<p>Introduction xxxv</p> <p>Assessment Test lx</p> <p><b>Chapter 1 Security Governance Through Principles and Policies 1</b></p> <p>Security 101 3</p> <p>Understand and Apply Security Concepts 4</p> <p>Security Boundaries 13</p> <p>Evaluate and Apply Security Governance Principles 14</p> <p>Manage the Security Function 16</p> <p>Security Policy, Standards, Procedures, and Guidelines 27</p> <p>Threat Modeling 29</p> <p>Supply Chain Risk Management 35</p> <p>Summary 38</p> <p>Study Essentials 39</p> <p>Written Lab 41</p> <p>Review Questions 42</p> <p><b>Chapter 2 Personnel Security and Risk Management Concepts 49</b></p> <p>Personnel Security Policies and Procedures 51</p> <p>Understand and Apply Risk Management Concepts 60</p> <p>Social Engineering 90</p> <p>Establish and Maintain a Security Awareness, Education, and Training Program 106</p> <p>Summary 110</p> <p>Study Essentials 111</p> <p>Written Lab 114</p> <p>Review Questions 115</p> <p><b>Chapter 3 Business Continuity Planning 121</b></p> <p>Planning for Business Continuity 122</p> <p>Project Scope and Planning 123</p> <p>Business Impact Analysis 131</p> <p>Continuity Planning 137</p> <p>Plan Approval and Implementation 140</p> <p>Summary 145</p> <p>Study Essentials 145</p> <p>Written Lab 146</p> <p>Review Questions 147</p> <p><b>Chapter 4 Laws, Regulations, and Compliance 151</b></p> <p>Categories of Laws 152</p> <p>Laws 155</p> <p>State Privacy Laws 179</p> <p>Compliance 179</p> <p>Contracting and Procurement 181</p> <p>Summary 182</p> <p>Study Essentials 182</p> <p>Written Lab 184</p> <p>Review Questions 185</p> <p><b>Chapter 5 Protecting Security of Assets 189</b></p> <p>Identifying and Classifying Information and Assets 190</p> <p>Establishing Information and Asset Handling Requirements 198</p> <p>Data Protection Methods 208</p> <p>Understanding Data Roles 214</p> <p>Using Security Baselines 216</p> <p>Summary 219</p> <p>Study Essentials 220</p> <p>Written Lab 221</p> <p>Review Questions 222</p> <p><b>Chapter 6 Cryptography and Symmetric Key Algorithms 227</b></p> <p>Cryptographic Foundations 228</p> <p>Modern Cryptography 246</p> <p>Symmetric Cryptography 253</p> <p>Cryptographic Life Cycle 263</p> <p>Summary 264</p> <p>Study Essentials 264</p> <p>Written Lab 266</p> <p>Review Questions 267</p> <p><b>Chapter 7 PKI and Cryptographic Applications 271</b></p> <p>Asymmetric Cryptography 272</p> <p>Hash Functions 279</p> <p>Digital Signatures 283</p> <p>Public Key Infrastructure 286</p> <p>Asymmetric Key Management 292</p> <p>Hybrid Cryptography 293</p> <p>Applied Cryptography 294</p> <p>Cryptographic Attacks 306</p> <p>Summary 309</p> <p>Study Essentials 310</p> <p>Written Lab 311</p> <p>Review Questions 312</p> <p><b>Chapter 8 Principles of Security Models, Design, and Capabilities 317</b></p> <p>Secure Design Principles 319</p> <p>Techniques for Ensuring CIA 330</p> <p>Understand the Fundamental Concepts of Security Models 332</p> <p>Select Controls Based on Systems Security Requirements 345</p> <p>Understand Security Capabilities of Information Systems 349</p> <p>Summary 352</p> <p>Study Essentials 353</p> <p>Written Lab 354</p> <p>Review Questions 355</p> <p><b>Chapter 9 Security Vulnerabilities, Threats, and Countermeasures 359</b></p> <p>Shared Responsibility 360</p> <p>Data Localization and Data Sovereignty 362</p> <p>Assess and Mitigate the Vulnerabilities of Security Architectures, Designs, and Solution Elements 363</p> <p>Client‐Based Systems 378</p> <p>Server‐Based Systems 381</p> <p>Industrial Control Systems 384</p> <p>Distributed Systems 386</p> <p>High‐Performance Computing (HPC) Systems 387</p> <p>Real‐Time Operating Systems 388</p> <p>Internet of Things 389</p> <p>Edge and Fog Computing 390</p> <p>Embedded Devices and Cyber‐Physical Systems 391</p> <p>Microservices 396</p> <p>Infrastructure as Code 397</p> <p>Immutable Architecture 398</p> <p>Virtualized Systems 399</p> <p>Containerization 406</p> <p>Mobile Devices 407</p> <p>Essential Security Protection Mechanisms 424</p> <p>Common Security Architecture Flaws and Issues 427</p> <p>Summary 431</p> <p>Study Essentials 432</p> <p>Written Lab 436</p> <p>Review Questions 437</p> <p><b>Chapter 10 Physical Security Requirements 443</b></p> <p>Apply Security Principles to Site and Facility Design 444</p> <p>Implement Site and Facility Security Controls 449</p> <p>Implement and Manage Physical Security 473</p> <p>Summary 480</p> <p>Study Essentials 481</p> <p>Written Lab 484</p> <p>Review Questions 485</p> <p><b>Chapter 11 Secure Network Architecture and Components 491</b></p> <p>OSI Model 493</p> <p>TCP/IP Model 501</p> <p>Analyzing Network Traffic 502</p> <p>Common Application Layer Protocols 503</p> <p>Transport Layer Protocols 504</p> <p>Domain Name System 506</p> <p>Internet Protocol (IP) Networking 512</p> <p>ARP Concerns 516</p> <p>Secure Communication Protocols 517</p> <p>Implications of Multilayer Protocols 518</p> <p>Segmentation 523</p> <p>Edge Networks 526</p> <p>Wireless Networks 527</p> <p>Satellite Communications 543</p> <p>Cellular Networks 544</p> <p>Content Distribution Networks (CDNs) 544</p> <p>Secure Network Components 545</p> <p>Summary 572</p> <p>Study Essentials 573</p> <p>Written Lab 575</p> <p>Review Questions 576</p> <p><b>Chapter 12 Secure Communications and Network Attacks 581</b></p> <p>Protocol Security Mechanisms 582</p> <p>Secure Voice Communications 587</p> <p>Remote Access Security Management 591</p> <p>Multimedia Collaboration 595</p> <p>Monitoring and Management 597</p> <p>Load Balancing 597</p> <p>Manage Email Security 600</p> <p>Virtual Private Network 606</p> <p>Switching and Virtual LANs 613</p> <p>Network Address Translation 617</p> <p>Third‐Party Connectivity 622</p> <p>Switching Technologies 624</p> <p>WAN Technologies 626</p> <p>Fiber‐Optic Links 629</p> <p>Prevent or Mitigate Network Attacks 630</p> <p>Summary 631</p> <p>Study Essentials 632</p> <p>Written Lab 635</p> <p>Review Questions 636</p> <p><b>Chapter 13 Managing Identity and Authentication 641</b></p> <p>Controlling Access to Assets 643</p> <p>The AAA Model 645</p> <p>Implementing Identity Management 662</p> <p>Managing the Identity and Access Provisioning Life Cycle 668</p> <p>Summary 672</p> <p>Study Essentials 672</p> <p>Written Lab 675</p> <p>Review Questions 676</p> <p><b>Chapter 14 Controlling and Monitoring Access 681</b></p> <p>Comparing Access Control Models 682</p> <p>Implementing Authentication Systems 694</p> <p>Zero‐Trust Access Policy Enforcement 702</p> <p>Understanding Access Control Attacks 703</p> <p>Summary 719</p> <p>Study Essentials 720</p> <p>Written Lab 721</p> <p>Review Questions 722</p> <p><b>Chapter 15 Security Assessment and Testing 727</b></p> <p>Building a Security Assessment and Testing Program 729</p> <p>Performing Vulnerability Assessments 735</p> <p>Testing Your Software 750</p> <p>Training and Exercises 758</p> <p>Implementing Security Management Processes and Collecting Security Process Data 759</p> <p>Summary 762</p> <p>Exam Essentials 763</p> <p>Written Lab 764</p> <p>Review Questions 765</p> <p><b>Chapter 16 Managing Security Operations 769</b></p> <p>Apply Foundational Security Operations Concepts 771</p> <p>Address Personnel Safety and Security 778</p> <p>Provision Information and Assets Securely 780</p> <p>Managed Services in the Cloud 786</p> <p>Perform Configuration Management (CM) 790</p> <p>Manage Change 793</p> <p>Manage Patches and Reduce Vulnerabilities 797</p> <p>Summary 801</p> <p>Study Essentials 802</p> <p>Written Lab 804</p> <p>Review Questions 805</p> <p><b>Chapter 17 Preventing and Responding to Incidents 809</b></p> <p>Conducting Incident Management 811</p> <p>Implementing Detection and Preventive Measures 818</p> <p>Logging and Monitoring 842</p> <p>Automating Incident Response 854</p> <p>Summary 860</p> <p>Study Essentials 860</p> <p>Written Lab 863</p> <p>Review Questions 864</p> <p><b>Chapter 18 Disaster Recovery Planning 869</b></p> <p>The Nature of Disaster 871</p> <p>Understand System Resilience, High Availability, and Fault Tolerance 883</p> <p>Recovery Strategy 888</p> <p>Recovery Plan Development 898</p> <p>Training, Awareness, and Documentation 906</p> <p>Testing and Maintenance 907</p> <p>Summary 911</p> <p>Study Essentials 912</p> <p>Written Lab 913</p> <p>Review Questions 914</p> <p><b>Chapter 19 Investigations and Ethics 919</b></p> <p>Investigations 920</p> <p>Major Categories of Computer Crime 934</p> <p>Ethics 940</p> <p>Summary 944</p> <p>Study Essentials 945</p> <p>Written Lab 946</p> <p>Review Questions 947</p> <p><b>Chapter 20 Software Development Security 951</b></p> <p>Introducing Systems Development Controls 953</p> <p>Establishing Databases and Data Warehousing 984</p> <p>Storage Threats 994</p> <p>Understanding Knowledge‐ Based Systems 995</p> <p>Summary 998</p> <p>Study Essentials 998</p> <p>Written Lab 1000</p> <p>Review Questions 1001</p> <p><b>Chapter 21 Malicious Code and Application Attacks 1005</b></p> <p>Malware 1006</p> <p>Malware Prevention 1018</p> <p>Application Attacks 1021</p> <p>Injection Vulnerabilities 1024</p> <p>Exploiting Authorization Vulnerabilities 1030</p> <p>Exploiting Web Application Vulnerabilities 1033</p> <p>Application Security Controls 1038</p> <p>Secure Coding Practices 1044</p> <p>Summary 1048</p> <p>Study Essentials 1048</p> <p>Written Lab 1049</p> <p>Review Questions 1050</p> <p><b>Appendix A Answers to Review Questions 1055</b></p> <p>Chapter 1: Security Governance Through Principles and Policies 1056</p> <p>Chapter 2: Personnel Security and Risk Management Concepts 1059</p> <p>Chapter 3: Business Continuity Planning 1063</p> <p>Chapter 4: Laws, Regulations, and Compliance 1065</p> <p>Chapter 5: Protecting Security of Assets 1068</p> <p>Chapter 6: Cryptography and Symmetric Key Algorithms 1070</p> <p>Chapter 7: PKI and Cryptographic Applications 1072</p> <p>Chapter 8: Principles of Security Models, Design, and Capabilities 1074</p> <p>Chapter 9: Security Vulnerabilities, Threats, and Countermeasures 1077</p> <p>Chapter 10: Physical Security Requirements 1082</p> <p>Chapter 11: Secure Network Architecture and Components 1085</p> <p>Chapter 12: Secure Communications and Network Attacks 1089</p> <p>Chapter 13: Managing Identity and Authentication 1092</p> <p>Chapter 14: Controlling and Monitoring Access 1095</p> <p>Chapter 15: Security Assessment and Testing 1097</p> <p>Chapter 16: Managing Security Operations 1099</p> <p>Chapter 17: Preventing and Responding to Incidents 1102</p> <p>Chapter 18: Disaster Recovery Planning 1104</p> <p>Chapter 19: Investigations and Ethics 1106</p> <p>Chapter 20: Software Development Security 1108</p> <p>Chapter 21: Malicious Code and Application Attacks 1111</p> <p><b>Appendix B Answers to Written Labs 1115</b></p> <p>Chapter 1: Security Governance Through Principles and Policies 1116</p> <p>Chapter 2: Personnel Security and Risk Management Concepts 1116</p> <p>Chapter 3: Business Continuity Planning 1117</p> <p>Chapter 4: Laws, Regulations, and Compliance 1118</p> <p>Chapter 5: Protecting Security of Assets 1119</p> <p>Chapter 6: Cryptography and Symmetric Key Algorithms 1119</p> <p>Chapter 7: PKI and Cryptographic Applications 1120</p> <p>Chapter 8: Principles of Security Models, Design, and Capabilities 1121</p> <p>Chapter 9: Security Vulnerabilities, Threats, and Countermeasures 1121</p> <p>Chapter 10: Physical Security Requirements 1123</p> <p>Chapter 11: Secure Network Architecture and Components 1124</p> <p>Chapter 12: Secure Communications and Network Attacks 1125</p> <p>Chapter 13: Managing Identity and Authentication 1126</p> <p>Chapter 14: Controlling and Monitoring Access 1127</p> <p>Chapter 15: Security Assessment and Testing 1127</p> <p>Chapter 16: Managing Security Operations 1128</p> <p>Chapter 17: Preventing and Responding to Incidents 1129</p> <p>Chapter 18: Disaster Recovery Planning 1130</p> <p>Chapter 19: Investigations and Ethics 1131</p> <p>Chapter 20: Software Development Security 1131</p> <p>Chapter 21: Malicious Code and Application Attacks 1131</p> <p>Index 1133</p>