Introduction I Part I: Security Architecture Chapter 1 Ensuring a Secure Network Architecture 3 Services 3 Load Balancer 3 Intrusion Detection System (IDS)/Network Intrusion Detection System (NIDS)/Wireless Intrusion Detection System (WIDS) 3 Intrusion Prevention System (IPS)/Network Intrusion Prevention System (NIPS)/Wireless Intrusion Prevention System (WIPS) 6 Web Application Firewall (WAF) 6 Network Access Control (NAC) 8 Virtual Private Network (VPN) 10 Domain Name System Security Extensions (DNSSEC) 11 Firewall/Unified Threat Management (UTM)/Next-Generation Firewall (NGFW) 11 Network Address Translation (NAT) Gateway 19 Internet Gateway 21 Forward/Transparent Proxy 21 Reverse Proxy 22 Distributed Denial-of-Service (DDoS) Protection 22 Routers 22 Mail Security 26 Application Programming Interface (API) Gateway/Extensible Markup Language (XML) Gateway 30 Traffic Mirroring 30 Sensors 32 Segmentation 39 Microsegmentation 40 Local Area Network (LAN)/Virtual Local Area Network (VLAN) 40 Jump Box 43 Screened Subnet 44 Data Zones 44 Staging Environments 45 Guest Environments 45 VPC/Virtual Network (VNET) 45 Availability Zone 46 NAC Lists 47 Policies/Security Groups 47 Regions 49 Access Control Lists (ACLs) 49 Peer-to-Peer 49 Air Gap 49 De-perimeterization/Zero Trust 49 Cloud 50 Remote Work 50 Mobile 50 Outsourcing and Contracting 52 Wireless/Radio Frequency (RF) Networks 53 Merging of Networks from Various Organizations 58 Peering 59 Cloud to on Premises 59 Data Sensitivity Levels 59 Mergers and Acquisitions 60 Cross-domain 61 Federation 61 Directory Services 61 Software-Defined Networking (SDN) 62 Open SDN 63 Hybrid SDN 64 SDN Overlay 64 Exam Preparation Tasks 66 Chapter 2 Determining the Proper Infrastructure Security Design 73 Scalability 73 Vertically 73 Horizontally 74 Resiliency 74 High Availability/Redundancy 74 Diversity/Heterogeneity 75 Course of Action Orchestration 75 Distributed Allocation 76 Replication 76 Clustering 76 Automation 76 Autoscaling 76 Security Orchestration, Automation, and Response (SOAR) 77 Bootstrapping 77 Performance 77 Containerization 78 Virtualization 79 Content Delivery Network 79 Caching 80 Exam Preparation Tasks 81 Chapter 3 Securely Integrating Software Applications 85 Baseline and Templates 85 Baselines 85 Create Benchmarks and Compare to Baselines 85 Templates 86 Secure Design Patterns/Types of Web Technologies 87 Container APIs 88 Secure Coding Standards 89 Application Vetting Processes 90 API Management 91 Middleware 91 Software Assurance 92 Sandboxing/Development Environment 92 Validating Third-Party Libraries 93 Defined DevOps Pipeline 93 Code Signing 94 Interactive Application Security Testing (IAST) vs. Dynamic Application Security Testing (DAST) vs. Static Application Security Testing (SAST) 95 Considerations of Integrating Enterprise Applications 100 Customer Relationship Management (CRM) 100 Enterprise Resource Planning (ERP) 100 Configuration Management Database (CMDB) 101 Content Management System (CMS) 101 Integration Enablers 101 Integrating Security into Development Life Cycle 103 Formal Methods 103 Requirements 103 Fielding 104 Insertions and Upgrades 104 Disposal and Reuse 104 Testing 105 Development Approaches 109 Best Practices 117 Exam Preparation Tasks 119 Chapter 4 Securing the Enterprise Architecture by Implementing Data Security Techniques 125 Data Loss Prevention 125 Blocking Use of External Media 125 Print Blocking 126 Remote Desktop Protocol (RDP) Blocking 126 Clipboard Privacy Controls 127 Restricted Virtual Desktop Infrastructure (VDI) Implementation 128 Data Classification Blocking 128 Data Loss Detection 129 Watermarking 129 Digital Rights Management (DRM) 129 Network Traffic Decryption/Deep Packet Inspection 130 Network Traffic Analysis 130 Data Classification, Labeling, and Tagging 130 Metadata/Attributes 130 Obfuscation 131 Tokenization 131 Scrubbing 131 Masking 132 Anonymization 132 Encrypted vs. Unencrypted 132 Data Life Cycle 132 Create 132 Use 133 Share 133 Store 133 Archive or Destroy 133 Data Inventory and Mapping 133 Data Integrity Management 134 Data Storage, Backup, and Recovery 134 Redundant Array of Inexpensive Disks (RAID) 138 Exam Preparation Tasks 143 Chapter 5 Providing the Appropriate Authentication and Authorization Controls 149 Credential Management 149 Password Repository Application 149 Hardware Key Manager 150 Privileged Access Management 151 Privilege Escalation 151 Password Policies 151 Complexity 153 Length 153 Character Classes 153 History 154 Maximum/Minimum Age 154 Auditing 155 Reversable Encryption 156 Federation 156 Transitive Trust 156 OpenID 156 Security Assertion Markup Language (SAML) 157 Shibboleth 158 Access Control 159 Mandatory Access Control (MAC) 160 Discretionary Access Control (DAC) 160 Role-Based Access Control 161 Rule-Based Access Control 161 Attribute-Based Access Control 161 Protocols 162 Remote Authentication Dial-in User Service (RADIUS) 162 Terminal Access Controller Access Control System (TACACS) 163 Diameter 164 Lightweight Directory Access Protocol (LDAP) 164 Kerberos 165 OAuth 166 802.1X 166 Extensible Authentication Protocol (EAP) 167 Multifactor Authentication (MFA) 168 Knowledge Factors 169 Ownership Factors 169 Characteristic Factors 170 Physiological Characteristics 170 Behavioral Characteristics 171 Biometric Considerations 172 2-Step Verification 173 In-Band 174 Out-of-Band 174 One-Time Password (OTP) 175 HMAC-Based One-Time Password (HOTP) 175 Time-Based One-Time Password (TOTP) 175 Hardware Root of Trust 176 Single Sign-On (SSO) 177 JavaScript Object Notation (JSON) Web Token (JWT) 178 Attestation and Identity Proofing 179 Exam Preparation Tasks 180 Chapter 6 Implementing Secure Cloud and Virtualization Solutions 185 Virtualization Strategies 185 Type 1 vs. Type 2 Hypervisors 186 Containers 187 Emulation 188 Application Virtualization 189 VDI 189 Provisioning and Deprovisioning 189 Middleware 190 Metadata and Tags 190 Deployment Models and Considerations 190 Business Directives 191 Cloud Deployment Models 192 Hosting Models 193 Multitenant 193 Single-Tenant 194 Service Models 194 Software as a Service (SaaS) 194 Platform as a Service (PaaS) 194 Infrastructure as a Service (IaaS) 195 Cloud Provider Limitations 196 Internet Protocol (IP) Address Scheme 196 VPC Peering 196 Extending Appropriate On-premises Controls 196 Storage Models 196 Object Storage/File-Based Storage 197 Database Storage 197 Block Storage 198 Blob Storage 198 Key-Value Pairs 198 Exam Preparation Tasks 199 Chapter 7 Supporting Security Objectives and Requirements with Cryptography and Public Key Infrastructure (PKI) 203 Privacy and Confidentiality Requirements 203 Integrity Requirements 204 Non-repudiation 204 Compliance and Policy Requirements 204 Common Cryptography Use Cases 205 Data at Rest 205 Data in Transit 205 Data in Process/Data in Use 205 Protection of Web Services 206 Embedded Systems 206 Key Escrow/Management 207 Mobile Security 209 Secure Authentication 209 Smart Card 209 Common PKI Use Cases 210 Web Services 210 Email 210 Code Signing 211 Federation 211 Trust Models 212 VPN 212 Enterprise and Security Automation/Orchestration 213 Exam Preparation Tasks 214 Chapter 8 Managing the Impact of Emerging Technologies on Enterprise Security and Privacy 219 Artificial Intelligence 219 Machine Learning 220 Quantum Computing 220 Blockchain 220 Homomorphic Encryption 221 Secure Multiparty Computation 221 Private Information Retrieval 221 Secure Function Evaluation 221 Private Function Evaluation 221 Distributed Consensus 221 Big Data 222 Virtual/Augmented Reality 223 3-D Printing 224 Passwordless Authentication 224 Nano Technology 225 Deep Learning 225 Natural Language Processing 225 Deep Fakes 226 Biometric Impersonation 226 Exam Preparation Tasks 227 Part II: Security Operations Chapter 9 Performing Threat Management Activities 231 Intelligence Types 231 Tactical 231 Strategic 232 Operational 232 Actor Types 233 Advanced Persistent Threat (APT)/Nation-State 233 Insider Threat 234 Competitor 234 Hacktivist 234 Script Kiddie 235 Organized Crime 235 Threat Actor Properties 235 Resource 235 Supply Chain Access 235 Create Vulnerabilities 236 Capabilities/Sophistication 236 Identifying Techniques 237 Intelligence Collection Methods 237 Intelligence Feeds 237 Deep Web 237 Proprietary 238 Open-Source Intelligence (OSINT) 238 Human Intelligence (HUMINT) 243 Frameworks 243 MITRE Adversarial Tactics, Techniques, & Common Knowledge (ATT&CK) 243 Diamond Model of Intrusion Analysis 245 Cyber Kill Chain 246 Exam Preparation Tasks 246 Chapter 10 Analyzing Indicators of Compromise and Formulating an Appropriate Response 251 Indicators of Compromise 251 Packet Capture (PCAP) 251 Logs 252 Notifications 256 Notification Severity/Priorities 260 Syslog 261 Unusual Process Activity 263 Response 265 Firewall Rules 265 IPS/IDS Rules 267 ACL Rules 267 Signature Rules 267 Behavior Rules 268 DLP Rules 268 Scripts/Regular Expressions 268 Exam Preparation Tasks 268 Chapter 11 Performing Vulnerability Management Activities 275 Vulnerability Scans 275 Credentialed vs. Non-credentialed 275 Agent-Based/Server-Based 276 Criticality Ranking 277 Active vs. Passive 278 Security Content Automation Protocol (SCAP) 278 Extensible Configuration Checklist Description Format (XCCDF) 278 Open Vulnerability and Assessment Language (OVAL) 279 Common Platform Enumeration (CPE) 279 Common Vulnerabilities and Exposures (CVE) 279 Common Vulnerability Scoring System (CVSS) 279 Common Configuration Enumeration (CCE) 282 Asset Reporting Format (ARF) 282 Self-assessment vs. Third-Party Vendor Assessment 283 Patch Management 283 Manual Patch Management 284 Automated Patch Management 284 Information Sources 284 Advisories 285 Bulletins 286 Vendor Websites 287 Information Sharing and Analysis Centers (ISACs) 287 News Reports 287 Exam Preparation Tasks 287 Chapter 12 Using the Appropriate Vulnerability Assessment and Penetration Testing Methods and Tools 293 Methods 293 Static Analysis/Dynamic Analysis 293 Side-Channel Analysis 293 Reverse Engineering 294 Wireless Vulnerability Scan 295 Rogue Access Points 295 Software Composition Analysis 296 Fuzz Testing 296 Pivoting 297 Post-exploitation 297 Persistence 298 Tools 298 SCAP Scanner 298 Network Traffic Analyzer 299 Vulnerability Scanner 300 Protocol Analyzer 302 Port Scanner 302 HTTP Interceptor 304 Exploit Framework 304 Password Cracker 306 Dependency Management 307 Requirements 308 Scope of Work 308 Rules of Engagement 308 Invasive vs. Non-invasive 308 Asset Inventory 308 Permissions and Access 309 Corporate Policy Considerations 310 Facility Considerations 310 Physical Security Considerations 310 Rescan for Corrections/Changes 310 Exam Preparation Tasks 310 Chapter 13 Analyzing Vulnerabilities and Recommending Risk Mitigations 315 Vulnerabilities 315 Race Conditions 315 Overflows 315 Broken Authentication 318 Unsecure References 319 Poor Exception Handling 319 Security Misconfiguration 319 Improper Headers 320 Information Disclosure 321 Certificate Errors 321 Weak Cryptography Implementations 321 Weak Ciphers 322 Weak Cipher Suite Implementations 322 Software Composition Analysis 322 Use of Vulnerable Frameworks and Software Modules 323 Use of Unsafe Functions 323 Third-Party Libraries 323 Code Injections/Malicious Changes 324 End of Support/End of Life 324 Regression Issues 324 Inherently Vulnerable System/Application 325 Client-Side Processing vs. Server-Side Processing 325 JSON/Representational State Transfer (REST) 326 Browser Extensions 326 Hypertext Markup Language 5 (HTML5) 327 Asynchronous JavaScript and XML (AJAX) 327 Simple Object Access Protocol (SOAP) 329 Machine Code vs. Bytecode or Interpreted vs. Emulated 329 Attacks 329 Directory Traversal 330 Cross-site Scripting (XSS) 331 Cross-site Request Forgery (CSRF) 331 Injection 332 Sandbox Escape 337 Virtual Machine (VM) Hopping 337 VM Escape 337 Border Gateway Protocol (BGP) Route Hijacking 338 Interception Attacks 339 Denial-of-Service (DoS)/DDoS 339 Authentication Bypass 340 Social Engineering 340 VLAN Hopping 341 Exam Preparation Tasks 341 Chapter 14 Using Processes to Reduce Risk 347 Proactive and Detection 347 Hunts 347 Developing Countermeasures 347 Deceptive Technologies 347 Security Data Analytics 348 Processing Pipelines 349 Indexing and Search 350 Log Collection and Curation 350 Database Activity Monitoring 350 Preventive 351 Antivirus 352 Immutable Systems 352 Hardening 352 Sandbox Detonation 352 Application Control 353 License Technologies 353 Allow List vs. Block List 354 Time of Check vs. Time of Use 354 Atomic Execution 355 Security Automation 355 Cron/Scheduled Tasks 355 Bash 356 PowerShell 357 Python 357 Physical Security 358 Review of Lighting 358 Review of Visitor Logs 359 Camera Reviews 359 Open Spaces vs. Confined Spaces 361 Exam Preparation Tasks 362 Chapter 15 Implementing the Appropriate Incident Response 367 Event Classifications 367 False Positive 367 False Negative 367 True Positive 367 True Negative 367 Triage Event 367 Preescalation Tasks 368 Incident Response Process 368 Preparation 369 Training 369 Testing 370 Detection 370 Analysis 371 Containment 371 Recovery 371 Response 372 Lessons Learned 372 Specific Response Playbooks/Processes 373 Scenarios 373 Non-automated Response Methods 374 Automated Response Methods 374 Communication Plan 375 Stakeholder Management 377 Legal 377 Human Resources 377 Public Relations 378 Internal and External 378 Exam Preparation Tasks 379 Chapter 16 Forensic Concepts 385 Legal vs. Internal Corporate Purposes 385 Forensic Process 385 Identification 385 Evidence Collection 385 Evidence Preservation 388 Analysis 389 Verification 391 Presentation 391 Integrity Preservation 392 Hashing 392 Cryptanalysis 394 Steganalysis 394 Exam Preparation Tasks 394 Chapter 17 Forensic Analysis Tools 399 File Carving Tools 399 Foremost 399 Strings 400 Binary Analysis Tools 401 Hex Dump 401 Binwalk 401 Ghidra 401 GNU Project Debugger (GDB) 401 OllyDbg 402 readelf 402 objdump 402 strace 402 ldd 402 file 403 Analysis Tools 403 ExifTool 403 Nmap 403 Aircrack-ng 403 Volatility 404 The Sleuth Kit 405 Dynamically vs. Statically Linked 405 Imaging Tools 405 Forensic Toolkit (FTK) Imager 405 dd 406 Hashing Utilities 407 sha256sum 407 ssdeep 407 Live Collection vs. Post-mortem Tools 407 netstat 407 ps 409 vmstat 409 ldd 410 lsof 410 netcat 410 tcpdump 411 conntrack 411 Wireshark 412 Exam Preparation Tasks 413 Part III: Security Engineering and Cryptography Chapter 18 Applying Secure Configurations to Enterprise Mobility 419 Managed Configurations 419 Application Control 419 Password 419 MFA Requirements 420 Token-Based Access 421 Patch Repository 422 Firmware Over-the-Air 422 Remote Wipe 422 Wi-Fi 423 Profiles 424 Bluetooth 424 Near-Field Communication (NFC) 424 Peripherals 425 Geofencing 425 VPN Settings 425 Geotagging 426 Certificate Management 426 Full Device Encryption 427 Tethering 427 Airplane Mode 427 Location Services 427 DNS over HTTPS (DoH) 428 Custom DNS 428 Deployment Scenarios 429 Bring Your Own Device (BYOD) 429 Corporate-Owned 429 Corporate-Owned, Personally Enabled (COPE) 429 Choose Your Own Device (CYOD) 429 Implications of Wearable Devices 429 Digital Forensics on Collected Data 430 Unauthorized Application Stores 431 Jailbreaking/Rooting 431 Side Loading 431 Containerization 432 Original Equipment Manufacturer (OEM) and Carrier Differences 432 Supply Chain Issues 432 eFuse 432 Exam Preparation Tasks 433 Chapter 19 Configuring and Implementing Endpoint Security Controls 437 Hardening Techniques 437 Removing Unneeded Services 437 Disabling Unused Accounts 438 Images/Templates 438 Removing End-of-Life Devices 438 Removing End-of-Support Device 438 Local Drive Encryption 439 Enabling No-Execute (NX)/Execute Never (XN) Bit 439 Disabling Central Processing Unit (CPU) Virtualization Support 439 Secure Encrypted Enclaves 440 Memory Encryption 440 Shell Restrictions 441 Address Space Layout Randomization (ASLR) 442 Processes 442 Patching 442 Logging 443 Monitoring 443 Mandatory Access Control 444 Security-Enhanced Linux (SELinux)/Security-Enhanced Android (SEAndroid) 444 Kernel vs. Middleware 445 Trustworthy Computing 445 Trusted Platform Module (TPM) 445 Secure Boot 446 Unified Extensible Firmware Interface (UEFI)/Basic Input/Output System (BIOS) Protection 447 Attestation Services 448 Hardware Security Module (HSM) 448 Measured Boot 449 Self-Encrypting Drives (SEDs) 450 Compensating Controls 450 Antivirus 450 Application Controls 451 Host-Based Intrusion Detection System (HIDS)/Host-Based Intrusion Prevention System (HIPS) 451 Host-Based Firewall 451 Endpoint Detection and Response (EDR) 451 Redundant Hardware 452 Self-Healing Hardware 452 User and Entity Behavior Analytics (UEBA) 452 Exam Preparation Tasks 452 Chapter 20 Security Considerations Impacting Specific Sectors and Operational Technologies 459 Embedded 459 Internet of Things (IoT) 459 System on a Chip (SoC) 461 Application-Specific Integrated Circuit (ASIC) and Field-Programmable Gate Array (FPGA) 461 ICS/Supervisory Control and Data Acquisition (SCADA) 462 Programmable Logic Controller (PLC) 463 Historian 463 Ladder Logic 463 Safety Instrumented System 464 Heating, Ventilation, and Air Conditioning (HVAC) 464 Protocols 465 Controller Area Network (CAN) Bus 465 Modbus 466 Distributed Network Protocol 3 (DNP3) 466 Zigbee 467 Common Industrial Protocol (CIP) 467 Data Distribution Service 468 Sectors 468 Energy 469 Manufacturing 469 Healthcare 470 Public Utilities 470 Public Services 470 Facility Services 471 Exam Preparation Tasks 472 Chapter 21 Cloud Technology's Impact on Organizational Security 477 Automation and Orchestration 477 Encryption Configuration 477 Logs 478 Availability 479 Collection 479 Monitoring 479 Configuration 480 Alerting 480 Monitoring Configurations 480 Key Ownership and Location 481 Key Life-Cycle Management 483 Backup and Recovery Methods 485 Cloud as Business Continuity and Disaster Recovery (BCDR) 486 Primary Provider BCDR 486 Alternative Provider BCDR 486 Infrastructure vs. Serverless Computing 486 Application Virtualization 487 Software-Defined Networking 488 Misconfigurations 488 Collaboration Tools 488 Web Conferencing 488 Video Conferencing 489 Audio Conferencing 491 Storage and Document Collaboration Tools 491 Storage Configurations 492 Bit Splitting 493 Data Dispersion 493 Cloud Access Security Broker (CASB) 493 Exam Preparation Tasks 494 Chapter 22 Implementing the Appropriate PKI Solution 499 PKI Hierarchy 499 Registration Authority (RA) 499 Certificate Authority (CA) 499 Subordinate/Intermediate CA 500 Certificate Types 501 Wildcard Certificate 501 Extended Validation 502 Multidomain 502 General Purpose 503 Certificate Usages/Profiles/Templates 504 Client Authentication 504 Server Authentication 504 Digital Signatures 504 Code Signing 505 Extensions 505 Common Name (CN) 505 Subject Alternate Name (SAN) 505 Trusted Providers 505 Trust Model 506 Cross-certification 506 Configure Profiles 507 Life-Cycle Management 507 Public and Private Keys 508 Digital Signature 512 Certificate Pinning 512 Certificate Stapling 512 Certificate Signing Requests (CSRs) 513 Online Certificate Status Protocol (OCSP) vs. Certificate Revocation List (CRL) 513 HTTP Strict Transport Security (HSTS) 514 Exam Preparation Tasks 514 Chapter 23 Implementing the Appropriate Cryptographic Protocols and Algorithms 519 Hashing 519 Secure Hashing Algorithm (SHA) 519 Hash-Based Message Authentication Code (HMAC) 520 Message Digest (MD) 521 RACE Integrity Primitives Evaluation Message Digest (RIPEMD) 521 Poly1305 521 Symmetric Algorithms 522 Modes of Operation 523 Stream and Block 526 Asymmetric Algorithms 528 Key Agreement 529 Signing 530 Known Flaws/Weaknesses 531 Protocols 532 Secure Sockets Layer (SSL)/Transport Layer Security (TLS) 532 Secure/Multipurpose Internet Mail Extensions (S/MIME) 533 Internet Protocol Security (IPsec) 534 Secure Shell (SSH) 534 EAP 535 Elliptic-Curve Cryptography 535 P256/P384 535 Forward Secrecy 536 Authenticated Encryption with Associated Data 536 Key Stretching 536 Password-Based Key Derivation Function 2 (PBKDF2) 537 Bcrypt 537 Exam Preparation Tasks 537 Implementation and Configuration Issues 542 Validity Dates 542 Chapter 24 Troubleshooting Issues with Cryptographic Implementations 543 Wrong Certificate Type 543 Revoked Certificates 543 Incorrect Name 543 Chain Issues 544 Weak Signing Algorithm 545 Weak Cipher Suite 545 Incorrect Permissions 546 Cipher Mismatches 546 Downgrade 546 Keys 546 Mismatched 547 Improper Key Handling 547 Embedded Keys 548 Rekeying 548 Exposed Private Keys 548 Crypto Shredding 548 Cryptographic Obfuscation 548 Key Rotation 549 Compromised Keys 549 Exam Preparation Tasks 549 Part IV: Governance, Risk, and Compliance Chapter 25 Applying Appropriate Risk Strategies 555 Risk Assessment 555 Likelihood 556 Impact 556 Qualitative vs. Quantitative 557 Exposure Factor 558 Asset Value 558 Total Cost of Ownership (TCO) 559 Return on Investment (ROI) 560 Mean Time to Recovery (MTTR) 562 Mean Time Between Failure (MTBF) 562 Annualized Loss Expectancy (ALE)/Annualized Rate of Occurrence (ARO)/Single Loss Expectancy (SLE) 562 Gap Analysis 564 Risk Handling Techniques 565 Transfer 565 Accept 565 Avoid 566 Mitigate 566 Risk Types 566 Inherent 567 Residual 567 Exceptions 567 Risk Management Life Cycle 568 Identify 569 Assess 570 Control 570 Control Types 572 Review 573 Frameworks 573 Risk Tracking 590 Risk Register 590 Key Performance Indicators/Key Risk Indicators 591 Risk Appetite vs. Risk Tolerance 594 Tradeoff Analysis 595 Usability vs. Security Requirements 595 Policies and Security Practices 595 Separation of Duties 595 Job Rotation 596 Mandatory Vacation 596 Least Privilege 597 Employment and Termination Procedures 598 Training and Awareness for Users 599 Auditing Requirements and Frequency 601 Exam Preparation Tasks 601 Chapter 26 Managing and Mitigating Vendor Risk 607 Shared Responsibility Model (Roles/Responsibilities) 607 Cloud Service Provider (CSP) 607 Client 609 Vendor Lock-in and Vendor Lock-out 610 Vendor Viability 610 Financial Risk 610 Merger or Acquisition Risk 610 Meeting Client Requirements 610 Legal 610 Change Management 611 Staff Turnover 612 Device and Technical Configurations 612 Support Availability 615 Geographical Consideration 615 Supply Chain Visibility 615 Incident Reporting Requirements 616 Source Code Escrows 616 Ongoing Vendor Assessment Tools 616 Third-Party Dependencies 616 Code 617 Hardware 617 Modules 618 Technical Considerations 618 Technical Testing 618 Network Segmentation 618 Transmission Control 618 Shared Credentials 619 Exam Preparation Tasks 620 Chapter 27 The Organizational Impact of Compliance Frameworks and Legal Considerations 625 Security Concerns of Integrating Diverse Industries 625 Rules 625 Policies 626 Regulations 626 Data Considerations 626 Data Sovereignty 626 Data Ownership 627 Data Classifications 627 Data Retention 629 Data Types 629 Data Removal, Destruction, and Sanitization 634 Geographic Considerations 635 Location of Data 636 Location of Data Subject 636 Location of Cloud Provider 637 Third-Party Attestation of Compliance 637 Regulations, Accreditations, and Standards 637 Open Standards 638 Adherence to Standards 638 Competing Standards 639 Lack of Standards 639 De Facto Standards 639 Payment Card Industry Data Security Standard (PCI DSS) 639 General Data Protection Regulation (GDPR) 640 International Organization for Standardization (ISO) 641 Capability Maturity Model Integration (CMMI) 643 National Institute of Standards and Technology (NIST) 644 Children's Online Privacy Protection Act (COPPA) 644 Common Criteria 644 Cloud Security Alliance (CSA) Security Trust Assurance and Risk (STAR) 646 Legal Considerations 646 Due Diligence/Due Care 646 Export Controls 647 Legal Holds 648 E-Discovery 648 Contract and Agreement Types 648 Service-Level Agreement (SLA) 649 Master Service Agreement (MSA) 649 Non-disclosure Agreement (NDA) 650 Memorandum of Understanding (MOU) 650 Interconnection Security Agreement (ISA) 650 Operational-Level Agreement 651 Privacy-Level Agreement 651 Exam Preparation Tasks 651 Chapter 28 Business Continuity and Disaster Recovery Concepts 657 Develop Contingency Planning Policy 658 Conduct the BIA 658 Identify Critical Processes and Resources 659 Recovery Time Objective 659 Recovery Point Objective 659 Recovery Service Level 659 Mission Essential Functions 659 Privacy Impact Assessment 660 Disaster Recovery Plan (DRP)/Business Continuity Plan (BCP) 660 Personnel Components 661 Project Scope 661 Business Continuity Steps 662 Recovery and Multiple Site Strategies 662 Cold Site 663 Warm Site 663 Hot Site 663 Mobile Site 664 Incident Response Plan 664 Roles/Responsibilities 665 After-Action Reports 666 Testing Plans 666 Checklist 666 Walk-through 666 Tabletop Exercises 666 Full Interruption Test 667 Parallel Test/Simulation Test 667 Exam Preparation Tasks 667 Tools for Final Preparation 672 Pearson Test Prep Practice Test Software and Questions on the Website 672 Chapter 29 Final Preparation 673 Accessing the Pearson Test Prep Software Online 673 Accessing the Pearson Test Prep Practice Test Software Offline 673 Customizing Your Exams 674 Updating Your Exams 675 Premium Edition 676 Chapter-Ending Review Tools 676 Suggested Plan for Final Review/Study 676 Appendix A Answers to the Review Questions 679 Glossary 709 Online Elements Appendix B Memory Tables Appendix C Memory Tables Answer Key Appendix D Study Planner Glossary 9780137348954 TOC 5/26/2022