Details

<p>Introduction xxxvii</p> <p>Assessment Test lix</p> <p><b>Chapter 1 Security Governance Through Principles and Policies 1</b></p> <p>Security 101 3</p> <p>Understand and Apply Security Concepts 4</p> <p>Confidentiality 5</p> <p>Integrity 6</p> <p>Availability 7</p> <p>DAD, Overprotection, Authenticity, Non-repudiation, and AAA Services 7</p> <p>Protection Mechanisms 11</p> <p>Security Boundaries 13</p> <p>Evaluate and Apply Security Governance Principles 14</p> <p>Third-Party Governance 15</p> <p>Documentation Review 15</p> <p>Manage the Security Function 16</p> <p>Alignment of Security Function to Business Strategy, Goals, Mission, and Objectives 17</p> <p>Organizational Processes 19</p> <p>Organizational Roles and Responsibilities 21</p> <p>Security Control Frameworks 22</p> <p>Due Diligence and Due Care 23</p> <p>Security Policy, Standards, Procedures, and Guidelines 23</p> <p>Security Policies 24</p> <p>Security Standards, Baselines, and Guidelines 24</p> <p>Security Procedures 25</p> <p>Threat Modeling 26</p> <p>Identifying Threats 26</p> <p>Determining and Diagramming Potential Attacks 28</p> <p>Performing Reduction Analysis 28</p> <p>Prioritization and Response 30</p> <p>Supply Chain Risk Management 31</p> <p>Summary 33</p> <p>Exam Essentials 33</p> <p>Written Lab 36</p> <p>Review Questions 37</p> <p><b>Chapter 2 Personnel Security and Risk Management Concepts 43</b></p> <p>Personnel Security Policies and Procedures 45</p> <p>Job Descriptions and Responsibilities 45</p> <p>Candidate Screening and Hiring 46</p> <p>Onboarding: Employment Agreements and Policies 47</p> <p>Employee Oversight 48</p> <p>Offboarding, Transfers, and Termination Processes 49</p> <p>Vendor, Consultant, and Contractor Agreements and Controls 52</p> <p>Compliance Policy Requirements 53</p> <p>Privacy Policy Requirements 54</p> <p>Understand and Apply Risk Management Concepts 55</p> <p>Risk Terminology and Concepts 56</p> <p>Asset Valuation 58</p> <p>Identify Threats and Vulnerabilities 60</p> <p>Risk Assessment/Analysis 60</p> <p>Risk Responses 66</p> <p>Cost vs. Benefit of Security Controls 69</p> <p>Countermeasure Selection and Implementation 72</p> <p>Applicable Types of Controls 74</p> <p>Security Control Assessment 76</p> <p>Monitoring and Measurement 76</p> <p>Risk Reporting and Documentation 77</p> <p>Continuous Improvement 77</p> <p>Risk Frameworks 79</p> <p>Social Engineering 81</p> <p>Social Engineering Principles 83</p> <p>Eliciting Information 85</p> <p>Prepending 85</p> <p>Phishing 85</p> <p>Spear Phishing 87</p> <p>Whaling 87</p> <p>Smishing 88</p> <p>Vishing 88</p> <p>Spam 89</p> <p>Shoulder Surfing 90</p> <p>Invoice Scams 90</p> <p>Hoax 90</p> <p>Impersonation and Masquerading 91</p> <p>Tailgating and Piggybacking 91</p> <p>Dumpster Diving 92</p> <p>Identity Fraud 93</p> <p>Typo Squatting 94</p> <p>Influence Campaigns 94</p> <p>Establish and Maintain a Security Awareness, Education, and Training Program 96</p> <p>Awareness 97</p> <p>Training 97</p> <p>Education 98</p> <p>Improvements 98</p> <p>Effectiveness Evaluation 99</p> <p>Summary 100</p> <p>Exam Essentials 101</p> <p>Written Lab 106</p> <p>Review Questions 107</p> <p><b>Chapter 3 Business Continuity Planning 113</b></p> <p>Planning for Business Continuity 114</p> <p>Project Scope and Planning 115</p> <p>Organizational Review 116</p> <p>BCP Team Selection 117</p> <p>Resource Requirements 119</p> <p>Legal and Regulatory Requirements 120</p> <p>Business Impact Analysis 121</p> <p>Identifying Priorities 122</p> <p>Risk Identification 123</p> <p>Likelihood Assessment 125</p> <p>Impact Analysis 126</p> <p>Resource Prioritization 128</p> <p>Continuity Planning 128</p> <p>Strategy Development 129</p> <p>Provisions and Processes 129</p> <p>Plan Approval and Implementation 131</p> <p>Plan Approval 131</p> <p>Plan Implementation 132</p> <p>Training and Education 132</p> <p>BCP Documentation 132</p> <p>Summary 136</p> <p>Exam Essentials 137</p> <p>Written Lab 138</p> <p>Review Questions 139</p> <p><b>Chapter 4 Laws, Regulations, and Compliance 143</b></p> <p>Categories of Laws 144</p> <p>Criminal Law 144</p> <p>Civil Law 146</p> <p>Administrative Law 146</p> <p>Laws 147</p> <p>Computer Crime 147</p> <p>Intellectual Property (IP) 152</p> <p>Licensing 158</p> <p>Import/Export 158</p> <p>Privacy 160</p> <p>State Privacy Laws 168</p> <p>Compliance 169</p> <p>Contracting and Procurement 171</p> <p>Summary 171</p> <p>Exam Essentials 172</p> <p>Written Lab 173</p> <p>Review Questions 174</p> <p><b>Chapter 5 Protecting Security of Assets 179</b></p> <p>Identifying and Classifying Information and Assets 180</p> <p>Defining Sensitive Data 180</p> <p>Defining Data Classifications 182</p> <p>Defining Asset Classifications 185</p> <p>Understanding Data States 185</p> <p>Determining Compliance Requirements 186</p> <p>Determining Data Security Controls 186</p> <p>Establishing Information and Asset Handling Requirements 188</p> <p>Data Maintenance 189</p> <p>Data Loss Prevention 189</p> <p>Marking Sensitive Data and Assets 190</p> <p>Handling Sensitive Information and Assets 192</p> <p>Data Collection Limitation 192</p> <p>Data Location 193</p> <p>Storing Sensitive Data 193</p> <p>Data Destruction 194</p> <p>Ensuring Appropriate Data and Asset Retention 197</p> <p>Data Protection Methods 199</p> <p>Digital Rights Management 199</p> <p>Cloud Access Security Broker 200</p> <p>Pseudonymization 200</p> <p>Tokenization 201</p> <p>Anonymization 202</p> <p>Understanding Data Roles 204</p> <p>Data Owners 204</p> <p>Asset Owners 205</p> <p>Business/Mission Owners 206</p> <p>Data Processors and Data Controllers 206</p> <p>Data Custodians 207</p> <p>Administrators 207</p> <p>Users and Subjects 208</p> <p>Using Security Baselines 208</p> <p>Comparing Tailoring and Scoping 209</p> <p>Standards Selection 210</p> <p>Summary 211</p> <p>Exam Essentials 211</p> <p>Written Lab 213</p> <p>Review Questions 214</p> <p><b>Chapter 6 Cryptography and Symmetric Key Algorithms 219</b></p> <p>Cryptographic Foundations 220</p> <p>Goals of Cryptography 220</p> <p>Cryptography Concepts 223</p> <p>Cryptographic Mathematics 224</p> <p>Ciphers 230</p> <p>Modern Cryptography 238</p> <p>Cryptographic Keys 238</p> <p>Symmetric Key Algorithms 239</p> <p>Asymmetric Key Algorithms 241</p> <p>Hashing Algorithms 244</p> <p>Symmetric Cryptography 244</p> <p>Cryptographic Modes of Operation 245</p> <p>Data Encryption Standard 247</p> <p>Triple DES 247</p> <p>International Data Encryption Algorithm 248</p> <p>Blowfish 249</p> <p>Skipjack 249</p> <p>Rivest Ciphers 249</p> <p>Advanced Encryption Standard 250</p> <p>CAST 250</p> <p>Comparison of Symmetric Encryption Algorithms 251</p> <p>Symmetric Key Management 252</p> <p>Cryptographic Lifecycle 255</p> <p>Summary 255</p> <p>Exam Essentials 256</p> <p>Written Lab 257</p> <p>Review Questions 258</p> <p><b>Chapter 7 PKI and Cryptographic Applications 263</b></p> <p>Asymmetric Cryptography 264</p> <p>Public and Private Keys 264</p> <p>RSA 265</p> <p>ElGamal 267</p> <p>Elliptic Curve 268</p> <p>Diffie–Hellman Key Exchange 269</p> <p>Quantum Cryptography 270</p> <p>Hash Functions 271</p> <p>SHA 272</p> <p>MD5 273</p> <p>RIPEMD 273</p> <p>Comparison of Hash Algorithm Value Lengths 274</p> <p>Digital Signatures 275</p> <p>HMAC 276</p> <p>Digital Signature Standard 277</p> <p>Public Key Infrastructure 277</p> <p>Certificates 278</p> <p>Certificate Authorities 279</p> <p>Certificate Lifecycle 280</p> <p>Certificate Formats 283</p> <p>Asymmetric Key Management 284</p> <p>Hybrid Cryptography 285</p> <p>Applied Cryptography 285</p> <p>Portable Devices 285</p> <p>Email 286</p> <p>Web Applications 290</p> <p>Steganography and Watermarking 292</p> <p>Networking 294</p> <p>Emerging Applications 295</p> <p>Cryptographic Attacks 297</p> <p>Summary 301</p> <p>Exam Essentials 302</p> <p>Written Lab 303</p> <p>Review Questions 304</p> <p><b>Chapter 8 Principles of Security Models, Design, and Capabilities 309</b></p> <p>Secure Design Principles 310</p> <p>Objects and Subjects 311</p> <p>Closed and Open Systems 312</p> <p>Secure Defaults 314</p> <p>Fail Securely 314</p> <p>Keep It Simple 316</p> <p>Zero Trust 317</p> <p>Privacy by Design 319</p> <p>Trust but Verify 319</p> <p>Techniques for Ensuring CIA 320</p> <p>Confinement 320</p> <p>Bounds 320</p> <p>Isolation 321</p> <p>Access Controls 321</p> <p>Trust and Assurance 321</p> <p>Understand the Fundamental Concepts of Security Models 322</p> <p>Trusted Computing Base 323</p> <p>State Machine Model 325</p> <p>Information Flow Model 325</p> <p>Noninterference Model 326</p> <p>Take-Grant Model 326</p> <p>Access Control Matrix 327</p> <p>Bell–LaPadula Model 328</p> <p>Biba Model 330</p> <p>Clark–Wilson Model 333</p> <p>Brewer and Nash Model 334</p> <p>Goguen–Meseguer Model 335</p> <p>Sutherland Model 335</p> <p>Graham–Denning Model 335</p> <p>Harrison–Ruzzo–Ullman Model 336</p> <p>Select Controls Based on Systems Security Requirements 337</p> <p>Common Criteria 337</p> <p>Authorization to Operate 340</p> <p>Understand Security Capabilities of Information Systems 341</p> <p>Memory Protection 341</p> <p>Virtualization 342</p> <p>Trusted Platform Module 342</p> <p>Interfaces 343</p> <p>Fault Tolerance 343</p> <p>Encryption/Decryption 343</p> <p>Summary 343</p> <p>Exam Essentials 344</p> <p>Written Lab 347</p> <p>Review Questions 348</p> <p><b>Chapter 9 Security Vulnerabilities, Threats, and Countermeasures 353</b></p> <p>Shared Responsibility 354</p> <p>Assess and Mitigate the Vulnerabilities of Security Architectures, Designs, and Solution Elements 355</p> <p>Hardware 356</p> <p>Firmware 370</p> <p>Client-Based Systems 372</p> <p>Mobile Code 372</p> <p>Local Caches 375</p> <p>Server-Based Systems 375</p> <p>Large-Scale Parallel Data Systems 376</p> <p>Grid Computing 377</p> <p>Peer to Peer 378</p> <p>Industrial Control Systems 378</p> <p>Distributed Systems 380</p> <p>High-Performance Computing (HPC) Systems 382</p> <p>Internet of Things 383</p> <p>Edge and Fog Computing 385</p> <p>Embedded Devices and Cyber-Physical Systems 386</p> <p>Static Systems 387</p> <p>Network-Enabled Devices 388</p> <p>Cyber-Physical Systems 389</p> <p>Elements Related to Embedded and Static Systems 389</p> <p>Security Concerns of Embedded and Static Systems 390</p> <p>Specialized Devices 393</p> <p>Microservices 394</p> <p>Infrastructure as Code 395</p> <p>Virtualized Systems 397</p> <p>Virtual Software 399</p> <p>Virtualized Networking 400</p> <p>Software-Defined Everything 400</p> <p>Virtualization Security Management 403</p> <p>Containerization 405</p> <p>Serverless Architecture 406</p> <p>Mobile Devices 406</p> <p>Mobile Device Security Features 408</p> <p>Mobile Device Deployment Policies 420</p> <p>Essential Security Protection Mechanisms 426</p> <p>Process Isolation 426</p> <p>Hardware Segmentation 427</p> <p>System Security Policy 427</p> <p>Common Security Architecture Flaws and Issues 428</p> <p>Covert Channels 428</p> <p>Attacks Based on Design or Coding Flaws 430</p> <p>Rootkits 431</p> <p>Incremental Attacks 431</p> <p>Summary 432</p> <p>Exam Essentials 433</p> <p>Written Lab 440</p> <p>Review Questions 441</p> <p><b>Chapter 10 Physical Security Requirements 447</b></p> <p>Apply Security Principles to Site and Facility Design 448</p> <p>Secure Facility Plan 448</p> <p>Site Selection 449</p> <p>Facility Design 450</p> <p>Implement Site and Facility Security Controls 452</p> <p>Equipment Failure 453</p> <p>Wiring Closets 454</p> <p>Server Rooms/Data Centers 455</p> <p>Intrusion Detection Systems 458</p> <p>Cameras 460</p> <p>Access Abuses 462</p> <p>Media Storage Facilities 462</p> <p>Evidence Storage 463</p> <p>Restricted and Work Area Security 464</p> <p>Utility Considerations 465</p> <p>Fire Prevention, Detection, and Suppression 470</p> <p>Implement and Manage Physical Security 476</p> <p>Perimeter Security Controls 477</p> <p>Internal Security Controls 481</p> <p>Key Performance Indicators of Physical Security 483</p> <p>Summary 484</p> <p>Exam Essentials 485</p> <p>Written Lab 488</p> <p>Review Questions 489</p> <p><b>Chapter 11 Secure Network Architecture and Components 495</b></p> <p>OSI Model 497</p> <p>History of the OSI Model 497</p> <p>OSI Functionality 498</p> <p>Encapsulation/Deencapsulation 498</p> <p>OSI Layers 500</p> <p>TCP/IP Model 504</p> <p>Analyzing Network Traffic 505</p> <p>Common Application Layer Protocols 506</p> <p>Transport Layer Protocols 508</p> <p>Domain Name System 509</p> <p>DNS Poisoning 511</p> <p>Domain Hijacking 514</p> <p>Internet Protocol (IP) Networking 516</p> <p>IPv4 vs. IPv6 516</p> <p>IP Classes 517</p> <p>ICMP 519</p> <p>IGMP 519</p> <p>ARP Concerns 519</p> <p>Secure Communication Protocols 521</p> <p>Implications of Multilayer Protocols 522</p> <p>Converged Protocols 523</p> <p>Voice over Internet Protocol (VoIP) 524</p> <p>Software-Defined Networking 525</p> <p>Microsegmentation 526</p> <p>Wireless Networks 527</p> <p>Securing the SSID 529</p> <p>Wireless Channels 529</p> <p>Conducting a Site Survey 530</p> <p>Wireless Security 531</p> <p>Wi-Fi Protected Setup (WPS) 533</p> <p>Wireless MAC Filter 534</p> <p>Wireless Antenna Management 534</p> <p>Using Captive Portals 535</p> <p>General Wi-Fi Security Procedure 535</p> <p>Wireless Communications 536</p> <p>Wireless Attacks 539</p> <p>Other Communication Protocols 543</p> <p>Cellular Networks 544</p> <p>Content Distribution Networks (CDNs) 545</p> <p>Secure Network Components 545</p> <p>Secure Operation of Hardware 546</p> <p>Common Network Equipment 547</p> <p>Network Access Control 549</p> <p>Firewalls 550</p> <p>Endpoint Security 556</p> <p>Cabling, Topology, and Transmission Media Technology 559</p> <p>Transmission Media 559</p> <p>Network Topologies 563</p> <p>Ethernet 565</p> <p>Sub-Technologies 566</p> <p>Summary 569</p> <p>Exam Essentials 570</p> <p>Written Lab 574</p> <p>Review Questions 575</p> <p><b>Chapter 12 Secure Communications and Network Attacks 581</b></p> <p>Protocol Security Mechanisms 582</p> <p>Authentication Protocols 582</p> <p>Port Security 585</p> <p>Quality of Service (QoS) 585</p> <p>Secure Voice Communications 586</p> <p>Public Switched Telephone Network 586</p> <p>Voice over Internet Protocol (VoIP) 586</p> <p>Vishing and Phreaking 588</p> <p>PBX Fraud and Abuse 589</p> <p>Remote Access Security Management 590</p> <p>Remote Access and Telecommuting Techniques 591</p> <p>Remote Connection Security 591</p> <p>Plan a Remote Access Security Policy 592</p> <p>Multimedia Collaboration 593</p> <p>Remote Meeting 593</p> <p>Instant Messaging and Chat 594</p> <p>Load Balancing 595</p> <p>Virtual IPs and Load Persistence 596</p> <p>Active-Active vs. Active-Passive 596</p> <p>Manage Email Security 596</p> <p>Email Security Goals 597</p> <p>Understand Email Security Issues 599</p> <p>Email Security Solutions 599</p> <p>Virtual Private Network 602</p> <p>Tunneling 603</p> <p>How VPNs Work 604</p> <p>Always-On 606</p> <p>Split Tunnel vs. Full Tunnel 607</p> <p>Common VPN Protocols 607</p> <p>Switching and Virtual LANs 610</p> <p>Network Address Translation 614</p> <p>Private IP Addresses 616</p> <p>Stateful NAT 617</p> <p>Automatic Private IP Addressing 617</p> <p>Third-Party Connectivity 618</p> <p>Switching Technologies 620</p> <p>Circuit Switching 620</p> <p>Packet Switching 620</p> <p>Virtual Circuits 621</p> <p>WAN Technologies 622</p> <p>Fiber-Optic Links 624</p> <p>Security Control Characteristics 624</p> <p>Transparency 625</p> <p>Transmission Management Mechanisms 625</p> <p>Prevent or Mitigate Network Attacks 625</p> <p>Eavesdropping 626</p> <p>Modification Attacks 626</p> <p>Summary 626</p> <p>Exam Essentials 628</p> <p>Written Lab 630</p> <p>Review Questions 631</p> <p><b>Chapter 13 Managing Identity and Authentication 637</b></p> <p>Controlling Access to Assets 639</p> <p>Controlling Physical and Logical Access 640</p> <p>The CIA Triad and Access Controls 640</p> <p>Managing Identification and Authentication 641</p> <p>Comparing Subjects and Objects 642</p> <p>Registration, Proofing, and Establishment of Identity 643</p> <p>Authorization and Accountability 644</p> <p>Authentication Factors Overview 645</p> <p>Something You Know 647</p> <p>Something You Have 650</p> <p>Something You Are 651</p> <p>Multifactor Authentication (MFA) 655</p> <p>Two-Factor Authentication with Authenticator Apps 655</p> <p>Passwordless Authentication 656</p> <p>Device Authentication 657</p> <p>Service Authentication 658</p> <p>Mutual Authentication 659</p> <p>Implementing Identity Management 659</p> <p>Single Sign-On 659</p> <p>SSO and Federated Identities 660</p> <p>Credential Management Systems 662</p> <p>Credential Manager Apps 663</p> <p>Scripted Access 663</p> <p>Session Management 663</p> <p>Managing the Identity and Access Provisioning Lifecycle 664</p> <p>Provisioning and Onboarding 665</p> <p>Deprovisioning and Offboarding 666</p> <p>Defining New Roles 667</p> <p>Account Maintenance 667</p> <p>Account Access Review 667</p> <p>Summary 668</p> <p>Exam Essentials 669</p> <p>Written Lab 671</p> <p>Review Questions 672</p> <p><b>Chapter 14 Controlling and Monitoring Access 677</b></p> <p>Comparing Access Control Models 678</p> <p>Comparing Permissions, Rights, and Privileges 678</p> <p>Understanding Authorization Mechanisms 679</p> <p>Defining Requirements with a Security Policy 681</p> <p>Introducing Access Control Models 681</p> <p>Discretionary Access Control 682</p> <p>Nondiscretionary Access Control 683</p> <p>Implementing Authentication Systems 690</p> <p>Implementing SSO on the Internet 691</p> <p>Implementing SSO on Internal Networks 694</p> <p>Understanding Access Control Attacks 699</p> <p>Risk Elements 700</p> <p>Common Access Control Attacks 700</p> <p>Core Protection Methods 713</p> <p>Summary 714</p> <p>Exam Essentials 715</p> <p>Written Lab 717</p> <p>Review Questions 718</p> <p><b>Chapter 15 Security Assessment and Testing 723</b></p> <p>Building a Security Assessment and Testing Program 725</p> <p>Security Testing 725</p> <p>Security Assessments 726</p> <p>Security Audits 727</p> <p>Performing Vulnerability Assessments 731</p> <p>Describing Vulnerabilities 731</p> <p>Vulnerability Scans 732</p> <p>Penetration Testing 742</p> <p>Compliance Checks 745</p> <p>Testing Your Software 746</p> <p>Code Review and Testing 746</p> <p>Interface Testing 751</p> <p>Misuse Case Testing 751</p> <p>Test Coverage Analysis 752</p> <p>Website Monitoring 752</p> <p>Implementing Security Management Processes 753</p> <p>Log Reviews 753</p> <p>Account Management 754</p> <p>Disaster Recovery and Business Continuity 754</p> <p>Training and Awareness 755</p> <p>Key Performance and Risk Indicators 755</p> <p>Summary 756</p> <p>Exam Essentials 756</p> <p>Written Lab 758</p> <p>Review Questions 759</p> <p><b>Chapter 16 Managing Security Operations 763</b></p> <p>Apply Foundational Security Operations Concepts 765</p> <p>Need to Know and Least Privilege 765</p> <p>Separation of Duties (SoD) and Responsibilities 767</p> <p>Two-Person</p> <p>Control 768</p> <p>Job Rotation 768</p> <p>Mandatory Vacations 768</p> <p>Privileged Account Management 769</p> <p>Service Level Agreements (SLAs) 771</p> <p>Addressing Personnel Safety and Security 771</p> <p>Duress 771</p> <p>Travel 772</p> <p>Emergency Management 773</p> <p>Security Training and Awareness 773</p> <p>Provision Resources Securely 773</p> <p>Information and Asset Ownership 774</p> <p>Asset Management 774</p> <p>Apply Resource Protection 776</p> <p>Media Management 776</p> <p>Media Protection Techniques 776</p> <p>Managed Services in the Cloud 779</p> <p>Shared Responsibility with Cloud Service Models 780</p> <p>Scalability and Elasticity 782</p> <p>Perform Configuration Management (CM) 782</p> <p>Provisioning 783</p> <p>Baselining 783</p> <p>Using Images for Baselining 783</p> <p>Automation 784</p> <p>Managing Change 785</p> <p>Change Management 787</p> <p>Versioning 788</p> <p>Configuration Documentation 788</p> <p>Managing Patches and Reducing Vulnerabilities 789</p> <p>Systems to Manage 789</p> <p>Patch Management 789</p> <p>Vulnerability Management 791</p> <p>Vulnerability Scans 792</p> <p>Common Vulnerabilities and Exposures 792</p> <p>Summary 793</p> <p>Exam Essentials 794</p> <p>Written Lab 796</p> <p>Review Questions 797</p> <p><b>Chapter 17 Preventing and Responding to Incidents 801</b></p> <p>Conducting Incident Management 803</p> <p>Defining an Incident 803</p> <p>Incident Management Steps 804</p> <p>Implementing Detective and Preventive Measures 810</p> <p>Basic Preventive Measures 810</p> <p>Understanding Attacks 811</p> <p>Intrusion Detection and Prevention Systems 820</p> <p>Specific Preventive Measures 828</p> <p>Logging and Monitoring 834</p> <p>Logging Techniques 834</p> <p>The Role of Monitoring 837</p> <p>Monitoring Techniques 840</p> <p>Log Management 844</p> <p>Egress Monitoring 844</p> <p>Automating Incident Response 845</p> <p>Understanding SOAR 845</p> <p>Machine Learning and AI Tools 846</p> <p>Threat Intelligence 847</p> <p>The Intersection of SOAR, Machine Learning, AI, and Threat Feeds 850</p> <p>Summary 851</p> <p>Exam Essentials 852</p> <p>Written Lab 855</p> <p>Review Questions 856</p> <p>Chapter 18 Disaster Recovery Planning 861</p> <p>The Nature of Disaster 863</p> <p>Natural Disasters 864</p> <p>Human-Made</p> <p>Disasters 869</p> <p>Understand System Resilience, High Availability, and Fault Tolerance 875</p> <p>Protecting Hard Drives 875</p> <p>Protecting Servers 877</p> <p>Protecting Power Sources 878</p> <p>Trusted Recovery 879</p> <p>Quality of Service 880</p> <p>Recovery Strategy 880</p> <p>Business Unit and Functional Priorities 881</p> <p>Crisis Management 882</p> <p>Emergency Communications 882</p> <p>Workgroup Recovery 883</p> <p>Alternate Processing Sites 883</p> <p>Database Recovery 888</p> <p>Recovery Plan Development 890</p> <p>Emergency Response 891</p> <p>Personnel and Communications 891</p> <p>Assessment 892</p> <p>Backups and Off-site Storage 892</p> <p>Software Escrow Arrangements 896</p> <p>Utilities 897</p> <p>Logistics and Supplies 897</p> <p>Recovery vs. Restoration 897</p> <p>Training, Awareness, and Documentation 898</p> <p>Testing and Maintenance 899</p> <p>Read-Through</p> <p>Test 899</p> <p>Structured Walk-Through 900</p> <p>Simulation Test 900</p> <p>Parallel Test 900</p> <p>Full-Interruption Test 900</p> <p>Lessons Learned 901</p> <p>Maintenance 901</p> <p>Summary 902</p> <p>Exam Essentials 902</p> <p>Written Lab 903</p> <p>Review Questions 904</p> <p><b>Chapter 19 Investigations and Ethics 909</b></p> <p>Investigations 910</p> <p>Investigation Types 910</p> <p>Evidence 913</p> <p>Investigation Process 919</p> <p>Major Categories of Computer Crime 923</p> <p>Military and Intelligence Attacks 924</p> <p>Business Attacks 925</p> <p>Financial Attacks 926</p> <p>Terrorist Attacks 926</p> <p>Grudge Attacks 927</p> <p>Thrill Attacks 928</p> <p>Hacktivists 928</p> <p>Ethics 929</p> <p>Organizational Code of Ethics 929</p> <p>(ISC)² Code of Ethics 930</p> <p>Ethics and the Internet 931</p> <p>Summary 933</p> <p>Exam Essentials 934</p> <p>Written Lab 935</p> <p>Review Questions 936</p> <p><b>Chapter 20 Software Development Security 941</b></p> <p>Introducing Systems Development Controls 943</p> <p>Software Development 943</p> <p>Systems Development Lifecycle 952</p> <p>Lifecycle Models 955</p> <p>Gantt Charts and PERT 964</p> <p>Change and Configuration Management 964</p> <p>The DevOps Approach 966</p> <p>Application Programming Interfaces 967</p> <p>Software Testing 969</p> <p>Code Repositories 970</p> <p>Service-Level</p> <p>Agreements 971</p> <p>Third-Party</p> <p>Software Acquisition 972</p> <p>Establishing Databases and Data Warehousing 973</p> <p>Database Management System Architecture 973</p> <p>Database Transactions 977</p> <p>Security for Multilevel Databases 978</p> <p>Open Database Connectivity 982</p> <p>NoSQL 982</p> <p>Storage Threats 983</p> <p>Understanding Knowledge-Based Systems 984</p> <p>Expert Systems 984</p> <p>Machine Learning 985</p> <p>Neural Networks 986</p> <p>Summary 987</p> <p>Exam Essentials 987</p> <p>Written Lab 988</p> <p>Review Questions 989</p> <p><b>Chapter 21 Malicious Code and Application Attacks 993</b></p> <p>Malware 994</p> <p>Sources of Malicious Code 995</p> <p>Viruses 995</p> <p>Logic Bombs 999</p> <p>Trojan Horses 1000</p> <p>Worms 1001</p> <p>Spyware and Adware 1004</p> <p>Ransomware 1004</p> <p>Malicious Scripts 1005</p> <p>Zero-Day</p> <p>Attacks 1006</p> <p>Malware Prevention 1006</p> <p>Platforms Vulnerable to Malware 1007</p> <p>Antimalware Software 1007</p> <p>Integrity Monitoring 1008</p> <p>Advanced Threat Protection 1008</p> <p>Application Attacks 1009</p> <p>Buffer Overflows 1009</p> <p>Time of Check to Time of Use 1010</p> <p>Backdoors 1011</p> <p>Privilege Escalation and Rootkits 1011</p> <p>Injection Vulnerabilities 1012</p> <p>SQL Injection Attacks 1012</p> <p>Code Injection Attacks 1016</p> <p>Command Injection Attacks 1016</p> <p>Exploiting Authorization Vulnerabilities 1017</p> <p>Insecure Direct Object References 1018</p> <p>Directory Traversal 1018</p> <p>File Inclusion 1020</p> <p>Exploiting Web Application Vulnerabilities 1020</p> <p>Cross-Site</p> <p>Scripting (XSS) 1021</p> <p>Request Forgery 1023</p> <p>Session Hijacking 1024</p> <p>Application Security Controls 1025</p> <p>Input Validation 1025</p> <p>Web Application Firewalls 1027</p> <p>Database Security 1028</p> <p>Code Security 1029</p> <p>Secure Coding Practices 1031</p> <p>Source Code Comments 1031</p> <p>Error Handling 1032</p> <p>Hard-Coded</p> <p>Credentials 1033</p> <p>Memory Management 1034</p> <p>Summary 1035</p> <p>Exam Essentials 1035</p> <p>Written Lab 1036</p> <p>Review Questions 1037</p> <p><b>Appendix A </b><b>Answers to Review Questions 1041</b></p> <p>Chapter 1: Security Governance Through Principles and Policies 1042</p> <p>Chapter 2: Personnel Security and Risk Management Concepts 1045</p> <p>Chapter 3: Business Continuity Planning 1049</p> <p>Chapter 4: Laws, Regulations, and Compliance 1051</p> <p>Chapter 5: Protecting Security of Assets 1053</p> <p>Chapter 6: Cryptography and Symmetric Key Algorithms 1056</p> <p>Chapter 7: PKI and Cryptographic Applications 1058</p> <p>Chapter 8: Principles of Security Models, Design, and Capabilities 1060</p> <p>Chapter 9: Security Vulnerabilities, Threats, and Countermeasures 1062</p> <p>Chapter 10: Physical Security Requirements 1067</p> <p>Chapter 11: Secure Network Architecture and Components 1071</p> <p>Chapter 12: Secure Communications and Network Attacks 1075</p> <p>Chapter 13: Managing Identity and Authentication 1078</p> <p>Chapter 14: Controlling and Monitoring Access 1080</p> <p>Chapter 15: Security Assessment and Testing 1082</p> <p>Chapter 16: Managing Security Operations 1084</p> <p>Chapter 17: Preventing and Responding to Incidents 1086</p> <p>Chapter 18: Disaster Recovery Planning 1089</p> <p>Chapter 19: Investigations and Ethics 1091</p> <p>Chapter 20: Software Development Security 1093</p> <p>Chapter 21: Malicious Code and Application Attacks 1095</p> <p><b>Appendix B </b><b>Answers to Written Labs 1099</b></p> <p>Chapter 1: Security Governance Through Principles and Policies 1100</p> <p>Chapter 2: Personnel Security and Risk Management Concepts 1100</p> <p>Chapter 3: Business Continuity Planning 1101</p> <p>Chapter 4: Laws, Regulations, and Compliance 1102</p> <p>Chapter 5: Protecting Security of Assets 1102</p> <p>Chapter 6: Cryptography and Symmetric Key Algorithms 1103</p> <p>Chapter 7: PKI and Cryptographic Applications 1104</p> <p>Chapter 8: Principles of Security Models, Design, and Capabilities 1104</p> <p>Chapter 9: Security Vulnerabilities, Threats, and Countermeasures 1105</p> <p>Chapter 10: Physical Security Requirements 1106</p> <p>Chapter 11: Secure Network Architecture and Components 1108</p> <p>Chapter 12: Secure Communications and Network Attacks 1109</p> <p>Chapter 13: Managing Identity and Authentication 1110</p> <p>Chapter 14: Controlling and Monitoring Access 1111</p> <p>Chapter 15: Security Assessment and Testing 1111</p> <p>Chapter 16: Managing Security Operations 1112</p> <p>Chapter 17: Preventing and Responding to Incidents 1113</p> <p>Chapter 18: Disaster Recovery Planning 1113</p> <p>Chapter 19: Investigations and Ethics 1114</p> <p>Chapter 20: Software Development Security 1114</p> <p>Chapter 21: Malicious Code and Application Attacks 1115</p> <p>Index 1117</p>

<p><b>Mike Chapple</b>, PhD, CISSP, is Teaching Professor of IT, Analytics, and Operations at the University of Notre Dame’s Mendoza College of Business. He is a cybersecurity professional and educator with over 25 years of experience. Mike provides cybersecurity certification resources at his website, CertMike.com.</p> <p><b>James Michael Stewart</b>, CISSP, CEH, CHFI, ECSA, CND, ECIH, CySA+, PenTest+, CASP+, Security+, Network+, A+, CISM, and CFR, has been writing and training for more than 25 years, with a current focus on security. He has been writing and teaching CISSP materials since 2002. He is the author of and contributor to more than 75 books on security certifications.</p> <p><b>Darril Gibson</b>, CISSP, Security+, CASP, is the CEO of YCDA (short for You Can Do Anything), and he has authored or coauthored more than 40 books. Darril regularly writes, consults, and teaches on a wide variety of technical and security topics and holds several certifications.</p>

<p><b>Your Complete Guide to Preparing for the CISSP Certification, Updated for the CISSP 2021 Exam</b></p> <p>The (ISC)² CISSP Official Study Guide, 9th Edition is your one-stop resource for complete coverage of the 2021 CISSP exam objectives. You’ll prepare for the exam smarter and faster with Sybex thanks to superior content including: assessment tests that check exam readiness, objective map, ­written labs, key topic exam essentials, and challenging chapter review questions. Reinforce what you have learned with the exclusive Sybex online learning environment and test bank, assessable across multiple devices. Get prepared for the CISSP exam with Sybex.</p> <p>Coverage of all exam objectives in this Study Guide means you’ll be ready for:</p> <ul> <li>Security and Risk Management</li> <li>Asset Security</li> <li>Security Architecture and Engineering</li> <li>Communication and Network Security</li> <li>Identity and Access Management (IAM)</li> <li>Security Assessment and Testing</li> <li>Security Operations</li> <li>Software Development Security</li> </ul> <p><b>Interactive learning environment</b></p> <p>Take your exam prep to the next level with Sybex’s superior interactive online study tools. To access our learning environment, simply visit www.wiley.com/go/sybextestprep, register to receive your unique PIN, and instantly gain one year of FREE access to:</p> <ul> <li><b>Interactive test bank with four additional practice exams, each with 125 unique questions. Practice exams help you identify areas where further review is needed. Get more than 90% of the answers correct, and you're ready to take the certification exam.</b></li> <li><b>More than 700 electronic flashcards to reinforce learning and last minute prep before the exam.</b></li> <li><b>Comprehensive glossary in PDF format gives you instant access to the key terms so you are fully prepared.</b></li> </ul> <p><b>ABOUT THE CISSP CERTIFICATION</b><br />The CISSP is the most globally recognized certification in the information security market. This vendor neutral certification validates an information security professional's deep technical and managerial knowledge and experience to effectively design, engineer, and manage the overall security posture of an organization. (ISC)² is a global nonprofit organization that maintains the Common Body of Knowledge for information security professionals. Candidates must have experience, subscribe to the (ISC)² Code of Ethics, and maintain continuing education requirements or recertify every three years. Visit www.isc2.org to learn more.</p>

US