Description
Book SynopsisTable of ContentsIntroduction xxxi
Chapter 1 Today’s Security Professional 1
Cybersecurity Objectives 2
Data Breach Risks 3
The DAD Triad 4
Breach Impact 5
Implementing Security Controls 7
Gap Analysis 7
Security Control Categories 8
Security Control Types 9
Data Protection 10
Data Encryption 11
Data Loss Prevention 11
Data Minimization 12
Access Restrictions 13
Segmentation and Isolation 13
Summary 13
Exam Essentials 14
Review Questions 16
Chapter 2 Cybersecurity Threat Landscape 21
Exploring Cybersecurity Threats 23
Classifying Cybersecurity Threats 23
Threat Actors 25
Attacker Motivations 31
Threat Vectors and Attack Surfaces 32
Threat Data and Intelligence 35
Open Source Intelligence 35
Proprietary and Closed- Source Intelligence 38
Assessing Threat Intelligence 39
Threat Indicator Management and Exchange 40
Information Sharing Organizations 41
Conducting Your Own Research 42
Summary 42
Exam Essentials 43
Review Questions 45
Chapter 3 Malicious Code 49
Malware 50
Ransomware 51
Trojans 52
Worms 54
Spyware 55
Bloatware 56
Viruses 57
Keyloggers 59
Logic Bombs 60
Rootkits 60
Summary 62
Exam Essentials 62
Review Questions 64
Chapter 4 Social Engineering and Password Attacks 69
Social Engineering and Human Vectors 70
Social Engineering Techniques 71
Password Attacks 76
Summary 78
Exam Essentials 78
Review Questions 80
Chapter 5 Security Assessment and Testing 85
Vulnerability Management 87
Identifying Scan Targets 87
Determining Scan Frequency 89
Configuring Vulnerability Scans 91
Scanner Maintenance 95
Vulnerability Scanning Tools 98
Reviewing and Interpreting Scan Reports 101
Confirmation of Scan Results 111
Vulnerability Classification 112
Patch Management 112
Legacy Platforms 113
Weak Configurations 115
Error Messages 115
Insecure Protocols 116
Weak Encryption 117
Penetration Testing 118
Adopting the Hacker Mindset 119
Reasons for Penetration Testing 120
Benefits of Penetration Testing 120
Penetration Test Types 121
Rules of Engagement 123
Reconnaissance 125
Running the Test 125
Cleaning Up 126
Audits and Assessments 126
Security Tests 127
Security Assessments 128
Security Audits 129
Vulnerability Life Cycle 131
Vulnerability Identification 131
Vulnerability Analysis 132
Vulnerability Response and Remediation 132
Validation of Remediation 132
Reporting 133
Summary 133
Exam Essentials 134
Review Questions 136
Chapter 6 Application Security 141
Software Assurance Best Practices 143
The Software Development Life Cycle 143
Software Development Phases 144
DevSecOps and DevOps 146
Designing and Coding for Security 147
Secure Coding Practices 148
API Security 149
Software Security Testing 149
Analyzing and Testing Code 150
Injection Vulnerabilities 151
SQL Injection Attacks 151
Code Injection Attacks 155
Command Injection Attacks 155
Exploiting Authentication Vulnerabilities 156
Password Authentication 156
Session Attacks 157
Exploiting Authorization Vulnerabilities 160
Insecure Direct Object References 161
Directory Traversal 161
File Inclusion 163
Privilege Escalation 163
Exploiting Web Application Vulnerabilities 164
Cross- Site Scripting (XSS) 164
Request Forgery 167
Application Security Controls 168
Input Validation 168
Web Application Firewalls 170
Parameterized Queries 170
Sandboxing 171
Code Security 171
Secure Coding Practices 173
Source Code Comments 174
Error Handling 174
Hard- Coded Credentials 175
Package Monitoring 175
Memory Management 176
Race Conditions 177
Unprotected APIs 178
Automation and Orchestration 178
Use Cases of Automation and Scripting 179
Benefits of Automation and Scripting 179
Other Considerations 180
Summary 181
Exam Essentials 181
Review Questions 183
Chapter 7 Cryptography and the PKI 189
An Overview of Cryptography 190
Historical Cryptography 191
Goals of Cryptography 196
Confidentiality 197
Integrity 199
Authentication 200
Non-repudiation 200
Cryptographic Concepts 200
Cryptographic Keys 201
Ciphers 202
Modern Cryptography 202
Cryptographic Secrecy 202
Symmetric Key Algorithms 204
Asymmetric Key Algorithms 205
Hashing Algorithms 208
Symmetric Cryptography 208
Data Encryption Standard 208
Advanced Encryption Standard 209
Symmetric Key Management 209
Asymmetric Cryptography 211
RSA 212
Elliptic Curve 213
Hash Functions 214
Sha 215
md 5 216
Digital Signatures 216
HMAC 217
Public Key Infrastructure 218
Certificates 218
Certificate Authorities 219
Certificate Generation and Destruction 220
Certificate Formats 223
Asymmetric Key Management 224
Cryptographic Attacks 225
Brute Force 225
Frequency Analysis 225
Known Plain Text 226
Chosen Plain Text 226
Related Key Attack 226
Birthday Attack 226
Downgrade Attack 227
Hashing, Salting, and Key Stretching 227
Exploiting Weak Keys 228
Exploiting Human Error 228
Emerging Issues in Cryptography 229
Tor and the Dark Web 229
Blockchain 229
Lightweight Cryptography 230
Homomorphic Encryption 230
Quantum Computing 230
Summary 231
Exam Essentials 231
Review Questions 233
Chapter 8 Identity and Access Management 237
Identity 239
Authentication and Authorization 240
Authentication and Authorization Technologies 241
Authentication Methods 246
Passwords 247
Multifactor Authentication 251
One- Time Passwords 252
Biometrics 254
Accounts 256
Account Types 256
Provisioning and Deprovisioning Accounts 257
Access Control Schemes 259
Filesystem Permissions 260
Summary 262
Exam Essentials 262
Review Questions 264
Chapter 9 Resilience and Physical Security 269
Resilience and Recovery in Security Architectures 271
Architectural Considerations and Security 273
Storage Resiliency 274
Response and Recovery Controls 280
Capacity Planning for Resilience and Recovery 283
Testing Resilience and Recovery Controls and Designs 284
Physical Security Controls 285
Site Security 285
Detecting Physical Attacks 291
Summary 291
Exam Essentials 292
Review Questions 294
Chapter 10 Cloud and Virtualization Security 299
Exploring the Cloud 300
Benefits of the Cloud 301
Cloud Roles 303
Cloud Service Models 303
Cloud Deployment Models 307
Private Cloud 307
Shared Responsibility Model 309
Cloud Standards and Guidelines 312
Virtualization 314
Hypervisors 314
Cloud Infrastructure Components 316
Cloud Compute Resources 316
Cloud Storage Resources 319
Cloud Networking 322
Cloud Security Issues 325
Availability 325
Data Sovereignty 326
Virtualization Security 327
Application Security 327
Governance and Auditing of Third- Party Vendors 328
Hardening Cloud Infrastructure 328
Cloud Access Security Brokers 328
Resource Policies 329
Secrets Management 330
Summary 331
Exam Essentials 331
Review Questions 333
Chapter 11 Endpoint Security 337
Operating System Vulnerabilities 339
Hardware Vulnerabilities 340
Protecting Endpoints 341
Preserving Boot Integrity 342
Endpoint Security Tools 344
Hardening Techniques 350
Hardening 350
Service Hardening 350
Network Hardening 352
Default Passwords 352
Removing Unnecessary Software 353
Operating System Hardening 353
Configuration, Standards, and Schemas 356
Encryption 357
Securing Embedded and Specialized Systems 358
Embedded Systems 358
SCADA and ICS 361
Securing the Internet of Things 362
Communication Considerations 363
Security Constraints of Embedded Systems 364
Asset Management 365
Summary 368
Exam Essentials 369
Review Questions 371
Chapter 12 Network Security 375
Designing Secure Networks 377
Infrastructure Considerations 380
Network Design Concepts 380
Network Segmentation 383
Zero Trust 385
Network Access Control 387
Port Security and Port- Level Protections 388
Virtual Private Networks and Remote Access 390
Network Appliances and Security Tools 392
Deception and Disruption Technology 399
Network Security, Services, and Management 400
Secure Protocols 406
Using Secure Protocols 406
Secure Protocols 407
Network Attacks 410
On- Path Attacks 411
Domain Name System Attacks 412
Credential Replay Attacks 414
Malicious Code 415
Distributed Denial- of- Service Attacks 415
Summary 418
Exam Essentials 419
Review Questions 421
Chapter 13 Wireless and Mobile Security 425
Building Secure Wireless Networks 426
Connection Methods 427
Wireless Network Models 431
Attacks Against Wireless Networks and Devices 432
Designing a Network 435
Controller and Access Point Security 438
Wi- Fi Security Standards 438
Wireless Authentication 440
Managing Secure Mobile Devices 442
Mobile Device Deployment Methods 442
Hardening Mobile Devices 444
Mobile Device Management 444
Summary 448
Exam Essentials 449
Review Questions 450
Chapter 14 Monitoring and Incident Response 455
Incident Response 457
The Incident Response Process 458
Training 462
Threat Hunting 463
Understanding Attacks and Incidents 464
Incident Response Data and Tools 466
Monitoring Computing Resources 466
Security Information and Event Management Systems 466
Alerts and Alarms 469
Log Aggregation, Correlation, and Analysis 470
Rules 471
Benchmarks and Logging 478
Reporting and Archiving 478
Mitigation and Recovery 479
Secure Orchestration, Automation, and Response (SOAR) 479
Containment, Mitigation, and Recovery Techniques 479
Root Cause Analysis 482
Summary 483
Exam Essentials 484
Review Questions 485
Chapter 15 Digital Forensics 489
Digital Forensic Concepts 490
Legal Holds and e- Discovery 491
Conducting Digital Forensics 493
Acquiring Forensic Data 493
Acquisition Tools 497
Validating Forensic Data Integrity 500
Data Recovery 502
Forensic Suites and a Forensic Case Example 503
Reporting 507
Digital Forensics and Intelligence 508
Summary 508
Exam Essentials 509
Review Questions 511
Chapter 16 Security Governance and Compliance 515
Security Governance 518
Corporate Governance 518
Governance, Risk, and Compliance Programs 520
Information Security Governance 520
Types of Governance Structures 521
Understanding Policy Documents 521
Policies 522
Standards 524
Procedures 526
Guidelines 528
Exceptions and Compensating Controls 529
Monitoring and Revision 530
Change Management 531
Change Management Processes and Controls 532
Version Control 534
Documentation 535
Personnel Management 535
Least Privilege 535
Separation of Duties 535
Job Rotation and Mandatory Vacations 536
Clean Desk Space 536
Onboarding and Offboarding 536
Nondisclosure Agreements 537
Social Media 537
Third- Party Risk Management 537
Vendor Selection 537
Vendor Assessment 538
Vendor Agreements 538
Vendor Monitoring 539
Winding Down Vendor Relationships 540
Complying with Laws and Regulations 540
Common Compliance Requirements 541
Compliance Reporting 541
Consequences of Noncompliance 542
Compliance Monitoring 543
Adopting Standard Frameworks 543
NIST Cybersecurity Framework 544
NIST Risk Management Framework 546
ISO Standards 547
Benchmarks and Secure Configuration Guides 549
Security Awareness and Training 550
User Training 551
Ongoing Awareness Efforts 553
Summary 554
Exam Essentials 555
Review Questions 557
Chapter 17 Risk Management and Privacy 561
Analyzing Risk 563
Risk Identification 564
Risk Assessment 565
Risk Analysis 567
Managing Risk 570
Risk Mitigation 571
Risk Avoidance 572
Risk Transference 572
Risk Acceptance 573
Risk Tracking 574
Risk Register 575
Risk Reporting 576
Disaster Recovery Planning 577
Disaster Types 577
Business Impact Analysis 578
Privacy 578
Data Inventory 579
Information Classification 580
Data Roles and Responsibilities 581
Information Life Cycle 583
Privacy Enhancing Technologies 584
Privacy and Data Breach Notification 585
Summary 585
Exam Essentials 585
Review Questions 587
Appendix Answers to Review Questions 591
Chapter 1: Today’s Security Professional 592
Chapter 2: Cybersecurity Threat Landscape 593
Chapter 3: Malicious Code 595
Chapter 4: Social Engineering and Password Attacks 597
Chapter 5: Security Assessment and Testing 600
Chapter 6: Application Security 602
Chapter 7: Cryptography and the PKI 604
Chapter 8: Identity and Access Management 605
Chapter 9: Resilience and Physical Security 607
Chapter 10: Cloud and Virtualization Security 609
Chapter 11: Endpoint Security 611
Chapter 12: Network Security 614
Chapter 13: Wireless and Mobile Security 616
Chapter 14: Monitoring and Incident Response 619
Chapter 15: Digital Forensics 621
Chapter 16: Security Governance and Compliance 623
Chapter 17: Risk Management and Privacy 626
Index 629
