Introduction
Part I: Threats, Attacks, and Vulnerabilities
Chapter 1: Indicators of Compromise and Malware Types
Viruses
Worms
Ransomware
Trojan Horses
Rootkits
Logic Bombs
Bots
Spyware
What Next?
Chapter 2: Attack Types
Social Engineering
Phishing and Related Attacks
Tailgating
Impersonation
Dumpster Diving
Shoulder Surfing
Hoaxes
Watering Hole Attacks
Principles (Reasons for Effectiveness)
Application/Service Attacks
Spoofing
Buffer and Integer Overflows
Zero-Day Attack
Code Injections
Hijacking and Related Attacks
Man-in-the-Middle
Denial of Service
Cryptographic Attacks
Brute Force
Weak Implementations
Wireless
Wi-Fi
Short Range Wireless Communications
What Next?
Chapter 3: Threat Actor Types and Attributes
Threat Actor Attributes
Threat Actor Types
Script Kiddies
Insiders
Hacktivists
Organized Crime
Competitors
Nation States
Open Source Intelligence
What Next?
Chapter 4: Penetration Testing
Testing Methodology
Planning
Discovery
Attack
Reporting
What Next?
Chapter 5: Vulnerability Scanning
Types of Vulnerability Scans
Intrusive vs. Non-intrusive
Credentialed vs. Non-credentialed
What Next?
Chapter 6: Impacts Associated with Vulnerability Types
People and Process
Race Conditions
Resource Exhaustion
Architecture and Design
Configuration
Cryptographic Management
Embedded Systems
Lack of Vendor Support
Improper Software Handling
Leaks, Overflows, and Code Injection
What Next?
Part I Cram Quiz
Part II: Technology and Tools
Chapter 7: Network Components
Perimeter Security
Firewalls
VPN Concentrators
NIDS and NIPS
Internal Security
Routers
Switches
Protections
Bridges
Boundary Devices
Proxies
Load Balancers
Access Points
Enforcement Tools
SIEM
DLP
NAC
Gateways
Cryptographic Devices
SSL/TLS Accelerators and Decryptors
HSM
What Next?
Chapter 8: Software Tools
Vulnerability Assessment Tools
Analyzers and Scanners
Detection and Protection Tools
Honeypots
Exploitation Frameworks
Password Crackers
Steganography
Backup Utilities
Data Sanitizing Tools
Command-line Tools
What Next?
Chapter 9: Security Issues
Authentication, Authorization, and Access
Unencrypted Credentials and Clear Text
Permission Issues
Access Violations
Authentication Issues
Certificate Issues
Misconfigurations and Deviations
Firewall
Content Filter
Access Points
Baseline Deviation
Weak Security Configurations and Data Exfiltration
Personnel
Policy Violation
Insider Threat
Social Engineering
Social Media
Personal Email
Logs and Event Anomalies
Assets and Licensing
Asset Management
License Compliance Violation
Unauthorized Software
What Next?
Chapter 10: Security Technologies
Security Technologies
Host Technologies
Enterprise Technologies
What Next?
Chapter 11: Mobile Devices
Communication Methods
Mobile Device Management Concepts
Device, Application, and Content Management
Protections
Enforcement and Monitoring
Deployment Models
BYOD, CYOD, COPE and Corporate-owned Devices
VDI
Deployment Strategies
What Next?
Chapter 12: Secure Protocols
Secure Protocols
Securing Web Protocols
Securing File Transfer Protocols
Securing Email Protocols
Securing Internal Protocols
Use Cases
Secure Web Communication
Secure File Transfer Communication
Secure Email Communication
Secured Internal Communication
What Next?
Part II Cram Quiz
Part III: Architecture and Design
Chapter 13: Use Cases, Frameworks, and Best Practices
Industry-standard Frameworks and Reference Architectures
Regulatory and Non-regulatory
National vs. International
Industry-specific Frameworks
Benchmarks and Secure Configuration Guides
Platform and Vendor-specific Guides
General Purpose Guides
Defense in Depth and Layered Security
Vendor Diversity
Control Diversity
User Training
What Next?
Chapter 14: Network Architecture
Zones and Topologies
DMZ, Intranet, and Extranet
Wireless, Guest, and Ad Hoc Networks
NAT
Honeynet
Segregation, Segmentation, and Isolation
Physical
Logical (VLAN)
Virtualization
VPN Tunneling
Security Device and Technology Placement
Sensors, Collectors, and Correlation Engines
Firewalls, Proxies, and Filters
Accelerators, Concentrators, and Balancers
Switches, Taps, and Mirroring
SDN
What Next?
Chapter 15: Secure Systems Design
Hardware and Firmware Security
FDE and SED
TPM and HSM
BIOS and UEFI
Secure Boot
Attestation
Supply Chain
Hardware Root of Trust
EMI and EMP
Operating Systems
Patch Management
Disabling Unnecessary Ports and Services
Least Functionality
Secure Configurations
Trusted Operating System
Application Whitelisting/Blacklisting
Disable Default Accounts and Passwords
Peripherals
Wireless Keyboards and Mice
Displays
WiFi-Enabled MicroSD Cards and Digital Cameras
Printers and MFDs
External Storage Devices
What Next?
Chapter 16: Secure Staging Deployment
Sandboxing
Environment
Development and Test
Staging and Production
Secure Baseline
Integrity Measurement
What Next?
Chapter 17: Embedded Systems
SCADA and ICS
Smart Devices and IoT
Wearable Technology
Home Automation
SoC and RTOS
HVAC
Printers, MFDs, and Camera Systems
Special-Purpose Devices
Medical Devices
Vehicles
Aircraft and UAV
Protecting Embedded Systems
What Next?
Chapter 18: Secure Application Development and Deployment
Development Life-cycle Models
Waterfall vs. Agile
Secure DevOps
Continuous Integration and Security Automation
Baselining
Immutable Systems
Infrastructure As Code
Change Management and Version Control
Provisioning and Deprovisioning
Secure Coding Techniques
Proper Error Handling
Proper Input Validation
Normalization
Stored Procedures
Code Signing
Encryption, Obfuscation, and Camouflage
Code Reuse and Dead Code
Use of Third-Party Libraries and SDKs
Server-side vs. Client-side Execution and Validation
Memory Management
Data Exposure
Compiled vs. Runtime Code
Code Quality and Testing
Static Code Analyzers
Dynamic Analysis
Stress Testing
Sandboxing
Model Verification
What Next?
Chapter 19: Cloud and Virtualization
Virtualization Concepts
Hypervisors
VDE/VDI
VM Sprawl Avoidance
VM Escape Protection
Cloud Concepts
Cloud Storage
Cloud Deployment Models
On-premises vs. Hosted vs. Cloud
Cloud Access Security Broker
Security as a Service
What Next?
Chapter 20: Reducing Risk
Automation and Scripting
Templates and Master Images
Non-persistence
Snapshots
Revert to Known State and Rollback to Known Configuration
Live Boot Media
Scalability and Elasticity
Distributive Allocation
Fault Tolerance and Redundancy
High Availability
RAID
What Next?
Chapter 21: Physical Security Controls
Perimeter Security
Signs, Fencing, and Gates
Lighting
Barricades and Bollards
Cameras
Security Guards
Internal Security
Alarms
Motion and Infrared Detection
Mantraps
Locks and Lock Types
Cards, Tokens, and Biometrics
Key Management
Logs
Equipment Security
Cable Locks
Cages and Safes
Locking Cabinets and Enclosures
Screen Filters
Air Gap
Environmental Controls
Protected Cabling, Protected Distribution, and Faraday Cages
HVAC
Fire Suppression
Hot and Cold Aisles
What Next?
Part III Cram Quiz
Part IV: Identity and Access Management
Chapter 22: Identity and Access Management Concepts
Identification, Authentication, Authorization, and Accounting (AAA)
Multifactor Authentication
Federation, Single Sign-On, and Transitive Trust
Single Sign-On
Federation
Transitive Trust
What Next?
Chapter 23: Identity and Access Services
Authentication Protocols
Directory Services Protocols
AAA Protocols and Services
Federated Services
What Next?
Chapter 24: Identity and Access Controls
Access Control Models
Physical Access Controls
Tokens
Certificate-based Authentication
File System Security
Database Security
What Next?
Chapter 25: Account Management Practices
Account Types
General Concepts
Account Policy Enforcement
What Next?
Part IV Cram Quiz
Part V: Risk Management
Chapter 26: Policies, Plans, and Procedures Related to Organizational Security
Human Resource Management Policies
Background Checks
Onboarding
Mandatory Vacations
Separation of Duties
Job Rotation
Clean Desk Policies
Role-Based Awareness and Training
Continuing Education
Acceptable Use Policy/Rules of Behavior
Internet Usage
Nondisclosure Agreements
Disciplinary and Adverse Actions
Exit Interviews
Interoperability Agreements
What Next?
Chapter 27: Business Impact Analysis
Critical Functions
Identification of Critical Systems
Single Points of Failure
Recovery Objectives
MTTR
MTTF and MTBF
Impact
Privacy
What Next?
Chapter 28: Risk Management Processes and Concepts
Threat Assessment
Risk Assessment
Qualitative Versus Quantitative Measures
Supply Chain Assessment
Change Management
Testing Authorization
Risk Register
Risk Response Techniques
What Next?
Chapter 29: Incident Response Procedures
Incident Response Plan
Documented Incident Type/Category Definitions
Roles and Responsibilities
Reporting Requirements and Escalation
Cyber-incident Response Teams
Training, Tests, and Exercises
Incident Response Process
Preparation
Incident Identification and Analysis
Containment, Eradication, and Recovery
Post-Incident Activities
What Next?
Chapter 30: Forensics
Strategic Intelligence/Counterintelligence Gathering
Track Man-hours
Order of Volatility
Chain of Custody
Legal Hold
Data Acquisition
Capture System Images
Capture Network Traffic and Logs
Capture Video
Record Time Offset
Take Hashes
Capture Screenshots
Collect Witness Interviews
What Next?
Chapter 31: Disaster Recovery and Continuity of Operations
Disaster Recovery
Recovery Sites
Backups
Geographic Considerations
Continuity of Operation Planning
What Next?
Chapter 32: Controls
Nature of Controls
Functional Use of Controls
Deterrent
Preventive
Detective
Corrective
Compensating Controls
What Next?
Chapter 33: Data Security and Privacy Practices
Data Sensitivity Labeling and Handling
Privacy Laws and Regulatory Compliance
Data Roles
Data Retention and Disposal
Retention
Disposal
What Next?
Part V Cram Quiz
Part VI: Cryptography and PKI
Chapter 34: Cryptography
Keys
Key Exchange
Symmetric Algorithms
Asymmetric Algorithms
Elliptic Curve and Quantum Cryptography
Session Keys
Nonrepudiation and Digital Signatures
Hashing
Use of Proven Technologies and Implementation
Obfuscation
Use Cases
Resource Constraints
What Next?
Chapter 35: Cryptography Algorithms
Obfuscation Techniques
Symmetric Algorithms
Cipher Modes
Asymmetric Algorithms
Hashing Algorithms
Key Derivation Function
What Next?
Chapter 36: Wireless Security Settings
Access Methods
Wireless Cryptographic Protocols
Wireless Equivalent Privacy
Wi-Fi Protected Access
Wi-Fi Protected Access Version 2
Authentication Protocols
What Next?
Chapter 37: Public Key Infrastructure
Certificate Authority (CA)
Certification Practice Statement
Trust Models
Key Escrow
Digital Certificate
Public and Private Key Usage
Certificate Signing Request
Certificate Policy
Certificate Types
Certificate Formats
Certificate Revocation
OCSP Stapling
Pinning
What Next?
Part VI Cram Quiz
Elements Available Online
Glossary of Essential Terms and Components
Cram Quizzes
9780789759009 TOC 11/21/2017
