图书简介

Introduction xxxiii Assessment Test xlii Chapter 1 Security Governance Through Principles and Policies 1 Understand and Apply Concepts of Confidentiality, Integrity, and Availability 2 Evaluate and Apply Security Governance Principles 14 Develop, Document, and Implement Security Policy, Standards, Procedures, and Guidelines 26 Understand and Apply Threat Modeling Concepts and Methodologies 30 Apply Risk-Based Management Concepts to the Supply Chain 38 Summary 40 Exam Essentials 42 Written Lab 44 Review Questions 45 Chapter 2 Personnel Security and Risk Management Concepts 49 Personnel Security Policies and Procedures 51 Security Governance 62 Understand and Apply Risk Management Concepts 63 Establish and Maintain a Security Awareness, Education, and Training Program 86 Manage the Security Function 87 Summary 88 Exam Essentials 89 Written Lab 92 Review Questions 93 Chapter 3 Business Continuity Planning 97 Planning for Business Continuity 98 Project Scope and Planning 99 Business Impact Assessment 105 Continuity Planning 111 Plan Approval and Implementation 114 Summary 119 Exam Essentials 119 Written Lab 120 Review Questions 121 Chapter 4 Laws, Regulations, and Compliance 125 Categories of Laws 126 Laws 129 Compliance 149 Contracting and Procurement 150 Summary 151 Exam Essentials 152 Written Lab 153 Review Questions 154 Chapter 5 Protecting Security of Assets 159 Identify and Classify Assets 160 Determining Ownership 178 Using Security Baselines 186 Summary 187 Exam Essentials 188 Written Lab 189 Review Questions 190 Chapter 6 Cryptography and Symmetric Key Algorithms 195 Historical Milestones in Cryptography 196 Cryptographic Basics 198 Modern Cryptography 214 Symmetric Cryptography 219 Cryptographic Lifecycle 228 Summary 229 Exam Essentials 229 Written Lab 231 Review Questions 232 Chapter 7 PKI and Cryptographic Applications 237 Asymmetric Cryptography 238 Hash Functions 242 Digital Signatures 246 Public Key Infrastructure 249 Asymmetric Key Management 253 Applied Cryptography 254 Cryptographic Attacks 265 Summary 268 Exam Essentials 269 Written Lab 270 Review Questions 271 Chapter 8 Principles of Security Models, Design, and Capabilities 275 Implement and Manage Engineering Processes Using Secure Design Principles 276 Understand the Fundamental Concepts of Security Models 281 Select Controls Based On Systems Security Requirements 295 Understand Security Capabilities of Information Systems 309 Summary 311 Exam Essentials 312 Written Lab 313 Review Questions 314 Chapter 9 Security Vulnerabilities, Threats, and Countermeasures 319 Assess and Mitigate Security Vulnerabilities 320 Client-Based Systems 342 Server-Based Systems 346 Database Systems Security 347 Distributed Systems and Endpoint Security 350 Internet of Things 358 Industrial Control Systems 359 Assess and Mitigate Vulnerabilities in Web-Based Systems 360 Assess and Mitigate Vulnerabilities in Mobile Systems 365 Assess and Mitigate Vulnerabilities in Embedded Devices and Cyber-Physical Systems 375 Essential Security Protection Mechanisms 379 Common Architecture Flaws and Security Issues 384 Summary 390 Exam Essentials 391 Written Lab 394 Review Questions 395 Chapter 10 Physical Security Requirements 399 Apply Security Principles to Site and Facility Design 400 Implement Site and Facility Security Controls 403 Implement and Manage Physical Security 422 Summary 431 Exam Essentials 432 Written Lab 434 Review Questions 435 Chapter 11 Secure Network Architecture and Securing Network Components 439 OSI Model 440 TCP/IP Model 451 Converged Protocols 470 Wireless Networks 472 Secure Network Components 486 Cabling, Wireless, Topology, Communications, and Transmission Media Technology 495 Summary 513 Exam Essentials 514 Written Lab 516 Review Questions 517 Chapter 12 Secure Communications and Network Attacks 521 Network and Protocol Security Mechanisms 522 Secure Voice Communications 525 Multimedia Collaboration 529 Manage Email Security 530 Remote Access Security Management 536 Virtual Private Network 540 Virtualization 546 Network Address Translation 549 Switching Technologies 553 WAN Technologies 556 Miscellaneous Security Control Characteristics 561 Security Boundaries 563 Prevent or Mitigate Network Attacks 564 Summary 569 Exam Essentials 571 Written Lab 573 Review Questions 574 Chapter 13 Managing Identity and Authentication 579 Controlling Access to Assets 580 Comparing Identification and Authentication 584 Implementing Identity Management 602 Managing the Identity and Access Provisioning Lifecycle 611 Summary 614 Exam Essentials 615 Written Lab 617 Review Questions 618 Chapter 14 Controlling and Monitoring Access 623 Comparing Access Control Models 624 Understanding Access Control Attacks 635 Summary 653 Exam Essentials 654 Written Lab 656 Review Questions 657 Chapter 15 Security Assessment and Testing 661 Building a Security Assessment and Testing Program 662 Performing Vulnerability Assessments 668 Testing Your Software 681 Implementing Security Management Processes 688 Summary 690 Exam Essentials 691 Written Lab 692 Review Questions 693 Chapter 16 Managing Security Operations 697 Applying Security Operations Concepts 698 Securely Provisioning Resources 710 Managing Configuration 718 Managing Change 719 Managing Patches and Reducing Vulnerabilities 723 Summary 728 Exam Essentials 729 Written Lab 731 Review Questions 732 Chapter 17 Preventing and Responding to Incidents 737 Managing Incident Response 738 Implementing Detective and Preventive Measures 745 Logging, Monitoring, and Auditing 773 Summary 790 Exam Essentials 792 Written Lab 795 Review Questions 796 Chapter 18 Disaster Recovery Planning 801 The Nature of Disaster 802 Understand System Resilience and Fault Tolerance 812 Recovery Strategy 818 Recovery Plan Development 827 Training, Awareness, and Documentation 835 Testing and Maintenance 836 Summary 838 Exam Essentials 838 Written Lab 839 Review Questions 840 Chapter 19 Investigations and Ethics 845 Investigations 846 Major Categories of Computer Crime 857 Ethics 861 Summary 864 Exam Essentials 864 Written Lab 865 Review Questions 866 Chapter 20 Software Development Security 871 Introducing Systems Development Controls 872 Establishing Databases and Data Warehousing 895 Storing Data and Information 904 Understanding Knowledge-Based Systems 906 Summary 909 Exam Essentials 909 Written Lab 910 Review Questions 911 Chapter 21 Malicious Code and Application Attacks 915 Malicious Code 916 Password Attacks 929 Application Attacks 933 Web Application Security 935 Reconnaissance Attacks 940 Masquerading Attacks 941 Summary 942 Exam Essentials 943 Written Lab 944 Review Questions 945 Appendix A Answers to Review Questions 949 Chapter 1: Security Governance Through Principles and Policies 950 Chapter 2: Personnel Security and Risk Management Concepts 951 Chapter 3: Business Continuity Planning 952 Chapter 4: Laws, Regulations, and Compliance 954 Chapter 5: Protecting Security of Assets 956 Chapter 6: Cryptography and Symmetric Key Algorithms 958 Chapter 7: PKI and Cryptographic Applications 960 Chapter 8: Principles of Security Models, Design, and Capabilities 961 Chapter 9: Security Vulnerabilities, Threats, and Countermeasures 963 Chapter 10: Physical Security Requirements 965 Chapter 11: Secure Network Architecture and Securing Network Components 966 Chapter 12: Secure Communications and Network Attacks 968 Chapter 13: Managing Identity and Authentication 969 Chapter 14: Controlling and Monitoring Access 971 Chapter 15: Security Assessment and Testing 973 Chapter 16: Managing Security Operations 975 Chapter 17: Preventing and Responding to Incidents 977 Chapter 18: Disaster Recovery Planning 980 Chapter 19: Investigations and Ethics 981 Chapter 20: Software Development Security 983 Chapter 21: Malicious Code and Application Attacks 984 Appendix B Answers to Written Labs 987 Chapter 1: Security Governance Through Principles and Policies 988 Chapter 2: Personnel Security and Risk Management Concepts 988 Chapter 3: Business Continuity Planning 989 Chapter 4: Laws, Regulations, and Compliance 990 Chapter 5: Protecting Security of Assets 991 Chapter 6: Cryptography and Symmetric Key Algorithms 991 Chapter 7: PKI and Cryptographic Applications 992 Chapter 8: Principles of Security Models, Design, and Capabilities 992 Chapter 9: Security Vulnerabilities, Threats, and Countermeasures 993 Chapter 10: Physical Security Requirements 994 Chapter 11: Secure Network Architecture and Securing Network Components 994 Chapter 12: Secure Communications and Network Attacks 995 Chapter 13: Managing Identity and Authentication 996 Chapter 14: Controlling and Monitoring Access 996 Chapter 15: Security Assessment and Testing 997 Chapter 16: Managing Security Operations 997 Chapter 17: Preventing and Responding to Incidents 998 Chapter 18: Disaster Recovery Planning 999 Chapter 19: Investigations and Ethics 999 Chapter 20: Software Development Security 1000 Chapter 21: Malicious Code and Application Attacks 1000 Index 1001

Trade Policy 买家须知