Introduction xvii Part I Domain 1: Security Principles 1 Chapter 1 Confidentiality, Integrity, Availability, and Non-repudiation 3 The CIA Triad 4 Non-repudiation 7 Chapter 2 Authentication and Authorization 11 Access Control Process 11 Password Policies 13 Authentication Factors 16 Chapter 3 Privacy 23 Privacy 23 Privacy Management Framework 25 Chapter 4 Risk Management 35 Risk Types 35 Risk Identification and Assessment 37 Risk Treatment Strategies 39 Risk Profile and Tolerance 40 Chapter 5 Security Controls 45 What Are Security Controls? 45 Categorizing Security Controls 46 Chapter 6 Ethics 51 Corporate Ethics Codes 51 ISC2 Code of Ethics 52 Ethics Complaint Procedure 54 Chapter 7 Security Governance Processes 59 Security Policies and Procedures 59 Laws and Regulations 61 Chapple213832_ftoc.indd 13 22-11-2023 12:53:06 Part II Domain 2: Business Continuity (bc), Disaster Recovery (dr) & Incident Response (ir) Concepts 65 Chapter 8 Business Continuity 67 Business Continuity Planning 67 Business Continuity Controls 69 High Availability and Fault Tolerance 71 Chapter 9 Disaster Recovery 79 Disaster Recovery Planning 79 Backups 81 Disaster Recovery Sites 83 Testing Disaster Recovery Plans 85 Chapter 10 Incident Response 89 Creating an Incident Response Program 89 Building an Incident Response Team 91 Incident Communications Plan 92 Incident Identification and Response 93 Part III Domain 3: Access Controls Concepts 99 Chapter 11 Physical Access Controls 101 Physical Facilities 101 Designing for Security 104 Visitor Management 106 Physical Security Personnel 106 Chapter 12 Logical Access Controls 111 Authorization 111 Account Types 114 Non- repudiation 115 Part IV Domain 4: Network Security 119 Chapter 13 Computer Networking 121 Network Types 121 TCP/IP Networking 122 IP Addressing 124 Network Ports and Applications 128 Securing Wi- Fi Networks 129 Chapter 14 Network Threats and Attacks 137 Malware 137 Eavesdropping Attacks 139 Denial- of- Service Attacks 140 Side- Channel Attacks 142 Chapter 15 Threat Identification and Prevention 145 Antivirus Software 145 Intrusion Detection and Prevention 146 Firewalls 148 Vulnerability Scanning 149 Chapter 16 Network Security Infrastructure 155 Data Center Protection 156 Network Security Zones 158 Switches, WAPs, and Routers 159 Network Segmentation 161 Virtual Private Networks 162 Network Access Control 163 Internet of Things 165 Chapter 17 Cloud Computing 169 Cloud Computing 169 Cloud Deployment Models 171 Cloud Service Categories 172 Security and the Shared Responsibility Model 174 Automation and Orchestration 174 Vendor Relationships 175 Part V Domain 5: Security Operations 179 Chapter 18 Encryption 181 Cryptography 181 Encryption Algorithms 183 Uses of Encryption 186 Hash Functions 187 Chapter 19 Data Handling 193 Data Life Cycle 193 Data Classification 196 Chapter 20 Logging and Monitoring 201 Logging 201 Log Monitoring 202 Chapter 21 Configuration Management 207 Configuration Management 207 Configuration Vulnerabilities 208 Chapter 22 Best Practice Security Policies 213 Acceptable Use Policy 213 Data Handling Policy 214 Password Policy 214 Bring Your Own Device Policy 214 Privacy Policy 214 Change Management Policy 215 Chapter 23 Security Awareness Training 219 Social Engineering 219 Security Education 221 Index 227.