Principles of Computer Security: CompTIA Security+ and Beyond (Exam SY0-601)

Cover
About the Authors
Title Page
Copyright Page
Acknowledgments
About this Book
Contents at a Glance
Contents
Foreword
Preface
Introduction
Instructor Website
Chapter 1 Introduction and Security Trends
	The Computer Security Problem
		Definition of Computer Security
		Historical Security Incidents
		The Current Threat Environment
		Infrastructure Attacks
		Ransomware
	Threats to Security
		Viruses and Worms
		Intruders
		Insiders
		Criminal Organizations
		Nation-States, Terrorists, and Information Warfare
		Brand-Name Attacks
	Attributes of Actors
		Internal/External
		Level of Sophistication
		Resources/Funding
		Intent/Motivation
	Security Trends
	Targets and Attacks
		Specific Target
		Opportunistic Target
		Minimizing Possible Avenues of Attack
	Approaches to Computer Security
		Cybersecurity Kill Chain
		Threat Intelligence
		Open Source Intelligence
	Ethics
	Additional References
	Chapter 1 Review
Chapter 2 General Security Concepts
	Basic Security Terminology
		Security Basics
		Security Tenets
		Security Approaches
		Security Principles
	Formal Security Models
		Confidentiality Models
		Integrity Models
	Additional References
	Chapter 2 Review
Chapter 3 Operational and Organizational Security
	Policies, Procedures, Standards, and Guidelines
	Organizational Policies
		Change Management Policy
		Change Control
		Asset Management
	Security Policies
		Data Policies
		Credential Policies
		Password and Account Policies
	Human Resources Policies
		Code of Ethics
		Job Rotation
		Separation of Duties
		Employee Hiring (Onboarding) and Promotions
		Retirement, Separation, or Termination (Offboarding)
		Exit Interviews
		Onboarding/Offboarding Business Partners
		Adverse Actions
		Mandatory Vacations
		Acceptable Use Policy
		Internet Usage Policy
		E-mail Usage Policy
		Social Media Analysis
		Clean Desk Policy
		Bring-Your-Own-Device (BYOD) Policy
		Privacy Policy
		Due Care and Due Diligence
		Due Process
		Incident Response Policies and Procedures
	Security Awareness and Training
		Diversity of Training Techniques
		Security Policy Training and Procedures
		User Training
		Role-Based Training
		Continuing Education
		Compliance with Laws, Best Practices, and Standards
		User Habits
		Training Metrics and Compliance
	Standard Operating Procedures
	Third-Party Risk Management
		Vendors
		Supply Chain
		Business Partners
	Interoperability Agreements
		Service Level Agreement (SLA)
		Memorandum of Understanding (MOU)
		Measurement Systems Analysis (MSA)
		Business Partnership Agreement (BPA)
		Interconnection Security Agreement (ISA)
		NDA
		End of Service Life (EOSL)
		End of Life (EOL)
	Chapter 3 Review
Chapter 4 The Role of People in Security
	People—A Security Problem
		Social Engineering
	Tools
		Principles (Reasons for Effectiveness)
		Defenses
	Attacks
		Impersonation
		Phishing
		Smishing
		Vishing
		Spam
		Spam over Internet Messaging (SPIM)
		Spear Phishing
		Whaling
		Pharming
		Dumpster Diving
		Shoulder Surfing
		Tailgating/Piggybacking
		Eliciting Information
		Prepending
		Identity Fraud
		Invoice Scams
		Credential Harvesting
		Reverse Social Engineering
		Reconnaissance
		Hoax
		Watering Hole Attack
		Typo Squatting
		Influence Campaigns
	Poor Security Practices
		Password Selection
		Shoulder Surfing
		Piggybacking
		Dumpster Diving
		Installing Unauthorized Hardware and Software
		Data Handling
		Physical Access by Non-Employees
		Clean Desk Policies
	People as a Security Tool
		Security Awareness
		Security Policy Training and Procedures
	Chapter 4 Review
Chapter 5 Cryptography
	Cryptography in Practice
		Fundamental Methods
		Comparative Strengths and Performance of Algorithms
		Key Length
	Cryptographic Objectives
		Diffusion
		Confusion
		Obfuscation
		Perfect Forward Secrecy
		Security Through Obscurity
	Historical Perspectives
		Algorithms
		Substitution Ciphers
		One-Time Pads
		Key Management
		Random Numbers
		Salting
	Hashing Functions
		Message Digest
		SHA
		RIPEMD
		Hashing Summary
	Symmetric Encryption
		DES
		3DES
		AES
		CAST
		RC
		Blowfish
		Twofish
		IDEA
		ChaCha20
		Cipher Modes
		Authenticated Encryption with Associated Data (AEAD)
		Block vs. Stream
		Symmetric Encryption Summary
	Asymmetric Encryption
		Diffie-Hellman
		RSA Algorithm
		ElGamal
		ECC
		Asymmetric Encryption Summary
		Symmetric vs. Asymmetric
	Quantum Cryptography
	Post-Quantum
	Lightweight Cryptography
	Homomorphic Encryption
	For More Information
	Chapter 5 Review
Chapter 6 Applied Cryptography
	Cryptography Use
		Confidentiality
		Integrity
		Authentication
		Nonrepudiation
		Digital Signatures
		Digital Rights Management
		Cryptographic Applications
		Use of Proven Technologies
	Cipher Suites
		Secret Algorithms
		Key Exchange
		Key Escrow
		Session Keys
		Ephemeral Keys
		Key Stretching
		Transport Encryption
		TLS v1.3
		Data in Transit/Motion
		Data at Rest
		Data in Use/Processing
		Implementation vs. Algorithm Selection
		Common Use Cases
		HMAC
	S/MIME
		IETF S/MIME History
		IETF S/MIME v3 Specifications
	PGP
		How PGP Works
	Steganography
	Secure Protocols
		DNSSEC
		SSH
		S/MIME
		SRTP
		LDAPS
		FTPS
		SFTP
		SNMPv3
		TLS
		HTTPS
		Secure POP/IMAP
		IPSec
	Secure Protocol Use Cases
		Voice and Video
		Time Synchronization
		E-mail and Web
		File Transfer
		Directory Services
		Remote Access
		Domain Name Resolution
		Routing and Switching
		Network Address Allocation
		Subscription Services
	Cryptographic Attacks
		Birthday
		Known Plaintext/Ciphertext
		Chosen Cipher Text Attack
		Weak Implementations
		Meet-in-the-Middle Attacks
		Replay
		Downgrade
		Collision
		Password Attacks
	Other Standards
		FIPS
		Common Criteria
		ISO/IEC 27002 (Formerly ISO 17799)
	Chapter 6 Review
Chapter 7 Public Key Infrastructure
	The Basics of Public Key Infrastructures
	Certificate Authorities
		Registration Authorities
		Local Registration Authorities
		Public Certificate Authorities
		In-house Certificate Authorities
		Choosing Between a Public CA and an In-house CA
		Outsourced Certificate Authorities
		Online vs. Offline CA
		Stapling
		Pinning
	Trust Models
		Certificate Chaining
		Hierarchical Trust Model
		Peer-to-Peer Model
		Hybrid Trust Model
		Walking the Certificate Path
	Digital Certificates
		Certificate Classes
		Certificate Extensions
		Certificate Attributes
		Certificate Formats
	Certificate Lifecycles
		Registration and Generation
		CSR
		Renewal
		Suspension
		Certificate Revocation
		Key Destruction
	Certificate Repositories
		Sharing Key Stores
		Trust and Certificate Verification
	Centralized and Decentralized Infrastructures
		Hardware Security Modules
		Private Key Protection
		Key Recovery
		Key Escrow
	Certificate-Based Threats
		PKIX and PKCS
		PKIX Standards
		PKCS
		Why You Need to Know the PKIX and PKCS Standards
		Stolen Certificates
	ISAKMP
	CMP
	XKMS
	CEP
	Chapter 7 Review
Chapter 8 Physical Security
	The Security Problem
	Physical Security Safeguards
		Walls and Guards
		Lights and Signage
		Physical Access Controls and Monitoring
		Electronic Access Control Systems
		Policies and Procedures
	Environmental Controls
		Hot and Cold Aisles
	Fire Suppression
		Water-Based Fire Suppression Systems
		Halon-Based Fire Suppression Systems
		Clean-Agent Fire Suppression Systems
		Handheld Fire Extinguishers
		Fire Detection Devices
	Electromagnetic Environment
	Power Protection
		UPS
		Backup Power and Cable Shielding
		Generator
		Dual Supply
		Managed Power Distribution Units (PDUs)
	Drones/UAVs
	Chapter 8 Review
Chapter 9 Network Fundamentals
	Network Architectures
	Network Topology
		Wireless
		Ad Hoc
	Segregation/Segmentation/Isolation
		Physical Separation
		Enclaves
		Logical (VLAN)
		Virtualization
		Airgaps
		Zones and Conduits
		Zero Trust
	Security Zones
		DMZ
		Internet
		East-West Traffic
		Intranet
		Extranet
		Wireless
		Guest
		Honeynets
		Flat Networks
	Network Protocols
		Protocols
		Packets
	Internet Protocol
		IP Packets
		TCP vs. UDP
		ICMP
	IPv4 vs. IPv6
		Expanded Address Space
		Neighbor Discovery
		Benefits of IPv6
	Packet Delivery
		Ethernet
		Local Packet Delivery
		ARP Attacks
		Remote Packet Delivery
		IP Addresses and Subnetting
		Network Address Translation
	Inter-Networking
	MPLS
	Software-Defined Networking (SDN)
		Software-Defined Visibility (SDV)
	Quality of Service (QoS)
	Traffic Engineering
	Route Security
	For More Information
	Chapter 9 Review
Chapter 10 Infrastructure Security
	Devices
		Workstations
		Servers
		Mobile Devices
		Device Security, Common Concerns
		Network-Attached Storage
		Removable Storage
	Virtualization
		Hypervisor
		Application Cells/Containers
		VM Sprawl Avoidance
		VM Escape Protection
		Snapshots
		Patch Compatibility
		Host Availability/Elasticity
		Security Control Testing
		Sandboxing
	Networking
		Network Interface Cards
		Hubs
		Bridges
		Switches
		Port Security
		Routers
	Security Devices
		Firewalls
		VPN Concentrator
		Wireless Devices
		Modems
		Telephony
		Intrusion Detection Systems
		Network Access Control
		Network Monitoring/Diagnostic
		Load Balancers
		Proxies
		Web Security Gateways
		Internet Content Filters
		Data Loss Prevention
		Unified Threat Management
	Security Device/Technology Placement
		Sensors
		Collectors
		TAPs and Port Mirror
		Correlation Engines
		Filters
		SSL Accelerators
		DDoS Mitigator
		Aggregation Switches
	Tunneling/VPN
		Site-to-Site
		Remote Access
	Storage Area Networks
		iSCSI
		Fibre Channel
		FCoE
	Media
		Coaxial Cable
		UTP/STP
		Fiber
		Unguided Media
	Removable Media
		Magnetic Media
		Optical Media
		Electronic Media
	Security Concerns for Transmission Media
	Physical Security Concerns
	Chapter 10 Review
Chapter 11 Authentication and Remote Access
	User, Group, and Role Management
		User
		Shared and Generic Accounts/Credentials
		Guest Accounts
		Service Accounts
		Privileged Accounts
		Group
		Role
	Account Policies
		Account Policy Enforcement
		Domain Passwords
		Single Sign-On
		Credential Management
		Group Policy
		Standard Naming Convention
		Account Maintenance
		Usage Auditing and Review
		Account Audits
		Time-of-Day Restrictions
		Impossible Travel Time/Risky Login
		Account Expiration
		Privileged Access Management
	Authorization
		Access Control
		Security Controls and Permissions
		Access Control Lists (ACLs)
		Mandatory Access Control (MAC)
		Discretionary Access Control (DAC)
		Role-Based Access Control (RBAC)
		Rule-Based Access Control
		Attribute-Based Access Control (ABAC)
		Conditional Access
	Identity
		Identity Provider (IdP)
		Identity Attributes
		Certificates
		Identity Tokens
		SSH Keys
		Smart Cards
	Authentication Methods
		Authentication
		Directory Services
		Federation
		Attestation
		Transitive Trust
		Technologies
	Biometric Factors
		Fingerprint Scanner
		Retinal Scanner
		Iris Scanner
		Voice Recognition
		Facial Recognition
		Vein
		Gait Analysis
	Biometric Efficacy Rates
		False Positives and False Negatives
		False Acceptance Rate
		False Rejection Rate
		Crossover Error Rate
		Biometrics Calculation Example
	Multifactor Authentication
		Factors
		Attributes
	Remote Access
		IEEE 802.1X
		LDAP
		RADIUS
		TACACS+
		Authentication Protocols
		FTP/FTPS/SFTP
		VPNs
		Vulnerabilities of Remote Access Methods
	Preventing Data Loss or Theft
	Database Security
	Cloud vs. On-premises Requirements
	Connection Summary
	For More Information
	Chapter 11 Review
Chapter 12 Wireless Security and Mobile Devices
	Connection Methods and Receivers
		Cellular
		Wi-Fi
		Bluetooth
		NFC
		Infrared
		USB
		Point-to-Point
		Point-to-Multipoint
		Global Positioning System (GPS)
		RFID
		SATCOM
	Wireless Protocols
		802.11: Individual Standards
		WEP
		Current Security Methods
		Authentication Protocols
	Wireless Systems Configuration
		Access Point
		SSID
		Fat vs. Thin
		Controller Based vs. Standalone
		Signal Strength
		Band Selection/Width
		Antenna Types and Placement
		Power-Level Controls
		Wi-Fi Analyzers
		Channel Overlays
		Wireless Access Point (WAP) Placement
		Site Surveys
		Heat Maps
		Controller and Access Point Security
		MAC Filtering
		Captive Portals
		Securing Public Wi-Fi
	Wireless Attacks
		Attacking 802.11
		Replay
		IV
		Evil Twin
		Rogue AP
		Jamming
		Bluetooth Attacks
		Bluejacking
		Bluesnarfing
		Bluebugging
		RFID
		Disassociation
	Mobile Device Management Concepts
		Application Management
		Full Device Encryption (FDE)
		Content Management
		Remote Wipe
		Geofencing
		Geolocation
		Geo-Tagging
		Screen Locks
		Push Notification Services
		Passwords and PINs
		Biometrics
		Context-Aware Authentication
		Containerization
		Storage Segmentation
		Asset Control
		Device Access Control
		Removable Storage
		Disabling Unused Features
	Mobile Application Security
		Application Control
		Key and Credential Management
		Authentication
		Application Whitelisting
		Encryption
		Transitive Trust/Authentication
	Mobile Devices
		MicroSD Hardware Security Module (HSM)
		MDM/Unified Endpoint Management (UEM)
		Mobile Application Management (MAM)
		SEAndroid/SELinux
	Policies for Enforcement and Monitoring
		Third-party App Stores
		Rooting/Jailbreaking
		Sideloading
		Custom Firmware
		Carrier Unlocking
		Firmware OTA Updates
		Camera Use
		SMS/MMS/RCS
		External Media
		USB On-The-Go (USB OTG)
		Recording Microphone
		GPS Tagging
		Wi-Fi Direct/Ad Hoc
		Tethering
		Hotspot
		Payment Methods
	Deployment Models
		CYOD
		COPE
		Corporate-Owned
		BYOD
		Virtual Desktop Infrastructure (VDI)
	Chapter 12 Review
Chapter 13 Intrusion Detection Systems and Network Security
	History of Intrusion Detection Systems
	IDS Overview
		IDS Models
		Signatures
		False Positives and False Negatives
	Network-Based IDSs
		Advantages of a NIDS
		Disadvantages of a NIDS
		Active vs. Passive NIDSs
		NIDS Tools
	Host-Based IDSs
		Advantages of HIDSs
		Disadvantages of HIDSs
		Active vs. Passive HIDSs
		Resurgence and Advancement of HIDSs
	Intrusion Prevention Systems
	Network Security Monitoring
	Deception and Disruption Technologies
		Honeypots and Honeynets
		Honeyfiles/Honeyrecords
		Fake Telemetry
		DNS Sinkhole
	Analytics
	SIEM
		SIEM Dashboards
		Sensors
		Sensitivity
		Trends
		Alerts
		Correlation
		Aggregation
		Automated Alerting and Triggers
		Time Synchronization
		Event Deduplication
		Logs/WORM
	DLP
		USB Blocking
		Cloud-Based DLP
		E-mail
	Tools
		Protocol Analyzer
		Network Placement
		In-Band vs. Out-of-Band NIDS/NIPS
		Switched Port Analyzer
		Port Scanner
		Passive vs. Active Tools
		Banner Grabbing
	Indicators of Compromise
		Advanced Malware Tools
	For More Information
	Chapter 13 Review
Chapter 14 System Hardening and Baselines
	Overview of Baselines
	Hardware/Firmware Security
		FDE/SED
		TPM
		Hardware Root of Trust
		HSM
		UEFI BIOS
		Measured Boot
		Secure Boot and Attestation
		Integrity Measurement
		Firmware Version Control
		EMI/EMP
		Supply Chain
	Operating System and Network Operating System Hardening
		Protection Rings
		OS Security
		OS Types
		Trusted Operating System
		Patch Management
		Disabling Unnecessary Ports and Services
		Secure Configurations
		Disable Default Accounts/Passwords
		Application Whitelisting/Blacklisting
		Sandboxing
	Secure Baseline
		Machine Hardening
		Hardening Microsoft Operating Systems
		Hardening UNIX- or Linux-Based Operating Systems
	Endpoint Protection
		Antivirus
		Anti-Malware
		Endpoint Detection and Response (EDR)
		DLP
		Next-Generation Firewall (NGFW)
		Host-based Intrusion Detection System (HIDS)
		Host-based Intrusion Prevention System (HIPS)
		Host-based Firewall
		Whitelisting vs. Blacklisting Applications
		AppLocker
		Hardware Security
	Network Hardening
		Software Updates
		Device Configuration
		Securing Management Interfaces
		VLAN Management
		Network Segmentation
		IPv4 vs. IPv6
	Application Hardening
		Application Configuration Baseline
		Application Patches
		Patch Management
		Host Software Baselining
		Vulnerability Scanner
	Data-Based Security Controls
		Data Security
		Data Encryption
		Handling Big Data
		Cloud Storage
		Storage Area Network
		Permissions/ACL
	Environment
		Development
		Test
		Staging
		Production
	Automation/Scripting
		Automated Courses of Action
		Continuous Monitoring
		Configuration Validation
		Templates
		Master Image
		Nonpersistence
		Wrappers
		Elasticity
		Scalability
		Distributive Allocation
	Alternative Environments
		Alternative Environment Methods
		Peripherals
		Phones and Mobile Devices
		Embedded Systems
		Camera Systems
		Game Consoles
		Mainframes
		SCADA/ICS
		HVAC
		Smart Devices/IoT
		Special-Purpose Systems
	Industry-Standard Frameworks and Reference Architectures
		Regulatory
		Nonregulatory
		National vs. International
		Industry-Specific Frameworks
	Benchmarks/Secure Configuration Guides
		Platform/Vendor-Specific Guides
		General-Purpose Guides
	For More Information
	Chapter 14 Review
Chapter 15 Types of Attacks and Malicious Software
	Avenues of Attack
		Minimizing Possible Avenues of Attack
	Malicious Code
		Malware
		Ransomware
		Trojans
		Worms
		Viruses
		Polymorphic Malware
		Potentially Unwanted Programs
		Command and Control
		Botnets
		Crypto-Malware
		Logic Bombs
		Spyware
		Adware
		Keyloggers
		Remote-Access Trojans (RATs)
		Rootkit
		Backdoors and Trapdoors
		Application-Level Attacks
		Malware Defenses
	Attacking Computer Systems and Networks
		Denial-of-Service Attacks
		Social Engineering
		Sniffing
		Spoofing
		MAC Spoofing
		TCP/IP Hijacking
		Man-in-the-Middle Attacks
		Man-in-the-Browser
		Replay Attacks
		Transitive Access
		Scanning Attacks
		Attacks on Encryption
		Address System Attacks
		Cache Poisoning
		Amplification
		Domain Hijacking
		Pass-the-Hash Attacks
		Software Exploitation
		Client-Side Attacks
		Driver Manipulation
	Advanced Persistent Threat
	Password Attacks
		Password Guessing
		Poor Password Choices
		Spraying
		Dictionary Attack
		Brute Force Attack
		Rainbow Tables
		Plaintext/Unencrypted
	Chapter 15 Review
Chapter 16 Security Tools and Techniques
	Network Reconnaissance and Discovery Tools
		tracert/traceroute
		nslookup/dig
		ipconfig/ifconfig
		nmap
		ping/pathping
		hping
		netstat
		netcat (nc)
		IP Scanners
		arp
		route
		curl
		theHarvester
		sn1per
		scanless
		dnsenum
		Nessus
		Cuckoo
	File Manipulation Tools
		head
		tail
		cat
		grep
		chmod
		logger
	Shell and Script Environments
		SSH
		PowerShell
		Python
		OpenSSL
	Packet Capture and Replay Tools
		tcpreplay
		tcpdump
		Wireshark
	Forensic Tools
		dd
		memdump
		WinHex
		FTK Imager
		Autopsy
	Tool Suites
		Metasploit
		Kali
		Parrot OS
		Security Onion
		Social-Engineering Toolkit
		Cobalt Strike
		Core Impact
		Burp Suite
	Penetration Testing
		Penetration Testing Authorization
		Reconnaissance
		Passive vs. Active Tools
		Pivoting
		Initial Exploitation
		Persistence
		Escalation of Privilege
	Vulnerability Testing
		Vulnerability Scanning Concepts
		False Positives
		False Negatives
		Log Reviews
		Credentialed vs. Non-Credentialed
		Intrusive vs. Non-Intrusive
		Applications
		Web Applications
		Network
		Common Vulnerabilities and Exposures (CVE)/Common Vulnerability Scoring System (CVSS)
		Configuration Review
		System Testing
	Auditing
		Performing Routine Audits
	Vulnerabilities
		Cloud-based vs. On-premises Vulnerabilities
		Zero Day
		Weak Configurations
		Open Permissions
		Unsecure Root Accounts
		Errors
		Weak Encryption
		Unsecure Protocols
		Default Settings
		Open Ports and Services
		Improper or Weak Patch Management
	Chapter 16 Review
Chapter 17 Web Components, E-mail, and Instant Messaging
	Current Web Components and Concerns
	Web Protocols
		Encryption (SSL and TLS)
		How TLS Works
		The Web (HTTP and HTTPS)
		HTTPS Everywhere
		HTTP Strict Transport Security
		Directory Services (DAP and LDAP)
		File Transfer (FTP and SFTP)
		Vulnerabilities
	Code-Based Vulnerabilities
		Java
		JavaScript
		Securing the Browser
		Server-Side Scripts
		Cookies
		Browser Plug-Ins
		Malicious Add-Ons
		Code Signing
	Application-Based Weaknesses
		Session Hijacking
		Client-Side Attacks
		Web 2.0 and Security
	How E-mail Works
		E-mail Structure
		MIME
	Security of E-mail
		Spam
		Malicious Code
		Hoax E-mails
	Mail Gateway
		Spam Filter
		Mail Relaying
		Greylisting
		Spam URI Real-time Block Lists
		Sender Policy Framework (SPF)
		Sender ID Framework
		DomainKeys Identified Mail
		DLP
	Mail Encryption
		S/MIME
		PGP
	Instant Messaging
		Modern Instant Messaging Systems
	Chapter 17 Review
Chapter 18 Cloud Computing
	Cloud Computing
		Cloud Characteristics
		Cloud Computing Service Models
		Level of Control in the Hosting Models
		Services Integration
	Cloud Types
		Private
		Public
		Hybrid
		Community
		On-premises vs. Hosted vs. Cloud
	Cloud Service Providers
		Transit Gateway
	Cloud Security Controls
		High Availability Across Zones
		Resource Policies
		Secrets Management
		Integration and Auditing
		Storage
		Network
		Compute
	Security as a Service
		Managed Security Service Provider (MSSP)
	Cloud Security Solutions
		Cloud Access Security Broker (CASB)
		Application Security
		Firewall Considerations in a Cloud Environment
		Cloud-native Controls vs. Third-party Solutions
	Virtualization
		Type I
		Type II
		Virtual Machine (VM) Sprawl Avoidance
		VM Escape Protection
	VDI/VDE
	Fog Computing
	Edge Computing
	Thin Client
	Containers
	Microservices/API
	Serverless Architecture
	Chapter 18 Review
Chapter 19 Secure Software Development
	The Software Engineering Process
		Process Models
		Secure Development Lifecycle
		Environments
	Secure Coding Concepts
		Error and Exception Handling
		Input and Output Validation
		Normalization
		Bug Tracking
	Application Attacks
		Cross-Site Scripting
		Injections
		Directory Traversal/Command Injection
		Buffer Overflow
		Integer Overflow
		Cross-Site Request Forgery
		Zero Day
		Attachments
		Locally Shared Objects
		Client-Side Attacks
		Arbitrary/Remote Code Execution
		Open Vulnerability and Assessment Language
	Application Hardening
		Application Configuration Baseline
		Application Patch Management
		NoSQL Databases vs. SQL Databases
		Server-Side vs. Client-Side Validation
		Code Signing
		Encryption
		Obfuscation/Camouflage
		Code Reuse/Dead Code
		Memory Management
		Use of Third-Party Libraries and SDKs
		Data Exposure
	Code Quality and Testing
		Static Code Analyzers
		Dynamic Analysis (Fuzzing)
		Stress Testing
		Sandboxing
		Model Verification
	Compiled Code vs. Runtime Code
	Software Diversity
		Compiler
		Binary
	Secure DevOps
		Automation/Scripting
		Continuous Monitoring
		Continuous Validation
		Continuous Integration
		Continuous Delivery
		Continuous Deployment
		Infrastructure as Code
	Elasticity
	Scalability
	Version Control and Change Management
		Baselining
		Immutable Systems
	Provisioning and Deprovisioning
	Integrity Measurement
	For More Information
	Chapter 19 Review
Chapter 20 Risk Management
	An Overview of Risk Management
		Example of Risk Management at the International Banking Level
	Risk Management Vocabulary
	What Is Risk Management?
		Risk Management Culture
		Risk Response Techniques
		Risk Management Frameworks
	Security Controls
		Categories
		Control Types
	Business Risks
		Examples of Business Risks
		Examples of Technology Risks
		Business Impact Analysis
		Mission-Essential Functions
		Identification of Critical Systems
		Single Point of Failure
		Impact
	Third-party Risks
		Vendor Management
		Supply Chain
		Outsourced Code Development
		Data Storage
	Risk Mitigation Strategies
		Change Management
		Incident Management
		User Rights and Permissions Reviews
		Data Loss or Theft
	Risk Management Models
		General Risk Management Model
		Software Engineering Institute Model
		NIST Risk Models
		Model Application
	Risk Assessment
	Qualitatively Assessing Risk
		Risk Matrix/Heat Map
	Quantitatively Assessing Risk
		Adding Objectivity to a Qualitative Assessment
		Risk Calculation
	Qualitative vs. Quantitative Risk Assessment
	Tools
		Cost-Effectiveness Modeling
	Risk Management Best Practices
		System Vulnerabilities
		Threat Vectors
		Probability/Threat Likelihood
		Risks Associated with Cloud Computing and Virtualization
	Additional References
	Chapter 20 Review
Chapter 21 Business Continuity, Disaster Recovery, and Change Management
	Business Continuity
		Business Continuity Plans
		Business Impact Analysis
		Identification of Critical Systems and Components
		Removing Single Points of Failure
		Risk Assessment
		Succession Planning
		After-Action Reports
		Failover
		Backups
		Alternative Sites
		Order of Restoration
		Utilities
		Secure Recovery
	Continuity of Operations Planning (COOP)
	Disaster Recovery
		Disaster Recovery Plans/Process
		Categories of Business Functions
		IT Contingency Planning
		Test, Exercise, and Rehearse
		Recovery Time Objective and Recovery Point Objective
	Why Change Management?
	The Key Concept: Separation of Duties
	Elements of Change Management
	Implementing Change Management
		Backout Plan
	The Purpose of a Change Control Board
		Code Integrity
	The Capability Maturity Model Integration
	Environment
		Development
		Test
		Staging
		Production
	Secure Baseline
	Sandboxing
	Integrity Measurement
	Chapter 21 Review
Chapter 22 Incident Response
	Foundations of Incident Response
		Incident Management
		Goals of Incident Response
	Attack Frameworks
		Anatomy of an Attack
		Cyber Kill Chain
		MITRE ATT&CK
		The Diamond Model of Intrusion Analysis
	Threat Intelligence
		Threat Hunting
		Security Orchestration, Automation, and Response (SOAR)
	Incident Response Process
		Preparation
		Incident Response Plan
		Incident Identification/Detection
		Identification
		Initial Response
		Containment/Incident Isolation
		Strategy Formulation
		Investigation
		Eradication
		Recovery
		Reporting
		Lessons Learned
		Incident Response Team
	Exercises
		Tabletop
		Walkthroughs
		Simulations
	Stakeholder Management
	Communication Plan
	Data Sources
	Log Files
		Network
		System
		Application
		Security
		Web
		DNS
		Authentication
		Dump Files
		VoIP and Call Managers
		Session Initiation Protocol (SIP) Traffic
		Syslog/Rsyslog/Syslog-ng
		Journalctl
		NXLog
		Bandwidth Monitors
		NetFlow/sFlow
		Metadata
	Data Collection Models
		Collection Inventory Matrix
		Collection Management Framework
	Standards and Best Practices
		State of Compromise
		NIST
		Department of Justice
		Indicators of Compromise
		Security Measure Implementation
		Making Security Measurable
		Retention Policies
	For More Information
	Chapter 22 Review
Chapter 23 Computer Forensics
	Evidence
		Types of Evidence
		Standards for Evidence
		Three Rules Regarding Evidence
	Chain of Custody
		Tags
	Forensic Process
		Data Recovery
		Acquiring Evidence
		Identifying Evidence
		Protecting Evidence
		Transporting Evidence
		Storing Evidence
		Conducting the Investigation
	Message Digest and Hash
	Analysis
		Timelines of Sequence of Events
		Provenance
		Recovery
		Strategic Intelligence/Counterintelligence Gathering
		Active Logging
		Track Man-Hours
		Reports
	Host Forensics
		Filesystems
		Artifacts
		Swap/Pagefile
		Firmware
		Snapshot
		Cache
		Windows Metadata
		Linux Metadata
		Timestamps
	Device Forensics
	Network Forensics
	Legal Hold
		E-discovery
		Big Data
		Cloud
		Right to Audit Clauses
		Regulatory/Jurisdiction
	Chapter 23 Review
Chapter 24 Legal Issues and Ethics
	Cybercrime
		U.S. Law Enforcement Encryption Debate
		Common Internet Crime Schemes
		Sources of Laws
		Computer Trespass
		Convention on Cybercrime
		Significant U.S. Laws
		Payment Card Industry Data Security Standard (PCI DSS)
		Import/Export Encryption Restrictions
		Digital Signature Laws
		Digital Rights Management
	Ethics
	Chapter 24 Review
Chapter 25 Privacy
	Data Handling
	Organizational Consequences of Privacy Breaches
		Reputation Damage
		Identity Theft
		Fines
		IP Theft
	Data Sensitivity Labeling and Handling
		Public
		Private
		Sensitive
		Confidential
		Critical
		Proprietary
		Personally Identifiable Information (PII)
	Data Roles
		Data Owner
		Data Controller
		Data Processor
		Data Custodian/Steward
		Data Privacy Officer
	Data Destruction and Media Sanitization
		Data/Information Lifecycle
		Burning
		Shredding
		Pulping
		Pulverizing
		Degaussing
		Purging
		Wiping
	U.S. Privacy Laws
		Fair Information Practice Principles (FIPPs)
		Privacy Act of 1974
		Freedom of Information Act (FOIA)
		Family Education Records and Privacy Act (FERPA)
		U.S. Computer Fraud and Abuse Act (CFAA)
		U.S. Children’s Online Privacy Protection Act (COPPA)
		Video Privacy Protection Act (VPPA)
		Health Insurance Portability and Accountability Act (HIPAA)
		Gramm-Leach-Bliley Act (GLBA)
		California Senate Bill 1386 (SB 1386)
		U.S. Banking Rules and Regulations
		Payment Card Industry Data Security Standard (PCI DSS)
		Fair Credit Reporting Act (FCRA)
		Fair and Accurate Credit Transactions Act (FACTA)
	International Privacy Laws
		OECD Fair Information Practices
		European Laws
		Canadian Law
		Asian Laws
	Privacy-Enhancing Technologies
		Data Minimization
		Data Masking
		Tokenization
		Anonymization
		Pseudo-Anonymization
	Privacy Policies
		Terms of Agreement
		Privacy Notice
	Privacy Impact Assessment
	Web Privacy Issues
		Cookies
	Privacy in Practice
		User Actions
		Data Breaches
	For More Information
	Chapter 25 Review
Appendix A CompTIA Security+ Exam Objectives: SY0-601
Appendix B About the Online Content
	System Requirements
	Your Total Seminars Training Hub Account
		Privacy Notice
	Single User License Terms and Conditions
	TotalTester Online
	Technical Support
Glossary
Index