Front Matter
Copyright
Author Biography
Domain 1: Access Control
Introduction
Cornerstone information security concepts
Confidentiality, integrity, and availability
Confidentiality
Integrity
Availability
Disclosure, alteration, and destruction
Identity and authentication, authorization, and accountability
Identity and authentication
Authorization
Accountability
Nonrepudiation
Least privilege and need to know
Subjects and objects
Defense-in-depth
Access control models
Discretionary access controls
Mandatory access controls
Nondiscretionary access control
Rule-based access controls
Centralized access control
Access control lists
Access provisioning lifecycle
User entitlement, access review, and audit
Access control protocols and frameworks
RADIUS
Diameter
TACACS and TACACS+
PAP and CHAP
Access control defensive categories and types
Preventive
Detective
Corrective
Recovery
Deterrent
Compensating
Authentication methods
Type 1 authentication: something you know
Passwords
Password hashes and password cracking
Dictionary attacks
Hybrid attacks
Brute-force attacks
Rainbow tables
Salts
Type 2 authentication: something you have
Synchronous dynamic token
Asynchronous dynamic token
Type 3 authentication: something you are
Biometric enrollment and throughput
Accuracy of biometric systems
False reject rate
False accept rate
Crossover Error Rate
Types of biometric controls
Fingerprints
Retina scan
Iris scan
Hand geometry
Keyboard dynamics
Dynamic signature
Voiceprint
Facial scan
Someplace you are
Single sign-on
Endnotes
Domain 2: Telecommunications and Network Security
Introduction
Network architecture and design
Fundamental network concepts
Simplex, half-duplex, and full-duplex communication
LANs, WANs, MANs, and PANs
Internet, Intranet, and Extranet
The OSI model
Layer 1: Physical
Layer 2: Data Link
Layer 3: Network
Layer 4: Transport
Layer 5: Session
Layer 6: Presentation
Layer 7: Application
The TCP/IP model
Network Access Layer
Internet Layer
Host-to-Host Transport Layer
Application Layer
MAC addresses
EUI-64 MAC addresses
IPv4
IPv6
TCP
TCP ports
UDP
ICMP
Application-Layer TCP/IP protocols and concepts
Telnet
FTP
SSH
SMTP, POP, and IMAP
DNS
HTTP and HTTPS
LAN technologies and protocols
Ethernet
WAN technologies and protocols
T1s, T3s, E1s, and E3s
Frame Relay
MPLS
Network devices and protocols
Repeaters and hubs
Bridges
Switches
Routers
Firewalls
Packet filter
Stateful firewalls
Proxy firewalls
Application-Layer Proxy firewalls
Modem
Intrusion Detection Systems and Intrusion Prevention Systems
Endpoint security
Antivirus
Application whitelisting
Removable media controls
Disk encryption
Secure communications
Authentication protocols and frameworks
PAP and CHAP
802.1X and EAP
VPN
PPP
IPsec
Remote meeting technology
Domain 3: Information Security Governance and Risk Management
Introduction
Risk Analysis
Assets
Threats and vulnerabilities
Risk=threat×vulnerability
Impact
Risk Analysis Matrix
Calculating Annualized Loss Expectancy
Asset Value
Exposure Factor
Single Loss Expectancy
Annual Rate of Occurrence
Annualized Loss Expectancy
Total Cost of Ownership
Return on Investment
Budget and metrics
Risk choices
Accept the risk
Risk acceptance criteria
Mitigate the risk
Transfer the risk
Risk avoidance
Qualitative and Quantitative Risk Analysis
The Risk Management process
Information Security Governance
Security policy and related documents
Policy
Components of program policy
Policy types
Procedures
Standards
Guidelines
Baselines
Roles and responsibilities
Personnel security
Background checks
Employee termination
Security awareness and training
Vendor, consultant, and contractor security
Outsourcing and offshoring
Privacy
Due care and due diligence
Gross negligence
Best practice
Auditing and control frameworks
OCTAVE
ISO 17799 and the ISO 27000 series
COBIT
ITIL
Certification and Accreditation
Summary of exam objectives
Top five toughest questions
Answers
Endnotes
Domain 4: Software Development Security
Introduction
Programming concepts
Machine code, source code, and assemblers
Compilers, interpreters, and bytecode
Types of publicly released software
Open and closed source software
Free Software, Shareware, and Crippleware
Application development methods
Waterfall Model
Spiral
Agile Software Development
Extreme Programming
Rapid Application Development
SDLC
Object-Oriented Programming
Cornerstone Object-Oriented Programming concepts
Object Request Brokers
COM and DCOM
Software vulnerabilities, testing, and assurance
Software vulnerabilities
Types of software vulnerabilities
Cross-Site Scripting and Cross-Site Request Forgery
Privilege escalation
Backdoors
Disclosure
Software Capability Maturity Model
Databases
Relational databases
Foreign keys
Referential, semantic, and entity integrity
Database normalization
Database views
Database query languages
Database integrity
Database replication and shadowing
Summary of exam objectives
Top five toughest questions
Self-test quick answer key
Endnotes
Domain 5: Cryptography
Introduction
Cornerstone cryptographic concepts
Key terms
Confidentiality, integrity, authentication, and nonrepudiation
Substitution and permutation
Cryptographic strength
Monoalphabetic and polyalphabetic ciphers
Exclusive Or XOR
Types of cryptography
Symmetric encryption
Stream and block ciphers
Initialization vectors and chaining
DES
Modes of DES
Electronic Code Book
Cipher Block Chaining
Cipher Feedback
Output Feedback
Counter
Single DES
Triple DES
Triple DES encryption order and keying options
International Data Encryption Algorithm
Advanced Encryption Standard
Choosing AES
Blowfish and Twofish
RC5 and RC6
Asymmetric encryption
Asymmetric methods
Factoring prime numbers
Discrete logarithm
Diffie-Hellman Key Agreement Protocol
Elliptic Curve Cryptography
Asymmetric and symmetric trade-offs
Hash functions
MD5
Secure Hash Algorithm
HAVAL
Cryptographic attacks
Brute force
Known plaintext
Chosen plaintext and adaptive-chosen plaintext
Chosen ciphertext and adaptive-chosen ciphertext
Meet-in-the-middle attack
Known key
Differential cryptanalysis
Linear cryptanalysis
Side-channel attacks
Implementing cryptography
Digital signatures
Public Key Infrastructure
Certificate Authorities and Organizational Registration Authorities
Certificate Revocation Lists
Key management issues
SSL and TLS
IPsec
AH and ESP
Security association and ISAKMP
Tunnel and transport mode
IKE
PGP
S/MIME
Escrowed encryption
Clipper Chip
Endnotes
Domain 6: Security Architecture and Design
Introduction
Secure system design concepts
Layering
Abstraction
Security domains
The ring model
Secure Hardware Architecture
The system unit and motherboard
The computer bus
The CPU
Arithmetic logic unit and control unit
Fetch and execute
Pipelining
Interrupts
Processes and threads
Multitasking and multiprocessing
CISC and RISC
Memory
Cache memory
RAM and ROM
DRAM and SRAM
Memory protection
Process isolation
Hardware segmentation
Virtual memory
Swapping and paging
Firmware
Flash memory
BIOS
Secure operating system and software architecture
The kernel
Reference monitor
Virtualization
Hypervisor
Virtualization security issues
Cloud computing
Grid computing
Peer-to-peer
Thin clients
System vulnerabilities, threats, and countermeasures
Covert channels
Buffer overflows
TOCTOU/race conditions
Maintenance Hooks
Malicious code malware
Computer viruses
Worms
Trojans
Rootkits
Web architecture and attacks
Applets
Java
ActiveX
OWASP
XML and SAML
Service-Oriented Architecture
Mobile device attacks
Mobile device defenses
Database security
Polyinstantiation
Inference and aggregation
Security models
Bell-LaPadula model
Lattice-based access controls
The International Common Criteria
Endnotes
Domain 7: Operations Security
Introduction
Administrative security
Labels
Clearance
Separation of duties
Rotation of duties
Mandatory leave/forced vacation
Nondisclosure agreement
Background checks
Sensitive information/media security
Sensitive information
Labeling/marking
Handling
Storage
Retention
Media sanitization or destruction of data
Data remanence
Wiping, overwriting, or shredding
Degaussing
Physical destruction
Shredding
Asset management
Configuration management
Baselining
Vulnerability management
Zero-day vulnerabilities and zero-day exploits
Change management
Continuity of operations
Service-Level Agreements
Fault tolerance
Backup
Full
Incremental and differential
Redundant Array of Inexpensive Disks
RAID 0: Striped set
RAID 1: Mirrored set
RAID 2: Hamming code
RAID 3: Striped set with dedicated parity byte level
RAID 4: Striped set with dedicated parity block level
RAID 5: Striped set with distributed parity
RAID 6: Striped set with dual distributed parity
RAID 1+0 or RAID 10
System redundancy
Redundant hardware and redundant systems
High-availability clusters
Incident response management
Methodology
Preparation
Detection and analysis
Containment
Eradication
Recovery
Lessons learned
Types of attacks
Session hijacking and MITM
Malware
Denial of Service and Distributed Denial of Service
Summary of exam objectives
Top five toughest questions
Answers
Endnotes
Domain 8: Business Continuity and Disaster Recovery Planning
Introduction
BCP and DRP overview and process
Business Continuity Planning
Disaster Recovery Planning
Relationship between BCP and DRP
Disasters or disruptive events
The Disaster Recovery Process
Respond
Activate team
Communicate
Assess
Reconstitution
Developing a BCP/DRP
Project Initiation
Assessing the critical state
Conduct Business Impact Analysis
Identify critical assets
Conduct BCP/DRP-focused risk assessment
Determine Maximum Tolerable Downtime
Alternate terms for MTD
Failure and recovery metrics
Recovery Point Objective
Recovery Time Objective and Work Recovery Time
Mean Time Between Failures
Mean Time to Repair
Minimum Operating Requirements
Identify Preventive Controls
Recovery strategy
Redundant site
Hot site
Warm site
Cold site
Reciprocal agreement
Mobile site
Related plans
Call Trees
DRP testing and training
DRP testing
DRP review
Checklist
Structured walk-through/tabletop
Simulation test/walk-through drill
Parallel processing
Partial and complete business interruption
Training
Starting emergency power
Calling tree training/test
Continued BCP/DRP maintenance
Change management
BCP/DRP mistakes
Specific BCP/DRP frameworks
NIST SP 800-34
ISO/IEC 27031
BCI
Summary of exam objectives
Top five toughest questions
Answers
Endnotes
Domain 9: Legal, Regulations, Investigations, and Compliance
Introduction
Major legal systems
Civil law legal system
Common law
Religious and customary law
Criminal, civil, and administrative law
Criminal law
Civil law
Administrative law
Information security aspects of law
Computer crime
International cooperation
Intellectual property
Trademark
Patent
Copyright
Licenses
Trade secrets
Import/export restrictions
Legal aspects of investigations
Evidence
Best evidence rule
Evidence integrity
Entrapment and enticement
Privacy, important laws, and regulations
Privacy
European Union privacy
OECD privacy guidelines
EU-US Safe Harbor
US Privacy Act of 1974
US Computer Fraud and Abuse Act
USA PATRIOT Act
Forensics
Forensic media analysis
Network forensics
Embedded device forensics
Security and third parties
Service provider contractual security
Service-Level Agreements
Attestation
Right to Penetration Test/Right to Audit
Vendor governance
Ethics
The ISC2© Code of Ethics
The ISC2© Code of Ethics Canons in detail
Computer Ethics Institute
IAB's Ethics and the Internet
Summary of exam objectives
Top five toughest questions
Answers
Endnotes
Domain 10: Physical Environmental Security
Introduction
Perimeter defenses
Fences
Gates
Bollards
Lights
CCTV
Locks
Key locks
Combination locks
Smart cards and magnetic stripe cards
Tailgating/piggybacking
Mantraps and turnstiles
Contraband checks
Motion detectors and other perimeter alarms
Doors and windows
Walls, floors, and ceilings
Guards
Dogs
Site selection, design, and configuration
Site selection issues
Utility reliability
Crime
Site design and configuration issues
Site marking
Shared tenancy and adjacent buildings
System defenses
Asset tracking
Port controls
Drive and tape encryption
Media storage and transportation
Media cleaning and destruction
Paper shredders
Overwriting
Degaussing and destruction
Environmental controls
Electricity
Surge protectors, UPSs, and generators
HVAC
Static and corrosion
Heat, flame, and smoke detectors
Personnel safety, training, and awareness
Evacuation routes
Evacuation roles and procedures
ABCD fires and suppression
Classes of fire and suppression agents
Types of fire suppression agents
Water
Soda acid
Dry powder
Wet chemical
CO2
Halon and Halon substitutes
Montreal Accord
Sprinkler systems
Portable fire extinguishers
Summary of Exam Objectives
Top five toughest questions
Answers
Index