O'Reilly logo

What Every Engineer Should Know About Cyber Security and Digital Forensics by Joanna F. DeFranco

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

vii
Contents
What Every Engineer Should Know: Series Statement ....................................xi
Preface ...................................................................................................................xiii
Acknowledgments ................................................................................................xv
About the Author ............................................................................................... xvii
1. Security Threats ..............................................................................................1
1.1 Introduction ...........................................................................................1
1.2 Social Engineering ................................................................................ 3
1.3 Travel .......................................................................................................6
1.4 Mobile Devices ......................................................................................7
1.5 Internet ...................................................................................................8
1.6 The Cloud ............................................................................................... 9
1.7 Cyber Physical Systems ...................................................................... 11
1.8 Theft ...................................................................................................... 11
References .......................................................................................................12
2. Cyber Security and Digital Forensics Careers .......................................15
2.1 Introduction ......................................................................................... 15
2.2 Career Opportunities ......................................................................... 16
2.2.1 A Summarized List of “Information Security”
JobTasks .................................................................................17
2.2.2 A Summarized List of “Digital Forensic” Job Tasks.........20
2.3 Certications ........................................................................................23
2.3.1 Information Security Certications ....................................24
2.3.2 Digital Forensic Certications .............................................34
2.3.2.1 Global Information Assurance Certications ....34
2.3.2.2 Software Certications .......................................... 36
References .......................................................................................................37
3. Cyber Security ...............................................................................................39
3.1 Introduction .........................................................................................39
3.2 Information Security ..........................................................................40
3.3 Security Architecture .........................................................................42
3.4 Access Controls ...................................................................................44
3.5 Cryptography ......................................................................................48
3.5.1 Types of Cryptography or Cryptographic Algorithms .....49
3.6 Network and Telecommunications Security ...................................50
3.7 Operating System Security ................................................................ 51
3.8 Software Development Security ....................................................... 53
3.9 Database Security ................................................................................56
viii Contents
3.10 Business Continuity and Disaster Recovery ...................................57
3.11 Physical Security ................................................................................. 57
3.12 Legal, Regulations, Compliance, and Investigations .....................58
3.13 Operations Security ............................................................................ 59
3.14 Information Security Governance and Risk Management ........... 60
References ....................................................................................................... 61
4. Preparing for an Incident ............................................................................63
4.1 Introduction .........................................................................................63
4.1.1 The Zachman Framework ....................................................64
4.1.2 Adaptation of the Zachman Framework to Incident
Response Preparation ............................................................64
4.2 Risk Identication ...............................................................................66
4.3 Host Preparation .................................................................................71
4.4 Network Preparation .......................................................................... 73
4.5 Establishing Appropriate Policies and Procedures ........................ 76
4.6 Establishing an Incident Response Team ........................................ 81
4.7 Preparing a Response Toolkit ...........................................................83
4.8 Training ................................................................................................85
References .......................................................................................................89
5. Incident Response and Digital Forensics ................................................91
5.1 Introduction ......................................................................................... 91
5.2 Incident Response ............................................................................... 92
5.2.1 Detection/Identication........................................................93
5.2.2 Containment ........................................................................... 94
5.2.3 Eradication ..............................................................................95
5.2.4 Recovery ..................................................................................96
5.3 Incident Response for Cloud Computing ........................................97
5.4 Digital Forensics ..................................................................................98
5.4.1 Preparation..............................................................................99
5.4.2 Collection .............................................................................. 101
5.4.3 Analysis ................................................................................. 102
5.4.4 Reporting ..............................................................................105
5.5 Mobile Phone Forensics .................................................................... 107
References ..................................................................................................... 109
6. The Law ........................................................................................................ 111
6.1 Introduction ....................................................................................... 111
6.2 Compliance ........................................................................................ 111
6.2.1 The Health Insurance Portability and Accountability
Act (HIPAA) .......................................................................... 112
6.2.2 The Payment Card Industry Data Security Standard
(PCI-DSS) ............................................................................... 112
ixContents
6.2.3 The North American Electric Reliability
Corporation-Critical Infrastructure Protection
Committee (NERC-CIP) ...................................................... 113
6.2.4 The Gramm-Leach-Bliley Act (GLBA)............................... 114
6.2.5 Sarbanes-Oxley Act (SOX) .................................................. 115
6.2.6 The Federal Information Security Management
Act(FISMA) .......................................................................... 115
6.3 Laws for Acquiring Evidence .......................................................... 116
6.4 Evidence Rules ...................................................................................120
6.5 E-discovery ........................................................................................ 121
6.6 Case Law ............................................................................................123
References ..................................................................................................... 124
7. Theory to Practice ....................................................................................... 127
7.1 Introduction ....................................................................................... 127
7.2 Case Study 1: It Is All Fun and Games until Something
GetsDeleted .......................................................................................127
7.2.1 After Action Report ............................................................. 131
7.2.1.1 What Worked Well? ............................................. 131
7.2.1.2 Lessons Learned ................................................... 131
7.2.1.3 What to Do Differently Next Time .................... 132
7.3 Case Study 2: How Is This Working for You? ............................... 133
7.3.1 After Action Report ............................................................. 134
7.3.1.1 What Worked Well? .............................................134
7.3.1.2 Lessons Learned ................................................... 135
7.3.1.3 What to Do Differently Next Time .................... 135
7.4 Case Study 3: The Weakest Link .....................................................135
7.4.1 Background ...........................................................................135
7.4.2 The Crime ............................................................................. 136
7.4.3 The Trial ................................................................................ 137
7.4.3.1 The Defense ........................................................... 137
7.4.3.2 The Prosecution .................................................... 137
7.4.3.3 Other Strategies to Win the Case ....................... 139
7.4.3.4 Verdict .................................................................... 140
7.4.4 After Action Report ............................................................. 140
7.4.4.1 What Worked Well for UBS-PW? ....................... 140
7.4.4.2 What to Do Differently Next Time .................... 140
References ..................................................................................................... 141
Bibliography .................................................................................................. 141

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required