|
Chapter 1: Access Controls
1.1 Introduction of Access Controls
1.2 Access Control Policy
1.3 Threats of Access Controls
1.4 Access to System
1.5 Access to Data
1.6 Access Control Monitoring
1.7 Types of Controls
1.8 Access Control Assurance
1.9 Conclusion
Chapter 2: Information Security Governance and Risk Management
2.1 Introduction
2.2 Security Management
2.3 Security Management Responsibilities
2.4 Top-Down Approach VS Bottom-Up Approach
2.5 Security Administration and Supporting Control
2.6 Definitions for security terms
2.7 Security through Obscurity
2.8 Security Frameworks
2.9 Job Controls
2.10 Roles and Responsibility
2.11 Reporting Model
2.12 Security Policies, Procedures, Standards and Baselines
2.13 Security Planning
2.14 Personal Security
2.15 Security Awareness Training
2.16 Risk Assessment (Risk Analysis)
2.17 Qualitative Risk Analysis
2.18 Quantitative Risk Analysis
2.19 Risk Handling
2.20 Ethics Code of Conduct
2.21 ISC2 Code of Ethics
2.22 Common Computer Ethics Fallacies
Chapter 3: Cryptography
3.1 Definitation
3.2 Two methods of Cryptography
3.3 Classic Cryptography
3.4 One-Time Pad (OTP)
3.5 Symmetric Cipher
3.6 DES (Data Encryption Stanard)
3.7 Double DES
3.8 Triple DES
3.9 AES (Advanced Encryption Standard)
3.10 IDEA (International Data Encryption Algorithm)
3.11 RC4
3.12 RC5 and RC6
3.13 Blowfish
3.14 Asymmetric algorithms
3.15 RSA
3.16 Diffie-Hellmann Algorithm
3.17 El Gamal
3.18 Elliptic Curve Cryptography (ECC)
3.19 Hybrid Cryptography
3.20 Message Integrity Control
3.21 Checksum
3.22 Hash Function
3.23 MD5 (Message Digest Algorithm)
3.24 SHA / SHA-1 (Secure Hash Algorithm)
3.25 MAC (Message Authentication Code)
3.26 Hashed MAC (HMAC)
3.27 Digital Signature
3.28 Digital Signature Standard (DSS)
3.29 Digital Certificates
3.30 Certificate Authority (CA)
3.31 Public Key Infrastructure (PKI)
3.32 Link Encryption and End-to-End Encryption
3.33 Cryptanalysis and Attacks
3.34 PGP (Pretty Good Privacy)
3.35 S/MINE (Secure/Multipurpose Internet Mail Extension)
Chapter 4: Physical (Environmental) Security
4.1 Introduction to Physical (Environmental) Security
4.2 Goal of Physical Security
4.3 The most important concern
4.4 Threats to Physical Security
4.5 CPTED (Crime Prevention Through Environment Design)
4.6 Site Location and Selection
4.7 Entry Points
4.8 Physical Infrastructure System
4.9 Layered Defense Model
4.10 Computer Equipment and Object Protection
4.11 Conclusion of Physical (Environmental) Security
Chapter 5: Secure Architecture and Design
5.1 Common Computer Architecture
5.2 CPU (Central Processing Unit)
5.3 Memory Management
5.4 TCB (Trust Computer Base)
5.5 Reference Monitor
5.6 Computer Architecture Protection Concepts
5.7 Security Models
5.8 State Machine Model
5.9 Lattice Model
5.10 The Bell-LaPadula Model
5.11 Biba Model
5.12 The Clark-Wilson Model
5.13 The Information Flow Model
5.14 Covert Channels
5.15 Overt Channels
5.16 The Noninterference Model
5.17 The Brewer and Nash Model (Chinese Wall Model)
5.18 The Graham-Denning Model
5.19 The Harrison-Ruzzo-Ulman Model
5.20 Security Architecture Assurance Mechanisms
5.21 The Orange Book (TCSEC)
5.22 ITSEC (Information Technology Security Evaluation Criteria)
5.23 Common Criteria
5.24 Certification and Accreditation
5.25 Certification
5.26 Accreditation
Chapter 6: Business Continuity and Disaster Recover Planning
6.1 What is Disaster Recovery
6.2 What is Business Continuity
6.3 The definition of Disaster
6.4 Types of disasters
6.5 BCP Phases
6.6 BCP Phases proposed by ISC2
6.7 BCP Phase 1: Project Initiation
6.8 BCP Phase 2: BIA
6.9 BCP Phase 3: Continuity / Recovery Strategy
6.10 BCP Phase 4: Detail Plan Design and Development
6.11 BCP Phase 5: Testing and Maintenance
6.12 BCP Testing
6.13 General Practices for Testing
6.14 Plan Maintenance
6.15 Recovery Process
6.16 Conclusion of this chapter
Chapter 7: Telecommunication and Network Security
7.1 OSI Reference Model
7.2 TCP
7.3 UDP
7.4 Port
7.5 IP
7.6 Network Topology
7.7 Transmission Method
7.8 Cabling
7.9 LAN Protocol - ARP
7.10 LAN Protocol – DHCP
7.11 LAN Protocol - ICMP
7.12 Basic Routing Concepts
7.13 Routing Protocols
7.14 Networking Equipment – Routers
7.15 Networking Equipment – Switches
7.16 Firewall
7.17 Network Services and Protocol
7.18 Remote Access
7.19 VPN
7.20 SSH
7.21 Wireless Technology
7.22 Wireless Application Protocol
Chapter 8: Software Development Security
8.1 Today’s Software Environment
8.2 Programming Language
8.3 Programming elements and procedures (Using Java)
8.4 Threats in the Software Environment
8.5 Application Development Security Protections and Controls
8.6 Software Development Methods
8.7 Object-Oriented Technology and Programming
8.8 Data Structure
8.9 Distributed Object-Oriented Systems
8.10 Malicious Software (Malware)
8.11 Database Management System (DBMS)
8.12 DBMS Model
8.13 Database Interface Languages
8.14 Data Warehouse
8.15 Metadata
8.16 DBMS Controls
8.17 SET Protocol
Chapter 9: Operations Security
9.1 Introduction to Operations Security
9.2 The role of operations department
9.3 Operations Staff
9.4 Threats to Operations
9.5 Types of Control in Operations Security
9.6 Administrative Management in Operations Security
9.7 Media Types and Protection Methods
9.8 Trusted Recovery / System Recovery
9.9 Common Jargons in Operations
9.10 Configuration Management
9.11 Patch Management
Chapter 10: Legal, Regulations, Investigations and Compliance
10.1 Today’s Information Security Environment
10.2 Information Security and Computer Crime
10.3 Major Legal Systems Worldwide
10.4 Intellectual Property Laws
10.5 Privacy Protection
10.6 Due care and Due diligence
10.7 Computer Forensics
10.8 Rules of Evidence
10.9 Chain of Custody
10.10 Computer Evidence
10.11 Incidence Response
10.12 Goals of Incidence Response
10.13 Various attack types
10.14 Processes of the incident response
10.15 Successful factors in incident response
10.16 Interviewing and Interrogation
10.17 Conclusion of Legal, Regulations, Compliance and Investigation
|
