Introduction xlix Chapter 1 Security and Risk Management 5 Foundation Topics 6 Security Terms 6 Security Governance Principles 11 Compliance 40 Legal and Regulatory Issues 42 Investigation Types 65 Professional Ethics 70 Security Documentation 72 Business Continuity 76 Personnel Security Policies and Procedures 89 Risk Management Concepts 95 Geographical Threats 133 Threat Modeling 142 Security Risks in the Supply Chain 148 Security Education, Training, and Awareness 153 Exam Preparation Tasks 155 Review All Key Topics 155 Complete the Tables and Lists from Memory 157 Define Key Terms 157 Answer Review Questions 158 Answers and Explanations 164 Chapter 2 Asset Security 171 Foundation Topics 172 Asset Security Concepts 172 Identify and Classify Information and Assets 175 Information and Asset Handling Requirements 183 Provision Resources Securely 185 Data Life Cycle 186 Asset Retention 201 Data Security Controls 203 Exam Preparation Tasks 211 Review All Key Topics 211 Define Key Terms 211 Answer Review Questions 212 Answers and Explanations 213 Chapter 3 Security Architecture and Engineering 219 Foundation Topics 220 Information Systems Life Cycle 220 Engineering Processes Using Secure Design Principles 223 Security Model Concepts 231 System Security Evaluation Models 255 Certification and Accreditation 267 Control Selection Based on Systems Security Requirements 268 Security Capabilities of Information Systems 269 Security Architecture Maintenance 272 Vulnerabilities of Security Architectures, Designs, and Solution Elements 273 Vulnerabilities in Web-Based Systems 296 Vulnerabilities in Mobile Systems 299 Vulnerabilities in Embedded Systems 304 Cryptographic Solutions 305 Cryptographic Types 317 Symmetric Algorithms 325 Asymmetric Algorithms 332 Public Key Infrastructure and Digital Certificates 335 Key Management Practices 343 Message Integrity 347 Digital Signatures and Non-repudiation 354 Applied Cryptography 354 Cryptanalytic Attacks 355 Digital Rights Management 360 Site and Facility Design 362 Site and Facility Security Controls 368 Exam Preparation Tasks 379 Review All Key Topics 379 Complete the Tables and Lists from Memory 381 Define Key Terms 381 Answer Review Questions 382 Answers and Explanations 387 Chapter 4 Communication and Network Security 391 Foundation Topics 392 Secure Network Design Principles 392 IP Networking 403 Protocols and Services 435 Converged Protocols 443 Wireless Networks 448 Communications Cryptography 468 Secure Network Components 473 Secure Communication Channels 520 Network Attacks 535 Exam Preparation Tasks 547 Review All Key Topics 547 Define Key Terms 548 Answer Review Questions 550 Answers and Explanations 555 Chapter 5 Identity and Access Management (IAM) 561 Foundation Topics 562 Access Control Process 562 Physical and Logical Access to Assets 563 Identification and Authentication Concepts 568 Identification and Authentication Implementation 588 Identity as a Service (IDaaS) Implementation 602 Third-Party Identity Services Integration 602 Authorization Mechanisms 603 Provisioning Life Cycle 612 Access Control Threats 618 Prevent or Mitigate Access Control Threats 625 Exam Preparation Tasks 625 Review All Key Topics 625 Define Key Terms 626 Answer Review Questions 627 Answers and Explanations 630 Chapter 6 Security Assessment and Testing 635 Foundation Topics 636 Design and Validate Assessment and Testing Strategies 636 Conduct Security Control Testing 639 Collect Security Process Data 655 Analyze Test Outputs and Generate a Report 659 Conduct or Facilitate Security Audits 659 Exam Preparation Tasks 661 Review All Key Topics 661 Define Key Terms 662 Answer Review Questions 662 Answers and Explanations 665 Chapter 7 Security Operations 673 Foundation Topics 674 Investigations 674 Logging and Monitoring Activities 690 Configuration and Change Management 697 Security Operations Concepts 702 Resource Protection 707 Incident Management 719 Detective and Preventive Measures 724 Patch and Vulnerability Management 729 Recovery Strategies 729 Disaster Recovery 747 Testing Disaster Recovery Plans 751 Business Continuity Planning and Exercises 753 Physical Security 754 Personnel Safety and Security 760 Exam Preparation Tasks 763 Review All Key Topics 763 Define Key Terms 764 Answer Review Questions 764 Answers and Explanations 768 Chapter 8 Software Development Security 773 Foundation Topics 774 Software Development Concepts 774 Security in the System and Software Development Life Cycle 783 Security Controls in Development 806 Assess Software Security Effectiveness 815 Security Impact of Acquired Software 817 Exam Preparation Tasks 825 Review All Key Topics 825 Define Key Terms 825 Answer Review Questions 826 Answers and Explanations 830 Chapter 9 Final Preparation 835 Tools for Final Preparation 835 Suggested Plan for Final Review/Study 839 Summary 840 Online Elements Appendix A Memory Tables Appendix B Memory Tables Answer Key Glossary 9780135343999, TOC, 7/24/24.