Preface
Contents
1 Information Assurance/Encryption
General Cryptography Knowledge
Ancient Ciphers
The Caesar Cipher
ROT 13
Atbash Cipher
Multi-alphabet Substitution
Specific Modern Algorithms
Symmetric Cryptography
Implementing Ciphers
Cryptographic Hashes
Asymmetric Cryptography
Wireless Encryption and Security
WEP
WPA
WPA 2
WPA 3
Obfuscation
Steganography
TOR
Digital Signatures
Digital Certificates
SSL/TLS
Cryptography Regulations
United States Regulations/Standards
Cryptography Laws
Key Management
Drive and File Encryption
Virtual Private Networks
Point-to-Point Tunneling Protocol
Layer 2 Tunneling Protocol
IPsec
SSL/TLS
Conclusion
2 Information Systems Security Management
Introduction
K0005: Knowledge of Cyber Threats and Vulnerabilities
Cyber Threat Categories
Cyber Resilience
K0049: Knowledge of Information Technology (IT) Security Principles and Methods (e.g., Firewalls, Demilitarized Zones, Encryption)
Security Principles
Firewalls
K0050: Knowledge of Local Area and Wide Area Networking Principles and Concepts Including Bandwidth Management
K0053: Knowledge of Measures or Indicators of System Performance and Availability
K0094: Knowledge of the Capabilities and Functionality Associated with Content Creation Technologies (e.g., Wikis, Social Networking, Content Management Systems, Blogs)
References
3 IT Risk and Security Management
K0002: Knowledge of Risk Management Processes (e.g., Methods for Assessing and Mitigating Risk)
K0048: Knowledge of Risk Management Framework (RMF) Requirements
K0149: Knowledge of Organization’s Risk Tolerance and/or Risk Management Approach
K0165: Knowledge of Risk/Threat Assessment
Risk Assessment
Threat Assessment
K0195: Knowledge of Data Classification Standards and Methodologies Based on Sensitivity and Other Risk Factors
K0203: Knowledge of Security Models (e.g., Bell–LaPadula Model, Biba Integrity Model, Clark–Wilson Integrity Model)
K0214: Knowledge of the Risk Management Framework Assessment Methodology
Cybersecurity Risk Assessment Framework
DITSCAP, DIACAP and RMF Certification and Accreditation (C&A)
K0232: Knowledge of Critical Protocols (e.g., IPSEC, AES, GRE, IKE)
K0263: Knowledge of Information Technology (IT) Risk Management Policies, Requirements, and Procedures
K0281: Knowledge of Information Technology (IT) Service Catalogs
K0295: Knowledge of Confidentiality, Integrity, and Availability Principles
K0326: Knowledge of Demilitarized Zones
K0383: Knowledge of Collection Capabilities, Accesses, Performance Specifications, and Constraints Utilized to Satisfy Collection Plan
CNA/D/E/O
K0388: Knowledge of Collection Searching/Analyzing Techniques and Tools for Chat/Buddy List, Emerging Technologies, VOIP, Media Over IP, VPN, VSAT/Wireless, Web Mail, and Cookies
Sources of Cyber Intelligence or Collection Capabilities
NSA XKeyscore Program
K0446: Knowledge of How Modern Wireless Communications Systems Impact Cyber Operations
K0506: Knowledge of Organization Objectives, Leadership Priorities, and Decision-Making Risks
K0527: Knowledge of Risk Management and Mitigation Strategies
References
4 Criminal Law
Introduction
General Cybercrime Laws
Computer Fraud and Abuse Act (CFAA) 18 US Code §1030
18 US Code 1029 Fraud and Related Activity in Connection with Access Devices
Unlawful Access to Stored Communications: 18 U.S.C. § 2701
Identity Theft Enforcement and Restitution Act
Gramm-Leach-Bliley Act
Identity Theft Laws
18 U.S.C. § 1028A—Aggravated Identity Theft
18 U.S.C. § 1028—Fraud and Related Activity in Connection with Identification Documents, Authentication Features, and Information
Copyright Laws
No Electronic Theft Act of 1997
Digital Millennium Copyright Act
Laws Protecting Children
Children’s Internet Protection Act
18 U.S.C. § 1462—Importation or Transportation of Obscene Matters
18 U.S.C. § 1466A—Obscene Visual Representation of the Sexual Abuse of Children
18 U.S.C. § 2251—Sexual Exploitation of Children
18 U.S.C. § 2252B—Misleading Domain Names on the Internet [To Deceive Minors]
18 U.S.C. § 2252C—Misleading Words or Digital Images on the Internet
State Laws
Texas Laws
California Laws
Rhode Island Laws
Maine Laws
Alabama Consumer Identity Protection Act
Florida Criminal Use of Personal Identification Information
New York Identity Theft Laws
Conclusions
5 Network Management
Introduction
Network Management Requirements
Fault Management Overview
Accounting Management Overview
Configuration and Name Management Overview
Performance Management Overview
Security Management Overview
Network Management Systems Examples
Challenges and Problems
Current Network Management Strategies
Network Type
Functions of Network Management
New/Future Trends
Technology of Data Acquisition
Technology of Data Management and Display
Network Management Based on Web
XML Technology
Summary
References
6 Risk Management
Introduction
Risk Management from an Insider’s Perspective
Insider Data Misuse
Information Security and Protection Systems
Case Study: Risk Management on Intelligent Automation in Financial Institutes
Current Solutions and Designs
Challenges and Problems
Summary
References
7 Software Management
K0009: Knowledge of Application Vulnerabilities
Vulnerabilities General Statistics
Vulnerabilities with DBMSs
K0039: Knowledge of Cybersecurity and Privacy Principles and Methods that Apply to Software Development
Buffer and Stack Overflow
Memory Leak and Violation Issues
K0040: Knowledge of Vulnerability Information Dissemination Sources (e.g., Alerts, Advisories, Errata, and Bulletins)
Examples of Vulnerability in Industrial Systems and IoT
K0079: Knowledge of Software Debugging Principles
Software Process and Project Models
Software Process-Oriented Models
Software Product-Oriented Models
Software People-Oriented Models
Software Project-Oriented Models
Evolution of Software Process-Oriented Models
Common Software Security Design Flaws
Software Malware Analysis
Anti-malware Detection Techniques
K0212: Knowledge of Cybersecurity-Enabled Software Products
Encryption in Operating Systems and Disks
Security-Enabled Web Browsers
K0236: Knowledge of How to Utilize Hadoop, Java, Python, SQL, Hive, and PIG to Explore Data
K0279: Knowledge of Database Access Application Programming Interfaces (APIs) (e.g., Java Database Connectivity [JDBC])
K0328: Knowledge of Mathematics, Including Logarithms, Trigonometry, Linear Algebra, Calculus, Statistics, and Operational Analysis
Basic Algebra
Equality and Relational Operators
Principles of Logic
Linear Programming
K0373: Knowledge of Basic Software Applications (e.g., Data Storage and Backup, Database Applications) and the Types of Vulnerabilities that Have Been Found in Those Applications
Trend Analysis of Vulnerability Types Since 2000
K0396: Knowledge of Computer Programming Concepts, Including Computer Languages, Programming, Testing, Debugging, and File Types
Classes Versus Objects
Encapsulation and Information Hiding
Modularity
Coupling and Cohesion
Inheritance
Classes Versus Abstract Classes
Interfaces
Polymorphism (Many Forms)
Binding: Static Versus Dynamic
Class to Class Relations
K0531: Knowledge of Security Implications of Software Configurations
Secure Configuration Management
Security Controls and Policies to Support Secure Configuration Management
Malware Data Analysis Using Public Malware Scanners
Malware Clustering and Classification
Malicious URL Links Classification
Memory Analysis with Volatility
S0130: Skill in Writing Scripts Using R, Python, PIG, HIVE, SQL, etc.
References
8 System Administration
PCI Compliance Solutions
Microsoft Windows Event Viewer as an Example of Operating Systems Logging
Internet Usage Logging and Auditing
Web Logs
Windows File System
Linux File System
File Recovery in Ext File Systems
Apple File System
References
9 System Architecture
Introduction
System Architecture Design
Architecture Framework
Scope of Architecture
Time Scope
Detail Scope
Organizational Scope
Network Architecture Design
Peer-to-Peer Architecture
Client/Server Architecture
On the Cloud or On-Premises
On-Premise
On the Cloud
Deployment
Cost
Control
Summary
References
10 Threat Analysis
Introduction
Threat Modeling
STRIDE
DREAD
SQUARE
VAST
PASTA
LINDDUN
Attack Trees
Terms
Tools
National Vulnerability Database
US CERT
SHODAN
Threat Crowd
Common Vulnerability Scoring System
OSSTMM
Business Impact Analysis
Characterizing and Analyzing Network Traffic
Wireshark
Cisco Log Levels
NetFlow
Forensic Handling of Incidents
Defining Forensics
Four Steps
Containment
Eradication
Recovery
Follow-up
Forensic Preparation
Forensic Resources
Forensics and Policy
Conclusions
11 Training, Education, and Awareness
K0208: Knowledge of Computer-Based Training and e-Learning Services
K0215: Knowledge of Organizational Training Policies
K0216: Knowledge of Learning Levels (i.e., Bloom’s Taxonomy of Learning)
K0217: Knowledge of Learning Management Systems and Their Use in Managing Learning
K0218: Knowledge of Learning Styles (e.g., Assimilator, Auditory, Kinesthetic)
K0220: Knowledge of Modes of Learning (e.g., Rote Learning, Observation)
K0243: Knowledge of Organizational Training and Education Policies, Processes, and Procedures
K0245: Knowledge of Principles and Processes for Conducting Training and Education Needs Assessment
References
12 Vulnerability Assessment and Management
Introduction
Tools
Shodan
Maltego
Nessus
OWASP Zap
OpenVAS
Testing Specific Issues
Recon-Ng
Metasploit
SMB Scanner
SQL Server Scan
SSH Server Scan
Anonymous FTP Servers
Other Tools
Responding to Vulnerability
Conclusions
Index