Get Started. It's Free
or sign up with your email address
CISSP by Mind Map: CISSP

1. Identity and Access Management

1.1. Security Principles

1.1.1. Availability

1.1.2. Integrity

1.1.3. Confidentiality

1.2. Identification, Authentication, Authorization, and Accountability

1.2.1. Identification and Authentication

1.2.1.1. Identity management

1.2.1.1.1. Directories

1.2.1.1.2. Web access management (WAM)

1.2.2. Authentication

1.2.2.1. Password Management

1.2.2.1.1. • Password synchronization

1.2.2.1.2. • Self-service password reset

1.2.2.1.3. • Assisted password reset

1.2.2.2. Legacy Single Sign-On

1.2.2.3. Account management

1.2.2.4. Provisioning

1.2.2.4.1. Authoritative System of Record

1.2.2.4.2. User provisioning

1.2.2.5. Profile Update

1.2.2.6. Biometrics

1.2.2.7. Fingerprint

1.2.2.8. Palm Scan

1.2.2.9. Hand Geometry

1.2.2.10. Retina Scan

1.2.2.11. Iris Scan

1.2.2.12. Signature Dynamics

1.2.2.13. Keystroke Dynamics

1.2.2.14. Voice Print

1.2.2.15. Facial Scan

1.2.2.16. Hand Topography

1.2.2.17. Passwords

1.2.2.17.1. Password Policies

1.2.2.17.2. Password Checkers

1.2.2.17.3. Password Hashing and Encryption

1.2.2.17.4. Password Aging

1.2.2.17.5. Limit Logon Attempts

1.2.2.17.6. Cognitive passwords

1.2.2.17.7. one-time password (OTP)

1.2.2.17.8. The token device

1.2.2.17.9. Synchronous

1.2.2.17.10. Asynchronous

1.2.2.18. Cryptographic Keys

1.2.2.19. Passphrase

1.2.2.20. Memory Cards

1.2.2.21. Smart Card

1.2.2.21.1. contact smart card

1.2.2.21.2. contactless smart card

1.2.2.21.3. Smart Card Attacks

1.2.3. Authorization

1.2.3.1. Access Criteria

1.2.3.1.1. Role

1.2.3.1.2. Groups

1.2.3.1.3. Physical or logical location

1.2.3.1.4. Time of day

1.2.3.1.5. Transaction-type restrictions

1.2.3.1.6. Default to No Access

1.2.3.1.7. need-to-know principle

1.2.3.1.8. Authorization Creep

1.2.3.1.9. Single Sign-On

1.2.4. Federation

1.2.4.1. Web portal

1.2.4.1.1. portlets

1.2.4.2. Access Control and Markup Languages

1.2.4.2.1. XML

1.2.4.2.2. Service Provisioning Markup Language (SPML)

1.2.4.2.3. Security Assertion Markup Language (SAML)

1.2.4.2.4. Extensible Access Control Markup Language (XACML)

1.2.4.2.5. OpenID

1.2.4.2.6. OAuth

1.2.5. Identity as a Service

1.2.6. Integrating Identity Services

1.2.6.1. Establishing Connectivity

1.2.6.2. Establishing Trust

1.2.6.3. Incremental Testing

1.3. Access Control Models

1.3.1. Discretionary Access Control

1.3.2. Mandatory Access Control

1.3.2.1. Sensitivity Labels

1.3.3. Role-Based Access Control

1.3.3.1. Core RBAC

1.3.3.2. Hierarchical RBAC

1.3.3.2.1. Static Separation of Duty (SSD) Relations through RBAC

1.3.3.2.2. Dynamic Separation of Duties (DSD) Relations through RBAC

1.3.4. Rule-Based Access Control

1.4. Acces Control Techniques and Technologies

1.4.1. Constrained User Interfaces

1.4.2. Access Control Matrix

1.4.2.1. Capability Table

1.4.2.2. Access control lists (ACLs)

1.4.2.3. Content-Dependent Access Control

1.4.3. Content-Dependent Access Control

1.5. Access Control Administration

1.5.1. Centralized Access Control Administration

1.5.1.1. Remote Authentication Dial-In User Service (RADIUS)

1.5.1.2. Terminal Access Controller Access Control System (TACACS)

1.5.1.3. Diameter

1.5.2. Decentralized Access Control Administration

1.6. Access Control Methods

1.6.1. Access Control Layers

1.6.2. Administrative Controls

1.6.2.1. Personnel controls

1.6.2.2. Supervisory Structure

1.6.2.3. Security-Awareness Training

1.6.2.4. Testing

1.6.3. Physical Controls

1.6.3.1. Network segregation

1.6.3.2. Perimeter Security

1.6.3.3. Computer Controls

1.6.3.4. Cabling

1.6.3.5. Control Zone

1.6.4. Technical Controls

1.6.4.1. System Access

1.6.4.2. Network Architecture

1.6.4.3. Network Access

1.6.4.4. Encryption and protocols

1.6.4.5. Auditing

1.7. Accountability

1.7.1. Review of Audit Information

1.7.2. Protecting Audit Data and Log Information

1.7.3. Keystroke Monitoring

1.8. Access Control Practices

1.8.1. Unauthorized Disclosure of Information

1.8.1.1. Object reuse

1.8.1.2. Emanation Security

1.8.1.3. TEMPEST

1.8.1.4. White Noise

1.8.1.5. Control Zone

1.9. Access Control Monitoring

1.9.1. Intrusion Detection Systems

1.9.1.1. network-based IDS (NIDS)

1.9.1.1.1. Signature-based

1.9.1.1.2. Anomaly-based

1.9.1.2. host-based IDS (HIDS)

1.9.1.2.1. Signature-based

1.9.1.2.2. Anomaly-based

1.9.1.3. Knowledge- or Signature-Based Intrusion Detection

1.9.1.4. State-Based IDSs

1.9.1.5. statistical anomaly–based IDS

1.9.1.6. Protocol Anomaly–Based IDS

1.9.1.7. Traffic Anomaly–Based IDS

1.9.1.8. rule-based IDS

1.9.1.9. IDS Sensors

1.9.1.10. Network Traffic

1.9.2. Intrusion Prevention Systems

1.9.2.1. Honeypot

1.9.2.2. Network Sniffers

1.10. Threats to Access Control

1.10.1. Dictionary Attack

1.10.1.1. Countermeasures

1.10.2. Brute-Force Attacks

1.10.2.1. Countermeasures

1.10.3. Spoofing at Logon

1.10.4. Phishing and Pharming

2. Security Assessment and Testing

2.1. Audit Strategies

2.1.1. Internal Audits

2.1.2. Third-Party Audits

2.1.2.1. Service organizations

2.2. Auditing Technical Controls

2.2.1. Vulnerability Testing

2.2.1.1. Personnel testing

2.2.1.2. Physical testing

2.2.1.3. System and network testing

2.2.2. Penetration Testing

2.2.3. War Dialing

2.2.4. Other Vulnerability Types

2.2.4.1. Kernel flaws

2.2.4.2. Buffer overflows

2.2.4.3. Symbolic links

2.2.4.4. File descriptor attacks

2.2.4.5. Race conditions

2.2.4.6. File and directory permissions

2.2.5. Postmortem

2.2.6. Log Reviews

2.2.7. Synthetic Transactions

2.2.8. Misuse Case Testing

2.2.9. Code Reviews

2.2.10. Interface Testing

2.3. Auditing Administrative Controls

2.3.1. Account Management

2.3.1.1. Adding Accounts

2.3.1.2. Modifying Accounts

2.3.1.3. Suspending Accounts

2.3.2. Backup Verification

2.3.2.1. Types of Data

2.3.2.2. User Data Files

2.3.2.3. Databases

2.3.2.4. Mailbox Data

2.3.3. Disaster Recovery and Business Continuity

2.3.3.1. Testing and Revising the Business Continuity Plan

2.3.3.2. Checklist Test

2.3.3.3. Structured Walk-Through Test

2.3.3.4. Simulation Test

2.3.3.5. Parallel Test

2.3.3.6. Full-Interruption Test

2.3.3.7. Other Types of Training

2.3.3.7.1. Emergency Response

2.3.3.7.2. Maintaining the Plan

2.3.3.7.3. BCP Life Cycle

2.3.4. Security Training and Security Awareness Training

2.3.4.1. Social engineering

2.3.4.2. Pretexting

2.3.4.3. Online Safety

2.3.4.4. Data Protection

2.3.4.5. Culture

2.3.5. Key Performance and Risk Indicators

2.3.5.1. Key Performance Indicators

2.3.5.2. Key Risk Indicators

2.4. Reporting

2.4.1. Technical Reporting

2.4.2. Executive Summaries

2.5. Management Review

2.5.1. Before the Management Review

2.5.2. Reviewing Inputs

2.5.3. Management Actions

3. Security Operations

3.1. The Role of the Operations Department

3.2. Administrative Management

3.2.1. Security and Network Personnel

3.2.2. Accountability

3.2.3. Clipping Levels

3.3. Assurance Levels

3.4. Operational Responsibilities

3.4.1. Unusual or Unexplained Occurrences

3.4.2. Deviations from Standards

3.4.3. Unscheduled Initial Program Loads (aka Rebooting)

3.5. Configuration Management

3.5.1. Trusted Recovery

3.5.1.1. After a System Crash

3.5.1.2. Security Concerns

3.5.2. Input and Output Controls

3.5.3. System Hardening

3.5.4. Remote Access Security

3.6. Physical Security

3.6.1. Facility Access Control

3.6.1.1. Locks

3.6.1.2. Mechanical Locks

3.6.1.3. Device Locks

3.6.1.4. Administrative Responsibilities

3.6.2. Personnel Access Controls

3.6.3. External Boundary Protection Mechanisms

3.6.3.1. Fencing

3.6.3.2. Bollards

3.6.3.3. Lighting

3.6.3.4. Surveillance Devices

3.6.3.5. Visual Recording Devices

3.6.4. Intrusion Detection Systems

3.6.4.1. Electromechanical systems

3.6.4.2. photoelectric system

3.6.4.3. passive infrared (PIR) system

3.6.4.4. acoustical detection system

3.6.4.5. Wave-pattern motion detectors

3.6.4.6. proximity detector

3.6.5. Patrol Force and Guards

3.6.6. Dogs

3.6.7. Auditing Physical Access

3.7. Service Resource Provisioning

3.7.1. Asset Inventory

3.7.1.1. Tracking Hardware

3.7.1.2. Tracking Software

3.7.2. Configuration Management

3.7.2.1. Change Control Process

3.7.2.2. Change Control Documentation

3.7.3. Provisioning Cloud Assets

3.8. Network and Resource Availability

3.8.1. Mean Time Between Failures

3.8.2. Mean Time to Repair

3.8.3. Single Points of Failure

3.8.3.1. Redundant array of independent disks (RAID

3.8.3.2. Direct access storage device (DASD)

3.8.3.3. Massive Array of Inactive Disks

3.8.3.4. Redundant array of independent tapes (RAIT)

3.8.3.5. Storage Area Networks

3.8.3.6. Clustering

3.8.3.7. Grid computing

3.8.4. Backups

3.8.4.1. Hierarchical Storage Management

3.8.5. Contingency Planning

3.9. Preventive Measures

3.9.1. Firewalls

3.9.2. Intrusion Detection and Prevention Systems

3.9.3. Antimalware

3.9.4. Patch Management

3.9.4.1. Unmanaged Patching

3.9.4.2. Centralized Patch Management

3.9.4.3. Reverse Engineering Patches

3.9.4.4. Sandboxing

3.9.5. Honeypots

3.10. The Incident Management Process

3.10.1. Detection

3.10.2. Response

3.10.3. Mitigation

3.10.4. Reporting

3.10.5. Recovery

3.10.6. Remediation

3.11. Disaster Recovery

3.11.1. Business Process Recovery

3.11.2. Facility Recovery

3.11.2.1. Hot site

3.11.2.2. Warm site

3.11.2.3. Cold site

3.11.2.4. Tertiary Sites

3.11.2.5. Redundant Sites

3.11.3. Supply and Technology Recovery

3.11.3.1. Hardware Backups

3.11.3.2. Software Backups

3.11.4. Choosing a Software Backup Facility

3.11.4.1. Documentation

3.11.4.2. Human Resources

3.11.4.3. End-User Environment

3.11.5. Data Backup Alternatives

3.11.6. Electronic Backup Solutions

3.11.7. High Availability

3.12. Insurance

3.13. Recovery and Restoration

3.13.1. Developing Goals for the Plans

3.13.2. Implementing Strategies

3.13.2.1. Investigations

3.14. Investigations

3.14.1. Computer Forensics and Proper Collection of Evidence

3.14.2. Motive, Opportunity, and Means

3.14.3. Computer Criminal Behavior

3.14.4. Incident Investigators

3.14.5. The Forensic Investigation Process

3.14.6. What Is Admissible in Court?

3.14.7. Surveillance, Search, and Seizure

3.14.8. Interviewing Suspects

3.15. Liability and its Ramifications

3.15.1. Liability Scenarios

3.15.1.1. Personal Information

3.15.1.2. Hacker Intrusion

3.15.2. Third-Party Risk

3.15.3. Contractual Agreements

3.15.4. Procurement and Vendor Processes

3.16. Compliance

3.17. Personal safety Concerns

4. Software Development Security

4.1. Building Good Code

4.2. Where do we place Security

4.2.1. Different Environments Demand Different Security

4.2.2. Environment vs. Application

4.2.3. Functionality vs. Security

4.2.4. Implementation and Default Issues

4.3. Software Development Lifecycle

4.3.1. Project Management

4.3.2. Requirements Gathering Phase

4.3.3. Design Phase

4.3.4. Development Phase

4.3.5. Testing/Validation Phase

4.3.5.1. Testing Types

4.3.6. Release/Maintenance Phase

4.4. Secure Software Development Best Practices

4.5. Software Development Models

4.5.1. Build and Fix Model

4.5.2. Waterfall Model

4.5.3. V-Shaped Model (V-Model)

4.5.4. Prototyping

4.5.4.1. Rapid prototyping

4.5.4.2. evolutionary prototypes

4.5.4.3. operational prototypes

4.5.5. Incremental Model

4.5.6. Spiral Model

4.5.7. Rapid Application Development

4.5.8. Agile Models

4.5.9. Scrum

4.5.10. Extreme Programming

4.5.11. Kanban

4.5.12. Other Models

4.5.12.1. Exploratory model

4.5.12.2. Joint Application Development (JAD)

4.5.12.3. Reuse model

4.5.12.4. Cleanroom

4.6. Integrated Product Team

4.6.1. DevOps

4.7. Capability Maturity Model Integration

4.8. Change Control

4.8.1. Software Configuration Management

4.8.2. Security of Code Repositories

4.9. Programming Languages and Consepts

4.9.1. Assemblers, Compilers, Interpreters

4.9.2. Object-Oriented Concepts

4.9.3. Other Software Development Concepts

4.9.3.1. Data modeling

4.9.3.2. Data Structures

4.9.3.3. Cohesion and Coupling

4.9.4. Application Programming Interfaces

4.10. Distributed Computing

4.10.1. Distributed Computing Environment

4.10.2. CORBA and ORBs

4.10.3. COM and DCOM

4.10.3.1. Object Linking and Embedding (OLE)

4.10.4. Java Platform, Enterprise Edition

4.10.5. Service-Oriented Architecture

4.11. Mobile Code

4.11.1. Java Applets

4.11.2. ActiveX Controls

4.12. Web Security

4.12.1. Specific Threats for Web Environments

4.12.1.1. Administrative Interfaces

4.12.1.2. Authentication and Access Control

4.12.1.3. Input Validation

4.12.1.4. Parameter validation

4.12.1.5. Session Management

4.12.2. Web Application Security Principles

4.13. Database Management

4.13.1. Database Management Software

4.13.2. Database Models

4.13.2.1. • Relational

4.13.2.2. • Hierarchical

4.13.2.3. • Network

4.13.2.4. • Object-oriented

4.13.2.5. • Object-relational

4.13.3. Database Programming Interfaces

4.13.3.1. Open Database Connectivity (ODBC)

4.13.3.2. Object Linking and Embedding Database (OLE DB)

4.13.3.3. ActiveX Data Objects (ADO)

4.13.3.4. Java Database Connectivity (JDBC)

4.13.4. Relational Database Components

4.13.4.1. Data Dictionary

4.13.4.2. Primary vs. Foreign Key

4.13.5. Integrity

4.13.6. Database Security Issues

4.13.6.1. Database Views

4.13.6.2. Polyinstantiation

4.13.6.3. Online transaction processing (OLTP)

4.13.7. Data Warehousing and Data Mining

4.14. Malicious Software

4.14.1. Viruses

4.14.2. Worms

4.14.3. Rootkit

4.14.4. Spyware and Adware

4.14.5. Botnets

4.14.6. Logic Bombs

4.14.7. Trojan Horses

4.14.8. Antimalware Software

4.14.9. Spam Detection

4.14.10. Antimalware Programs

4.15. Assessing the security of Acquired software

5. Security and Risk Management

5.1. Fundamental Principles of Security

5.1.1. Availability

5.1.2. Integrity

5.1.3. Confidentiality

5.1.4. Balanced Security

5.2. Security Definitions

5.2.1. threat agent

5.2.2. threat

5.2.3. vulnerability

5.2.4. risk

5.2.5. Asset

5.2.6. exposure

5.2.7. control

5.2.8. Safeguard

5.3. Control Types

5.3.1. Administrative

5.3.2. Technical

5.3.3. Physical

5.3.4. Functionalities

5.3.4.1. Preventive

5.3.4.2. Detective

5.3.4.3. Corrective

5.3.4.4. Deterrent

5.3.4.5. Recovery

5.3.4.6. Compensating

5.3.5. defense-in-depth

5.4. Security Framework

5.4.1. ISO/IEC 27000 Series

5.4.2. Entreprise Architecture Development

5.4.2.1. NIST enterprise architecture framework

5.4.2.2. Zachman Architecture Framework

5.4.2.3. The Open Group Architecture Framework (TOGAF)

5.4.2.4. Military-Oriented Architecture Frameworks

5.4.2.4.1. Department of Defense Architecture Framework (DoDAF)

5.4.2.4.2. Ministry of Defence Architecture Framework (MODAF)

5.4.2.5. Enterprise Security Architecture

5.4.2.5.1. Sherwood Applied Business Security Architecture (SABSA)

5.4.2.5.2. Strategic Alignment

5.4.2.5.3. Business Enablement

5.4.2.5.4. Process Enhancement

5.4.2.5.5. Security Effectiveness

5.4.2.5.6. Enterprise vs. System Architectures

5.4.3. Security Controls Development

5.4.3.1. Control Objectives for Information and related Technology (COBIT)

5.4.3.2. NIST SP 800-53

5.4.3.3. COSO Internal Control—Integrated Framework

5.4.3.4. Process Management Development

5.4.3.4.1. ITIL (formerly the Information Technology Infrastructure Library)

5.4.3.4.2. Six Sigma

5.4.3.4.3. Capability Maturity Model Integration (CMMI)

5.4.4. Functionality vs Security

5.5. The Crux Of Computer Crime Laws

5.5.1. computer-assisted crime

5.5.2. computer-targeted crime

5.5.3. computer is incidental

5.6. Complexities in Cybercrime

5.6.1. Electronic Assets

5.6.2. The Evolution of Attacks

5.6.2.1. advanced persistent threat (APT).

5.6.2.2. Internet Relay Chat (IRC)

5.6.3. International Issues

5.6.3.1. Council of Europe (CoE) Convention on Cybercrime

5.6.3.2. Organisation for Economic Co-operation and Development (OECD)

5.6.3.3. European Union Principles on Privacy

5.6.3.4. Safe Harbor Privacy Principles

5.6.3.5. Import/Export Legal Requirements

5.6.3.5.1. Wassenaar Arrangement

5.6.3.5.2. cryptographic import restrictions

5.6.4. Types of Legal Systems

5.6.4.1. Civil (Code) Law System

5.6.4.2. Common Law System

5.6.4.3. Customary Law System

5.6.4.4. Religious Law System

5.6.4.5. Mixed Law System

5.7. Intellectual Property Laws

5.7.1. Trade Secret

5.7.2. Copyright law

5.7.3. Trademark

5.7.4. Patent

5.7.5. Software Piracy

5.8. Privacy

5.8.1. The Increasing Need for Privacy Laws

5.8.2. Laws, Directives, and Regulations

5.8.2.1. Federal Privacy Act of 1974

5.8.2.2. Federal Information Security Management Act of 2002

5.8.2.3. Department of Veterans Affairs Information Security Protection Act

5.8.2.4. Health Insurance Portability and Accountability Act (HIPAA)

5.8.2.5. Health Information Technology for Economic and Clinical Health (HITECH) Act

5.8.2.6. USA PATRIOT Act

5.8.2.7. Gramm-Leach-Bliley Act (GLBA)

5.8.2.8. Personal Information Protection and Electronic Documents Act

5.8.2.9. Payment Card Industry Data Security Standard (PCI DSS)

5.8.3. Employee Privacy Issues

5.9. Data Breaches

5.9.1. US Laws Pertaining to data Breaches

5.9.1.1. HIPAA

5.9.1.2. HITECH Act

5.9.1.3. GLBA

5.9.1.4. Economic Espionage Act of 1996

5.9.1.5. State Laws

5.9.2. Other Nation's Laws Pertaining to Data Breaches

5.9.2.1. European Union

5.9.2.2. Other Countries

5.10. Policies, standards, Baselines, Guidelines, and Procedures

5.10.1. Security Policies

5.10.2. Standards

5.10.3. Baselines

5.10.4. Guidelines

5.10.5. Procedures

5.10.6. Implementations

5.11. Risk Management

5.11.1. Holistic Risk Management

5.11.2. Information Systems Risk Management Policy

5.11.3. The risk management Team

5.11.4. The risk management process

5.12. Threat Modeling

5.12.1. Vulnerabilities

5.12.1.1. Information

5.12.1.1.1. Data at rest

5.12.1.1.2. Data in motion

5.12.1.1.3. Data in use

5.12.1.2. Processes

5.12.1.3. People

5.12.1.3.1. Social engineering

5.12.1.3.2. Social networks

5.12.1.3.3. Passwords

5.12.2. Threats

5.12.3. Attacks

5.12.4. Reduction Analysis

5.13. Risk Assessment and Analysis

5.13.1. Risk Assessment and Analysis Team

5.13.2. The value of Information and Assets

5.13.3. Costs that make up the value

5.13.4. Identifying vulnerabilities and threats

5.13.5. Methodology of Risk Assessment

5.13.5.1. NIST

5.13.5.2. FRAP

5.13.5.3. OCTAVE (Operationally Critical Threat, Asset, and Vulnerability Evaluation)

5.13.5.4. AS/NZS 4360

5.13.5.5. Failure Modes and Effect Analysis (FMEA)

5.13.5.6. CRAMM (Central Computing and Telecommunications Agency Risk Analysis and Management Method)

5.13.6. Risk Analysis Approaches

5.13.6.1. quantitative risk analysis

5.13.6.2. qualitative risk analysis

5.13.6.3. Steps of a Quantitative Risk Analysis

5.13.6.3.1. single loss expectancy (SLE)

5.13.6.3.2. annual loss expectancy (ALE).

5.13.6.3.3. exposure factor (EF)

5.13.7. Qualitative Risk Analysis

5.13.8. Protection Mechanisms

5.13.8.1. Control Selection

5.13.8.2. Functionality and Effectiveness of Countermeasures

5.13.9. Putting It Together

5.13.10. Total risk vs Residual risk

5.13.10.1. Handling Risk

5.13.11. Outsourcing

5.14. Risk Management Framework

5.14.1. Categorize information System

5.14.2. Select Security Controls

5.14.3. Implement Security Controls

5.14.4. Assess Security Controls

5.14.5. Authorize Information System

5.14.6. Monitor Security Controls

5.15. Business Continuity and Disaster Recovery

5.15.1. Standard and Best Practices

5.15.2. Making BCM Part of the Entreprise Security Program

5.15.3. BCP Project Components

5.15.3.1. Scope of the Project

5.15.3.2. BCP Policy

5.15.3.3. Project Management

5.15.3.4. Business Continuity Planning Requirements

5.15.3.5. Business Impact Analysis (BIA)

5.15.3.6. Risk Assessment

5.15.3.7. Risk Assessment Evaluation and Process

5.15.3.8. Assigning Values to Assets

5.15.3.9. Interdependencies

5.16. Personnel Security

5.16.1. Hiring Practices

5.16.2. Termination

5.16.3. Security-Awareness Training

5.16.4. Degree or Certification?

5.17. Security Governance

5.17.1. Metrics

5.18. Ethics

5.18.1. The computer ethics institute

5.18.2. The internet architecture board

5.18.3. Corporate ethics programs

5.19. Summary

6. Asset Security

6.1. Information Life Cycle

6.1.1. Acquisition

6.1.2. Use

6.1.3. Archival

6.1.4. Disposal

6.2. Information Classification

6.2.1. Classifications Levels

6.2.2. Classifications Controls

6.3. Layers of Responsability

6.3.1. Executive Management

6.3.1.1. chief executive officer (CEO)

6.3.1.2. chief financial officer (CFO)

6.3.1.3. chief information officer (CIO)

6.3.1.4. chief privacy officer (CPO)

6.3.1.5. chief security officer (CSO)

6.3.2. Data Owner

6.3.3. Data Custodian

6.3.4. System Owner

6.3.5. Security Administrator

6.3.6. Supervisor

6.3.7. Change Control Analyst

6.3.8. Data Analyst

6.3.9. User

6.3.10. Auditor

6.3.11. Why so many roles

6.4. Retention Policies

6.4.1. Developing a Retention Policy

6.4.1.1. How We Retain

6.4.1.2. How Long We Retain

6.4.1.3. What Data We Retain

6.5. Protecting Privacy

6.5.1. Data Owners

6.5.2. Data Processers

6.5.3. Data Remanence

6.5.4. Limits on Collection

6.6. Protecting Assets

6.6.1. Data Security Controls

6.6.1.1. Data at Rest

6.6.1.2. Data in motion

6.6.1.3. Data in use

6.6.2. Media Controls

6.7. Data Leakage

6.7.1. Data Leak Prevention

6.7.1.1. Data leak prevention (DLP)

6.7.1.2. Data Inventories

6.7.1.3. Data Flows Data

6.7.1.4. Data Protection Strategy

6.7.1.5. DLP Resiliency

6.7.1.6. Network DLP (NDLP)

6.7.1.7. Endpoint DLP (EDLP)

6.7.1.8. Hybrid DLP

6.8. Protecting Other Assets

6.8.1. Protecting Mobile Devices

6.8.2. Paper Records

6.8.3. Safes

6.9. Summary

7. Communication and Network Security

7.1. Telecommunications

7.2. Open Systems Interconnexion Reference Model

7.2.1. Protocol

7.2.2. Application Layer .

7.2.3. Presentation Layer .

7.2.4. Session Layer

7.2.5. Transport Layer

7.2.6. Network Layer

7.2.7. Data Link Layer

7.2.8. Physical Layer

7.2.9. Functions and Protocols in the OSI Model

7.2.9.1. Application

7.2.9.2. Presentation

7.2.9.3. Session

7.2.9.4. Transport

7.2.9.5. Network

7.2.9.6. Data Link

7.2.9.7. Physical

7.2.10. Tying the Layers Together

7.2.11. Multilayer Protocols

7.2.11.1. Distributed Network Protocol 3 (DNP3)

7.2.11.2. Controller Area Network bus (CAN bus)

7.3. TCP IP MOdel

7.3.1. TCP

7.3.1.1. TCP Handshake

7.3.2. IP Addressing

7.3.3. IPv6

7.3.4. Layer 2 Security Standards

7.3.4.1. 802.1AE

7.3.4.2. IEEE 802.1AR standard

7.3.5. Converged Protocols

7.4. Types Of Transmission

7.4.1. Analog and Digital

7.4.2. Asynchronous and Synchronous

7.4.3. Broadband and Baseband

7.5. Cabling

7.5.1. Coaxial Cable

7.5.2. Twisted-Pair Cable

7.5.3. Fiber-Optic Cable

7.5.4. Cabling Problems

7.5.4.1. Noise

7.5.4.2. Attenuation

7.5.4.3. Crosstalk

7.5.4.4. Fire Rating of Cables

7.6. Network Foundations

7.6.1. Network Topology

7.6.1.1. ring topology

7.6.1.2. bus topology

7.6.1.3. star topology

7.6.1.4. mesh topology

7.6.2. Media Access Technologies

7.6.2.1. local area network (LAN)

7.6.2.2. Token Passing

7.6.2.3. CSMA

7.6.2.4. Collision Domains

7.6.2.5. Polling

7.6.2.6. Ethernet

7.6.2.7. Token Ring

7.6.2.8. Fiber Distributed Data Interface (FDDI) technology

7.6.3. Transmission Methods

7.6.4. Network Protocols and Services

7.6.4.1. Address Resolution Protocol

7.6.4.2. Dynamic Host Configuration Protocol

7.6.4.3. Internet Control Message Protocol (ICMP)

7.6.4.4. Attacks Using ICMP

7.6.4.5. Simple Network Management Protocol (SNMP)

7.6.5. Domain Name Service

7.6.5.1. Internet DNS and Domains

7.6.5.2. DNS threats

7.6.5.3. Domain Name Registration Issues

7.6.6. E-mail Services

7.6.6.1. Post Office Protocol (POP)

7.6.6.2. Internet Message Access Protocol (IMAP)

7.6.6.3. E-mail Authorization

7.6.6.4. E-mail Relaying

7.6.6.5. E-mail Threats

7.6.7. Network Address Translation

7.6.8. Routing Protocols

7.6.8.1. Dynamic vs. Static

7.6.8.2. Distance-Vector vs. Link-State

7.6.8.3. Interior Routing Protocols

7.6.8.4. Exterior Routing Protocols

7.6.8.5. Routing Protocol Attacks

7.7. Networking devices

7.7.1. Repeaters

7.7.2. Bridges

7.7.3. Routers

7.7.4. Switches

7.7.4.1. Layer 3 and 4 Switches

7.7.4.2. VLANs

7.7.5. Gateways

7.7.6. PBXs

7.7.7. Firewalls

7.7.7.1. Packet filtering

7.7.7.2. stateful firewall

7.7.7.3. proxy firewall

7.7.7.4. Dynamic Packet-Filtering Firewalls

7.7.7.5. kernel proxy firewall

7.7.7.6. next-generation firewall (NGFW)

7.7.7.7. Firewall Architecture

7.7.7.7.1. Dual-Homed Firewall

7.7.7.7.2. screened host

7.7.7.7.3. screened-subnet architecture

7.7.7.8. Virtualized Firewalls

7.7.7.9. The “Shoulds” of Firewalls

7.7.8. Proxy Servers

7.7.9. Honeypot

7.7.10. Unified Threat Management

7.7.11. Content Distribution Networks

7.7.12. Software Defined Networking

7.7.12.1. Control and Forwarding Planes

7.7.12.2. Approaches to SDN

7.8. Intranets and Extranets

7.9. Metropolitan Area Networks

7.9.1. Metro Ethernet

7.10. Wide Area Network

7.10.1. Telecommunications Evolution

7.10.2. Dedicated Links

7.10.2.1. T-carriers

7.10.2.2. E-carriers

7.10.2.3. Optical Carrier

7.10.3. WAN Technologies

7.10.3.1. channel service unit/data service unit (CSU/DSU)

7.10.3.2. Switching

7.10.3.3. Frame Relay

7.10.3.4. Virtual Circuits

7.10.3.5. X.25

7.10.3.6. Asynchronous Transfer Mode (ATM)

7.10.3.7. Quality of Service (QoS)

7.10.3.8. Synchronous Data Link Control (SDLC)

7.10.3.9. High-level Data Link Control (HDLC)

7.10.3.10. Point-to-Point Protocol (PPP)

7.10.3.11. High-Speed Serial Interface (HSSI)

7.10.3.12. Multiservice access technologies

7.10.3.13. H.323 Gateways

7.10.3.14. Digging Deeper into SIP

7.10.3.15. IP Telephony Issues

7.11. Remote Connectivity

7.11.1. Dial-up Connections

7.11.2. ISDN

7.11.3. DSL

7.11.4. Cable Modems

7.11.5. VPN

7.11.5.1. Point-To-Point Tunneling Protocol

7.11.5.2. Layer 2 Tunneling Protocol (L2TP)

7.11.5.3. Internet Protocol Security IPSec

7.11.5.4. Transport Layer Security (TLS),

7.11.6. Authentication Protocols

7.12. Wireless Network

7.12.1. Wireless Communications Techniques

7.12.1.1. Spread spectrum

7.12.1.1.1. Frequency Hopping Spread Spectrum Frequency hopping spread spectrum (FHSS)

7.12.1.1.2. Direct sequence spread spectrum (DSSS)

7.12.1.2. orthogonal frequency-division multiplexing (OFDM).

7.12.2. WLAN Components

7.12.3. Evolution of WLAN Security

7.12.3.1. IEEE Standard 802.11

7.12.3.2. IEEE Standard 802.11i

7.12.3.3. IEEE Standard 802.1X

7.12.4. Wireless Standards

7.12.4.1. 802.11b

7.12.4.2. 802.11a

7.12.4.3. 802.11e

7.12.4.4. 802.11f

7.12.4.5. 802.11g

7.12.4.6. 802.11h

7.12.4.7. 802.11j

7.12.4.8. 802.11n

7.12.4.9. 802.11ac

7.12.4.10. 802.16

7.12.4.11. 802.15.4

7.12.4.12. Bluetooth Wireless

7.12.5. Best Practices for Securing WLANs

7.12.6. Satellites

7.12.7. Mobile Wireless Communication

7.13. Network Encryption

7.13.1. Link Encryption vs. End-to-End Encryption

7.13.2. E-mail Encryption Standards

7.13.2.1. Multipurpose Internet Mail Extensions (MIME)

7.13.2.2. Pretty Good Privacy (PGP)

7.13.3. Internet Security

7.13.3.1. Start with the Basics

7.13.3.2. HTTP

7.13.3.3. HTTP Secure HTTP Secure (HTTPS)

7.13.3.4. Secure Sockets Layer Secure Sockets Layer (SSL)

7.13.3.5. Transport Layer Security SSL

7.13.3.6. Cookies

7.13.3.7. Secure Shell Secure Shell (SSH)

7.14. Network Attacks

7.14.1. Denial of Service

7.14.1.1. Malformed Packets

7.14.1.2. Flooding

7.14.1.3. distributed denial-of-service (DDoS)

7.14.1.4. Ransomware

7.14.2. Sniffing

7.14.3. DNS Hijacking

7.14.4. Drive-by Download

8. Security Engineering

8.1. System Architecture

8.2. Computer Architecture

8.2.1. The Central Processing Unit

8.2.1.1. arithmetic logic unit (ALU).

8.2.1.2. General registers

8.2.1.3. Special registers (dedicated registers)

8.2.1.4. program counter register

8.2.1.5. program status word (PSW)

8.2.1.6. address bus

8.2.1.7. fetch request

8.2.1.8. data bus

8.2.2. Multiprocessing

8.2.2.1. symmetric mode

8.2.2.2. asymmetric mode

8.2.3. Memory Types

8.2.3.1. Random access memory (RAM)

8.2.3.1.1. dynamic RAM (DRAM)

8.2.3.1.2. Static RAM (SRAM)

8.2.3.2. Read-only memory (ROM)

8.2.3.2.1. Programmable read-only memory (PROM)

8.2.3.2.2. Erasable programmable read-only memory (EPROM)

8.2.3.2.3. Flash memory

8.2.3.3. Cache memory

8.2.3.4. Memory Mapping

8.2.3.5. buffer overflow

8.2.3.5.1. Memory Protection Techniques

8.2.3.6. Memory Leaks

8.3. Operating Systems

8.3.1. Process Management

8.3.1.1. Memory Stacks

8.3.1.2. Thread Management

8.3.1.3. Process Scheduling

8.3.1.4. Process Activity

8.3.2. Memory Management

8.3.2.1. Virtual Memory

8.3.3. Input/Output Device Management

8.3.3.1. Interrupts

8.3.3.2. Programmable I/O

8.3.3.3. Interrupt-Driven I/O

8.3.3.4. I/O Using DMA

8.3.3.5. Premapped I/O

8.3.3.6. Fully Mapped I/O

8.3.4. CPU Architecture Integration

8.3.5. Operation System Architectures

8.3.6. Virtual Machines

8.4. Systems Security Architecture

8.4.1. Security Policy

8.4.2. Security Architecture Requirements

8.4.2.1. trusted computing base (TCB)

8.4.2.2. Security Perimeter

8.4.2.3. Reference Monitor

8.4.2.4. security kernel

8.5. Security Models

8.5.1. Bell-LaPadula Model

8.5.2. Biba Model

8.5.3. Clark-Wilson Model

8.5.4. NonInterference Model

8.5.5. Brewer and Nash Model

8.5.6. Graham-Denning Model

8.5.7. Harrison-Ruzzo-Ullman Model

8.6. Systems Evaluation

8.6.1. Common Criteria

8.6.2. Why put a product though evaluation

8.7. Certification vs. Accreditation

8.7.1. Certification

8.7.2. Accreditation

8.8. Open vs Closed Systems

8.8.1. Open Systems

8.8.2. Closed Systems

8.9. Distributed system security

8.9.1. Cloud Computing

8.9.2. Parallel Computing

8.9.3. Databases

8.9.4. Web Applications

8.9.5. Mobile Devices

8.9.6. Cyber-Physical Systems

8.9.6.1. Embedded Systems

8.9.6.2. Internet of Things

8.9.6.3. Industrial control systems (ICS)

8.9.6.4. Programmable logic controllers (PLCs)

8.9.6.5. distributed control system (DCS)

8.9.6.6. supervisory control and data acquisition (SCADA)

8.9.6.7. ICS Security

8.10. A few Threats to Review

8.10.1. Maintenance Hooks

8.10.2. Time-of-check/Time-of-use Attacks

8.11. Cryptography in Context

8.11.1. The history of cryptography

8.11.1.1. scytale cipher

8.11.1.2. Caesar cipher

8.11.1.3. polyalphabetic substitution cipher for Henry III

8.11.1.4. rotor cipher machine

8.11.1.5. Lucifer,

8.11.1.6. Cryptanalysis

8.12. Cryptography Definitions and Consepts

8.12.1. Kerckhoff's Principle

8.12.2. The strength of the cryptosystem

8.12.3. Services of cryptosystems

8.12.4. One-time Pad

8.12.5. Running and Concealment cipher

8.12.6. Steganography

8.13. Types of Ciphers

8.13.1. Substitution Ciphers

8.13.2. Transposition Cipher

8.14. Methods of Encryption

8.14.1. Certificate Authorities

8.14.2. Symmetric vs Asymmetric Algorithms

8.14.2.1. Symmetric Cryptography

8.14.2.2. Asymmetric Cryptography

8.14.3. Block and Stream cipher

8.14.3.1. Block Ciphers

8.14.3.2. A stream cipher

8.14.4. Hybrid Encryption Methods

8.14.4.1. Asymmetric and Symmetric Algorithms Used Together

8.14.4.2. Session Keys

8.15. Types of Symmetrics Systems

8.15.1. Data Encryption Standard

8.15.1.1. Electronic Code Book (ECB)

8.15.1.2. Cipher Block Chaining (CBC)

8.15.1.3. Cipher Feedback (CFB)

8.15.1.4. Output Feedback (OFB)

8.15.1.5. Counter (CTR)

8.15.2. Triple-DES

8.15.2.1. DES-EEE3

8.15.2.2. DES-EDE3

8.15.2.3. DES-EEE2

8.15.2.4. DES-EDE2

8.15.3. Advanced Encryption Standard

8.15.4. Inrternational Data Encryption Algorithm

8.15.5. Blowfish

8.15.6. RC4

8.15.7. RC5

8.15.8. RC6

8.16. Types of Asymmetric Systems

8.16.1. Diffie-Hellman Algorithm

8.16.2. RSA

8.16.2.1. Diving into Numbers

8.16.2.2. one-way function

8.16.3. El Gamal

8.16.4. Elliptic Curve Cryptosystems

8.16.5. Knapsack

8.16.6. Zero Knowledge Proof

8.17. Message Integrity

8.17.1. The One-Way Hash

8.17.1.1. HMAC

8.17.1.2. Cipher Block Chaining Message Authentication Code (CBC-MAC)

8.17.2. Various Hashing Algorithm

8.17.3. MD4

8.17.4. MD5

8.17.5. SHA

8.17.6. Attacks against One-way Hash Functions

8.17.7. Digital Signature

8.17.8. Digital Signature standard

8.18. Public Key Infrastructure

8.18.1. Certificates

8.18.2. The Registration Authority

8.18.3. PKI Steps

8.19. Key management

8.19.1. Key Management Principles

8.19.2. Rules for Keys and Key Management

8.20. Trusted Platform Module

8.20.1. TPM Uses

8.21. Attacks on Cryptography

8.21.1. Ciphertext-Only Attacks

8.21.2. Know-Plaintext Attacks

8.21.3. Chosen-Plaintext Attacks

8.21.4. Chosen-Ciphertext Attacks

8.21.5. Differential Cryptanalysis

8.21.6. Linear Cryptanalysis

8.21.7. Side-channel Attacks

8.21.8. Replay Attacks

8.21.9. Algebraic Attacks

8.21.10. Analytic Attacks

8.21.11. Statistical Attacks

8.21.12. Social Engineering Attacks

8.21.13. Meet-in-the Middle Attacks

8.22. Site and Facility Security

8.23. The Site Planning Process

8.23.1. Crime Prevention Through Environmental Design

8.23.1.1. Natural access control

8.23.1.2. Natural Surveillance

8.23.1.3. Natural Territorial Reinforcement

8.23.2. Designing a Physical Security Program

8.23.2.1. Facility

8.23.2.2. Construction

8.23.2.3. Internal Compartments

8.23.2.4. Computer and Equipment Rooms

8.24. Protecting Assets

8.24.1. Protecting Mobile Devices

8.24.2. Using Safes

8.25. Internal Support Systems

8.25.1. Electric Power

8.25.2. Environmental Issues

8.25.3. Fire Prevention, Detection, and Suppression