Figure 1.1: |
Classification of information security analysts |
Figure 1.2: |
Time-consuming activities for information security professionals |
Figure 1.3: |
Training needs identified by information security professionals |
Figure 1.4: |
ILOVEYOU virus |
Figure 1.5: |
T.J. Maxx |
Figure 1.6: |
Defaced Georgian foreign ministry website |
Figure 1.7: |
Google-China offices |
Figure 1.8: |
Online Software Inspector |
Figure 1.9: |
PC audit report |
Figure 1.10: |
Contents of Downloads folder for Steganography exercise |
Figure 1.11: |
Commands to hide text files at the end of image files |
Figure 1.12: |
Manipulated images among original images |
Figure 1.13: |
Opening image files in Notepad |
Figure 1.14: |
Secret message hidden at the end of the image file |
Figure 1.15: |
Sunshine State University funding sources |
Figure 1.16: |
Extract from the organization structure of Sunshine State University |
Figure 2.1: |
Paul Ceglia |
Figure 2.2: |
Windows desktop usage—April 2013 |
Figure 2.3: |
System Center Operation Manager |
Figure 2.4: |
Unix family tree |
Figure 2.5: |
Albert Gonzalez, at the time of his indictment in August 2009 |
Figure 2.6: |
T J Maxx sales (2005–2010) |
Figure 2.7: |
Virtual machine structure |
Figure 2.8: |
VirtualBox download page |
Figure 2.9: |
VirtualBox installer welcome screen |
Figure 2.10: |
Default install Location |
Figure 2.11: |
VirtualBox install confirmation |
Figure 2.12: |
VirtualBox manager |
Figure 2.13: |
Default setting for OS import |
Figure 2.14: |
Virtual machine in Virtual machine manager |
Figure 2.15: |
CPU error |
Figure 2.16: |
Enabling PAE |
Figure 2.17: |
Attach the VM to NAT |
Figure 2.18: |
CentOS VM login screen |
Figure 2.19: |
CentOS Linux desktop |
Figure 2.20: |
Sunshine State University email infrastructure |
Figure 3.1: |
Operating system structure |
Figure 3.2: |
Reaching the command prompt window |
Figure 3.3: |
Unix file hierarchy |
Figure 3.4: |
vimtutor interface |
Figure 3.5: |
Reaching users and groups manager |
Figure 3.6: |
Adding users |
Figure 3.7: |
Group manager |
Figure 4.1: |
The basic information security model |
Figure 4.2: |
Example CVE listing at the time of reporting |
Figure 4.3: |
NVD entry for the CVE listing |
Figure 4.4: |
ATLAS web interface |
Figure 4.5: |
Phishing example |
Figure 4.6: |
Adobe Flash zero-day exploit launched on February 28, 2011 |
Figure 4.7: |
Exploit usage |
Figure 4.8: |
Using a browser on the VM |
Figure 5.1: |
J-20 fighter |
Figure 5.2: |
The elements of asset characterization |
Figure 5.3: |
Generic IT asset life cycle |
Figure 5.4: |
Student Information System |
Figure 5.5: |
Uses of a hacked PC |
Figure 6.1: |
Threat model |
Figure 6.2: |
Threat agents over time by percent of breaches |
Figure 6.3: |
External agents |
Figure 6.4A: |
Chinese J-20 jet |
Figure 6.4B: |
Lockheed F-22 jet |
Figure 6.5: |
Internal agents |
Figure 6.6: |
Partners |
Figure 6.7: |
Edward Snowden |
Figure 6.8: |
Datagram ISP goes down with Hurricane Sandy |
Figure 6.9: |
Melissa error message |
Figure 6.10: |
High level XSS attack |
Figure 6.11: |
Bonzi buddy |
Figure 6.12: |
Top vendor vulnerability breakdown |
Figure 6.13: |
Firefox certificate exception |
Figure 6.14: |
GSA main screen |
Figure 6.15: |
New Task configuration |
Figure 6.16: |
Starting a new scan |
Figure 6.17: |
Viewing scan details |
Figure 6.18: |
Report page |
Figure 7.1: |
Encryption and decryption in context |
Figure 7.2: |
Reference to Caesar cipher |
Figure 7.3: |
Secret key cryptography overview |
Figure 7.4: |
Public-key cryptography overview for data transmission |
Figure 7.5: |
Using public-key encryption for digital signatures |
Figure 7.6: |
Checksums example |
Figure 7.7: |
Generic form of block encryption |
Figure 7.8: |
Electronic code book |
Figure 7.9: |
Cipher block chaining |
Figure 7.10: |
Hash functions |
Figure 7.11: |
Public-key certification process |
Figure 7.12: |
CAs in browser |
Figure 7.13: |
Untrusted certificate |
Figure 7.14: |
GPG passphrase dialog |
Figure 8.1: |
Identity and access management |
Figure 8.2: |
Match/Merge flowchart |
Figure 8.3: |
Smart card in a USB card reader |
Figure 8.4: |
Hardware token |
Figure 8.5: |
Fingerprint with minutia highlighted |
Figure 8.6: |
Iris scanning in the Dubai Airport |
Figure 8.7: |
Kerberos ticket exchange |
Figure 8.8: |
Token-based authentication |
Figure 8.9: |
Central authentication service |
Figure 8.10: |
Discovery service for the InCommon federation |
Figure 8.11: |
SSO with a SAML federation |
Figure 8.12: |
OpenID |
Figure 8.13: |
OpenID 2.0 provider selection screen |
Figure 8.14: |
http://trendsmap.com |
Figure 8.15: |
OAuth token passing |
Figure 8.16: |
Application UserId and ProviderUserId |
Figure 8.17: |
Intruder's attack path to military establishments |
Figure 8.18: |
Configuration QR code |
Figure 8.19: |
Google Authenticator (iOS) |
Figure 9.1: |
Access matrix example |
Figure 9.2: |
Typical firewall |
Figure 9.3: |
Perimeter firewalls and demilitarized zones |
Figure 9.4: |
Windows firewall blocking http |
Figure 9.5: |
Windows firewall allowing http |
Figure 9.6: |
Typical competitor console, circa 2003 |
Figure 9.7: |
AirTight console, circa 2005 |
Figure 9.8: |
/var/ossec/etc/ossec.conf (after change) |
Figure 9.9: |
OSSEC-WebUI |
Figure 9.10: |
Superb Fairy-Wrens, 40% success rate with security controls |
Figure 11.1: |
IRT interactions |
Figure 11.2: |
IRT communications |
Figure 11.3: |
DollSays |
Figure 11.4: |
Website defacement example |
Figure 11.5: |
PII search |
Figure 11.6: |
OSSEC, a popular file integrity tool |
Figure 11.7: |
Typical logs consolidated |
Figure 11.8: |
Log analysis |
Figure 11.9: |
End point protection example |
Figure 11.10: |
Containment, eradication, and recovery timeline |
Figure 12.1: |
Event Viewer Screen on Windows 8 |
Figure 12.2: |
Summary of Administrative Events pane |
Figure 12.3: |
Recently viewed nodes |
Figure 12.4: |
Log Summary pane |
Figure 12.5: |
- Informational event screenshot |
Figure 12.6: |
Windows Administrative Events view |
Figure 12.7: |
syslog file evidence |
Figure 12.8: |
auth.log file |
Figure 12.9: |
Sample run of last |
Figure 12.10: |
Output of w command |
Figure 12.11: |
Security Log snapshot |
Figure 12.12: |
Log consolidation |
Figure 12.13: |
Output of system info program |
Figure 12.14: |
The sfc command |
Figure 12.15: |
Windows MAC timestamps |
Figure 12.16: |
File Explorer with timestamps |
Figure 12.17: |
Sample timeline |
Figure 12.18: |
Information Security and IT Risk Management is not affiliated with or otherwise sponsored by Dropbox, Inc. |
Figure 13.1: |
Policy, standard, and guideline |
Figure 13.2: |
Compliance |
Figure 14.1: |
NIST 800-39 risk-management framework |
Figure 14.2: |
Threat model |
Figure 14.3: |
Risk assessment model |
Figure 14.4: |
Sarbanes–Oxley auditing guidelines workflow for impact on IT |