1. Chapter 08: The Human Element of Security
1.1. Social Engineering
1.1.1. Electronic Communication Methods
1.1.1.1. SPAM Email
1.1.1.1.1. Key Indicators of SPAM Email
1.1.1.1.2. Mitigating SPAM Email
1.1.1.2. Social Media
1.1.1.2.1. Mitigating Social Media Methods
1.1.2. In-Person Methods
1.1.2.1. Mitigating In-Person Methods
1.1.3. Phone Methods
1.1.3.1. Mitigating Phone Methods
1.1.4. Business Networking Sites
1.1.4.1. Mitigating Business Network Site Attacks
1.1.5. Job Posting Sites
1.1.5.1. Mitigating Job Posting Based Attacks
1.2. Security Awareness Training
1.2.1. Training Materials
1.2.1.1. Computer Based Training
1.2.1.2. Classroom Training
1.2.1.3. Associate Surveys
1.2.2. Common Knowledge
1.2.3. Specialized Material
1.2.4. Affective Training
1.2.5. Continued Education and Checks
1.3. Access Denied
1.4. Administrator Access
1.4.1. System Administrator
1.4.2. Data Administrator
1.4.3. Application Administrator
1.5. Physical Security
1.6. Conclusion
2. Chapter 09: Security Monitoring
2.1. Monitor Strategies
2.1.1. Monitoring Based on Trust Models
2.1.1.1. Data Monitoring
2.1.1.2. Process Monitoring
2.1.1.3. Application Monitoring
2.1.1.4. User Monitoring
2.1.2. Monitoring Based on Network Boundary
2.1.3. Monitoring Based on Network Segment
2.2. SIEM
2.3. Privileged User Access
2.3.1. Privileged Data Access
2.3.2. Privileged System Access
2.3.3. Privileged Application Access
2.4. Systems Monitoring
2.4.1. Operating System Monitoring
2.4.2. Host Intrusion Detection System
2.5. Network Security Monitoring
2.5.1. Next Generation Firewalls
2.5.2. Data Loss Prevention
2.5.3. Malware Detection and Analysis
2.5.4. Intrusion Prevention
2.6. SIEM
2.7. Predictive Behaviorial Analysis
2.8. Conclusion
3. Chapter 10: Security Incidents
3.1. Defining a Security Incident
3.1.1. Security Event Versus Incident
3.2. Developing Supporting Processes
3.2.1. Security Incident Detection and Determination
3.2.1.1. Physical Security Incidents
3.2.1.2. Network Based Security Incidents
3.3. Getting Enterprise Support
3.4. Building the Incident Response Team
3.5. Taking Action
3.5.1. In-house Incident Response
3.5.2. Contracted Incident Response
4. Chapter 11: Selling Security to the C-Suite
4.1. Enterprise Accounting Overview
4.2. Presenting the Case for Security
4.3. Strategies for Securing the Enterprise
5. Security As a Service
5.1. Penetration Testing
5.2. Identity and Access Administration
5.3. Security Event Management
5.4. Security Incident Response
6. Chapter 01: Enterprise Security Overview
6.1. The Idea and Facade of Enterprise Security
6.1.1. The History and Making of the Facade
6.1.2. The Idea of Security
6.1.2.1. What it is
6.1.2.2. What it should be
6.2. Enterprise Security Challenges
6.2.1. Shortcomings of Current Security Architecture
6.2.2. Communicating Information Security
6.2.3. The Cost of Information Security
6.2.4. The Conflicting Message of Information Security
6.3. Proving A Negative
6.4. The Roadmap to Securing the Enterprise
6.4.1. Roadmap Components
6.4.1.1. Defining Users
6.4.1.2. Defining Applications
6.4.1.3. Defining Data
6.4.1.4. Defining Roles
6.4.1.5. Defining Processes
6.4.1.6. Defining Policies and Standards
6.4.1.7. Defining Network Architecture
7. Chapter 02: Security Architectures
7.1. Redefining the Network Edge
7.1.1. Drivers for Redefinition
7.1.1.1. Feature Rich Web Apps
7.1.1.2. Business Partner Services
7.1.1.3. Misc 3rd Party Services
7.1.1.4. BYOX Management
7.1.1.5. Cloud Initiatives
7.2. Security Architecture Models
7.2.1. Defining Trust Model Building Blocks
7.2.1.1. Defining Data In A Trust Model
7.2.1.1.1. Data Locations
7.2.1.1.2. Data Types
7.2.1.2. Defining Processes In A Trust Model
7.2.1.3. Defining Applications In A Trust Model
7.2.1.4. Defining Roles In A Trust Model
7.2.1.5. Defining Users In A Trust Model
7.2.1.6. Defining Policies and Standards
7.2.2. Enterprise Trust Models
7.2.2.1. Business Roles
7.2.2.2. IT Roles
7.2.2.2.1. Application User (External)
7.2.2.2.2. Application Owner (Business Partner)
7.2.2.2.3. System Owner (Contractor)
7.2.2.2.4. Data Owner (Internal)
7.2.2.2.5. Security Administrator
7.2.2.2.6. Automation
7.2.3. Micro Architectures
7.2.4. Data Risk Centric Architectures
8. Chapter 03: Security As A Process
8.1. Risk Analysis
8.1.1. BYOx Initiatives
8.1.1.1. Bring Your Own Device
8.1.1.2. Bring Your Own PC
8.1.2. What is risk analysis?
8.1.2.1. Assessing Threats
8.1.2.2. Assessing Impact
8.1.2.3. Assessing Probability
8.1.2.4. Assessing Risk
8.1.2.4.1. Qualitative Risk Analysis
8.1.2.4.2. Quantitative Risk Analysis
8.1.3. Applying Risk Analysis To Trust Models
8.1.4. Deciding on A Risk Analysis Methodology
8.1.5. Other Thoughts on Risk and New Enterprise Endeavors
8.2. Policies and Standards
8.2.1. Understanding Proper Security Policy Development
8.2.2. Common Enterprise Security Policies
8.2.2.1. Information Security Policy
8.2.2.2. Acceptable Use Policy
8.2.2.3. Technology Use Policy
8.2.2.4. Remote Access Policy
8.2.2.5. Data Classification Policy
8.2.2.6. Data Handling Policy
8.2.2.7. Data Destruction Policy
8.2.2.8. Data Retention Policy
8.2.3. Policies for Emerging Technologies
8.2.3.1. Policy Considerations
8.2.3.2. Emerging Technology Challenges
8.2.4. Developing Enterprise Security Standards
8.2.4.1. Common IT Security Standards
8.2.4.1.1. Wireless Network Security Standard
8.2.4.1.2. Enterprise Monitoring Standard
8.2.4.1.3. Enterprise Encryption Standard
8.2.4.1.4. System Hardening Standard
8.3. Security Review of Changes
8.3.1. Perimeter Security
8.3.2. Data Access Changes
8.3.3. Network Architectural Changes
8.4. Security Exceptions
8.5. Vulnerability MGT
8.6. SDLC
8.7. Appendix
8.7.1. Resources for Risk Analysis
8.7.2. Resources for Policies and Standards
8.7.3. Resources for System Hardening
9. Chapter 04: Securing the Network
9.1. Overview of Securing the Network
9.2. Next Generation Firewalls
9.2.1. Benefits of the NGFW
9.2.1.1. Application Awareness
9.2.1.2. IPS
9.2.1.3. Advanced Malware Mitigation
9.3. Intrusion Detection and Prevention
9.3.1. Intrusion Detection
9.3.2. Intrusion Prevention
9.3.3. Detection Methods
9.3.3.1. Behavioural Analysis
9.3.3.2. Anomaly Detection
9.3.3.3. Signature-Based
9.4. Advanced Persistent Threat Detection and Mitigation
9.5. Securing Network Services
9.5.1. DNS
9.5.1.1. DNS Resolution
9.5.1.2. DNS Zone Transfer
9.5.1.3. DNS Records
9.5.1.4. DNSSEC
9.5.2. Email
9.5.2.1. SPAM Filtering
9.5.2.1.1. SPAM Filtering in the Cloud
9.5.2.1.2. Local SPAM Filtering
9.5.2.2. SPAM Relaying
9.5.3. File Transfer
9.5.3.1. Implementation Considerations
9.5.3.1.1. Secure File Transfer Protocols
9.5.3.1.2. User Authentication
9.5.4. User Internet Access
9.5.5. Websites
9.5.5.1. Secure Coding
9.5.5.2. NGFW
9.5.5.3. IPS
9.5.5.4. Web App Firewall
9.5.5.5. Database Encryption
9.5.5.5.1. The Need for Database Encryption
9.5.5.5.2. Methods of Database Encryption
9.6. Network Segmentation
9.6.1. Network Segmentation Strategy
9.6.1.1. Asset Identification
9.6.1.2. Security Mechanisms
9.7. Applying Security Architecture to the Network
9.7.1. Security Architecture in the DMZ
9.7.2. Security Architecture in the Internal Network
9.7.3. Security Architecture and Network Segmentation
10. Chapter 05: Securing Systems
10.1. System Classification
10.1.1. Implementation Considerations
10.1.2. System Management
10.1.2.1. Asset Inventory Labels
10.1.2.2. System Patching
10.2. File Integrity Monitoring
10.2.1. FIM Implementation Challenges
10.2.2. Implementing File Integrity Monitoring
10.2.2.1. Real-time File Integrity Monitoring
10.2.2.2. Manual Mode File Integrity Monitoring
10.3. Application Whitelisting
10.3.1. Application Whitelisting Implementation Challenges
10.4. Host Intrusion Detection
10.4.1. Challenges to HIPS Implementation
10.5. Host Firewall
10.5.1. Challenges to Host Firewall Implementation
10.6. Anti-virus
10.6.1. Signature Based Anti-virus
10.6.2. Heuristic Anti-virus
10.6.3. Challenges of Anti-virus
10.7. User Account Management
10.7.1. User Roles and Permissions
10.7.2. User Account Auditing
10.8. Policy Enforcement
10.9. Summary
11. Chapter 06: Securing Data
11.1. Data Classification
11.1.1. Identifying Enterprise Data
11.1.1.1. Data Types
11.1.1.2. Data Locations
11.1.1.3. Automating Discovery
11.1.1.4. Assign Data Owners
11.1.2. Assign Data Classification
11.2. Data Loss Prevention
11.2.1. Data In Storage
11.2.2. Data In Use
11.2.3. Data In Transit
11.2.4. DLP Implementation
11.2.4.1. DLP Network
11.2.4.2. DLP Email and Web
11.2.4.3. DLP Discover
11.2.4.4. DLP Endpoint
11.3. Encryption and Hashing
11.3.1. Format Preserving Encryption
11.3.2. Key Management
11.3.3. Salting
11.3.4. Hashing
11.3.5. Encryption and Hashing Explained
11.3.5.1. Encryption
11.3.5.1.1. Encrypting Data At Rest
11.3.5.1.2. Encryption Data At Rest
11.3.5.1.3. Encryption Data In Transit
11.4. Tokenization
11.5. Data Masking
11.6. Authorization
11.7. Developing Supporting Processes
11.8. Summary
12. Chapter 07: Wireless Network Security
12.1. Security and Wireless Networks
12.2. Securing Wireless Networks
12.2.1. Unique SSID
12.2.2. Wireless Authentication
12.2.2.1. Shared Key
12.2.2.1.1. Caveats of Shared Key Implementation
12.2.2.2. 802.1x
12.2.2.2.1. Caveats of 802.1x Implementation
12.2.3. Wireless Encryption
12.2.3.1. WEP
12.2.3.2. WPA
12.2.3.3. WPA2
12.3. Wireless Network Implementation
12.3.1. Wireless Network Range
12.3.2. End System Configuration
12.3.3. Wireless Encryption and Authentication Recommendations
12.3.3.1. Client-Side Certificates
12.3.3.2. EAP-TLS
12.3.3.3. Unique System Check
12.4. Wireless Segmentation
12.4.1. Wireless Network Integration