ISBN-13: 9781119803164 / Angielski / Miękka / 2022 / 624 str.
ISBN-13: 9781119803164 / Angielski / Miękka / 2022 / 624 str.
Introduction xxvAssessment Test xxxvChapter 1 Risk Management 1Risk Terminology 4The Risk Assessment Process 6Asset Identification 6Information Classification 8Risk Assessment 9Risk Assessment Options 14Implementing Controls 16Policies Used to Manage Employees 17Pre-Employment Policies 18Employment Policies 18End of Employment and Termination Procedures 20Cost-Benefit Analysis 21Continuous Monitoring 22Enterprise Security Architecture Frameworks and Governance 23Training and Awareness for Users 24Best Practices for Risk Assessments 25Business Continuity Planning and Disaster Recovery 27Reviewing the Effectiveness of Existing Security Controls 28Conducting Lessons Learned and After-Action Reviews 30Creation, Collection, and Analysis of Metrics 31Metrics 31Trend Data 32Analyzing Security Solutions to Ensure They Meet Business Needs 32Testing Plans 33Internal and External Audits 34Using Judgment to Solve Difficult Problems 35Summary 35Exam Essentials 36Review Questions 38Chapter 2 Configure and Implement Endpoint Security Controls 43Hardening Techniques 45Address Space Layout Randomization Use 47Hardware Security Module and Trusted Platform Module 48Trusted Operating Systems 52Compensating Controls 55Summary 57Exam Essentials 58Review Questions 59Chapter 3 Security Operations Scenarios 63Threat Management 66Types of Intelligence 66Threat Hunting 67Threat Emulation 67Actor Types 67Intelligence Collection Methods 71Open-SourceIntelligence 71Human Intelligence and Social Engineering 73Frameworks 74MITRE Adversarial Tactics, Techniques and Common Knowledge 74ATT&CK for Industrial Control Systems 75Cyber Kill Chain 76Diamond Model of Intrusion Analysis 76Indicators of Compromise 77Reading the Logs 77Intrusion Detection and Prevention 78Notifications and Responses to IoCs 79Response 80Summary 85Exam Essentials 85Review Questions 86Chapter 4 Security Ops: Vulnerability Assessments and Operational Risk 91Terminology 97Vulnerability Management 98Security Content Automation Protocol 103Self-Assessment vs. Third-Party Vendor Assessment 105Patch Management 108Information Sources 110Tools 112Assessments 124Penetration Testing 129Assessment Types 131Vulnerabilities 134Buffer Overflow 134Integer Overflow 135Memory Leaks 136Race Conditions (TOC/TOU) 136Resource Exhaustion 137Data Remnants 138Use of Third-Party Libraries 138Code Reuse 138Cryptographic Vulnerabilities 138Broken Authentication 139Security Misconfiguration 140Inherently Vulnerable System/Application 140Client-Side Processing vs. Server-Side Processing 141Attacks 145Proactive Detection 153Incident Response 153Countermeasures 153Deceptive Technology 154USB Key Drops 155Simulation 155Security Data Analytics 155Application Control 156Allow and Block Lists 157Security Automation 157Physical Security 158Summary 159Exam Essentials 160Review Questions 161Chapter 5 Compliance and Vendor Risk 165Shared Responsibility in Cloud Computing 168Cloud Service/Infrastructure Models 169Cloud Computing Providers and Hosting Options 169Benefits of Cloud Computing 171Security of On-Demand/Elastic Cloud Computing 174Geographic Location 175Infrastructure 175Compute 175Storage 175Networking 176Managing and Mitigating Risk 182Security Concerns of Integrating Diverse Industries 185Regulations, Accreditations, and Standards 187PCI DSS 187GDPR 190ISO 192CMMI 193NIST 194COPPA 195CSA-STAR 196HIPAA, SOX, and GLBA 197Contract and Agreement Types 198Third-Party Attestation of Compliance 202Legal Considerations 203Summary 204Exam Essentials 205Review Questions 206Chapter 6 Cryptography and PKI 211The History of Cryptography 216Cryptographic Goals and Requirements 217Supporting Security Requirements 218Compliance and Policy Requirements 219Privacy and Confidentiality Requirements 219Integrity Requirements 220Nonrepudiation 220Risks with Data 221Data at Rest 221Data in Transit 222Data in Process/Data in Use 222Hashing 223Message Digest 225Secure Hash Algorithm 225Message Authentication Code 226Hashed Message Authentication Code 226RACE Integrity Primitives Evaluation Message Digest 226Poly1305 226Symmetric Algorithms 227Data Encryption Standard 230Triple DES 231Rijndael and the Advanced Encryption Standard 231ChaCha 232Salsa20 232International Data Encryption Algorithm 232Rivest Cipher Algorithms 233Counter Mode 233Asymmetric Encryption 233Diffie-Hellman 235RSA 236Elliptic Curve Cryptography 237ElGamal 238Hybrid Encryption and Electronic Data Exchange (EDI) 238Public Key Infrastructure Hierarchy 239Certificate Authority 240Registration Authority 241Digital Certificates 241Certificate Revocation List 243Certificate Types 243Certificate Distribution 244The Client's Role in PKI 245Implementation of Cryptographic Solutions 247Application Layer Encryption 248Transport Layer Encryption 249Internet Layer Controls 250Additional Authentication Protocols 251Cryptocurrency 252Digital Signatures 252Recognizing Cryptographic Attacks 254Troubleshooting Cryptographic Implementations 256Summary 259Exam Essentials 259Review Questions 261Chapter 7 Incident Response and Forensics 265The Incident Response Framework 268Event Classifications 268Triage Events 269Pre-Escalation Tasks 270The Incident Response Process 270Response Playbooks and Processes 273Communication Plan and Stakeholder Management 274Forensic Concepts 277Principles, Standards, and Practices 278The Forensic Process 279Forensic Analysis Tools 283File Carving Tools 284Binary Analysis Tools 284Analysis Tools 286Imaging Tools 288Hashing Utilities 289Live Collection vs. Postmortem Tools 290Summary 294Exam Essentials 294Review Questions 295Chapter 8 Security Architecture 301Security Requirements and Objectives for a Secure Network Architecture 310Services 310Segmentation 334Deperimeterization/Zero Trust 344Merging Networks from Various Organizations 352Software-Defined Networking 357Organizational Requirements for Infrastructure Security Design 358Scalability 358Resiliency 359Automation 359Containerization 360Virtualization 361Content Delivery Network 361Integrating Applications Securely into an Enterprise Architecture 362Baseline and Templates 362Software Assurance 367Considerations of Integrating Enterprise Applications 370Integrating Security into the Development Life Cycle 373Data Security Techniques for Securing Enterprise Architecture 384Data Loss Prevention 384Data Loss Detection 387Data Classification, Labeling, and Tagging 388Obfuscation 390Anonymization 390Encrypted vs. Unencrypted 390Data Life Cycle 391Data Inventory and Mapping 391Data Integrity Management 391Data Storage, Backup, and Recovery 392Security Requirements and Objectives for Authentication and Authorization Controls 394Credential Management 394Password Policies 396Federation 398Access Control 399Protocols 401Multifactor Authentication 403One-Time Passwords 404Hardware Root of Trust 404Single Sign-On 405JavaScript Object Notation Web Token 405Attestation and Identity Proofing 406Summary 406Exam Essentials 407Review Questions 410Chapter 9 Secure Cloud and Virtualization 415Implement Secure Cloud and Virtualization Solutions 418Virtualization Strategies 419Deployment Models and Considerations 425Service Models 429Cloud Provider Limitations 433Extending Appropriate On-Premises Controls 433Storage Models 439How Cloud Technology Adoption Impacts Organization Security 445Automation and Orchestration 445Encryption Configuration 445Logs 446Monitoring Configurations 447Key Ownership and Location 448Key Life-Cycle Management 448Backup and Recovery Methods 449Infrastructure vs. Serverless Computing 450Software-Defined Networking 450Misconfigurations 451Collaboration Tools 451Bit Splitting 461Data Dispersion 461Summary 461Exam Essentials 462Review Questions 463Chapter 10 Mobility and Emerging Technologies 467Emerging Technologies and Their Impact on Enterprise Security and Privacy 471Artificial Intelligence 472Machine Learning 472Deep Learning 472Quantum Computing 473Blockchain 473Homomorphic Encryption 474Distributed Consensus 475Big Data 475Virtual/Augmented Reality 4753D Printing 476Passwordless Authentication 476Nano Technology 477Biometric Impersonation 477Secure Enterprise Mobility Configurations 478Managed Configurations 479Deployment Scenarios 486Mobile Device Security Considerations 487Security Considerations for Technologies, Protocols, and Sectors 495Embedded Technologies 495ICS/Supervisory Control and Data Acquisition 496Protocols 498Sectors 499Summary 500Exam Essentials 500Review Questions 501Appendix Answers to Review Questions 505Chapter 1: Risk Management 506Chapter 2: Configure and Implement Endpoint Security Controls 507Chapter 3: Security Operations Scenarios 509Chapter 4: Security Ops: Vulnerability Assessments and Operational Risk 511Chapter 5: Compliance and Vendor Risk 513Chapter 6: Cryptography and PKI 514Chapter 7: Incident Response and Forensics 516Chapter 8: Security Architecture 519Chapter 9: Secure Cloud and Virtualization 522Chapter 10: Mobility and Emerging Technologies 524Index 529
ABOUT THE AUTHORSNADEAN H. TANNER has been in the technology industry for over 20 years in a variety of positions from marketing to training to web development to hardware. She has worked in academia as an IT director and a postgraduate technology instructor. She has also been a trainer and consultant in advanced cybersecurity for Fortune 500 companies as well as the U.S. Department of Defense. Nadean is the author of CASP+ Practices Tests: Exam CAS-004 and Cybersecurity Blue Team Toolkit.JEFF T. PARKER, CISSP, CompTIA Project+, CySA+, is a certified technical trainer and consultant specializing in governance, risk management and compliance. Jeff's infosec roots began as a security engineer, a member of a HP consulting group in Boston, USA. Prior to becoming an author, Jeff was a Global IT Risk Manager residing for several years in Prague, Czech Republic, where he rolled out a new risk management strategy for a multinational logistics firm.
1997-2024 DolnySlask.com Agencja Internetowa