Foreword xvi Introduction xvii Part I. Security Fundamentals Chapter 1. Basics of Cybersecurity 1 Cybersecurity 1 CIA-DAD 2 I-A-A-A 4 Defense in Depth 6 Hardware and Software Security 7 Firewalls, Access Controls, and Access Control Lists 8 Physical Security 9 Practical Example of a Server Security in an Organization 10 Summary 16 Chapter 1 Questions 17 Answers to Chapter 1 Questions 18 Chapter 2. Security Details 19 The Four Attributes: Encrypt, Compress, Index, and Archive 19 Encryption, Algorithms 22 Public Key Infrastructure 22 Email Security Example 23 Nonrepudiation, Authentication Methods (K-H-A) 25 Current and New Algorithms 26 Summary 26 Chapter 2 Questions 28 Answers to Chapter 2 Questions 29 Chapter 3. Goals of Security 31 Goals of Security--SMART/OKR 31 Who''s Who in Security: RACI 33 Creating the RACI Matrix 35 Planning--Strategic, Tactical, and Operational 36 Events and Incidents 37 Risks, Breaches, Fixes 38 Security Logs--The More the Merrier 39 Re/Engineering a Project 41 Keeping Security Up to Date 42 Summary 43 Chapter 3 Questions 44 Answers to Chapter 3 Questions 45 Part II. Database Security--The Back End Chapter 4. Database Security Introduction 47 ACID, BASE of DB, and CIA Compliance 47 ACID, BASE, and CIA 47 Data in Transit, Data at Rest 49 DDL and DML 52 Designing a Secure Database 54 Structural Security 57 Functional Security 60 Data Security 61 Procedural Security 63 Summary 64 Chapter 4 Questions 65 Answers to Chapter 4 Questions 66 Chapter 5. Access Control of Data 67 Access Control--Roles for Individuals and Applications 67 MAC, DAC, RBAC, RuBAC 69 Passwords, Logins, and Maintenance 74 Hashing and Checksum Methods 76 Locking, Unlocking, Resetting 80 Monitoring User Accounts, System Account 82 Data Protection--Views and Materialized Views 86 PII Security--Data, Metadata, and Surrogates 90 Summary 94 Chapter 5 Questions 96 Answers to Chapter 5 Questions 97 Chapter 6.

Data Refresh, Backup, and Restore 99 Data Refresh--Manual, ETL, and Script 99 ETL Jobs 102 Security in Invoking ETL Job 104 Data Pump: Exporting and Importing 106 Backup and Restore 109 Keeping Track--Daily, Weekly, Monthly 117 Summary 119 Chapter 6 Questions 120 Answers to Chapter 6 Questions 121 Chapter 7. Host Security 123 Server Connections and Separation 123 IP Selection, Proxy, Invited Nodes 126 Access Control Lists 128 Connecting to a System/DB: Passwords, Smart Cards, Certificates 131 Cron Jobs or Task Scheduler 137 Regular Monitoring and Troubleshooting 141 Summary 144 Chapter 7 Questions 145 Answers to Chapter 7 Questions 146 Chapter 8. Proactive Monitoring 149 Logs, Logs, and More Logs 149 Data Manipulation Monitoring 150 Data Structure Monitoring 156 Third-Party or Internal Audits 159 LOG File Generation 165 Summary 172 Chapter 8 Questions 173 LAB Work 173 Answers to Chapter 8 Questions 174 Chapter 9. Risks, Monitoring, and Encryption 175 Security Terms 175 Risk, Mitigation, Transfer, Avoidance, and Ignoring 177 Organized Database Monitoring 181 Encrypting the DB: Algorithm Choices 183 Automated Alerts 185 Summary 186 Chapter 9 Questions 187 Answers to Chapter 9 Questions 188 Part III. Application Security--The Front End Chapter 10. Application Security Fundamentals 189 Coding Standards 190 The Software Development Process 195 Models and Selection 199 Cohesion and Coupling 201 Development, Test, and Production 202 Client and Server 204 Side Effects of a Bad Security in Software 213 Fixing the SQL Injection Attacks 213 Evaluate User Input 214 Do Back-End Database Checks 215 Change Management--Speaking the Same Language 215 Secure Logging In to Applications, Access to Users 217 Summary 221 Chapter 10 Questions 223 Answer to Chapter 10 Questions 224 Chapter 11. The Unseen Back End 227 Back-End DB Connections in Java/Tomcat 238 Connection Strings and Passwords in Code 241 Stored Procedures and Functions 242 File Encryption, Types, and Association 247 Implementing Public Key Infrastructure and Smart Card 250 Examples of Key Pairs on Java and Linux 251 Symmetric Encryption 253 Asymmetric Encryption 254 Vulnerabilities, Threats, and Web Security 255 Attack Types and Mitigations 256 Summary 260 Chapter 11 Questions 261 Answers to Chapter 11 Questions 262 Chapter 12. Securing Software--In-House and Vendor 263 Internal Development Versus Vendors 263 Vendor or COTS Software 264 Action Plan 265 In-House Software Development 266 Initial Considerations for In-House Software 267 Code Security Check 269 Fixing the Final Product--SAST Tools 271 Fine-tuning the Product--Testing and Release 277 Patches and Updates 278 Product Retirement/Decommissioning 280 Summary 282 Chapter 12 Questions 283 Answers to Chapter 12 Questions 284 Part IV.

Security Administration Chapter 13. Security Administration 287 Least Privilege, Need to Know, and Separation of Duties 287 Who Is Who and Why 290 Scope or User Privilege Creep 292 Change Management 294 Documenting the Process 296 Legal Liabilities 308 Software Analysis 312 Netwo.