Index
Number and Symbol
4GL (fourth-generation programming languages),
433
9 Step process, risk analysis,
67–68
A
ABM (Asynchronous Balanced Mode), HDLC,
256
Abstraction, secure design concepts,
117
Academy Award watermarks,
183
Accepted practices, customary law,
21
content-/context-dependent,
323
credential management systems,
313
defensive categories and types,
55–58
endpoint security
Federated Identity Management,
312
Harrison–Ruzzo–Ullman model,
112
information flow model,
109
Microsoft Active Directory Domains,
320
preventative controls,
55–56
reading up and writing down,
104–105
security assessments and audits,
332–333
Take-Grant Protection Model,
110
Accountability
centralized access control,
309
cornerstone concepts,
16–17
OECD privacy guidelines,
37
ACL (Access Control Lists),
275
Acquired software, security impact assessment,
468–469
Acquisitions, security issues,
45–46
Activation of disaster recovery teams,
393
Active-active clusters,
382,
416
Active Directory Domains,
320
Active entities, subjects and objects,
18
Active-passive clusters,
382,
416
Adaptive chosen ciphertext attacks,
173–174
Adaptive chosen plaintext attacks,
173
Addressing
Network Interface Cards,
227
Address Resolution Protocol,
See ARP
Address space layout randomization,
See ASLR
Ad hoc mode, 802,
11,
261
Administrative law, concepts,
23
ADSL (Asymmetric Digital Subscriber Line), properties,
283
Advanced Encryption Standard,
See AES
Agents of law enforcement, reasonable searches,
28–29
Agile Software Development,
439–441
AH (Authentication Headers), IPSEC,
179–181
Airborne contaminants,
203
ALE (Annualized Loss Expectancy), risk analysis,
60–64
Allocated space, forensics,
353
Alteration, cornerstone concepts,
13–14
ALU (arithmetic logic unit),
120
AMD-V (AMD Virtualization),
118
AMP (asymmetric multiprocessing),
122
Analog communications,
221
Analysis
Analytics, database security issues,
144
ANN (Artificial Neural Networks),
470–471
Annualized Loss Expectancy,
See ALE
Anomaly Detection Intrusion Detection Systems,
366
APIs (Application Programming Interfaces), security,
449
Applets, vulnerabilities,
141
Application Layer
Layer 7 of OSI model,
224,
274
Application-layer proxy firewalls,
274
Application Programming Interfaces,
See APIs
Application virtualization, remote access,
284–285
Architecture
secure operating systems and software,
127–131
trusted platform modules,
126
Archive bits, backup storage,
378
ARCNET (Attached Resource Computer Network),
249
ARM (Asynchronous Response Mode), HDLC,
256
ARO (Annual Rate of Occurrence), risk analysis,
62
Artificial Neural Networks,
See ANN
ASLR (Address Space Layout Randomization),
126–127
Assessments
data security controls,
92–98
sensitive information media,
84–85
Asymmetric Digital Subscriber Line,
See ADSL
Asymmetric multiprocessing,
See AMP
Asynchronous Balanced Mode,
See ABM
Asynchronous dynamic tokens,
303
Asynchronous Response Mode,
See ARM
Asynchronous Transfer Mode,
See ATM
ATA Data Set Management Command, TRIM,
89–90
ATA Secure Erase, SSDs,
90
ATM (Asynchronous Transfer Mode),
255
Attestation, service provider security,
44
Attributes, relational databases,
451
Attribution, computer crimes,
31
Authentication
access control
centralized access control,
309–311
location-based access control,
309
Authentication Headers,
See AH
Authentication servers,
See AS
Authorization
centralized access control,
309
cornerstone concepts,
16–18
Availability
AVPs (Attribute Value Pairs), RADIUS,
319
Awareness, training of personnel,
52,
419–420
B
Backup storage
sensitive information,
84–85
storage and transportation,
84,
97–98
“Bad” blocks/clusters/sectors, forensics,
354
Bands of the electromagnetic spectrum,
259
Bandwidth, packet-switched networks,
222
Baseband networks, concepts,
220
BCI (Business Continuity Institute),
Good Practice Guide,
423
disasters or disruptive events,
385–392
Executive Succession Planning,
411–412
failure and recovery metrics,
401–403
recovery strategy development,
403–407
subscription services,
407
vital records storage,
411
Becoming a CISSP,
Bell-LaPadula model of access control,
106
Berkeley Software Distribution,
See BSD
BGP (Border Gateway Protocol),
271
BIA (Business Impact Analysis),
399–403
Biba model of access control,
107–108
BOOTP (Bootstrap Protocol),
135,
245
Bottom-Up programming,
434
Breaches
BRI (Basic Rate Interface), ISDN,
282
BSD (Berkeley Software Distribution),
435–436
Budgeting, risk analysis,
64–65
Buffer overflows, software development,
463–464
Buildings
heat, smoke and flame detectors,
203–204
site configuration and design,
197–199
Business Continuity Institute,
See BCI
Business Continuity Planning,
See BCP
Business interruption testing, Disaster Recovery Plans,
419
Business Owners, information security,
85
C
Cabling
Calculation
Callback, authentication,
283
Candidate Information Bulletin,
See CIB
Candidate keys, relational databases,
451
Canons, the (ISC)
2® Code of Ethics,
47–48
Carrier Sense Multiple Access with Collision Detection,
See CSMA/CD
CAs (Certification Authorities), PKI,
178
CASE (Computer-Aided Software Engineering),
434
Categories of cabling,
246
CBC (Cipher Block Chaining), DES,
163
CBC-MAC (Cipher Block Chaining Message Authentication Codes),
177
CBK (Common Body of Knowledge),
CBT (Computer Based Testing),
CCB (Configuration Control Boards),
450
CCD (Charged Couple Discharge) Cameras,
185–186
CCMP (Counter Mode CBC MAC Protocol),
262
CCTV (Closed Circuit Television),
185–187
CDI (constrained data items), Clark–Wilson,
108
CDN (Content Distribution Networks),
287
CD-Rs (Compact Discs - Recordable),
92
Centralized access control,
309–311
Centralized logging, reviews,
334–335
CEO (Chief Executive Officers), BCP/DRP development,
395–397
CER (Crossover Error Rate), biometrics,
293,
305–306
Certificate Revocation Lists,
See CRL
Certification
CFB (Cipher Feedback), DES,
163
CFO (Chief Financial Officers), BCP/DRP development,
395–397
Chaining, symmetric encryption,
161
Challenge-Handshake Authentication Protocol,
See CHAP
Challenge-response tokens,
303
Channels
CHAP (Challenge-Handshake Authentication Protocol),
278,
320
Checklists
Disaster Recovery Plans,
418
exam readiness,
Chief Information Officers,
See CIO
Chinese Wall model of access control,
109
Chosen plaintext attacks,
173
CIA triad (confidentiality, integrity and availability),
12–15
CIB (Candidate Information Bulletin),
CIDR (Classless Inter-Domain Routing),
231,
232–233
CIO (Chief Information Officers), BCP/DRP development,
395–397
Cipher Block Chaining Message Authentication Codes,
See CBC-MAC
Ciphers
Ciphertext
Circuit-level proxy firewalls,
274
Circuit-switched networks,
221
Circumstantial evidence,
25
CIRT (Computer Incident Response Teams),
19,
358
CISC (Complex Instruction Set Computers),
122–123
CIS security benchmarks,
64–65
Clark–Wilson integrity model,
108–109
Classes of fires and suppression agents,
205–207
Classful networks/addresses,
232
Class I/II/III/IV gates,
184
Classifications, data security,
82–85
Classless Inter-Domain Routing,
See CIDR
Clipping levels, passwords,
295–296
Closed source software,
435
Closed systems, design concepts,
119
CMP (Crisis Management Plans),
409–411
CM Plans (Configuration Management Plans),
450
CMS (Content Management Systems),
449–450
COBIT (Control Objectives for Information and Related Technology) framework,
95
CO
2 (Carbon Dioxide), fire suppression,
208
CoCom (The Coordinating Committee for Multilateral Export Controls),
39,
160
Cohesion, Object-Orientated Programming,
458–459
Collection limitation principle,
37
Collisions
Color of law enforcement,
28–29
Combinatorial testing of software,
338
COM (Component Object Model),
460
Commandments of Computer Ethics,
48
Commercial Off-the-Shelf software,
See COTS
Common Object Request Broker Architecture,
See CORBA
authentication protocols and frameworks,
278–280
Content Distribution Networks,
287
remote meeting technology,
286
telecommunications management,
404–405
Compartmentalization
information security,
82–83
Compensating controls, concepts,
57
Compensatory financial damages,
23
Complete business interruption testing,
419
Complex Instruction Set Computers,
See CISC
Complexity
passwords and passphrases,
295
Components, program policies,
49–50
Computer-Aided Software Engineering,
See CASE
Computer Ethics Institute,
48
Computer Fraud and Abuse Act - Title 18 Section 1030,
40,
41–42
Computer Incident Response Teams,
See CIRT
Computer Security Incident Response Teams,
See CSIRT
Confidentiality
code repository history,
448
cornerstone concepts,
12–15
trusted platform modules,
126
Confidential object labeling,
82
Configuration Control Boards,
See CCB
Configuration issues
Conflicts of interest, Chinese Wall model,
109
Confusion, cryptography,
147
Congestion Window Reduced flags,
See CWR
Connections, maintenance, OSI model,
224
Constrained user interfaces, databases,
453
Consultants, security issues,
53–54
Containment phase, incident responses,
361
Contaminants, airborne,
203
Content-dependent access control,
323
Content Distribution Networks,
See CDN
Content Management Systems,
See CMS
Context-dependent access control,
323
Continuity of operations
Business Continuity Planning,
383–424
Disaster Recovery Planning,
383–424
disasters or disruptive events,
385–392
Executive Succession Planning,
411–412
failure and recovery metrics,
401–403
Highly Available clusters,
382,
416
incident response management,
357–363
recovery strategy development,
403–407
subscription services,
407
telecommunications management,
404–405
utilities management,
405
vital records storage,
411
Continuity of Operations Plans,
See COOP
Continuity Planning Project Teams,
See CPPT
Continuity of Support Plans,
408
Continuous monitoring, security operations,
367
Contractors, security issues,
53–54
Contractual security, service providers,
44–45
Control frameworks
Control technologies, access management,
309–320
Convention on Cybercrime,
38
Converged protocols, networks,
256–258
Convergence, routing,
268
COO (Chief Operating Officers), BCP/DRP development,
395–397
The Coordinating Committee for Multilateral Export Controls,
See CoCom
CORBA (Common Object Request Broker Architecture),
460–461
Cornerstone concepts
confidentiality, integrity and availability,
12–15
disclosure, alteration and destruction,
13–14
identity and authentication, authorization and accountability,
15–18
Object-Orientated Programming,
457–458
Corroborative evidence,
25–26
Corrosion, environmental control,
203
Cosmic compartmented information, NATO,
83
Cost approach to asset valuation,
61
COTS (Commercial Off-the-Shelf) software, security impacts,
468–469
Council of Europe Convention on Cybercrime,
38
Count-down timers, gas fire suppression systems,
209
Counter-based synchronous dynamic tokens,
303
Countermeasures
Coupling, Object-Orientated Programming,
458–459
CPPT (Continuity Planning Project Teams),
397–398
CPUs (Central Processing Units)
multitasking and multiprocessing,
122
Crashes, watchdog timers,
122
Credential management systems,
313
Crime, site selection,
197
Crisis Communications Plans,
409
Critical assets
Business Impact Analysis,
400
vital records storage,
411
Critical processes, watchdog timers,
122
Critical resources
Business Continuity Planning,
385
Critical state assessment, BCP/DRP development,
398–399,
400
CRL (Certificate Revocation Lists), PKI,
178
Crossover, Genetic Algorithms,
472
Cryptographic strength,
148
Cryptographic technologies
import/export restrictions,
39
trusted platform modules,
126
Cryptography
confidentiality, integrity, authentication and non-repudiation,
146–147
confusion, diffusion, substitution and permutation,
147
Cryptology
CSIRT (Computer Security Incident Response Teams),
358
CSMA (Carrier Sense Multiple Access),
219,
248–249
CSMA/CD (Carrier Sense Multiple Access with Collision Detection),
249
CSRF (Cross-Site Request Forgery),
465
CSU/DSU (Channel Service Unit/Data Service Unit),
277
CTR (Counter Mode), DES,
163
CU (control unit), CPUs,
120
Custodians, information security,
86
Custom-developed third party products, security impacts,
469
CWR (Congestion Window Reduced) flags,
238
Cybercrimes
financially motivated attackers,
390
Cyber Incident Response Plans,
409
D
DAC (Discretionary Access Control),
293,
321,
349
DAD triad (disclosure, alteration and destruction),
13–14
DARPA (Defense Advanced Research Projects Agency),
221–222
Data
breach notification laws,
43
exfiltration prevention,
193
security classifications,
82–85
Databases
constrained user interfaces,
453
Data centers, environmental and power issues,
388–389
Data Circuit-Terminating Equipment,
See DCE
Data collection limitations,
86–87
Data Manipulation Language,
See DML
authentication protocols and frameworks,
278–280
Data points, fingerprint scans,
305
Data Quality principles,
37
Data security controls,
92–98
accreditation and certification,
92–93
scoping and tailoring,
96
standards and frameworks,
93–96
Data Terminal Equipment/Data Circuit-Terminating Equipment,
See DTE/DCE
DBAs (Database Administrators),
451
DC (Domain Controllers),
296
DCE (Data Circuit-Terminating Equipment),
277
DCOM (Distributed Component Object Model),
460
DDL (Data Define Language),
453–454
DDoS (Distributed Denial of Service) attacks,
72
De-acquisitions, security issues,
46
DEA (Data Encryption Algorithm)
Decentralized access control,
309–310
Declaration on Transborder Data Flows,
39
Decode instructions, CPUs,
121
Decryption
Dedicated mode of operation,
112
Default routes, LANs,
267
Defense Advanced Research Projects Agency,
See DARPA
Defense-in-Depth,
19,
145
restricted areas and escorts,
196
Defensive categories, access control,
55–58
Defined, CMM Phase, ,
467
Deletion of files, remanence,
91
Deluge sprinkler systems,
211
De-mergers, security issues,
46
De-multiplexing, TCP/IP model,
226
DEP (Data Execution Prevention),
126–127
Deployment of patches,
372
Design concepts
large-scale parallel data systems,
134
open and closed systems,
119
secure hardware architecture,
119–127
secure operating system and software architecture,
127–131
trusted platform modules,
126
Destruction
cornerstone concepts,
13–14
Detection phase, incident responses,
360
Anomaly Detection IDS,
366
Pattern Matching IDS,
366
Protocol Behavior IDS,
366
Deterrent controls, concepts,
56–57,
58
Development
exam objectives summary,
473
Object-Orientated Analysis and Design,
461–462
Object-Orientated Programming,
456–461
Rapid Application Development,
442
Device drivers, ring model,
118
DF (do not fragment) flags, IPv4,
229
DHCP (Dynamic Host Configuration Protocol),
135,
231,
245
Differential cryptanalysis,
174–175
Diffie–Hellman Key Agreement Protocol,
169
Diffusion, cryptography,
147
Digital communications, fundamental concepts,
221
Digital forensics, security operations,
352–357
Digital signatures, cryptography,
176–177
Digital Watermarks, implementation,
183
Diligence
Dilution of trademarks,
35
Directed broadcast addresses,
236
Direct evidence, concept,
25
Direct mode, memory addressing,
123
Directory Path Traversal,
463
Direct Sequence Spread Spectrum,
See DSSS
Disabling
Disaster, definition,
347
Disaster Recovery Planning,
See DRP
Disasters
Disciplinary processes,
17,
53
Disclosure
cornerstone concepts,
13–14
software vulnerabilities,
466
Discrete logarithms, asymmetric encryption,
169
Discretionary Access Control,
See DAC
Disease, personnel shortages,
390–391
Diskless workstations, principles,
135
Disks
hashing for authenticity validation,
297
Disruptive events
errors and omissions,
387
financially motivated attackers,
390
warfare, terrorism and sabotage,
389
Distance Vector Routing Protocols,
269–271
Distributed Component Object Model,
See DCOM
Distributed Denial of Service attacks,
See DDoS
Divestitures, security,
46
DLP (Data Loss Prevention),
367–368
DML (Data Manipulation Language),
453–454
DMZ (Demilitarized Zone),
276
DNP3 (Distributed Network Protocol),
256
DNS (Domain Name System),
244
DNSSEC (Domain Name Server Security Extensions),
244
Documentation, security policies,
49–52
DoD (U.S. Department of Defense),
221
Domain Name Server Security Extensions,
See DNSSEC
DoS (Denial of Service) attacks,
14,
72,
259
Double-interlock sprinkler systems,
211
Drag & drop questions,
5–7
DRAM (Dynamic Random Access Memory),
88
Drills
Disaster Recovery Plans,
418
Executive Succession Planning,
411–412
failure and recovery metrics,
401–403
subscription services,
407
vital records storage,
411
Dry pipe sprinkler systems,
210–211
Dry powder, fire suppression,
208
DSL (Digital Subscriber Line), properties,
283
DSSS (Direct Sequence Spread Spectrum), WLANs,
259–260
DSU (Data Service Unit),
277
DTE (Data Terminal Equipment),
277
DTE/DCE (Data Terminal Equipment/Data Circuit-Terminating Equipment),
277
Dual stack systems, TCP/IP,
231
Duties
DVR (Digital Video Recorders),
185
Dynamic Host Configuration Protocol,
See DHCP
Dynamic testing of software,
335–336
E
EAL (Evaluation Assurance Levels), ICC,
116
EAP (Extensible Authorization Protocol),
278–280
EAP-FAST (EAP-Flexible Authentication via Secure Tunneling),
280
EAPOL (EAP Over LAN),
279
EAP-TLS (EAP-Transport Layer Security),
280
EAP-TTLS (EAP-Tunneled Transport Layer Security),
280
Earthquake Disaster Risk Index,
59–60
ECB (Electronic Code Book), DES,
161–162
ECE (Explicit Congestion Notification Echo) flags,
238
ECPA (Electronic Communications Privacy Act),
40
EDE (Encrypt, Decrypt, Encrypt), Triple DES,
164
eDISCOVERY (Electronic Discovery),
357
EEPROM (Electronically Erasable Programmable Read Only Memory),
88–90
EER (Equal Error Rates), biometrics,
305–306
EES (Escrowed Encryption Standard),
182
EF (Exposure Factors), risk analysis,
62,
63
EGPs (Exterior Gateway Protocols),
268–269
Egyptian Hieroglyphics,
150
Electricity
emergency power training,
419
Electromagnetic Interference,
See EMI
Electromagnetic spectrum, bands,
259
Electronically Erasable Programmable Read Only Memory,
See EEPROM
Electronically stored information,
See ESI
Electronic Communications Privacy Act,
See ECPA
Electronic Protected Health Information,
See ePHI
Elliptic Curve Cryptography,
169
Embedded device forensic analysis,
356–357
Emergency Operations Centers,
See EOC
Emergency power
training requirements,
419
Employees
disaster recovery training and awareness,
419–420
disciplinary processes,
17,
53
Encapsulating Security Payload,
See ESP
Encapsulation
Object-Orientated Programming,
457
Encryption
disks, security operations,
370
Message Authentication Codes,
177–178
trusted platform modules,
126
Encryption order, triple DES,
164–165
End-to-end encryption,
98
Enforcement
English letters, frequency,
148
Enrollment, biometrics,
304
Enterprise Architecture,
111,
126
Entity integrity, relational databases,
452
Environmental controls
heat, smoke and flame detectors,
203–204
personnel safety, training and awareness,
204–205
Environmental disasters, types,
386–387
EOC (Emergency Operations Centers),
411
ePHI (Electronic Protected Health Information),
97
EPROM (Erasable Programmable Read Only Memory),
88–89
Eradication phase, incident response management,
361
Erasable Programmable Read Only Memory,
See EPROM
Errors
Escorts, restricted areas,
196
Escrowed encryption, implementation,
181–182
Escrowed Encryption Standard,
See EES
ESI (electronically stored information), eDISCOVERY,
357
Ethernet
EU (European Union)
Convention on Cybercrime,
38
Data Protection Directive,
36–38
EU–US Safe Harbor Agreement,
38
EUI-64 (Extended Unique Identifiers),
227
EULA (end-user license agreements),
34,
435
Evaluation, real-world system security,
113–115
Evaluation Assurance Levels,
See EAL
Events
Evidence
reasonable searches,
27–30
Examinations
after,
computer based testing,
drag & drop questions,
5–7
multiple-choice questions,
practice tests,
retakes,
scenario questions,
self tests
three pass method,
Execute functions, CPUs,
121
Executive Succession Planning,
411–412
Exfiltration prevention,
193
Exigent circumstances, reasonable searches,
27–30
Explicit Congestion Notification Echo flags,
See ECE
Extensible Authorization Protocol,
See EAP
Extensible Authorization Protocol-Flexible Authentication via Secure Tunneling,
See EAP-FAST
Extensible Authorization Protocol-Transport Layer Security,
See EAP-TLS
Extensible Authorization Protocol-Tunneled Transport Layer Security,
See EAP-TTLS
Extensible Markup Language,
See XML
Extensions, copyright terms,
33
External auditors, access control security,
333
Extranets, fundamental concepts,
221
F
Factoring prime numbers, encryption,
168–169
Failures in communications,
391–392
Fairness, biometrics,
304
Fair use limitations, copyright,
34
False negative/positive events,
363–364
FAT (File Allocation Table), remanence,
91
FCIP (Fibre Channel over IP),
257
FCoE (Fibre Channel over Ethernet),
256–257
FDDI (Fiber Distributed Data Interface),
249–250
FDX (Fetch, Decode, Execute) instruction,
121
Feedback, symmetric encryption,
161
Fetch, Decode, Execute instruction,
See FDX
FHSS (Frequency Hopping Spread Spectrum), WLANs,
259–260
Fiber Distributed Data Interface,
See FDDI
FIdM (Federated Identity Management),
312
Field-programmable devices,
89
FIFO (First In First Out) tape rotation,
415
File authorizations
Financial damages, common types,
23
Financially motivated attacks,
390
Fires
portable extinguishers,
211
screened host architecture,
275–276
Firmware, remanence,
88–89
Fitness functions, Genetic Algorithms,
472
Flash memory, remanence,
89
Foreign keys, relational databases,
452
Formal access approval,
83
FOUO (For Official Use Only),
82
Fourth-generation programming languages,
See 4GL
Fragmentation, IPv4 packets,
228–229
Frameworks
data security controls,
93–96
Frequency of English letters,
148
Frequency Hopping Spread Spectrum,
See FHSS
FTP (File Transfer Protocol),
242–243
Full disclosure of software vulnerabilities,
466
Full-duplex communication,
220
Full-knowledge tests, penetration testing,
330
G
GANs (Global Area Networks),
221
Garbage collection, SSDs,
89
Gas-based systems for fire suppression,
208–209
Gateway-to-gateway architecture,
281
Generic Routing Encapsulation,
See GRE
Genetic Algorithms/Programming,
472
GFS (Grandfather-Father-Son) tape rotation,
415
GIF (Graphics Interchange Format),
224
GIG (Global Information Grid),
221
GLBA (Gramm–Leach–Bliley Act),
40
GLB (Greatest Lower Bound),
106–107
Governance
GPG (Good Practice Guide),
423
GPUs (Graphical Processing Units),
299
Graphical remote access,
285
Graphics Interchange Format,
See GIF
GRE (Generic Routing Encapsulation), PPTP,
281
Grid computing, principles,
134
Gross negligence, concepts,
19
Guards, perimeter defenses,
195
Guidelines
privacy in OECD countries,
37
H
financially motivated,
390
Half-duplex communication, concept,
220
Halon and substitutes,
209
Hand geometry, implementation,
307
Handheld Device Markup Language,
See HDML
Handling
Hangs, watchdog timers,
122
Hardware
Harrison–Ruzzo–Ullman model,
See HRU
Hashed Message Authentication Codes,
See HMAC
HAVAL (Hash of Variable Length), cryptography,
171
HDLC (High-Level Data Link Control),
256
HDML (Handheld Device Markup Language),
286–287
HDSL (High-data-rate Digital Subscriber Line), properties,
283
Headers
Health Insurance Portability and Accountability Act,
See HIPAA
Heat, environmental controls,
202
Heating, ventilation and air conditioning,
See HVAC
HIDS (Host-based Intrusion Detection Systems),
365
Hierarchical networks,
251
High-data-rate Digital Subscriber Line,
See HDSL
HIPAA (Health Insurance Portability and Accountability Act),
14,
40,
42–43,
54–55,
97
HIPS (Host-based Intrusion Prevention Systems),
365
HMAC (Hashed Message Authentication Codes),
177–178
Hold-down timers, Routing Information Protocol,
270–271
Horizontal escalation,
465
Host-based Intrusion Detection Systems,
See HIDS
Host-based Intrusion Prevention Systems,
See HIPS
Host-to-gateway architecture, IPsec,
281
Host-to-host architecture, IPsec,
281
Host-to-Host Transport Layer, TCP/IP model,
226,
237–241
Hot sites, continuity of operations,
406
HRU (Harrison–Ruzzo–Ullman) model of access control,
112
HTTP (Hypertext Transfer Protocol),
245
HTTPS (Hypertext Transfer Protocol Secure),
179,
245
HWP (heavy weight processes),
121–122
Hybrid attacks, password cracking,
300
Hypertext Transfer Protocol Secure,
See HTTPS
I
IaaS (Infrastructure as a Service),
132–133
IAB (Internet Activities Board), ethics,
48–49
IAM (Identity and Access Management),
293–327
content-/context-dependent access control,
323
credential management systems,
313
Discretionary Access Control,
321
Federated Identity Management,
312
Mandatory Access Control,
293,
321
Microsoft Active Directory Domains,
320
non-discretionary access control,
321–323
rule-based access control,
323
task-based access control,
323
third-party system integration,
314
ICC (Integrated Circuit Cards),
190–192
ICH (I/O Controller Hub),
120
IDaaS (Identity as a Service),
312–313
IDEA (International Data Encryption Algorithm),
165
Identity
Identity and Access Management,
See IAM
IDL (Interface Definition Language),
460–461
IEEE (Institute of Electrical and Electronics Engineers), OUIs and EUIs,
227
IGPs (Interior Gateway Protocols),
268–269
IKE (Internet key Exchange), IPSEC,
180–181
IMAP (Internet Message Access Protocol),
243
Impact, risk analysis,
60
Implementation, cryptography,
176–183
Implementation attacks, cryptanalysis,
175
Import/export restrictions,
38–39
Incident response management,
357–363
Income approach, asset valuation,
61
Indirect mode, memory addressing,
123
Individual participation principle, OECD privacy guidelines,
37
Industrial, Scientific and Medical bands,
See ISM
Inference, database security,
143–144
Inference engines, expert systems,
469–470
Information flow model, access control,
109
Information Systems Audit and Control Association,
See ISACA
Information Technology Infrastructure Library,
See ITIL
Information technology Security Evaluation Criteria,
See ITSEC
Inheritance, Object-Orientated Programming,
457–458
Initialization vectors, symmetric ciphers,
160–161
Initiation, BCP/DRP development projects,
395–398
Inline Network-based Intrusion Prevention Systems,
365
Installation testing,
337
Instances, Object-Orientated Programming,
457
Institute of Electrical and Electronics Engineers,
See IEEE
Intangible assets, value calculation,
61
Integrated Services Digital Network,
See ISDN
Integrity
code repository history,
448
computer crime investigations,
297
trusted platform modules,
126
*Integrity Axiom, access control,
107–108
Integrity models, access control,
106–109
Intel VT (Intel Virtualization Technology),
118
Interface Definition Language,
See IDL
Internal audits, access control security,
333
Internal traffic, RFC 1918 addressing,
233–234
International Common Criteria, security evaluation,
115–116
International cooperation, cybercrimes,
38
International Data Encryption Algorithm,
See IDEA
International Software Testing Qualifications Board,
See ISTQB
Internet
fundamental concepts,
221
Internet Control Message Protocol,
See ICMP
Internet Message Access Protocol,
See IMAP
Internet Security Association and Key Management Protocol,
See ISAKMP
Internet Small Computer System Interface,
See iSCSI
Interpreted languages,
431
Intrusion Detection Systems,
See IDS
Intrusion Prevention Systems,
See IPS
Investigations
entrapment and enticement,
30
exigent circumstances,
27–30
reasonable searches,
27–30
IPID (IP Identification Fields), IPv4 packet fragmentation,
229
IPSEC (Internet Protocol Security), implementation,
98,
179–181
IPS (Intrusion Prevention Systems),
363–366
IPT (Integrated Product Teams), software development,
447
IRC (Internet Relay Chat) networks,
72,
285
ISACA (Information Systems Audit and Control Association), COBIT framework,
95
ISAKMP (Internet Security Association and Key Management Protocol), IPSEC,
180
the (ISC)
2® Code of Ethics,
46–48
iSCSI (Internet Small Computer System Interface),
256–257
ISDN (Integrated Services Digital Network),
282–283
ISM (Industrial, Scientific and Medical) bands,
259
ISO 17799, asset security,
94–95
ISO 27000 series, asset security,
94–95
ISO 27001, service provider security,
44
ISTQB (International Software Testing Qualifications Board),
467–468
ITIL (Information Technology Infrastructure Library) framework,
95
ITSEC (Information technology Security Evaluation Criteria),
114–115
IVPs (integrity verification procedures), Clark–Wilson,
108