ISBN-13: 9781119874867 / Angielski / Twarda / 2022 / 832 str.
ISBN-13: 9781119874867 / Angielski / Twarda / 2022 / 832 str.
Foreword xxiiiIntroduction xxvChapter 1: Security Operations and Administration 1Comply with Codes of Ethics 2Understand, Adhere to, and Promote Professional Ethics 3(ISC)2 Code of Ethics 4Organizational Code of Ethics 5Understand Security Concepts 6Conceptual Models for Information Security 7Confidentiality 8Integrity 15Availability 17Accountability 18Privacy 18Nonrepudiation 26Authentication 27Safety 28Fundamental Security Control Principles 29Access Control and Need-to-Know 34Job Rotation and Privilege Creep 35Document, Implement, and Maintain Functional Security Controls 37Deterrent Controls 37Preventative Controls 39Detective Controls 39Corrective Controls 40Compensating Controls 41The Lifecycle of a Control 42Participate in Asset Management 43Asset Inventory 44Lifecycle (Hardware, Software, and Data) 47Hardware Inventory 48Software Inventory and Licensing 49Data Storage 50Implement Security Controls and Assess Compliance 56Technical Controls 57Physical Controls 58Administrative Controls 61Periodic Audit and Review 64Participate in Change Management 66Execute Change Management Process 68Identify Security Impact 70Testing/Implementing Patches, Fixes, and Updates 70Participate in Security Awareness and Training 71Security Awareness Overview 72Competency as the Criterion 73Build a Security Culture, One Awareness Step at a Time 73Participate in Physical Security Operations 74Physical Access Control 74The Data Center 78Service Level Agreements 79Summary 82Chapter 2: Access Controls 83Access Control Concepts 85Subjects and Objects 86Privileges: What Subjects Can Do with Objects 88Data Classification, Categorization, and Access Control 89Access Control via Formal Security Models 91Implement and Maintain Authentication Methods 94Single-Factor/Multifactor Authentication 95Accountability 114Single Sign-On 116Device Authentication 117Federated Access 118Support Internetwork Trust Architectures 120Trust Relationships (One-Way, Two-Way, Transitive) 121Extranet 122Third-Party Connections 123Zero Trust Architectures 124Participate in the Identity Management Lifecycle 125Authorization 126Proofing 127Provisioning/Deprovisioning 128Identity and Access Maintenance 130Entitlement 134Identity and Access Management Systems 137Implement Access Controls 140Mandatory vs. Discretionary Access Control 141Role-Based 142Attribute-Based 143Subject-Based 144Object-Based 144Summary 145Chapter 3: Risk Identification, Monitoring, And Analysis 147Defeating the Kill Chain One Skirmish at a Time 148Kill Chains: Reviewing the Basics 151Events vs. Incidents 155Understand the Risk Management Process 156Risk Visibility and Reporting 159Risk Management Concepts 165Risk Management Frameworks 185Risk Treatment 195Perform Security Assessment Activities 203Security Assessment Workflow Management 204Participate in Security Testing 206Interpretation and Reporting of Scanning and Testing Results 215Remediation Validation 216Audit Finding Remediation 217Manage the Architectures: Asset Management and Configuration Control 218Operate and Maintain Monitoring Systems 220Events of Interest 222Logging 229Source Systems 230Legal and Regulatory Concerns 236Analyze Monitoring Results 238Security Baselines and Anomalies 240Visualizations, Metrics, and Trends 243Event Data Analysis 244Document and Communicate Findings 245Summary 246Chapter 4: Incident Response and Recovery 247Support the Incident Lifecycle 249Think like a Responder 253Physical, Logical, and Administrative Surfaces 254Incident Response: Measures of Merit 254The Lifecycle of a Security Incident 255Preparation 257Detection, Analysis, and Escalation 264Containment 275Eradication 277Recovery 279Lessons Learned; Implementation of New Countermeasures 283Third-Party Considerations 284Understand and Support Forensic Investigations 287Legal and Ethical Principles 289Logistics Support to Investigations 291Evidence Handling 292Evidence Collection 297Understand and Support Business Continuity Plan and Disaster Recovery Plan Activities 306Emergency Response Plans and Procedures 307Interim or Alternate Processing Strategies 310Restoration Planning 313Backup and Redundancy Implementation 315Data Recovery and Restoration 319Training and Awareness 321Testing and Drills 322CIANA+PS at Layer 8 and Above 328It Is a Dangerous World Out There 329People Power and Business Continuity 333Summary 333Chapter 5: Cryptography 335Understand Fundamental Concepts of Cryptography 336Building Blocks of Digital Cryptographic Systems 339Hashing 347Salting 351Symmetric Block and Stream Ciphers 353Stream Ciphers 365Eu Ecrypt 371Asymmetric Encryption 371Elliptical Curve Cryptography 380Nonrepudiation 383Digital Certificates 388Encryption Algorithms 392Key Strength 393Cryptographic Attacks, Cryptanalysis, and Countermeasures 395Cryptologic Hygiene as Countermeasures 396Common Attack Patterns and Methods 401Secure Cryptoprocessors, Hardware Security Modules, and Trusted Platform Modules 409Understand the Reasons and Requirements for Cryptography 414Confidentiality 414Integrity and Authenticity 415Data Sensitivity 417Availability 418Nonrepudiation 418Authentication 420Privacy 421Safety 422Regulatory and Compliance 423Transparency and Auditability 423Competitive Edge 424Understand and Support Secure Protocols 424Services and Protocols 425Common Use Cases 437Deploying Cryptography: Some Challenging Scenarios 442Limitations and Vulnerabilities 444Understand Public Key Infrastructure Systems 446Fundamental Key Management Concepts 447Hierarchies of Trust 459Web of Trust 462Summary 464Chapter 6: Network and Communications Security 467Understand and Apply Fundamental Concepts of Networking 468Complementary, Not Competing, Frameworks 470OSI and TCP/IP Models 471OSI Reference Model 486TCP/IP Reference Model 501Converged Protocols 508Software-Defined Networks 509IPv4 Addresses, DHCP, and Subnets 510IPv4 Address Classes 510Subnetting in IPv4 512Running Out of Addresses? 513IPv4 vs. IPv6: Key Differences and Options 514Network Topographies 516Network Relationships 521Transmission Media Types 525Commonly Used Ports and Protocols 530Understand Network Attacks and Countermeasures 536CIANA+PS Layer by Layer 538Common Network Attack Types 553SCADA, IoT, and the Implications of Multilayer Protocols 562Manage Network Access Controls 565Network Access Control and Monitoring 568Network Access Control Standards and Protocols 573Remote Access Operation and Configuration 575Manage Network Security 583Logical and Physical Placement of Network Devices 586Segmentation 587Secure Device Management 591Operate and Configure Network-Based Security Devices 593Network Address Translation 594Additional Security Device Considerations 596Firewalls and Proxies 598Network Intrusion Detection/Prevention Systems 605Security Information and Event Management Systems 607Routers and Switches 609Network Security from Other Hardware Devices 610Traffic-Shaping Devices 613Operate and Configure Wireless Technologies 615Wireless: Common Characteristics 616Wi-Fi 624Bluetooth 637Near-Field Communications 638Cellular/Mobile Phone Networks 639Ad Hoc Wireless Networks 640Transmission Security 642Wireless Security Devices 645Summary 646Chapter 7: Systems and Application Security 649Systems and Software Insecurity 650Software Vulnerabilities Across the Lifecycle 654Risks of Poorly Merged Systems 663Hard to Design It Right, Easy to Fix It? 664Hardware and Software Supply Chain Security 667Positive and Negative Models for Software Security 668Is Blocked Listing Dead? Or Dying? 669Information Security = Information Quality + Information Integrity 670Data Modeling 671Preserving Data Across the Lifecycle 674Identify and Analyze Malicious Code and Activity 678Malware 679Malicious Code Countermeasures 682Malicious Activity 684Malicious Activity Countermeasures 688Implement and Operate Endpoint Device Security 689HIDS 691Host-Based Firewalls 692Allowed Lists: Positive Control for App Execution 693Endpoint Encryption 694Trusted Platform Module 695Mobile Device Management 696Secure Browsing 697IoT Endpoint Security 700Endpoint Security: EDR, MDR, XDR, UEM, and Others 701Operate and Configure Cloud Security 701Deployment Models 702Service Models 703Virtualization 706Legal and Regulatory Concerns 709Data Storage and Transmission 716Third-Party/Outsourcing Requirements 716Lifecycles in the Cloud 717Shared Responsibility Model 718Layered Redundancy as a Survival Strategy 719Operate and Secure Virtual Environments 720Software-Defined Networking 723Hypervisor 725Virtual Appliances 726Continuity and Resilience 727Attacks and Countermeasures 727Shared Storage 729Summary 730Appendix: Cross-Domain Challenges 731Paradigm Shifts in Information Security? 732Pivot 1: Turn the Attackers' Playbooks Against Them 734ATT&CK: Pivoting Threat Intelligence 734Analysis: Real-Time and Retrospective 735The SOC as a Fusion Center 737All-Source, Proactive Intelligence: Part of the Fusion Center 738Pivot 2: Cybersecurity Hygiene: Think Small, Act Small 739CIS IG 1 for the SMB and SME 740Hardening Individual Cybersecurity 740Assume the Breach 742Pivot 3: Flip the "Data-Driven Value Function" 743Data-Centric Defense and Resiliency 744Ransomware as a Service 745Supply Chains, Security, and the SSCP 746ICS, IoT, and SCADA: More Than SUNBURST 747Extending Physical Security: More Than Just Badges and Locks 749The IoRT: Robots Learning via the Net 750Pivot 4: Operationalize Security Across the Immediate and Longer Term 751Continuous Assessment and Continuous Compliance 752SDNs and SDS 753SOAR: Strategies for Focused Security Effort 755A "DevSecOps" Culture: SOAR for Software Development 756Pivot 5: Zero-Trust Architectures and Operations 757FIDO and Passwordless Authentication 760Threat Hunting, Indicators, and Signature Dependence 761Other Dangers on the Web and Net 763Surface, Deep, and Dark Webs 763Deep and Dark: Risks and Countermeasures 764DNS and Namespace Exploit Risks 765Cloud Security: Edgier and Foggier 766Curiosity as Countermeasure 766Index 769
1997-2024 DolnySlask.com Agencja Internetowa