فهرست مطالب

• Cover
• Table of Contents
• Title Page
• Copyright
• Dedication
• Acknowledgments
• About the Authors
• About the Technical Editors
• Introduction
• Chapter 1: Security Governance Through Principles and Policies
• Security 101
• Understand and Apply Security Concepts
• Security Boundaries
• Evaluate and Apply Security Governance Principles
• Manage the Security Function
• Security Policy, Standards, Procedures, and Guidelines
• Threat Modeling
• Supply Chain Risk Management
• Summary
• Study Essentials
• Written Lab
• Review Questions
• Chapter 2: Personnel Security and Risk Management Concepts
• Personnel Security Policies and Procedures
• Understand and Apply Risk Management Concepts
• Social Engineering
• Establish and Maintain a Security Awareness, Education, and Training Program
• Summary
• Study Essentials
• Written Lab
• Review Questions
• Chapter 3: Business Continuity Planning
• Planning for Business Continuity
• Project Scope and Planning
• Business Impact Analysis
• Continuity Planning
• Plan Approval and Implementation
• Summary
• Study Essentials
• Written Lab
• Review Questions
• Chapter 4: Laws, Regulations, and Compliance
• Categories of Laws
• Laws
• State Privacy Laws
• Compliance
• Contracting and Procurement
• Summary
• Study Essentials
• Written Lab
• Review Questions
• Chapter 5: Protecting Security of Assets
• Identifying and Classifying Information and Assets
• Establishing Information and Asset Handling Requirements
• Data Protection Methods
• Understanding Data Roles
• Using Security Baselines
• Summary
• Study Essentials
• Written Lab
• Review Questions
• Chapter 6: Cryptography and Symmetric Key Algorithms
• Cryptographic Foundations
• Modern Cryptography
• Symmetric Cryptography
• Cryptographic Life Cycle
• Summary
• Study Essentials
• Written Lab
• Review Questions
• Chapter 7: PKI and Cryptographic Applications
• Asymmetric Cryptography
• Hash Functions
• Digital Signatures
• Public Key Infrastructure
• Asymmetric Key Management
• Hybrid Cryptography
• Applied Cryptography
• Cryptographic Attacks
• Summary
• Study Essentials
• Written Lab
• Review Questions
• Chapter 8: Principles of Security Models, Design, and Capabilities
• Secure Design Principles
• Techniques for Ensuring CIA
• Understand the Fundamental Concepts of Security Models
• Select Controls Based on Systems Security Requirements
• Understand Security Capabilities of Information Systems
• Summary
• Study Essentials
• Written Lab
• Review Questions
• Chapter 9: Security Vulnerabilities, Threats, and Countermeasures
• Shared Responsibility
• Data Localization and Data Sovereignty
• Assess and Mitigate the Vulnerabilities of Security Architectures, Designs, and Solution Elements
• Client-Based Systems
• Server-Based Systems
• Industrial Control Systems
• Distributed Systems
• High-Performance Computing (HPC) Systems
• Real-Time Operating Systems
• Internet of Things
• Edge and Fog Computing
• Embedded Devices and Cyber-Physical Systems
• Microservices
• Infrastructure as Code
• Immutable Architecture
• Virtualized Systems
• Containerization
• Mobile Devices
• Essential Security Protection Mechanisms
• Common Security Architecture Flaws and Issues
• Summary
• Study Essentials
• Written Lab
• Review Questions
• Chapter 10: Physical Security Requirements
• Apply Security Principles to Site and Facility Design
• Implement Site and Facility Security Controls
• Implement and Manage Physical Security
• Summary
• Study Essentials
• Written Lab
• Review Questions
• Chapter 11: Secure Network Architecture and Components
• OSI Model
• TCP/IP Model
• Analyzing Network Traffic
• Common Application Layer Protocols
• Transport Layer Protocols
• Domain Name System
• Internet Protocol (IP) Networking
• ARP Concerns
• Secure Communication Protocols
• Implications of Multilayer Protocols
• Segmentation
• Edge Networks
• Wireless Networks
• Satellite Communications
• Cellular Networks
• Content Distribution Networks (CDNs)
• Secure Network Components
• Summary
• Study Essentials
• Written Lab
• Review Questions
• Chapter 12: Secure Communications and Network Attacks
• Protocol Security Mechanisms
• Secure Voice Communications
• Remote Access Security Management
• Multimedia Collaboration
• Monitoring and Management
• Load Balancing
• Manage Email Security
• Virtual Private Network
• Switching and Virtual LANs
• Network Address Translation
• Third-Party Connectivity
• Switching Technologies
• WAN Technologies
• Fiber-Optic Links
• Prevent or Mitigate Network Attacks
• Summary
• Study Essentials
• Written Lab
• Review Questions
• Chapter 13: Managing Identity and Authentication
• Controlling Access to Assets
• The AAA Model
• Implementing Identity Management
• Managing the Identity and Access Provisioning Life Cycle
• Summary
• Study Essentials
• Written Lab
• Review Questions
• Chapter 14: Controlling and Monitoring Access
• Comparing Access Control Models
• Implementing Authentication Systems
• Zero-Trust Access Policy Enforcement
• Understanding Access Control Attacks
• Summary
• Study Essentials
• Written Lab
• Review Questions
• Chapter 15: Security Assessment and Testing
• Building a Security Assessment and Testing Program
• Performing Vulnerability Assessments
• Testing Your Software
• Training and Exercises
• Implementing Security Management Processes and Collecting Security Process Data
• Summary
• Exam Essentials
• Written Lab
• Review Questions
• Chapter 16: Managing Security Operations
• Apply Foundational Security Operations Concepts
• Address Personnel Safety and Security
• Provision Information and Assets Securely
• Apply Resource Protection
• Managed Services in the Cloud
• Perform Configuration Management (CM)
• Manage Change
• Manage Patches and Reduce Vulnerabilities
• Summary
• Study Essentials
• Written Lab
• Review Questions
• Chapter 17: Preventing and Responding to Incidents
• Conducting Incident Management
• Implementing Detection and Preventive Measures
• Logging and Monitoring
• Automating Incident Response
• Summary
• Study Essentials
• Written Lab
• Review Questions
• Chapter 18: Disaster Recovery Planning
• The Nature of Disaster
• Understand System Resilience, High Availability, and Fault Tolerance
• Recovery Strategy
• Recovery Plan Development
• Training, Awareness, and Documentation
• Testing and Maintenance
• Summary
• Study Essentials
• Written Lab
• Review Questions
• Chapter 19: Investigations and Ethics
• Investigations
• Major Categories of Computer Crime
• Ethics
• Summary
• Study Essentials
• Written Lab
• Review Questions
• Chapter 20: Software Development Security
• Introducing Systems Development Controls
• Establishing Databases and Data Warehousing
• Storage Threats
• Understanding Knowledge-Based Systems
• Summary
• Study Essentials
• Written Lab
• Review Questions
• Chapter 21: Malicious Code and Application Attacks
• Malware
• Malware Prevention
• Application Attacks
• Injection Vulnerabilities
• Exploiting Authorization Vulnerabilities
• Exploiting Web Application Vulnerabilities
• Application Security Controls
• Secure Coding Practices
• Summary
• Study Essentials
• Written Lab
• Review Questions
• Appendix A: Answers to Review Questions
• Appendix B: Answers to Written Labs
• Index
• End User License Agreement