What Every Engineer Should Know About Cyber Security and Digital Forensics

Cover
Half Title
Series Page
Title Page
Copyright Page
Table of Contents
What Every Engineer Should Know: Series Statement
Preface
Acknowledgments
Authors
Chapter 1 Security Threats
	1.1 Introduction
	1.2 Social Engineering
	1.3 Travel
	1.4 Mobile Devices
	1.5 Internet
	1.6 The Cloud
	1.7 Cyber Physical Systems
	1.8 Theft
	References
	Notes
Chapter 2 Cyber Security
	2.1 Introduction
	2.2 Information Security
	2.3 Security Architecture
	2.4 Access Controls
	2.5 Cryptography
		2.5.1 Types of Cryptography or Cryptographic Algorithms
	2.6 Network and Telecommunications Security
	2.7 Operating System Security
	2.8 Software Development Security
	2.9 Database Security
	2.10 Internet of Things Security
	2.11 Business Continuity and Disaster Recovery
	2.12 Physical Security
	2.13 Legal, Regulations, Compliance, and Investigations
	2.14 Operations Security
	2.15 Information Security Governance and Risk Management
	References
Chapter 3 Strategy to Outpace the Adversary
	3.1 Introduction
	3.2 The Problem
	3.3 Boyd\'s OODA Loop Overview
		3.3.1 Observe in Depth
		3.3.2 Orient in Depth
		3.3.3 Decide in Depth
		3.3.4 Act in Depth
	3.4 OODA Loop Applied: The Ukraine-Russia Cyberwar
		3.4.1 Observe
		3.4.2 Orient
			3.4.2.1 Understand the Cyber Security Posture of Your Third and Fourth Parties
			3.4.2.2 Understand the Ransomware Susceptibility of Your Vendors
		3.4.3 Decide
			3.4.3.1 Monitor the DDoS Resiliency of Your Vendors
		3.4.4 Act
		3.4.5 Take Away Points
	3.5 Conclusions and Recommendations
	References
	Note
Chapter 4 Preparing for an Incident
	4.1 Introduction
		4.1.1 The Zachman Framework
		4.1.2 Adaptation of the Zachman Framework to Incident Response Preparation
	4.2 Risk Identification
	4.3 Host Preparation
	4.4 Network Preparation
	4.5 Establishing Appropriate Policies and Procedures
	4.6 Establishing an Incident Response Team
	4.7 Preparing a Response Toolkit
	4.8 Training
	References
	Notes
Chapter 5 Incident Response and Digital Forensics
	5.1 Introduction
	5.2 Incident Response
		5.2.1 Detection/Identification
		5.2.2 Containment
		5.2.3 Eradication
		5.2.4 Recovery
	5.3 Incident Response for Cloud Computing
	5.4 Digital Forensics
		5.4.1 Preparation
		5.4.2 Collection
		5.4.3 Analysis
		5.4.4 Reporting
	5.5 Mobile Phone Forensics
	References
	Notes
Chapter 6 Development, Security, and Operations
	6.1 What Is a Secure Software Development Life Cycle?
	6.2 Reasons to Use SDLC
	6.3 Segregation of Environments
	6.4 Secure SDLC Phases
	6.5 Why Do Developers Not Follow SDLC?
	6.6 Is SDLC an OODA Loop?
	References
Chapter 7 Mobile Device Forensic Tools
	7.1 Introduction
	7.2 Tools
		7.2.1 Axiom and Axiom Cyber by Magnet Forensics
		7.2.2 ALEAPP Android and iOS Analysis Tools
		7.2.3 Belkasoft Evidence Center X
		7.2.4 Cellebrite Universal Forensic Extraction Device (UFED) and Physical Analyzer
		7.2.5 Oxygen Forensics
		7.2.6 Graykey from Gray Shift
		7.2.7 DataPilot from Susteen
		7.2.8 XRY from Micro Systemation
	7.3 Conclusion
	Note
Chapter 8 The Laws Most Likely to Affect IT and IT Security
	8.1 Introduction
	8.2 Managing Personal Data
		8.2.1 Data Breach Laws
		8.2.2 Cybersecurity Protection: Massachusetts/NY SHIELD Act
		8.2.3 CCPA and CPRA
		8.2.4 Virginia, Colorado, and Utah
		8.2.5 PCI-DSS
		8.2.6 HIPAA
		8.2.7 FTC Act \"Unfair or Deceptive Practices\"
		8.2.8 FERPA
		8.2.9 GDPR and Personal Data Belonging to Non-US Residents
		8.2.10 Contractual Agreements on Data Handling
	8.3 Biometric Security
	8.4 Collecting Digital Evidence and Electronic Discovery
		8.4.1 Forensically Sound Collection of Digital Evidence
		8.4.2 Electronic Discovery
	8.5 Criminal Liability for Surveilling Employees
	8.6 Organizational Security, Financial Institutions, and Critical Infrastructure
		8.6.1 Gramm-Leach-Bliley Act
		8.6.2 Sarbanes-Oxley
		8.6.3 State Regulatory Requirements, Including NY DFS Cybersecurity Regulation
		8.6.4 Federal Cybersecurity Framework for Critical Infrastructure
		8.6.5 Defense Federal Acquisition Regulation Supplement (DFARS)
	Notes
Chapter 9 Cyber Security and Digital Forensics Careers
	9.1 Introduction
	9.2 Career Opportunities
		9.2.1 A Summarized List of \"Information Security\" Job Tasks
		9.2.2 A Summarized List of \"Digital Forensic\" Job Tasks
	9.3 Certifications
		9.3.1 Information Security Certifications
		9.3.2 Digital Forensic and Forensic Software Certifications
			9.3.2.1 Digital Forensic Certifications
			9.3.2.2 Forensic Software Certifications
	References
	Notes
Chapter 10 Theory to Practice
	10.1 Introduction
	10.2 Case Study 1: It Is All Fun and Games Until Something Gets Deleted
		10.2.1 After-Action Report
			10.2.1.1 What Worked Well?
			10.2.1.2 Lessons Learned
			10.2.1.3 What to Do Differently Next Time
	10.3 Case Study 2: How Is This Working for You?
		10.3.1 After-Action Report
			10.3.1.1 What Worked Well?
			10.3.1.2 Lessons Learned
			10.3.1.3 What to Do Differently Next Time
	10.4 Case Study 3: The Weakest Link
		10.4.1 Background
		10.4.2 The Crime
		10.4.3 The Trial
			10.4.3.1 The Defense
			10.4.3.2 The Prosecution
			10.4.3.3 Other Strategies to Win the Case
			10.4.3.4 Verdict
		10.4.4 After-Action Report
			10.4.4.1 What Worked Well for UBS-PW?
			10.4.4.2 What to Do Differently Next Time
	10.5 Case Study 4: Dealing with Phishing Using the OODA Loop
	10.6 Case Study 5: Dealing with Incident Response Using the OODA Loop
	10.7 Case Study 6: The Colonial Pipeline: Three Assumptions You Should Never Make about Ransomware
		10.7.1 Background
	References
	Notes
Index