Introduction The CASP Exam 2
   The Goals of the CASP Certification 3
   The Value of the CASP Certification 5
   CASP Exam Objectives 7
   Steps to Becoming a CASP 35
   CompTIA Authorized Materials Use Policy 35
Chapter 1 Business and Industry Influences and Associated Security Risks 38
   Risk Management of New Products, New Technologies, and User Behaviors 39
   New or Changing Business Models/Strategies 40
   Security Concerns of Integrating Diverse Industries 44
   Internal and External Influences 52
   Impact of De-perimeterization (e.g., Constantly Changing Network Boundary) 54
   Exam Preparation Tasks 60
   Review All Key Topics 60
   Define Key Terms 60
   Review Questions 61
Chapter 2 Security, Privacy Policies, and Procedures 64
   Policy and Process Life Cycle Management 65
   Support Legal Compliance and Advocacy 70
   Common Business Documents to Support Security 71
   Security Requirements for Contracts 75
   General Privacy Principles for Sensitive Information 77
   Support the Development of Policies Containing Standard Security Practices 78
   Exam Preparation Tasks 91
   Review All Key Topics 91
   Define Key Terms 92
   Review Questions 92
Chapter 3 Risk Mitigation Strategies and Controls 96
   Categorize Data Types by Impact Levels Based on CIA 98
   Incorporate Stakeholder Input into CIA Impact-Level Decisions 100
   Determine the Aggregate CIA Score 101
   Determine Minimum Required Security Controls Based on Aggregate Score 102
   Select and Implement Controls Based on CIA Requirements and Organizational Policies 102
   Extreme Scenario Planning/Worst-Case Scenario 123
   Conduct System-Specific Risk Analysis 125
   Make Risk Determination Based upon Known Metrics 126
   Translate Technical Risks in Business Terms 134
   Recommend Which Strategy Should Be Applied Based on Risk Appetite 135
   Risk Management Processes 137
   Continuous Improvement/Monitoring 141
   Business Continuity Planning 141
   IT Governance 148
   Enterprise Resilience 168
   Exam Preparation Tasks 170
   Review All Key Topics 170
   Define Key Terms 171
   Review Questions 171
Chapter 4 Risk Metric Scenarios to Secure the Enterprise 174
   Review Effectiveness of Existing Security Controls 175
   Reverse Engineer/Deconstruct Existing Solutions 177
   Creation, Collection, and Analysis of Metrics 177
   Prototype and Test Multiple Solutions 180
   Create Benchmarks and Compare to Baselines 181
   Analyze and Interpret Trend Data to Anticipate Cyber Defense Needs 182
   Analyze Security Solution Metrics and Attributes to Ensure They Meet Business Needs 183
   Use Judgment to Solve Problems Where the Most Secure Solution Is Not Feasible 187
   Exam Preparation Tasks 187
   Review All Key Topics 187
   Define Key Terms 188
   Review Questions 189
Chapter 5 Network and Security Components, Concepts, and Architectures 192
   Physical and Virtual Network and Security Devices 194
   Application and Protocol-Aware Technologies 212
   Advanced Network Design (Wired/Wireless) 215
   Complex Network Security Solutions for Data Flow 241
   Secure Configuration and Baselining of Networking and Security Components 246
   Software-Defined Networking 254
   Network Management and Monitoring Tools 255
   Advanced Configuration of Routers, Switches, and Other Network Devices 260
   Security Zones 268
   Network Access Control 269
   Network-Enabled Devices 271
   Critical Infrastructure 279
   Exam Preparation Tasks 280
   Review All Key Topics 280
   Define Key Terms 282
   Review Questions 282
Chapter 6 Security Controls for Host Devices 286
   Trusted OS (e.g., How and When to Use It) 287
   Endpoint Security Software 290
   Host Hardening 298
   Boot Loader Protections 316
   Vulnerabilities Associated with Hardware 322
   Terminal Services/Application Delivery Services 322
   Exam Preparation Tasks 323
   Review All Key Topics 323
   Define Key Terms 324
   Review Questions 324
Chapter 7 Security Controls for Mobile and Small Form Factor Devices 328
   Enterprise Mobility Management 329
   Security Implications/Privacy Concerns 336
   Wearable Technology 345
   Exam Preparation Tasks 350
   Review All Key Topics 350
   Define Key Terms 351
   Review Questions 351
Chapter 8 Software Vulnerability Security Controls 354
   Application Security Design Considerations 355
   Specific Application Issues 356
   Application Sandboxing 370
   Secure Encrypted Enclaves 371
   Database Activity Monitor 371
   Web Application Firewalls 371
   Client-Side Processing vs. Server-Side Processing 371
   Operating System Vulnerabilities 377
   Firmware Vulnerabilities 377
   Exam Preparation Tasks 378
   Review All Key Topics 378
   Define Key Terms 378
   Review Questions 379
Chapter 9 Security Assessments 382
   Methods 383
   Test Types 398
   Exam Preparation Tasks 405
   Review All Key Topics 405
   Define Key Terms 406
   Review Questions 407
Chapter 10 Select the Appropriate Security Assessment Tool 410
   Network Tool Types 411
   Host Tool Types 427
   Physical Security Tools 441
   Exam Preparation Tasks 444
   Review All Key Topics 444
   Define Key Terms 445
   Review Questions 446
Chapter 11 Incident Response and Recovery 448
   E-Discovery 449
   Data Breach 454
   Facilitate Incident Detection and Response 457
   Incident and Emergency Response 461
   Incident Response Support Tools 471
   Severity of Incident or Breach 478
   Post-incident Response 480
   Exam Preparation Tasks 481
   Review All Key Topics 481
   Define Key Terms 482
   Review Questions 483
Chapter 12 Host, Storage, Network, and Application Integration 486
   Adapt Data Flow Security to Meet Changing Business Needs 487
   Standards 489
   Interoperability Issues 491
   Resilience Issues 494
   Data Security Considerations 496
   Resources Provisioning and Deprovisioning 500
   Design Considerations During Mergers, Acquisitions and Demergers/Divestitures 501
   Network Secure Segmentation and Delegation 502
   Logical Deployment Diagram and Corresponding Physical Deployment Diagram of All Relevant Devices 502
   Security and Privacy Considerations of Storage Integration 504
   Security Implications of Integrating Enterprise Applications 504
   Exam Preparation Tasks 507
   Review All Key Topics 507
   Define Key Terms 508
   Review Questions 508
Chapter 13 Cloud and Virtualization Technology Integration 512
   Technical Deployment Models (Outsourcing/Insourcing/Managed Services/Partnership) 513
   Security Advantages and Disadvantages of Virtualization 518
   Cloud Augmented Security Services 521
   Vulnerabilities Associated with Comingling of Hosts with Different Security Requirements 527
   Data Security Considerations 529
   Resources Provisioning and Deprovisioning 531
   Exam Preparation Tasks 532
   Review All Key Topics 532
   Define Key Terms 532
   Review Questions 533
Chapter 14 Authentication and Authorization Technology Integration 536
   Authentication 537
   Authorization 550
   Attestation 557
   Identity Propagation 558
   Federation 559
   Trust Models 563
   Exam Preparation Tasks 566
   Review All Key Topics 566
   Define Key Terms 567
   Review Questions 567
Chapter 15 Cryptographic Techniques 570
   Techniques 572
   Implementations 592
   Exam Preparation Tasks 611
   Review All Key Topics 611
   Define Key Terms 612
   Review Questions 613
Chapter 16 Secure Communication and Collaboration 616
   Remote Access 617
   Unified Collaboration Tools 621
   Exam Preparation Tasks 634
   Review All Key Topics 634
   Define Key Terms 635
   Review Questions 635
Chapter 17 Industry Trends and Their Impact to the Enterprise 638
   Perform Ongoing Research 639
   Threat Intelligence 643
   Research Security Implications of Emerging Business Tools 649
   Global IA Industry/Community 653
   Exam Preparation Tasks 660
   Review All Key Topics 660
   Define Key Terms 661
   Review Questions 661
Chapter 18 Security Activities Across the Technology Life Cycle 664
   Systems Development Life Cycle 665
   Software Development Life Cycle 673
   Adapt Solutions 706
   Asset Management (Inventory Control) 709
   Exam Preparation Tasks 711
   Review All Key Topics 711
   Define Key Terms 712
   Review Questions 713
Chapter 19 Business Unit Interaction 716
   Interpreting Security Requirements and Goals to Communicate with Stakeholders from Other Disciplines 717
   Provide Objective Guidance and Impartial Recommendations to Staff and Senior Management on Security Processes and Controls 724
   Establish Effective Collaboration Within Teams to Implement Secure Solutions 725
   Governance, Risk, and Compliance Committee 726
   Exam Preparation Tasks 727
   Review All Key Topics 727
   Define Key Terms 728
   Review Questions 729
Appendix A Answers 732
Glossary 754
Online-only Elements:
Appendix B Memory Tables
Appendix C Memory Table Answers
Appendix D Study Planner
9780789759443, TOC, 4/16/2018
Available for purchase from all major ebook resellers, including InformIT.com