multiple Access/Collision Detection), 426, 428
CSU/DSU (channel service unit/data service unit), 432
custodians, asset security, 143, 161
customary law, 39
cyber crimes, 44
cyber incident response plan, 64
cyber-physical systems. See CPS
Cybersecurity Framework (NIST), 552
cybersquatting, 458
cyclic redundancy check. See CRC
D
DAC (discretionary access control), 509
damage assessment teams, 635
DAP (Directory Access Protocol), 498
data
audits, classification, 160
breaches, 44
classification, asset security, 146-160
collection, privacy, 163
databases
interface languages, 157
locks, 159
maintenance, 158
threats, 158
views, 159
vulnerabilities, 226
documentation, asset security, 145
flow control, 225
haven laws, 51
leakage, 589
mining, 157
owners, 16
processors, 162
quality, 144
recovery, 623
at rest, 166
storage, 168
structures, 662
in transit, 167
in use, 167
Data Link Layer (2), 338
DCOM (Distributed Component Object Model), 663
DDoS (distributed DoS) attacks, 457, 520
deactivated states, 291
decentralized access control, 478
decisions, evidence, 570
decoding, 252
dedicated security mode, 184
de-encapsulation, TCP/IP, 345
default security posture, 7
default to no access, 497
degrees, 155
delaying intruders, 309
demilitarized zones (DMZs), 165
denial-of-service. See DoS attacks
denying access, 702
Department of Defense Architecture Framework. See DoDAF
deprovisioning, 516
DES (Digital Encryption Standard), 270-273
design. See also security
accreditation/certification, 217
applied cryptography, 300
cryptography, 267
digital signatures, 299
closed/open systems, 182
objects/subjects, 181
network
networks, 335, 380-386, 403, 415, 424, 432, 441-462
communication channels, 438-451
policies, 165
security capabilities, 219
encryption/decryption, 223
fault tolerance, 221
interfaces, 221
policy mechanisms, 222
virtualization, 220
Bell-LaPadula model, 189
Biba model, 190
bounds, 183
Brewer-Nash (Chinese Wall) model, 192
CIA, 182
Clark-Wilson Integrity model, 190-191
confinement, 183
defense in depth, 185
Goguen-Meseguer model, 192
Graham-Denning model, 192
Harrison-Ruzzo-Ullman model, 192
ISO/IEC 42010:2011, 193
isolation, 183
Lipner model, 191
services, 196
Sutherland model, 192
security policies, 701
symmetric algorithms, 275
system architecture, 192, 196-205
vulnerabilities, 224-230, 233-242
Design phase (SDLC), 672
detecting
fires, 317
intruders, 309
detective administrative control, 586
detective controls, 84
deterrent controls, 84
deterring criminal activity, 308
Develop phase (SDLC), 672
development, software, 659-668, 700
impact of acquired software, 696-697
operation/maintenance, 684-686
deviations from standards, 615
device firmware, 204
devices
access controls, 479
firmware, 204
security, 245
tracking, 322
DHCP (Dynamic Host Configuration Protocol), 336, 373
dial-up connections, 441
differential cryptanalysis, 303
Diffie, Whitfield, 277
Diffie-Hellman algorithm, 277
diffusion, 252
digital certificates, 251, 280-281
Digital Encryption Standard. See DES
digital forensic tools, 579-581
digital identity guidelines (SP 800-63), 480
digital investigations, 566-579
Digital Rights Management. See DRM
digital signaling, 353
Digital Signature Standard. See DSS
Digital Subscriber Line. See DSL
direct evidence, 576
direct memory access. See DMA
direct sequence spread spectrum (DSSS), 382
directive controls, 84
Directory Access Protocol. See DAP
directory services, 498
disaster recovery, 58-59, 111, 553, 633-637
disaster recovery plan. See DRP
discovery, network scans, 536-537
discretionary access control. See DAC
disposal of media, 606
Dispose stage (SDLC), 670
disruptions, 59
distance vector, 413
distance vector protocols, 413
Distributed Component Object Model. See DCOM
distributed computing, 663
distributed DoS. See DDoS attacks
distributed platforms, 194
distribution facilities, 316
divestitures, 12
DMA (direct memory access), 201
DMCA (U.S. Digital Millennium Copyright Act) of 1998, 44
DMZs (demilitarized zones), 165
DNS (Domain Name System), 374
cache poisoning, 456
DNSSEC (Domain Name System Security Extensions), 457
documentation
asset security, 145
DRM, 306
evidence, 570
recovery, 623
reviews, 122
security, 54
baselines, 58
guidelines, 58
procedures, 57
processes, 57
standards, 57
DoDAF (Department of Defense Architecture Framework), 22
Domain Name System. See DNS
Domain Name System Security Extensions. See DNSSEC
domains, 156
collisions, 427
grabbing, 458
protection, 503
security, 502
DoS (denial-of-service) attacks, 457, 520, 611
double-blind tests, 540
double-encapsulated 802.1Q/nested VLAN attack, 454
downtime, 66
DRM (Digital Rights Management), 43, 305-307
DRP (disaster recovery plan), 60, 62-64, 619-620, 628, 632
DSL (Digital Subscriber Line), 355, 442
DSS (Digital Signature Standard), 300
DSSS (direct sequence spread spectrum), 382
DSV (dynamic signature verification), 492
due care, 32
dumpster diving, 519
durability, 159
duress, 646
duties, separation of, 496, 594
Dynamic Host Configuration Protocol. See DHCP
dynamic signature verification. See DSV
dynamic testing, 548
E
earthquakes, 109
e-books, DRM, 307
ECC (Elliptic Curve Cryptosystem) algorithm, 278
Economic Espionage Act of 1996, 49
eDiscovery, 585
effectiveness assessments, security, 11, 695-696
efficiency, transmission (IPv6), 362
eigenfaces, 491
EIGRP (Enhanced IGRP), 414
El Gamal algorithm, 278
electrical threats, 110
electromechanical systems, 642
electronic backup solutions, 625-626
Electronic Communications Privacy Act (ECPA) of 1986, 48
electronic protected health information (EPHI), 149
electronically stored information. See ESI
E-lines, 431
Elliptic Curve Cryptosystem. See ECC
attacks, 458
security, 300
spoofing, 458
email-pass-around code review, 547
emanations, 522
embedded devices, investigations, 578
embedded IPv4 unicast, 369
embedding, 663
employee onboarding/offboarding, 71-72
employees, privacy, 50
employment agreements/policies, 70
encapsulating security payload. See ESP
encapsulation, 336, 345, 661-662
encoding, 252
links, 171
end-to-end encryption, 171, 300, 393
endpoint authentication, 495-496
endpoint security, 437
engineering
accreditation/certification, 217
applied cryptography, 300
asymmetric algorithms. See asymmetric algorithms
cryptography, 250, 257-258, 267
closed/open systems, 182
objects/subjects, 181
digital signatures, 299
security capabilities, 219
encryption/decryption, 223
fault tolerance, 221
interfaces, 221
policy mechanisms, 222
virtualization, 220
Bell-LaPadula model, 189
Biba model, 190
bounds, 183
Brewer-Nash (Chinese Wall) model, 192
CIA, 182
Clark-Wilson Integrity model, 190-191
confinement, 183
defense in depth, 185
Goguen-Meseguer model, 192
Graham-Denning model, 192
Harrison-Ruzzo-Ullman model, 192
ISO/IEC 42010:2011, 193
isolation, 183
Lipner model, 191
services, 196
Sutherland model, 192
symmetric algorithms. See symmetric algorithms
system architecture, 192, 196-205
Enhanced IGRP. See EIGRP
Enigma machine, 255
biometrics, 492
certificates, 282
Enterprise Risk Management. See ERM
Enterprise versions, 388
environmental alarms, 320
environmental security, 317-318
environments, software development security, 687
EPHI (electronic protected health information), 149
equipment rooms, 311
equipment security, 321
ERM (Enterprise Risk Management), 107
ESI (electronically stored information), 585
ESP (encapsulating security payload), 361
Ethernet 802.3 standard, 423
EU (European Union) laws, 50-51
evacuation drills, 639
evaluation models
controls/countermeasures, 217
security implementation standards, 213-215
events
managing, 608
unusual, 615
evidence
analyzing, 569
best, 575
chain of custody, 573
circumstantial, 576
collection, 574
conclusive, 576
corroborative, 576
decisions, 570
direct, 576
examining, 569
hearsay, 576
identifying, 568
opinion, 576
presenting findings, 569
reporting, 570
secondary, 575
types of, 575
examining evidence, 569
exams
memory tables, 717
Pearson Test Prep practice test engine, 713-715
review tools, 717
updating, 716
exploits, 75
Exploratory Model, 681
explosions, 112
export controls, 45
exposure, 75
extended address spaces (IPv6), 360
Extensible Markup Language. See XML
extension headers, IPv6, 360
external security assessments, 535
extranets, 370
F
facilities
access controls, 479
redundancy, 631
security, 598
selection, 309
factoring attacks, 304
failover, 632
failsoft, 632
fault tolerance, 68, 221, 600, 607, 631
faults, 319
FCoE (Fibre Channel over Ethernet), 379
FDDI (Fiber Distributed Data Interface), 425
FDM (frequency division multiplexing), 355
FDMA (frequency division multiple access), 383
Federal Information Processing Standard. See FIPS
Federal Information Security Management Act (FISMA) of 2002, 49
Federal Intelligence Surveillance Act (FISA) of 1978, 48
Federal Privacy Act of 1974, 48
federated identity management, 502
federation (SP 800-63C), 481
FHSS (frequency hopping spread spectrum), 382
fiber cabling specifications, 419
Fiber Distributed Data Interface. See FDDI
fiber optic cabling, 418
Fibre Channel over Ethernet. See FCoE
File Transfer Protocol. See FTP
filters, MAC, 391
fingerprinting operating systems, 537
FIPS (Federal Information Processing Standard), 90-92
fire detection and suppression systems, 632
rules, 346
flow control, 343
foreign keys, 156
forensic investigations, 566-579
forensic procedures, 570
forensic processes, 584
fraggle attacks, 455
Frame Relay, 432
Framework Core, 552
frameworks
security controls, 17-18, 21, 24-33
fraud, 113
freeware, 43
frequency analysis, 303
frequency division multiple access. See FDMA
frequency division multiplexing. See FDM
frequency hopping spread spectrum. See FHSS
FTP (File Transfer Protocol), 374
FTPS (FTP Secure), 374
full-interruption tests, 639
full-knowledge tests, 540
functionality drills, 639
fuzz testing, 548
G
gateways, 401
Gather Requirements phase (SDLC), 671
GDPR (General Data Protection Regulation), 51-52
glass entries, 315
global scope (IPv6), 369
global system for mobile communications (GSM), 383
goals, organizational, 10
Goguen-Meseguer model, 192
going dark, 44
governance
control frameworks, 17-18, 21, 24-33
roles and responsibilities, 14-17
security function alignment, 9-11
government, data classification, 152-153
Graham-Denning model, 192
Gramm-Leach-Bliley Act (GLBA) of 1999, 47
graphical passwords, 486
gray-box testing, 547
graylisting, 613
Green Book, 209
grid computing vulnerabilities, 237
groups, managing, 594
GSM (global system for mobile communications), 383
guaranteed delivery, 343
guest operating systems, 451
guidelines
documentation, 58
H
hackers, 37
handling
evidence, 574
risk, 82. See also risk, management
hardening systems, 616
backups, 621
redundancy, 607
risks, 121
security, 598
Harrison-Ruzzo-Ullman model, 192
hash, 251
hash MAC (HMAC), 298
hashing, 294
HAVAL, 297
headers
IPv6, 360
TCP, 341
UDP, 341
Health Care and Education Reconciliation Act of 2010, 50
Health Insurance Portability and Accountability Act. See HIPAA
hearsay evidence, 576
heat, 320
Hellman, Martin, 277
hiding data, 661
hierarchical models, 156
hierarchical storage management. See HSM
high availability, 632
high cohesion, 662
high-level languages, 660
High-Speed Serial Interface. See HSSI
higher-level recovery strategies, 619
hijacking, session, 461
HIPAA (Health Insurance Portability and Accountability Act), 149
history
media, 606
passwords, 486
HITRUST, 26
HMAC (hash MAC), 298
honeynets, 614
hosts, bits, 349
HSM (hierarchical storage management), 605
HSSI (High-Speed Serial Interface), 434
HTTP (Hypertext Transfer Protocol), 336, 375
HTTPS (Hypertext Transfer Protocol Secure), 375
hubs, 398
human-caused disasters, 60
human resources, 622
humidity, 320
hurricanes, 109
HVAC, 320
hybrid ciphers, 269
hybrid protocols, 413
hybrid routing, 413
hybrid topologies, 422
Hypertext Transfer Protocol. See HTTP
Hypertext Transfer Protocol Secure. See HTTPS
I
IAB (Internet Architecture Board), 52, 54
IAM (identity and access management)
access control processes, 475-476
authentication, 480-507, 515-516
IDaaS, 507
physical/logical access, 477-479
third-party identity services, 507
ICCs (integrated circuit cards), 489
ICMP (Internet Control Message Protocol), 343, 375
attacks, 454
redirects, 455
ICSs (industrial control systems) vulnerabilities, 227-230
IDaaS (Identity as a Service), 507
IDEA (International Data Encryption Algorithm), 274
IDEAL model, 683
identification, implementing, 496-507. See also authentication
identifying
evidence, 568
identities
proofing, 481
theft, 519
identity governance and administration. See IGA
IDPS (intrusion detection and prevention system), 438
IDSs (intrusion detection systems), 405-407, 586-587, 612
IEC (International Electrotechnical Commission), 18, 170
IEEE (Institute of Electrical and Electronics Engineers) standards
802.11 techniques, 382
802.11a standard, 385
802.11ac standard, 385
802.11b standard, 385
802.11g standard, 385
802.11n standard, 386
802.11X standard, 389
IGA (identity governance and administration), 507
IGMP (Internet Group Management Protocol), 343, 376
IGRP (Interior Gateway Routing Protocol), 414
IKE (Internet Key Exchange) protocol, 361
IMAP (Internet Message Access Protocol), 376
Implement stage (System Development Life Cycle), 669
implementing
IDaaS, 507
risk management, 82
third-party identity services, 507
import controls, 45
import/export controls, 49
incidents
events, 608
investigations, 609
response teams, 609
Incremental model, 678
industrial control systems. See ICSs
industry standards, 34, 582-584
information
access controls, 478
assets, 599
information flow models, 187
information life cycles, 153-154, 596-597
information security continuous monitoring. See ISCM
information security management system. See ISMS
information system contingency plan (ISCP), 64
Information Systems Audit and Control Association. See ISACA
Information Technology Infrastructure Library. See ITIL
Information Technology Security Evaluation Criteria. See ITSEC
infrared, 386
Infrastructure mode, 384
initialization vectors. See IVs
Initiate phase (System Development Life Cycle), 668-669
input/output (I/O), 616
devices, 202
instant messaging applications, 440
Institute of Electrical and Electronics Engineers. See IEEE
intangible asset protection, 597-599, 602, 606
integrated circuit cards. See ICCs
Integrated Product and Process Development. See IPPD
Integrated Services Digital Networks. See ISDNs
integration testing, 673
integrity, 190, 196, 257, 293-299
integrity verification procedure (IVP), 191
intellectual property law, 40
interface-local scope (IPv6), 369
interfaces, 221
HSSI, 434
languages, 157
Interior Gateway Routing Protocol. See IGRP
Intermediate System to Intermediate System. See IS-IS
internal protection, 43
internal security assessments, 535
internal security controls, 645
International Data Encryption Algorithm. See IDEA
International Electrotechnical Commission. See IEC
International Information Systems Security Certification Consortium. See ISC
International Organization on Computer Evidence. See IOCE
International Organization for Standardization. See ISO
Internet Architecture Board. See IAB
Internet Control Message Protocol. See ICMP
Internet Group Management Protocol. See IGMP
Internet Key Exchange protocol. See IKE protocol
Internet layer, 343
Internet Message Access Protocol. See IMAP
Internet of Things. See IoT
Internet Protocol. See IP
Internet security, 300, 394-396
Internet Small Computer System Interface. See iSCSI
interpreters, 660
interviewing (investigations), 573
intranets, 370
intrusion detection and prevention system. See IDPS
intrusion detection systems. See IDSs
intrusion prevention systems. See IPSs
investigations, 566, 571-572, 579
incidents, 609
techniques, 573
IOCE (International Organization on Computer Evidence), 571
I/O (input/output)
devices, 202
IoT (Internet of Things) vulnerabilities, 238-242
IP (Internet Protocol), 343
addresses, 461
networks, 345
common TCP/UDP ports, 346
IPPD (Integrated Product and Process Development), 685
IPS (intrusion prevention system), 407, 612
IPsec (IP security), 361
IPv4 (IP version 4)
addresses, 348
IPv6 (IP version 6), 357
NIST Special Publication (SP) 800-119, 358-360
ISACA (Information Systems Audit and Control Association), 9
ISC (International Information Systems Security Certification Consortium), 52-53
ISCM (information security continuous monitoring), 550-551
ISCP (information system contingency plan), 64
iSCSI (Internet Small Computer System Interface), 381
ISDNs (Integrated Services Digital Networks), 441
IS-IS (Intermediate System to Intermediate System), 415
ISMS (information security management system), 19
ISO (International Organization for Standardization), 18, 335, 570
ISO 9001:2015, 682
ISO/IEC 15288:2015, 181
ISO/IEC 27001:2013, 214
ISO/IEC 27002:2013, 215
ISO/IEC 27005:2011, 105
issue-specific security policies, 57
ITGI (IT Governance Institute), 9
ITIL (Information Technology Infrastructure Library), 9, 28
ITSEC (Information Technology Security Evaluation Criteria), 209-211
IVs (initialization vectors), 268
J
JAD (Joint Analysis Development) model, 681
Java applets, 664
Java Platform, Enterprise Edition (Java EE), 664
JDBC (Java Database Connectivity), 157
Joint Analysis Development. See JAD model
K
KDC (Key Distribution Center), 500
Kerckhoff’s Principle, 255
kernels, security, 694
key clustering, 251
Key Distribution Center. See KDC
key-encrypting keys, 286
key performance indicators, 552, 563
key risk indicators. See KRIs
keyspace, 252
Knapsack algorithm, 279
knowledge factor authentication, 485-489, 515
known plaintext attacks, 302
KRIs (key risk indicators), 552
L
Label Distribution Protocol. See LDP
LANs (local area networks), 351, 370
languages
assembly, 660
high-level, 660
machine, 659
very-high-level, 660
large-scale parallel data systems vulnerabilities, 236-237
Layer 3 switches, 400
Layer 4 switches, 400
layered defense models, 307
layers
Data Link (2), 338
Network (3), 338
Physical (1), 339
Presentation (6), 337
Session (5), 337
Transport (4), 337
LDAP (Lightweight Directory Access Protocol), 376
LDP (Label Distribution Protocol), 376
least privilege principle, 497, 593, 702
legal teams, 635
legally permissible, 574
length of passwords, 487
licenses, 43
licensing law, 40
life cycles, 481
certificates, 281
passwords, 486
security, 31
lighting
security, 643
types of, 644
Lightweight Directory Access Protocol. See LDAP
limiting data collection, 163-164
linear cryptanalysis, 303
Link layer, TCP/IP models, 345
link-local scope (IPv6), 369
link state, 413
link state protocols, 413
linking, 663
links, encryption, 171
Linux, password storage, 488
Lipner model, 191
LLC (logical link control), 338
load balancing, 633
local area networks. See LANs
location factor authentication, 494
databases, 159
doors, 312
continuous monitoring, 588
IDSs, 587
SIEM, 588
types of logs, 586
logic bombs, 691
logical access to assets, 477-479
logical controls, 86
logical link control. See LLC
logs, 541
audit, 505
configuring, 545
low humidity, 320
Lucifer project, 256
M
MAC (mandatory access control), 509
MAC (media access control)
filters, 391
flooding attacks, 454
MAC (Message Authentication Code), 297
machine languages, 659
mainframe/thin client platforms, 194
maintenance
architecture, 223
databases, 158
hooks, 242
MAN (metropolitan area network), 370
man-in-the-middle (MITM) attacks, 454
managing
assets, 145, 590-591, 599-603, 606-607
configuration management, 592-593
controls, 85
credentials, 504
authorization, 609
events, 608
investigations, 609
mitigation, 611
recovery, 612
remediation, 612
reporting, 611
reviewing, 612
lifecycles, 481
media, 601
memory, 205
networks, 607
patch management, 617
privileges, 595
vulnerabilities, 74
responsibilities, 14
security
abstraction, 8
baselines, 58
control framework, 17-18, 21, 24-33
data breaches, 44
data hiding, 8
default security posture, 7
defense-in-depth strategy, 7
employee onboarding/offboarding, 71-72
employment agreements/policies, 70
encryption, 8
guidelines, 58
import/export controls, 45
job rotation, 73
procedures, 57
roles and responsibilities, 14-17
separation of duties, 73
standards, 57
third party access, 72
trans-border data flow, 45
sessions, 503
vulnerabilities, 616
mandatory access control. See MAC
mantraps, 313
marking, 172
masking passwords, 487
massive multiple input multiple output (MIMO), 383
mathematics, cryptography, 258-261
matrix-based models, 186
MD2 message digest algorithms, 296
mean time between failure. See MTBF
mean time to repair. See MTTR
measurements, 89
media
analysis, 577
disposal, 606
history, 606
labeling/storage, 606
management, 601
sanitizing, 606
storage facilities, 317
media access control. See MAC, addresses
meet-in-the middle attacks, 304
cards, 489
managing, 205
tables (exams), 717
memory cards, 489
mesh topologies, 421
Message Authentication Code. See MAC
contention, 426
maturity, 675
metrics, security, 11
metropolitan area networks. See MANs
MFA (multi-factor authentication), 481
middleware, 194
military, data classification, 152-153
MIME (Multipurpose Internet Mail Extension), 394
MIMO (massive multiple input multiple output), 383
MIPv6 (Mobile IPv6), 361
mirrored sites, 630
missions, organizational, 10
misuse case testing, 549
MITM (man-in-the-middle) attacks, 454
mixed law, 40
MLD (Multicast Listener Discovery), 359
mobile application security, 665-668
mobile code, 438, 520, 664, 700
mobile computing, 195
Mobile IPv6. See MIPv6
mobile system vulnerabilities, 244-248
application security, 246
device security, 245
mobile wireless, 383
MODAF (British Ministry of Defence Architecture Framework), 22
models
COM, 663
DCOM, 663
layered defense, 307
Bell-LaPadula model, 189
Biba model, 190
bounds, 183
Brewer-Nash (Chinese Wall) model, 192
CIA, 182
Clark-Wilson Integrity model, 190-191
confinement, 183
defense in depth, 185
Goguen-Meseguer model, 192
Graham-Denning model, 192
Harrison-Ruzzo-Ullman model, 192
ISO/IEC 42010:2011, 193
isolation, 183
Lipner model, 191
services, 196
Sutherland model, 192
STRIDE, 117
VAST, 118
Modified Prototype Model. See MPM
modifying, 283
applications, 246
assets. See assets, security
auditing, 535
baselines, 169
capabilities, 219
encryption/decryption, 223
fault tolerance, 221
interfaces, 221
policy mechanisms, 222
virtualization, 220
laws/regulations, 34
privacy, 35
cryptography, 267
data breaches, 44
device, 245
documentation, 54
baselines, 58
guidelines, 58
procedures, 57
processes, 57
standards, 57
domains, 502
education, 126
email, 300
endpoint, 437
engineering
closed/open systems, 182
objects/subjects, 181
equipment, 321
facility and site design, 307-323
control frameworks, 17-18, 21, 24-33
roles and responsibilities, 14-17
security function alignment, 9-11
import/export controls, 45, 49
Internet, 300
kernels, 694
life cycles, 31
Bell-LaPadula model, 189
Biba model, 190
bounds, 183
Brewer-Nash (Chinese Wall) model, 192
CIA, 182
Clark-Wilson Integrity model, 190-191
confinement, 183
defense in depth, 185
Goguen-Meseguer model, 192
Graham-Denning model, 192
Harrison-Ruzzo-Ullman model, 192
ISO/IEC 42010:2011, 193
isolation, 183
Lipner model, 191
services, 196
Sutherland model, 192
networks, 335, 382, 386, 403, 415, 424, 432, 441-443, 451, 454-462
communication channels, 438-451
operations, 571-576, 579, 589-592, 595, 602, 605, 608, 611, 614, 617-619, 637
asset management, 599-603, 606-607
authorization, 609
change management, 618
concepts, 593
configuration management, 592-593
continuous monitoring, 588
eDiscovery, 585
IDSs, 587
information life cycles, 596-597
job rotation, 595
managing accounts, 594
managing privileges, 595
need to know/least privilege, 593
patches, 617
record retention, 596
resource provisioning, 589-591
sensitive information procedures, 596
separation of duties, 594
SIEM, 588
SLAs, 597
testing disaster recovery plans, 637-639
two-person controls, 596
types of investigations, 581-582
perimeters, 694
personnel, 68
compliance, 72
employee onboarding/offboarding, 71-72
employment agreements/policies, 70
job rotation, 73
privacy, 72
separation of duties, 73
third party access, 72
process data, collecting, 550-551
backing up, 553
disaster recovery, 553
KRIs, 552
managing accounts, 551
training, 553
requirements, 123
risk management, 73-90, 93-106
vulnerabilities, 74
risks in acquisitions, 121-123
software development, 659-668, 700
impact of acquired software, 696-697
operation/maintenance, 684-686
symmetric algorithms, 275
system architecture, 192
terms, 5
abstraction, 8
accounting, 6
auditing, 6
data hiding, 8
default security posture, 7
defense-in-depth strategy, 7
encryption, 8
non-repudiation, 7
testing, 534-535, 553-556, 563
trans-border data flow, 45
vulnerabilities, 224-230, 233-237
modulo function, 260
MOM (motive, opportunity, and means), 572
accountability, 505
continuous, 588
IDSs, 587
ISCM, 550
personnel, 646
services, 196
SIEM, 588
special privileges, 595
synthetic transactions, 546
motive, opportunity, and means. See MOM
movies, DRM, 306
MPLS (Multiprotocol Label Switching), 380
MPM (Modified Prototype Model), 678
MTBF (mean time between failure), 608
MTTR (mean time to repair), 608
multicast addresses, IPv6, 368
Multicast Listener Discovery. See MLD
multicast transmissions, 355
multi-factor authentication. See MFA
multilevel lattice models, 186
multilevel security mode, 184
multimedia collaboration, 439
multiprocessing, 199
Multiprotocol Label Switching. See MPLS
Multipurpose Internet Mail Extension. See MIME
multi-state systems, 199
multitasking, 198
music, DRM, 306
N
NAC (network access control) devices, 435-436
NAS (network-attached storage), 605
NAT (network address translation), 351, 376
National Information Assurance Certification and Accreditation Process. See NIACAP
National Institute of Standards and Technology. See NIST
natural access control, 308
natural disasters, 60
natural territorials reinforcement, 308
natural threats, 109
near field communication. See NFC
need-to-know principle, 497, 593
Neighbor Discovery, 361
Nessus, 538
NetBIOS (Network Basic Input/Output System), 376
network access control devices. See NAC devices
network address translation. See NAT
network-attached storage. See NAS
Network Basic Input/Output System. See NetBIOS
network discovery scans, 536-537
Network File System. See NFS
Network Layer (3), 338
network models, 156
networks
design, 335, 380-382, 386, 403, 415, 424, 432, 441-443, 451, 454-462
communication channels, 438-451
investigations, 578
managing, 607
testing, 536
vulnerability scans, 538
NFC (near field communication), 386
NFS (Network File System), 377
NIACAP (National Information Assurance Certification and Accreditation Process), 217
NIST Framework for Improving Critical Infrastructure Cybersecurity, 103-105
NIST Interagency Report (NISTIR) 7924, 281
NIST (National Institute of Standards and Technology), 9, 90, 147, 170, 570-571
SP (Special Publication), 94-95
SP 800-12 Rev. 1, 24
SP 800-16 Rev. 1, 24
SP 800-18 Rev. 1, 24
SP 800-34 Rev. 1, 24, 62-63, 618
SP 800-37 Rev. 1, 24
SP 800-55 Rev. 1, 24
SP 800-60 Vol. 1 Rev. 1, 24, 94
SP 800-61 Rev. 2, 25
authentication, 480
Risk Management Framework (RMF), 151
Security Rule, 151
SP 800-88 Rev. 1, 25
SP 800-101 Rev. 1, 25
benefits of IaaS deployments, 236
benefits of PaaS deployments, 236
benefits of SaaS deployments, 235
cloud computing, 235
concerns of SaaS deployments, 236
SP 800-160, 25, 90, 96-98, 181
subject attributes, 512
SP 800-175A and B, 26, 257-258
no access, defaults to, 497
noise, 452
non-blind spoofing attacks, 453
nonce, 260
non-interference models, 186
no-operation instructions. See NOPs
NOPs (no-operation instructions), 697
numeric passwords, 486
O
Object Linking and Embedding. See OLE
object-oriented models, 156
object-oriented programming. See OOP
object-relational models, 157
objectives, organizational, 10
occupant emergency plan (OEP), 64
OCSP (Online Certificate Status Protocol), 284
OCTAVE (Operationally Critical Threat, Asset and Vulnerability Evaluation), 28
ODBC (Open Database Connectivity), 157
OEP (occupant emergency plan), 64
OFDM (orthogonal frequency division multiplexing), 382
OFDMA (orthogonal frequency division multiple access), 383
offline, accessing Pearson Test Prep practice test engine, 714
OLE (Object Linking and Embedding), 663
OLE DB (Object Linking and Embedding Database), 157
OLTP (Online Transaction Processing), 159
one-time pads, 264
one-way hash, 294
online, accessing Pearson Test Prep practice test engine, 714
Online Certificate Status Protocol. See OCSP
Online Transaction Processing. See OLTP
onsite assessments, 122
on-time passwords, 486
OOP (object-oriented programming), 660-661
Open Database Connectivity. See ODBC
Open Group Architecture Framework. See TOGAF
Open Group Security Forum, 498
Open Shortest Path First. See OSPF
Open Source Security Testing Methodology Manual. See OSSTMM
Open System Authentication, 387
open systems, 182
Open Systems Interconnection models. See OSI models
Open Web Application Security Project. See OWASP
Operate/Maintain stage (System Development Life Cycle), 669
operating systems, 204
fingerprinting, 537
guest, 451
operational phases, 292
Operationally Critical Threat, Asset and Vulnerability Evaluation. See OCTAVE
operations
information life cycles, 596-597
job rotation, 595
managing accounts, 594
managing privileges, 595
need to know/least privilege, 593
record retention, 596
sensitive information procedures, 596
separation of duties, 594
SLAs, 597
two-person control, 596
eDiscovery, 585
investigations, 566, 571-576, 579
civil, 582
criminal, 582
operations/administrative, 581-582
regulatory, 582
logging/monitoring, 585
continuous monitoring, 588
IDSs, 587
SIEM, 588
recovery
resource provisioning, 589-592
configuration management, 592-593
resources, 602, 605, 608, 611, 614, 617
asset management, 599-603, 606-607
change management, 618
patch management, 617
opinion evidence, 576
optimizing, 89
organizational code of ethics, 54
organizational security policies, 56
organizational strategies, 10
orthogonal frequency division multiple access (OFDMA), 383
orthogonal frequency division multiplexing (OFDM), 382
OSI (Open Systems Interconnection) models, 335-338
OSPF (Open Shortest Path First), 414
OSSTMM (Open Source Security Testing Methodology Manual), 106
over-the-shoulder code review, 547
OWASP (Open Web Application Security Project), 244, 687
ownership
factor authentication, 488-489
P
packet creation, 336
packet-switching networks, 432
pair programming code review, 547
PAN (personal area network), 372
parallel tests, 639
paraphrase passwords, 486
parity information, 602
partial-knowledge tests, 540
passing tokens, 430
passive infrared (PIR) systems, 642
passive vulnerability scanners. See PVSs
passwords
NIST Special Publication (SP) 800-63, 481-484, 487
threats, 517
PASTA methodology, 117
PAT (port address translation), 351, 377
patch management, 617
patch panels, 397
patent law, 40
Path Maximum Transmission Unit Discovery. See PMTUD
paths, trusted, 616
patrol force, 644
PBX (private branch exchange), 405, 434
PCI DSS Version 3.2, 216
Pearson Test Prep practice test engine, 713-715
customizing, 715
memory tables, 717
review tools, 717
updating, 716
peer-to-peer computing vulnerabilities, 237
perimeter intrusion detection, 642
periodic reviews, 126
permissions, 508
personal area networks. See PAN
personal firewalls, 438
Personal Information Protection and Electronic Documents Act (PIPEDA), 49
Personal versions, 388
Personally identifiable information. See PII
personnel, 68
compliance, 72
disaster recovery, 634
employee onboarding/offboarding, 71-72
employment agreements/policies, 70
job rotation, 73
monitoring, 646
privacy, 72
separation of duties, 73
third party access, 72
personnel components (business continuity), 62
personnel testing, 536
PGP (Pretty Good Privacy), 393
PHI (protected health information), 149-151
photoelectric systems, 643
photometric systems, 643
physical access to assets, 477-479
physical assets, 591
physical controls, 87
Physical layer (1), 339
physical security, 308, 640-644
physical testing, 536
physiological systems, 490
PII (Personally Identifiable Information), 46, 147
ping of death, 455
ping scanning, 456
pipe systems, 318
PIR (passive infrared) systems, 642
piracy, 43
PKI (public key infrastructure), 279-285
plain old telephone service. See POTS
plaintext, 251
Plan/Initiate Project phase (SDLC), 671
planning
PMTUD (Path Maximum Transmission Unit Discovery), 362
Point-to-Point-Protocol. See PPP
policies
access control, 514
AUP, 567
compliance, 72
design, 165
employee onboarding/offboarding, 71-72
employment, 70
mechanisms, 222
privacy, 72
provisioning, 515
reviews, 122
risk management, 77
third party, 72
politically motivated threats, 114-115
polling, 430
polymorphism, 661
POP (Post Office Protocol), 377
port address translation. See PAT
portable media devices, 322
ports
common TCP/UDP, 346
scanning, 461
Post Office Protocol. See POP
post-operational phases, 292
potential attacks, 120
POTS (plain old telephone service), 434
power
conditioners, 320
levels, 391
redundancy, 631
supplies, 319
PPP (Point-to-Point-Protocol), 433
pre-activation states, 290-291
Presentation Layer (6), 337
presenting findings (evidence), 569
preservation, 574
Pretty Good Privacy. See PGP
preventing
access control threats, 523
unauthorized access, 587
preventive controls, 84
preventive measures against threats, 614
primary keys, 156
primary memory, 201
principles
of least privilege, 222
cloud-based systems, 234
compliance, 35
import/export controls, 49
personnel, 72
private authorization keys, 287
private branch exchange. See PBX
private ephemeral key-agreement keys, 287
private IP addresses, 350
private key-transport keys, 286
private sector classification, 151-152
private static key-agreement keys, 287
privileges, 508
procedures
documentation, 57
process data (security), collecting, 550
backing up, 553
disaster recovery, 553
KRIs, 552
managing accounts, 551
training, 553
processes
critical, 66
documentation, 57
forensic, 584
remediation, 121
review, 122
states, 199
processors, privacy, 162
programming languages, 659
proof of identity processes, 503
properly identified, 574
proprietary data, 151
protected health information. See PHI
protecting resources, 597-599, 602, 605, 608
protection domains, 503
BGP, 415
BOOTP, 373
CDP, 412
CIFS/SMB, 377
converged, 379
FCoE, 379
iSCSI, 381
VoIP, 381
DAP, 498
FTP, 374
FTPS, 374
HTTPS, 375
IGRP, 414
IKE, 361
IMAP, 376
IPv6, 357
NIST Special Publication (SP) 800-119, 358-360
LDAP, 376
LDP, 376
POP, 377
PPP, 433
RARP, 372
remote authentication, 448
RIP, 414
SFTP, 374
S-HTTP, 375
SSL, 378
TCP, 341
TFTP, 374
TLS, 378
UDP, 341
VRRP, 414
prototyping, 677
provisioning
account revocation, 516
configuration management, 592-593
PSTN (public switched telephone network), 434
public authorization keys, 287
public ephemeral key-agreement keys, 287
public IP addresses, 350
public key infrastructure. See PKI
public key-transport keys, 286
public static key-agreement keys, 287
public switched telephone network. See PSTN
PVSs (passive vulnerability scanners), 538
Q
QoS (Quality of Service), 361, 633
qualitative risk management, 80
quality of asset security, 144
Quality of Service. See QoS
Qualys, 538
quantitative risk analysis, 79
quantum cryptography, 394
quarantines, 436
R
RA (registration authority), 279
RAD (Rapid Application Development) model, 680
RADIUS (Remote Authentication Dial-In User Service), 447
RAID (Redundant Array of Inexpensive Discs), 601-603, 632
Rainbow Series, 206
rainbow table attacks, 518
random access devices, 202
ransomware, 304, 462, 521, 692
Rapid Application Development. See RAD model
RARP (Reverse ARP), 372
RBAC (role-based access control), 510, 512
RC4/RC5/RC6/RC7, 275
RDBMSs (relational database management systems, 155
read-through tests, 638
real user monitoring. See RUM
reboots, 615
reciprocal agreements, 630
recoverability, 68
recovery
controls, 84
data, 623
incidents, 612
priorities, 68
systems, 600
teams, 635
trusted, 615
recovery point objective. See RPO
recovery time object. See RTO
Red Book, 206
sites, 630
systems, 630
reference monitors, 694
referential integrity, 156
registration, 503
registration authority. See RA
regulatory investigations, 582
regulatory law, 39
relational database management systems (RDBMSs), 155
relational models, 155
Release/Maintenance phase (SDLC), 673
religious law, 40
relocation teams, 635
remote access applications, 395, 440
Remote Authentication Dial-In User Service. See RADIUS
remote authentication protocols, 448
remote connection technologies, 440
remote meeting technology, 440
remote network attacks, 460
renewal of certificates, 283
repeaters, 398
replay attacks, 304
evidence, 570
incidents, 611
reports, SOC, 555
requirements
security, 123
services, 123
residual risk, 82
resilience, 633
resources
access control, 475
critical, 66
managing, 607
protecting, 597-599, 602, 605, 608
configuration management, 592-593
relationship between users and, 476
requirements, 67
security, 11
responding
responses
to disasters, 634
responsibilities
restoration processes, 637
restoration teams, 636
restricted work areas, 316
retention (data), asset security, 164-165
reuse of objects, 700
Reverse ARP. See RARP
reverse engineering, 304
review tools (exams), 717
access, 516
incidents, 612
periodic, 126
revocation, 551
accounts, 516
certificates, 283
rights, 508
Rijndael design, 274
ring structures, 205
ring topologies, 419
riots, 114
RIP (Routing Information Protocol), 414
risk
appetite, 76
definition of, 75
vulnerabilities, 74
abstraction, 8
accounting, 6
auditing, 6
data hiding, 8
default security posture, 7
defense-in-depth strategy, 7
encryption, 8
non-repudiation, 7
Rivest, Ron, 277
rogue programmers, 699
role-based access control. See RBAC
roles
managing, 594
separation of, 594
root accounts, 488
rootkits, 692
routes, aggregation (IPv6), 362
routing
hybrid, 413
Routing Information Protocol. See RIP
RPO (recovery point objective), 619
RSA algorithm, 277
RTO (recovery time object), 619
rule-based access control, 510
rules
firewalls, 346
of engagement, 609
of evidence, 574
RUM (real user monitoring), 546
running key ciphers, 263
S
safe harbor laws, 51
safeguards, 81
safes, 323
sags, 319
salting, 299
salvage teams, 636
SAM (Security Accounts Manager), 488
SAML (Security Assertion Markup Language), 244, 502
SAN (storage area network), 371, 604, 632
sanitization, 163
data, 702
media, 606
Sarbanes-Oxley (SOX) Act, 47
SASE (specific application service element), 337
satellites, 383
scanning
network vulnerability, 538
ports, 461
types, 693
schemas, 155
Scientific Working Group on Digital Evidence. See SWGDE
scope
for incident response teams, 609
of business continuity, 62
scoping, 170
scrubbing, 506
SDLC (Software Development Life Cycle), 670-673
Accreditation/Certification phase, 674
Design phase, 672
Develop phase, 672
Dispose stage, 670
Gather Requirements phase, 671
Plan/Initiate Project phase, 671
Release/Maintenance phase, 673
Test/Validate phase, 672
SDN (software-defined networking), 450
searching (investigations), 576-577
secondary evidence, 575
secure data centers, 316
Secure Electronic Transaction. See SET
Secure European System for Applications in a Multi-vendor Environment. See SESAME
Secure Hash Algorithm. See SHA
Secure-HTTP. See S-HTTP
Secure MIME. See S/MIME
Secure Shell. See SSH
Secure Sockets Layer. See SSL
security
applications, 246
assets. See assets, security
auditing, 535
baselines, 169
capabilities, 219
encryption/decryption, 223
fault tolerance, 221
interfaces, 221
policy mechanisms, 222
virtualization, 220
laws/regulations, 34
privacy, 35
cryptography, 267
data breaches, 44
device, 245
documentation, 54
baselines, 58
guidelines, 58
procedures, 57
processes, 57
standards, 57
domains, 502
education, 126
email, 300
endpoint, 437
engineering
closed/open systems, 182
objects/subjects, 181
equipment, 321
facility and site design, 307-323
control frameworks, 17-18, 21, 24-33
roles and responsibilities, 14-17
security function alignment, 9-11
import/export controls, 45, 49
Internet, 300
kernels, 694
life cycles, 31
Bell-LaPadula model, 189
Biba model, 190
bounds, 183
Brewer-Nash (Chinese Wall) model, 192
CIA, 182
Clark-Wilson Integrity model, 190-191
confinement, 183
defense in depth, 185
Goguen-Meseguer model, 192
Graham-Denning model, 192
Harrison-Ruzzo-Ullman model, 192
ISO/IEC 42010:2011, 193
isolation, 183
Lipner model, 191
services, 196
Sutherland model, 192
networks, 335, 382, 386, 403, 415, 424, 432, 441-443, 451, 454-462
communication channels, 438-451
operations, 571-576, 579, 589-592, 595, 602, 605, 608, 611, 614, 617-619, 637
asset management, 599-603, 606-607
authorization, 609
change management, 618
concepts, 593
configuration management, 592-593
continuous monitoring, 588
eDiscovery, 585
IDSs, 587
information life cycles, 596-597
job rotation, 595
managing accounts, 594
managing privileges, 595
need to know/least privilege, 593
patches, 617
record retention, 596
resource provisioning, 589-591
sensitive information procedures, 596
separation of duties, 594
SIEM, 588
SLAs, 597
testing disaster recovery plans, 637-639
two-person controls, 596
types of investigations, 581-582
perimeters, 694
personnel, 68
compliance, 72
employee onboarding/offboarding, 71-72
employment agreements/policies, 70
job rotation, 73
privacy, 72
separation of duties, 73
third party access, 72
process data, collecting, 550-551
backing up, 553
disaster recovery, 553
KRIs, 552
managing accounts, 551
training, 553
requirements, 123
risk management, 73-90, 93-106
vulnerabilities, 74
risks in acquisitions, 121-123
software development, 659-668, 700
impact of acquired software, 696-697
operation/maintenance, 684-686
symmetric algorithms, 275
system architecture, 192
terms, 5
abstraction, 8
accounting, 6
auditing, 6
data hiding, 8
default security posture, 7
defense-in-depth strategy, 7
encryption, 8
non-repudiation, 7
testing, 534-535, 553-556, 563
trans-border data flow, 45
vulnerabilities, 224-230, 233-237
Security Accounts Manager. See SAM
security administrators, 16
security analysts, 17
Security Assertion Markup Language. See SAML
security information and event management. See SIEM
security teams, 636
segmenting data, 146
seizure (investigations), 576-577
selecting standards, 170
sensitive information procedures, 596
sensitivity, data classification, 146-151
separation of duties, 73, 496, 594
separation of privilege, 222
sequencing, 343
server-based system vulnerabilities, 225-226
server rooms, 316
servers, proxy, 404
service-level agreements. See SLAs
Service Organization Control. See SOC
service-oriented architect. See SOA
service set identifiers. See SSIDs
services, 372
directory, 498
IDaaS, 507
NAT, 376
NetBIOS, 376
NFS, 377
PAT, 377
requirements, 123
risks, 121
security, 196
third-party identity, 507
SESAME (Secure European System for Applications in a Multi-vendor Environment), 501
Session layer (5), 337
sessions
hijacking attacks, 461
managing, 503
SET (Secure Electronic Transaction), 395
SFTP (SSH File Transfer Protocol), 374
SHA (Secure Hash Algorithm), 296
Shamir, Adi, 277
Shared Key Authentication, 387
shareware, 43
Sherwood Applied Business Security Architecture (SABSA), 22
shoulder surfing, 519
S-HTTP (Secure-HTTP), 375
side-channel attacks, 305
SIEM (security information and event management), 543-544, 588
signaling, analog/digital, 353
signatures, digital, 299
Simple Mail Transfer Protocol. See SMTP
Simple Network Management Protocol. See SNMP, 377
simple passwords, 485
simple security rule, 189
simulation tests, 639
single-factor authentication, 495
single loss expectancy. See SLE
single point of failure. See SPOF
single sign-on. See SSO
single-state systems, 199
site-local scope (IPv6), 369
site surveys, 391
Six Sigma, 29
skills, security training, 124-125
Skipjack, 274
SLAs (service-level agreements), 597, 607
SLE (single loss expectancy), 79
smart cards, 489
SMDS (Switched Multimegabit Data Service), 433
S/MIME (Secure MIME), 394
SMTP (Simple Mail Transfer Protocol), 377, 498
smurf attacks, 455
SNAT (Stateful NAT), 351
SNMP (Simple Network Management Protocol), 377, 544
SOA (service-oriented architecture), 664
SOC (Service Organization Control), 555
social engineering attacks, 302, 518
sockets, 346
software
analyzing, 578
backups, 621
impact of acquired software, 696-697
operation/maintenance, 684-686
patches, 617
risks, 121
security, 599
software-defined networking. See SDN
Software Development Life Cycle. See SDLC
software piracy, 43
SONET (Synchronous Optical Networking), 431
source code
analysis tools, 688
issues, 697
SPs (Special Publications [NIST]), 94-95
SP 800-12 Rev. 1, 24
SP 800-16 Rev. 1, 24
SP 800-18 Rev. 1, 24
SP 800-34 Rev. 1, 24, 62-63, 618
SP 800-37 Rev. 1, 24
SP 800-55 Rev. 1, 24
SP 800-60 Vol. 1 Rev. 1, 24, 94
SP 800-61 Rev. 2, 25
authentication, 480
Risk Management Framework (RMF), 151
Security Rule, 151
SP 800-88 Rev. 1, 25
SP 800-101 Rev. 1, 25
benefits of IaaS deployments, 236
benefits of PaaS deployments, 236
benefits of SaaS deployments, 235
cloud computing, 235
concerns of SaaS deployments, 236
SP 800-160, 25, 90, 96-98, 181
subject attributes, 512
SP 800-175A and B, 26, 257-258
spam, 459
spear phishing, 519
special privileges, monitoring, 595
specific application service element. See SASE
Spiral model, 678
split knowledge, 260
SPOF (single point of failure), 608
SSAE (Statements on Standards for Attestation Engagement), 554
SSH (Secure Shell), 396
SSH File Transfer Protocol. See SFTP
SSIDs (service set identifiers), 384, 390
SSL (Secure Sockets Layer), 378
SSO (single sign-on), 498, 507
stacks, 336
standard word passwords, 485
standards
802.11, 382
deviations, 615
documentation, 57
security implementation, 213-215
selecting, 170
star (*) property rule, 189
star topologies, 421
state machine models, 185
Stateful NAT. See SNAT
Statements on Standards for Attestation Engagement. See SSAE
static passwords, 485
static testing, 548
statistical attacks, 304
steganography, 265
media, 606
privacy, 168
storage area networks. See SAN
strategies
stream-based ciphers, 267
STRIDE model, 117
strikes, 114
strong star property rule, 189
Structured Programming Development model, 681
structured walk-through test, 638
subject attributes, 512
subjects, 181
substitution, 252
substitution ciphers, 263
supervisors, 17
supply recovery, 620
surges, 319
suspended states, 291
Sutherland model, 192
SWGDE (Scientific Working Group on Digital Evidence), 571
Switched Multimegabit Data Service. See SMDS
switches, 399
symmetric, 251
AES, 274
Blowfish, 275
CAST, 275
IDEA, 274
RC4/RC5/RC6/RC7, 275
Skipjack, 274
Twofish, 275
symmetric authorization keys, 287
symmetric data-encryption keys, 286
symmetric key-agreement keys, 287
symmetric-key algorithms, 286
symmetric key-wrapping key, 286
symmetric master keys, 286
symmetric random number generation keys, 286
SYN ACK attacks, 460
synchronous, 251
Synchronous Optical Networking. See SONET
synchronous tokens, 488
synchronous transmissions, 354
synthetic transaction monitoring, 546
system administrators, 16
system architecture, 192, 196-205
System Development Life Cycle, 668
Acquire/Develop stage, 669
Dispose stage, 670
Operate/Maintain stage, 669
system evaluation models
controls/countermeasures, 217
security implementation standards, 213-215
system hardening, 616
system high security mode, 184
system-level recovery strategies, 619
system resilience, 633
system-specific security policies, 57
systems
access reviews, 516
certification, 217
client-based vulnerabilities, 224-225
cloud-based systems vulnerabilities, 230, 233-237
cryptographic vulnerabilities, 227
custodians, 161
database vulnerabilities, 226
embedded vulnerabilities, 250
grid computing vulnerabilities, 237
large-scale parallel data vulnerabilities, 236-237
mobile vulnerabilities, 244-249
operating CPUs, 204
ownership, 161
peer-to-peer computing vulnerabilities, 237
server-based vulnerabilities, 225-226
testing, 536
Web-based vulnerabilities, 242-244
systems owners, 16
T
table-top exercises, 638
tables
capabilities, 514
memory (exams), 717
TACACS+ (Terminal Access Controller Access-Control System Plus), 447
tagging attacks, 454
tailoring, 170
Take-Grant model, 187
tamper protection, 321
tangible asset protection, 597-599, 602, 606
target tests, 540
T-carriers, 430
TCB (trusted computer base), 694
TCP (Transmission Control Protocol)
headers, 341
ports, 346
TCP/IP (Transmission Control Protocol/Internet Protocol) models, 340-345
TCSEC (Trusted Computer System Evaluation Criteria), 206-209
TDM (Time Division Multiplexing), 355
TDMA (time division multiple access), 383
teams
risk analysis, 77
risk management, 77
teardrop attacks, 461
technical controls, 86
technological disasters, 59
technologies
recovery, 620
WANs, 430
telco concentrators, 397
telecommuting, 450
telnets, 448
TEMPEST program, 522
Terminal Access Controller Access-Control System Plus. See TACACS+
terrorism, 114
tertiary sites, 630
test coverage analysis, 549, 562
test data method, 672
Test/Validate phase (SDLC), 672
testing
acceptance, 696
dynamic, 548
fuzz, 548
misuse case, 549
regression, 696
security, 535-550, 553-556, 562-563
static, 548
unit, 673
testing, training, and exercises. See TT&E
TFTP (Trivial FTP), 374
third party
access, 72
identity services, 507
security assessments, 535
security services, 613
APT, 523
databases, 158
mitigating, 523
passwords, 517
potential attacks, 120
preventive measures against, 614
remediation, 121
Tiger, 297
Time division multiple access (TDMA), 383
Time Division Multiplexing. See TDM
time factor authentication, 495
Time of Check/Time of Use. See TOC/TOU
T-lines, 430
TLS (Transport Layer Security), 378
TOC/TOU (Time of Check/Time of Use), 243, 700
TOGAF (Open Group Architecture Framework), 22
Token Ring 802.5 standard, 424
tool-assisted, 547
tools
network discovery, 537
Pearson Test Prep practice test engine, 713-715
review (exams), 717
source code analysis, 688
top-down approach, 31
tornadoes, 109
tort law, 39
total risk, 82
TPM (Trusted Platform Module), 220-221
Traceroute exploitation, 456
tracking devices, 322
trade secrets, 41
trails, audit, 506
disaster recovery, 637
trans-border data flow, 45
transformation procedure (TP), 191
transmission
IPv6, 362
sanitizing data, 702
transmission media, 415, 424, 432
Transport layer (4), 337
Transport Layer Security. See TLS
transposition ciphers, 252, 265
travel, security, 646
Treadway Commission Framework, 28
Trike, 117
Trivial FTP. See TFTP
tropical storms, 109
trust, 185
trusted computer base. See TCB
Trusted Computer System Evaluation Criteria. See TCSEC
trusted paths, 616
Trusted Platform Module. See TPM, 220
TT&E (testing, training, and exercises), 65
tuples, 155
turnstiles, 313
two-person control, 596
Twofish, 275
types
of antennas, 392
of audits, 587
of backups, 625
of doors, 312
of glass, 315
of investigations, 581
civil, 582
criminal, 582
operations/administrative, 581-582
regulatory, 582
of lighting, 644
of locks, 313
of logs, 586
of memory, 200
of outages, 319
of viruses, 689
U
UDP (User Datagram Protocol)
headers, 341
ports, 346
ULAs (unique local addresses), 369
unauthorized disclosure of information, 615
unconstrained data item (UDI), 191
unicast addresses, 368
unicast transmissions, 355
uninterruptible power supplies (UPSs), 320
unique local addresses. See ULAs
unit testing, 673
United States Federal Sentencing Guidelines of 1991, 49
unscheduled reboots, 615
updating exams, 716
URFI (Unified Extensible Firmware Interface), 203
URL hiding, 458
USA Freedom Act of 2015, 50
USA PATRIOT Act of 2001, 50
U.S. Digital Millennium Copyright Act. See DMCA
users, 17
access control, 476
access reviews, 516
environment recovery, 623
relationship between resources and, 476
utility threats, 111
V
vacations, 595
validation testing, 673
values, 661
vandalism, 113
VAST model, 118
vaults, 323
vectored orthogonal frequency division multiplexing (VOFDM), 383
verification data, backing up, 553
Vernam, Gilbert, 264
very-high-level languages, 660
video games, DRM, 306
Vigenere cipher, 254
virtual computing, 195
virtual local area networks. See VLANs
virtual private networks. See VPNs
Virtual Router Redundancy Protocol. See VRRP
virtual storage area networks. See VSANs
visibility (of building), 309
visitor control, 315
VLANs (virtual local area networks), 400
VOFDM (vectored orthogonal frequency division multiplexing), 383
voice, 439
VoIP (Voice over Internet Protocol), 381, 434-435
volcanoes, 110
VPNs (virtual private networks), 443-445
concentrator, 398
screen scraper, 449
VRRP (Virtual Router Redundancy Protocol), 414
VSANs (virtual storage area network), 451
V-shaped model, 677
architecture
cloud-based systems, 230, 233-235, 237
cryptographic systems, 227
database systems, 226
grid computing, 237
large-scale parallel data systems, 236-237
peer-to-peer computing, 237
embedded systems, 250
management systems, 616
managing, 617
application security, 246
device security, 245
network scans, 538
risk management, 74
source code, 697
Web-based systems, 242
maintenance hooks, 242
time-of-check/time-of-use attacks, 243
W
walls, 642
WANs (wide area networks), 371, 430
warchalking, 460
wardriving, 460
warm sites, 629
WASC (Web Application Security Consortium), 686
water leakage, 320
Waterfall model, 676
wave motion detectors, 643
Web Application Security Consortium. See WASC
Web-based systems vulnerabilities, 242
maintenance hooks, 242
time-of-check/time-of-use attacks, 243
web caching, 404
WEP (Wired Equivalent Privacy), 387
whaling, 459
white-box testing, 547
whitelisting, 613
wide area networks. See WANs
Wi-Fi Protected Access. See WPA
Wired Equivalent Privacy. See WEP
wireless local area networks. See WLANs
wireless networks, 381
802.11 techniques, 382
attacks, 459
cellular or mobile, 383
satellites, 383
wireless transmissions, 356-357
wiring controls, 316
WLANs (wireless local are networks), 356, 371, 384-386
802.11 techniques, 382
standards, 384
work areas, 316
work factor, 252
work function, 252
work recovery time. See WRT
WPA (Wi-Fi Protected Access), 388
WRT (work recovery time), 619
X
X.25, 433
XML (Extensible Markup Language)
attacks, 244
data storage, 157
Z
Zachman Framework, 21
zero-day attacks, 462
zero-knowledge
proof algorithm, 279
Zigbee, 387
zombies, 691