Table of Contents

Introduction xxxv
Assessment Test xliv


Chapter 1 Access Control 1


Chapter 2 Access Control Attacks and Monitoring 47


Chapter 3 Secure Network Architecture and Securing Network Components 87


Chapter 4 Secure Communications and Network Attacks 151


Chapter 5 Security Governance Concepts, Principles, and Policies 205


Chapter 6 Risk and Personnel Management 239


Chapter 7 Software Development Security 275


Chapter 8 Malicious Code and Application Attacks 327


Chapter 9 Cryptography and Symmetric Key Algorithms 361


Chapter 10 PKI and Cryptographic Applications 403


Chapter 11 Principles of Security Models, Design, and Capabilities 437


Chapter 12 Security Architecture Vulnerabilities, Threats, and Countermeasures 477


Chapter 13 Security Operations 531


Chapter 14 Incident Management 571


Chapter 15 Business Continuity Planning 617


Chapter 16 Disaster Recovery Planning 643


Chapter 17 Laws, Regulations, and Compliance 681


Chapter 18 Incidents and Ethics 713


Chapter 19 Physical Security Requirements 745


Appendix A Answers to Review Questions 781


Appendix B Answers to Written Labs 815


Appendix C About the Additional Study Tools 829


Index 833

About the Author

James M. Stewart, CISSP, is a security expert, technical trainer, and author of numerous publications, books, and courseware. Mike Chapple, PhD, CISSP, is an IT security professional at the University of Notre Dame. He was formerly CIO of Brand Institute. Darril Gibson, Security+, CISSP, ITIL v3, is the CEO of Security Consulting and Training, LLC.