Instant Access To CISSP All in One Exam Guide 7th Edition Shon Harris Ebook Full Chapters

Full download ebook at ebookmass.
com
CISSP All in one Exam Guide 7th Edition Shon

Harris
https://ebookmass.com/product/cissp-all-in-one-
exam-guide-7th-edition-shon-harris/
Download more ebook from https://ebookmass.com

More products digital (pdf, epub, mobi) instant
download maybe you interests ...
Cissp All-In-One Exam Guide 8th Edition Shon Harris
https://ebookmass.com/product/cissp-all-in-one-exam-guide-8th-edition-
shon-harris/
ebookmass.com
CISSP All-in-One Exam Guide 7th edition Edition Harris
https://ebookmass.com/product/cissp-all-in-one-exam-guide-7th-edition-
edition-harris/
ebookmass.com
All in One CISSP Exam Guide 9th Edition Fernando Maymí
https://ebookmass.com/product/all-in-one-cissp-exam-guide-9th-edition-
fernando-maymi/
ebookmass.com
CISSP Practice Exams, Fourth Edition Shon Harris
https://ebookmass.com/product/cissp-practice-exams-fourth-edition-
shon-harris/
ebookmass.com
CompTIA Network+ Certification All in One Exam Guide,
Seventh Edition (Exam N10 007) 7th Edition, (Ebook PDF)
https://ebookmass.com/product/comptia-network-certification-all-in-
one-exam-guide-seventh-edition-exam-n10-007-7th-edition-ebook-pdf/
ebookmass.com
CompTIA PenTest+ Certification All-in-One Exam Guide (Exam

PT0-001) 1st Edition
https://ebookmass.com/product/comptia-pentest-certification-all-in-
one-exam-guide-exam-pt0-001-1st-edition/
ebookmass.com
CEH All-in-One Exam Guide, 3e, Professional Matt Walker
https://ebookmass.com/product/ceh-all-in-one-exam-
guide-3e-professional-matt-walker/
ebookmass.com
CC Certified in Cybersecurity All-in-One Exam Guide Steven

Bennett
https://ebookmass.com/product/cc-certified-in-cybersecurity-all-in-
one-exam-guide-steven-bennett-2/
ebookmass.com
CC Certified in Cybersecurity All-in-One Exam Guide Steven

Bennett
https://ebookmass.com/product/cc-certified-in-cybersecurity-all-in-
one-exam-guide-steven-bennett/
ebookmass.com
All-In-One / CISSP All-in-One Exam Guide, Seventh Edition / Harris / 184927-0 / Front Matter
Blind Folio i
ALL IN ONE
CISSP
®
EXAM GUIDE
Seventh Edition
Shon Harris
Fernando Maymí
New York Chicago San Francisco

Athens London Madrid Mexico City
Milan New Delhi Singapore Sydney Toronto
McGraw-Hill Education is an independent entity from (ISC)2® and is not affiliated with (ISC)2 in any manner. This study/
training guide and/or material is not sponsored by, endorsed by, or affiliated with (ISC)2 in any manner. This publication and
CD may be used in assisting students to prepare for the CISSP exam. Neither (ISC)2 nor McGraw-Hill Education warrants
that use of this publication and CD will ensure passing any exam. (ISC)2®, CISSP®, CAP®, ISSAP®, ISSEP®, ISSMP®, SSCP®,
CCSP®, and CBK® are trademarks or registered trademarks of (ISC)2 in the United States and certain other countries. All
other trademarks are trademarks of their respective owners.
00-FM.indd 1 14/04/16 10:24 AM

Blind Folio ii
Library of Congress Cataloging-in-Publication Data

Names: Harris, Shon, author. | Maymi, Fernando, author.
Title: CISSP exam guide / Shon Harris, Fernando Maymi.
Other titles: CISSP all-in-one exam guide
Description: Seventh edition. | New York : McGraw-Hill Education, 2016. |
Includes index.
Identifiers: LCCN 2016017045 (print) | LCCN 2016017235 (ebook) | ISBN
9780071849272 (set : alk. paper) | ISBN 9780071849616 (book : alk. paper)
| ISBN 9780071849258 (CD) | ISBN 0071849270 (set : alk. paper) | ISBN
0071849610 (book : alk. paper) | ISBN 0071849254 (CD) | ISBN 9780071849265
()
Subjects: LCSH: Computer networks—Examinations—Study guides. |
Telecommunications engineers—Certification.
Classification: LCC TK5105.5 .H368 2016 (print) | LCC TK5105.5 (ebook) | DDC
005.8—dc23
LC record available at https://lccn.loc.gov/2016017045
McGraw-Hill Education books are available at special quantity discounts to use as premiums and sales promotions,
or for use in corporate training programs. To contact a representative, please visit the Contact Us pages at
www.mhprofessional.com.
CISSP® All-in-One Exam Guide, Seventh Edition
Copyright © 2016 by McGraw-Hill Education. All rights reserved. Printed in the United States of America. Except as
permitted under the Copyright Act of 1976, no part of this publication may be reproduced or distributed in any form
or by any means, or stored in a database or retrieval system, without the prior written permission of publisher, with
the exception that the program listings may be entered, stored, and executed in a computer system, but they may not
be reproduced for publication.
All trademarks or copyrights mentioned herein are the possession of their respective owners and McGraw-Hill
Education makes no claim of ownership by the mention of products that contain these marks.
1 2 3 4 5 6 7 8 9 DOC 21 20 19 18 17 16
ISBN: Book p/n 978-0-07-184961-6 and CD p/n 978-0-07-184925-8
of set 978-0-07-184927-2
MHID: Book p/n 0-07-184961-0 and CD p/n 0-07-184925-4
of set 0-07-184927-0
Sponsoring Editor Technical Editor Production Supervisor

Wendy Rinaldi Jonathan Ham James Kussow
Editorial Supervisor Copy Editor Composition
Janet Walden William McManus Cenveo Publisher Services
Project Manager Proofreader Illustration
Yashmita Hota, Lisa McCoy Cenveo Publisher Services
Cenveo® Publisher Services Indexer Art Director, Cover
Acquisitions Coordinator Karin Arrigoni Jeff Weeks
Amy Stonebraker
Information has been obtained by McGraw-Hill Education from sources believed to be reliable. However, because of the possibility
of human or mechanical error by our sources, McGraw-Hill Education, or others, McGraw-Hill Education does not guarantee the
accuracy, adequacy, or completeness of any information and is not responsible for any errors or omissions or the results obtained from
the use of such information.
00-FM.indd 2 14/04/16 5:04 PM

Blind Folio iii
We dedicate this book to all those who have served selflessly.
00-FM.indd 3 14/04/16 10:24 AM

Blind Folio iv
ABOUT THE AUTHORS

Shon Harris, CISSP, was the founder and CEO of Shon Harris Security LLC and Logi-
cal Security LLC, a security consultant, a former engineer in the Air Force’s Informa-
tion Warfare unit, an instructor, and an author. Shon owned and ran her own training
and consulting companies for 13 years prior to her death in 2014. She consulted with
Fortune 100 corporations and government agencies on extensive security issues. She
authored three best-selling CISSP books, was a contributing author to Gray Hat Hacking:
The Ethical Hacker’s Handbook and Security Information and Event Management (SIEM)
Implementation, and a technical editor for Information Security Magazine.
Fernando Maymí, Ph.D., CISSP, is a security practitioner

with over 25 years’ experience in the field. He currently leads
a multidisciplinary team charged with developing disruptive
innovations for cyberspace operations as well as impactful pub-
lic-private partnerships aimed at better securing cyberspace.
Fernando has served as a consultant for both government and
private-sector organizations in the United States and abroad.
He has authored and taught dozens of courses and workshops
in cyber security for academic, government, and professional
audiences in the United States and Latin America. Fernando
is the author of over a dozen publications and holds three
patents. His awards include the U.S. Department of the Army Research and Development
Achievement Award and he was recognized as a HENAAC Luminary. He worked closely
with Shon Harris, advising her on a multitude of projects, including the sixth edition of
the CISSP All-in-One Exam Guide. Fernando is also a volunteer puppy raiser for Guiding
Eyes for the Blind and has raised two guide dogs, Trinket and Virgo.
About the Contributor

Bobby E. Rogers is an information security engineer working as a contractor for Depart-
ment of Defense agencies, helping to secure, certify, and accredit their information sys-
tems. His duties include information system security engineering, risk management, and
certification and accreditation efforts. He retired after 21 years in the U.S. Air Force,
serving as a network security engineer and instructor, and has secured networks all over
the world. Bobby has a master’s degree in information assurance (IA) and is pursuing a
doctoral degree in cybersecurity from Capitol Technology University in Maryland. His
many certifications include CISSP-ISSEP, CEH, and MCSE: Security, as well as the
CompTIA A+, Network+, Security+, and Mobility+ certifications.
00-FM.indd 4 14/04/16 10:24 AM

Blind Folio v
About the Technical Editor

Jonathan Ham, CISSP, GSEC, GCIA, GCIH, is an independent consultant who
specializes in large-scale enterprise security issues, from policy and procedure, through
staffing and training, to scalable prevention, detection, and response technology and
techniques. With a keen understanding of ROI and TCO, he has helped his clients
achieve greater success for more than 12 years, advising in both the public and private
sectors, from small upstarts to the Fortune 500. Jonathan has been commissioned to
teach NCIS investigators how to use Snort, has performed packet analysis from a facil-
ity more than 2,000 feet underground, and has chartered and trained the CIRT for
one of the largest U.S. civilian federal agencies. He is a member of the GIAC Advisory
Board and is a SANS instructor teaching their MGT414: SANS Training Program for
CISSP Certification course. He is also co-author of Network Forensics: Tracking Hackers
Through Cyberspace, a textbook published by Prentice-Hall.
00-FM.indd 5 14/04/16 10:24 AM

CONTENTS AT A GLANCE
Chapter 1 Security and Risk Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

Chapter 2 Asset Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189
Chapter 3 Security Engineering. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247
Chapter 4 Communication and Network Security.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 477
Chapter 5 Identity and Access Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 721
Chapter 6 Security Assessment and Testing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 859
Chapter 7 Security Operations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 923
Chapter 8 Software Development Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1077
Appendix A Comprehensive Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1213
Appendix B About the CD-ROM.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1269
Glossary................................................................................................................. 1273
Index....................................................................................................................... 1291
vi
00-FM.indd 6 14/04/16 10:24 AM

CONTENTS
In Memory of Shon Harris . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxi

Foreword . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxiii
Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxv
From the Author . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxvii
Why Become a CISSP? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxix
Chapter 1 Security and Risk Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Fundamental Principles of Security . . . . . . . . . . . . . . . . . . . . . . . . . 3
Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Integrity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Confidentiality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Balanced Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Security Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Control Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Security Frameworks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
ISO/IEC 27000 Series . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Enterprise Architecture Development . . . . . . . . . . . . . . . . . . 19
Security Controls Development . . . . . . . . . . . . . . . . . . . . . . . 33
Process Management Development . . . . . . . . . . . . . . . . . . . . 37
Functionality vs. Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
The Crux of Computer Crime Laws . . . . . . . . . . . . . . . . . . . . . . . . 45
Complexities in Cybercrime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Electronic Assets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
The Evolution of Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
International Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Types of Legal Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Intellectual Property Laws . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Trade Secret . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Copyright . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Trademark . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Patent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Internal Protection of Intellectual Property . . . . . . . . . . . . . . 67
Software Piracy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Privacy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
The Increasing Need for Privacy Laws . . . . . . . . . . . . . . . . . . 72
Laws, Directives, and Regulations . . . . . . . . . . . . . . . . . . . . . 73
Employee Privacy Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
vii
00-FM.indd 7 14/04/16 10:24 AM

Visit https://ebookmass.com
now to explore a rich
collection of eBooks and enjoy
exciting offers!
CISSP All-in-One Exam Guide

viii
Data Breaches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
U.S. Laws Pertaining to Data Breaches . . . . . . . . . . . . . . . . . 84
Other Nations’ Laws Pertaining to Data Breaches . . . . . . . . . 85
Policies, Standards, Baselines, Guidelines, and Procedures . . . . . . . . 86
Security Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Standards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
Baselines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Implementation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Risk Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
Holistic Risk Management . . . . . . . . . . . . . . . . . . . . . . . . . . 95
Information Systems Risk Management Policy . . . . . . . . . . . 95
The Risk Management Team . . . . . . . . . . . . . . . . . . . . . . . . . 96
The Risk Management Process . . . . . . . . . . . . . . . . . . . . . . . 97
Threat Modeling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
Threats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
Reduction Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
Risk Assessment and Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
Risk Analysis Team . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
The Value of Information and Assets . . . . . . . . . . . . . . . . . . . 104
Costs That Make Up the Value . . . . . . . . . . . . . . . . . . . . . . . 105
Identifying Vulnerabilities and Threats . . . . . . . . . . . . . . . . . 106
Methodologies for Risk Assessment . . . . . . . . . . . . . . . . . . . . 107
Risk Analysis Approaches . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
Qualitative Risk Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
Protection Mechanisms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
Putting It Together . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
Total Risk vs. Residual Risk . . . . . . . . . . . . . . . . . . . . . . . . . . 123
Handling Risk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
Outsourcing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
Risk Management Frameworks . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
Categorize Information System . . . . . . . . . . . . . . . . . . . . . . . 128
Select Security Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
Implement Security Controls . . . . . . . . . . . . . . . . . . . . . . . . . 129
Assess Security Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
Authorize Information System . . . . . . . . . . . . . . . . . . . . . . . . 130
Monitor Security Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
Business Continuity and Disaster Recovery . . . . . . . . . . . . . . . . . . . 130
Standards and Best Practices . . . . . . . . . . . . . . . . . . . . . . . . . 133
Making BCM Part of the Enterprise Security Program . . . . . 136
BCP Project Components . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
00-FM.indd 8 14/04/16 10:24 AM

Contents
ix
Personnel Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
Hiring Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155
Termination . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
Security-Awareness Training . . . . . . . . . . . . . . . . . . . . . . . . . 157
Degree or Certification? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
Security Governance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
Metrics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160
Ethics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165
The Computer Ethics Institute . . . . . . . . . . . . . . . . . . . . . . . 166
The Internet Architecture Board . . . . . . . . . . . . . . . . . . . . . . 166
Corporate Ethics Programs . . . . . . . . . . . . . . . . . . . . . . . . . . 168
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168
Quick Tips . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175
Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184
Chapter 2 Asset Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189
Information Life Cycle . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190
Acquisition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190
Use . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
Archival . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
Disposal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192
Information Classification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193
Classifications Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194
Classification Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197
Layers of Responsibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
Executive Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
Data Owner . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
Data Custodian . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204
System Owner . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204
Security Administrator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205
Supervisor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205
Change Control Analyst . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205
Data Analyst . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205
User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
Auditor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
Why So Many Roles? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
Retention Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
Developing a Retention Policy . . . . . . . . . . . . . . . . . . . . . . . . 207
Protecting Privacy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210
Data Owners . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210
Data Processers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211
Data Remanence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211
Limits on Collection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214
00-FM.indd 9 14/04/16 10:24 AM


x
Protecting Assets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215
Data Security Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216
Media Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219
Data Leakage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
Data Leak Prevention . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226
Protecting Other Assets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234
Protecting Mobile Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . 234
Paper Records . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235
Safes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236
Quick Tips . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237
Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239
Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243
Chapter 3 Security Engineering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247
System Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248
Computer Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252
The Central Processing Unit . . . . . . . . . . . . . . . . . . . . . . . . . 252
Multiprocessing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257
Memory Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258
Operating Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271
Process Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271
Memory Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280
Input/Output Device Management . . . . . . . . . . . . . . . . . . . . 285
CPU Architecture Integration . . . . . . . . . . . . . . . . . . . . . . . . 287
Operating System Architectures . . . . . . . . . . . . . . . . . . . . . . . 291
Virtual Machines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298
System Security Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301
Security Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301
Security Architecture Requirements . . . . . . . . . . . . . . . . . . . . 302
Security Models . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307
Bell-LaPadula Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307
Biba Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308
Clark-Wilson Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309
Noninterference Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 310
Brewer and Nash Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311
Graham-Denning Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311
Harrison-Ruzzo-Ullman Model . . . . . . . . . . . . . . . . . . . . . . . 312
Systems Evaluation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313
Common Criteria . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313
Why Put a Product Through Evaluation? . . . . . . . . . . . . . . . 317
Certification vs. Accreditation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 318
Certification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 318
Accreditation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319
00-FM.indd 10 14/04/16 10:24 AM

Contents
xi
Open vs. Closed Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 320
Open Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 320
Closed Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 320
Distributed System Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 321
Cloud Computing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 322
Parallel Computing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323
Databases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 324
Web Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 326
Mobile Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 327
Cyber-Physical Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 328
A Few Threats to Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332
Maintenance Hooks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333
Time-of-Check/Time-of-Use Attacks . . . . . . . . . . . . . . . . . . . 333
Cryptography in Context . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 335
The History of Cryptography . . . . . . . . . . . . . . . . . . . . . . . . 335
Cryptography Definitions and Concepts . . . . . . . . . . . . . . . . . . . . . 340
Kerckhoffs’ Principle . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 342
The Strength of the Cryptosystem . . . . . . . . . . . . . . . . . . . . . 343
Services of Cryptosystems . . . . . . . . . . . . . . . . . . . . . . . . . . . 344
One-Time Pad . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 345
Running and Concealment Ciphers . . . . . . . . . . . . . . . . . . . . 347
Steganography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 348
Types of Ciphers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 350
Substitution Ciphers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351
Transposition Ciphers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351
Methods of Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 353
Symmetric vs. Asymmetric Algorithms . . . . . . . . . . . . . . . . . 353
Symmetric Cryptography . . . . . . . . . . . . . . . . . . . . . . . . . . . 354
Block and Stream Ciphers . . . . . . . . . . . . . . . . . . . . . . . . . . . 359
Hybrid Encryption Methods . . . . . . . . . . . . . . . . . . . . . . . . . 364
Types of Symmetric Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 369
Data Encryption Standard . . . . . . . . . . . . . . . . . . . . . . . . . . . 370
Triple-DES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 377
Advanced Encryption Standard . . . . . . . . . . . . . . . . . . . . . . . 378
International Data Encryption Algorithm . . . . . . . . . . . . . . . 378
Blowfish . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 379
RC4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 379
RC5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 379
RC6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 379
Types of Asymmetric Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 380
Diffie-Hellman Algorithm . . . . . . . . . . . . . . . . . . . . . . . . . . . 380
RSA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 383
El Gamal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 386
Elliptic Curve Cryptosystems . . . . . . . . . . . . . . . . . . . . . . . . 386
Knapsack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 387
Zero Knowledge Proof . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 387
00-FM.indd 11 14/04/16 10:24 AM


xii
Message Integrity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 388
The One-Way Hash . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 388
Various Hashing Algorithms . . . . . . . . . . . . . . . . . . . . . . . . . 393
MD4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 394
MD5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 394
SHA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 395
Attacks Against One-Way Hash Functions . . . . . . . . . . . . . . . 395
Digital Signatures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 396
Digital Signature Standard . . . . . . . . . . . . . . . . . . . . . . . . . . . 398
Public Key Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 399
Certificate Authorities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 399
Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 402
The Registration Authority . . . . . . . . . . . . . . . . . . . . . . . . . . 402
PKI Steps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 403
Key Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 404
Key Management Principles . . . . . . . . . . . . . . . . . . . . . . . . . 406
Rules for Keys and Key Management . . . . . . . . . . . . . . . . . . 407
Trusted Platform Module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 407
TPM Uses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 408
Attacks on Cryptography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 409
Ciphertext-Only Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . 410
Known-Plaintext Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . 410
Chosen-Plaintext Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . 410
Chosen-Ciphertext Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . 410
Differential Cryptanalysis . . . . . . . . . . . . . . . . . . . . . . . . . . . 411
Linear Cryptanalysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 412
Side-Channel Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 412
Replay Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 413
Algebraic Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 413
Analytic Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 413
Statistical Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 413
Social Engineering Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . 413
Meet-in-the-Middle Attacks . . . . . . . . . . . . . . . . . . . . . . . . . 414
Site and Facility Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 414
The Site Planning Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 415
Crime Prevention Through Environmental Design . . . . . . . . 420
Designing a Physical Security Program . . . . . . . . . . . . . . . . . 426
Protecting Assets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 439
Protecting Mobile Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . 439
Using Safes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 440
Internal Support Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 440
Electric Power . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 441
Environmental Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 446
Fire Prevention, Detection, and Suppression . . . . . . . . . . . . . 448
00-FM.indd 12 14/04/16 10:24 AM

Contents
xiii
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 455
Quick Tips . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 455
Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 461
Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 471
Chapter 4 Communication and Network Security . . . . . . . . . . . . . . . . . . . . . . . . 477
Telecommunications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 479
Open Systems Interconnection Reference Model . . . . . . . . . . . . . . 479
Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 480
Application Layer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 483
Presentation Layer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 484
Session Layer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 485
Transport Layer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 487
Network Layer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 489
Data Link Layer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 490
Physical Layer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 491
Functions and Protocols in the OSI Model . . . . . . . . . . . . . . 492
Tying the Layers Together . . . . . . . . . . . . . . . . . . . . . . . . . . . 494
Multilayer Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 495
TCP/IP Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 497
TCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 498
IP Addressing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 503
IPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 506
Layer 2 Security Standards . . . . . . . . . . . . . . . . . . . . . . . . . . . 509
Converged Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 511
Types of Transmission . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 512
Analog and Digital . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 512
Asynchronous and Synchronous . . . . . . . . . . . . . . . . . . . . . . 514
Broadband and Baseband . . . . . . . . . . . . . . . . . . . . . . . . . . . 516
Cabling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 517
Coaxial Cable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 517
Twisted-Pair Cable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 518
Fiber-Optic Cable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 519
Cabling Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 520
Networking Foundations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 522
Network Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 523
Media Access Technologies . . . . . . . . . . . . . . . . . . . . . . . . . . 526
Transmission Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 536
Network Protocols and Services . . . . . . . . . . . . . . . . . . . . . . . 538
Domain Name Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 547
E-mail Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 555
Network Address Translation . . . . . . . . . . . . . . . . . . . . . . . . . 560
Routing Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 562
Networking Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 567
Repeaters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 567
Bridges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 567
00-FM.indd 13 14/04/16 10:24 AM


xiv
Routers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 570
Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 571
Gateways . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 576
PBXs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 577
Firewalls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 581
Proxy Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 605
Honeypot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 607
Unified Threat Management . . . . . . . . . . . . . . . . . . . . . . . . . 607
Content Distribution Networks . . . . . . . . . . . . . . . . . . . . . . . 608
Software Defined Networking . . . . . . . . . . . . . . . . . . . . . . . . 609
Intranets and Extranets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 612
Metropolitan Area Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 614
Metro Ethernet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 615
Wide Area Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 617
Telecommunications Evolution . . . . . . . . . . . . . . . . . . . . . . . 617
Dedicated Links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 620
WAN Technologies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 624
Remote Connectivity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 644
Dial-up Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 644
ISDN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 645
DSL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 647
Cable Modems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 648
VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 649
Authentication Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . 657
Wireless Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 659
Wireless Communications Techniques . . . . . . . . . . . . . . . . . . 660
WLAN Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 664
Evolution of WLAN Security . . . . . . . . . . . . . . . . . . . . . . . . 665
Wireless Standards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 672
Best Practices for Securing WLANs . . . . . . . . . . . . . . . . . . . . 677
Satellites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 678
Mobile Wireless Communication . . . . . . . . . . . . . . . . . . . . . 678
Network Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 685
Link Encryption vs. End-to-End Encryption . . . . . . . . . . . . . 685
E-mail Encryption Standards . . . . . . . . . . . . . . . . . . . . . . . . . 687
Internet Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 690
Network Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 696
Denial of Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 696
Sniffing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 698
DNS Hijacking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 699
Drive-by Download . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 700
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 700
Quick Tips . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 701
Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 706
Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 715
00-FM.indd 14 14/04/16 10:24 AM

Visit https://ebookmass.com
now to explore a rich
collection of eBooks and enjoy
exciting offers!
Contents
xv
Chapter 5 Identity and Access Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 721
Security Principles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 723
Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 723
Integrity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 723
Confidentiality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 724
Identification, Authentication, Authorization, and Accountability . . . 724
Identification and Authentication . . . . . . . . . . . . . . . . . . . . . 727
Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 739
Authorization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 762
Federation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 776
Identity as a Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 785
Integrating Identity Services . . . . . . . . . . . . . . . . . . . . . . . . . 786
Access Control Models . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 787
Discretionary Access Control . . . . . . . . . . . . . . . . . . . . . . . . . 787
Mandatory Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . 789
Role-Based Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . 791
Rule-Based Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . 794
Access Control Techniques and Technologies . . . . . . . . . . . . . . . . . 796
Constrained User Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . 796
Access Control Matrix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 797
Content-Dependent Access Control . . . . . . . . . . . . . . . . . . . 798
Context-Dependent Access Control . . . . . . . . . . . . . . . . . . . 799
Access Control Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 799
Centralized Access Control Administration . . . . . . . . . . . . . . 800
Decentralized Access Control Administration . . . . . . . . . . . . 807
Access Control Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 807
Access Control Layers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 808
Administrative Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . 809
Physical Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 810
Technical Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 811
Accountability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 814
Review of Audit Information . . . . . . . . . . . . . . . . . . . . . . . . . 816
Protecting Audit Data and Log Information . . . . . . . . . . . . . 818
Keystroke Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 818
Access Control Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 819
Unauthorized Disclosure of Information . . . . . . . . . . . . . . . . 819
Access Control Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 822
Intrusion Detection Systems . . . . . . . . . . . . . . . . . . . . . . . . . 822
Intrusion Prevention Systems . . . . . . . . . . . . . . . . . . . . . . . . 830
Threats to Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 834
Dictionary Attack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 835
Brute-Force Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 835
Spoofing at Logon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 836
Phishing and Pharming . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 836
00-FM.indd 15 14/04/16 10:24 AM


xvi
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 840
Quick Tips . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 840
Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 845
Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 854
Chapter 6 Security Assessment and Testing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 859
Audit Strategies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 860
Internal Audits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 862
Third-Party Audits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 863
Auditing Technical Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 865
Vulnerability Testing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 866
Penetration Testing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 869
War Dialing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 874
Other Vulnerability Types . . . . . . . . . . . . . . . . . . . . . . . . . . . 875
Postmortem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 876
Log Reviews . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 878
Synthetic Transactions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 881
Misuse Case Testing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 882
Code Reviews . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 884
Interface Testing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 886
Auditing Administrative Controls . . . . . . . . . . . . . . . . . . . . . . . . . . 886
Account Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 886
Backup Verification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 889
Disaster Recovery and Business Continuity . . . . . . . . . . . . . . 892
Security Training and Security Awareness Training . . . . . . . . 899
Key Performance and Risk Indicators . . . . . . . . . . . . . . . . . . 903
Reporting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 905
Technical Reporting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 906
Executive Summaries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 907
Management Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 908
Before the Management Review . . . . . . . . . . . . . . . . . . . . . . 909
Reviewing Inputs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 909
Management Actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 911
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 911
Quick Tips . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 911
Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 914
Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 919
Chapter 7 Security Operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 923
The Role of the Operations Department . . . . . . . . . . . . . . . . . . . . . 924
Administrative Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 925
Security and Network Personnel . . . . . . . . . . . . . . . . . . . . . . 928
Accountability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 929
Clipping Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 930
00-FM.indd 16 14/04/16 10:24 AM

Contents
xvii
Assurance Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 930
Operational Responsibilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 931
Unusual or Unexplained Occurrences . . . . . . . . . . . . . . . . . . 931
Deviations from Standards . . . . . . . . . . . . . . . . . . . . . . . . . . 932
Unscheduled Initial Program Loads (aka Rebooting) . . . . . . . 932
Configuration Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 933
Trusted Recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 933
Input and Output Controls . . . . . . . . . . . . . . . . . . . . . . . . . . 936
System Hardening . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 937
Remote Access Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 939
Physical Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 940
Facility Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 941
Personnel Access Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . 949
External Boundary Protection Mechanisms . . . . . . . . . . . . . . 950
Intrusion Detection Systems . . . . . . . . . . . . . . . . . . . . . . . . . 960
Patrol Force and Guards . . . . . . . . . . . . . . . . . . . . . . . . . . . . 962
Dogs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 963
Auditing Physical Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . 963
Secure Resource Provisioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 964
Asset Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 964
Configuration Management . . . . . . . . . . . . . . . . . . . . . . . . . 966
Provisioning Cloud Assets . . . . . . . . . . . . . . . . . . . . . . . . . . . 969
Network and Resource Availability . . . . . . . . . . . . . . . . . . . . . . . . . 970
Mean Time Between Failures . . . . . . . . . . . . . . . . . . . . . . . . . 971
Mean Time to Repair . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 972
Single Points of Failure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 973
Backups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 981
Contingency Planning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 983
Preventative Measures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 984
Firewalls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 985
Intrusion Detection and Prevention Systems . . . . . . . . . . . . . 986
Antimalware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 988
Patch Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 988
Honeypots . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 991
The Incident Management Process . . . . . . . . . . . . . . . . . . . . . . . . . 993
Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 998
Response . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 998
Mitigation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 999
Reporting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1000
Recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1001
Remediation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1001
Disaster Recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1002
Business Process Recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . 1006
Facility Recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1006
00-FM.indd 17 14/04/16 10:24 AM


xviii
Supply and Technology Recovery . . . . . . . . . . . . . . . . . . . . . . 1013
Choosing a Software Backup Facility . . . . . . . . . . . . . . . . . . . 1018
End-User Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1021
Data Backup Alternatives . . . . . . . . . . . . . . . . . . . . . . . . . . . 1021
Electronic Backup Solutions . . . . . . . . . . . . . . . . . . . . . . . . . 1025
High Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1028
Insurance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1030
Recovery and Restoration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1031
Developing Goals for the Plans . . . . . . . . . . . . . . . . . . . . . . . 1034
Implementing Strategies . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1036
Investigations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1038
Computer Forensics and Proper Collection of Evidence . . . . 1039
Motive, Opportunity, and Means . . . . . . . . . . . . . . . . . . . . . 1041
Computer Criminal Behavior . . . . . . . . . . . . . . . . . . . . . . . . 1042
Incident Investigators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1042
The Forensic Investigation Process . . . . . . . . . . . . . . . . . . . . . 1043
What Is Admissible in Court? . . . . . . . . . . . . . . . . . . . . . . . . 1049
Surveillance, Search, and Seizure . . . . . . . . . . . . . . . . . . . . . . 1051
Interviewing Suspects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1052
Liability and Its Ramifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1053
Liability Scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1056
Third-Party Risk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1058
Contractual Agreements . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1058
Procurement and Vendor Processes . . . . . . . . . . . . . . . . . . . . 1059
Compliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1060
Personal Safety Concerns . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1063
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1064
Quick Tips . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1064
Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1067
Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1072
Chapter 8 Software Development Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1077
Building Good Code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1077
Where Do We Place Security? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1078
Different Environments Demand Different Security . . . . . . . 1080
Environment vs. Application . . . . . . . . . . . . . . . . . . . . . . . . . 1081
Functionality vs. Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1082
Implementation and Default Issues . . . . . . . . . . . . . . . . . . . . 1082
Software Development Life Cycle . . . . . . . . . . . . . . . . . . . . . . . . . . 1084
Project Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1084
Requirements Gathering Phase . . . . . . . . . . . . . . . . . . . . . . . 1085
Design Phase . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1086
Development Phase . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1089
Testing/Validation Phase . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1093
Release/Maintenance Phase . . . . . . . . . . . . . . . . . . . . . . . . . . 1095
00-FM.indd 18 14/04/16 10:24 AM

Contents
xix
Secure Software Development Best Practices . . . . . . . . . . . . . . . . . . 1097
Software Development Models . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1098
Build and Fix Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1099
Waterfall Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1099
V-Shaped Model (V-Model) . . . . . . . . . . . . . . . . . . . . . . . . . 1100
Prototyping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1101
Incremental Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1101
Spiral Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1102
Rapid Application Development . . . . . . . . . . . . . . . . . . . . . . 1104
Agile Models . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1105
Integrated Product Team . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1109
DevOps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1109
Capability Maturity Model Integration . . . . . . . . . . . . . . . . . . . . . . 1111
Change Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1113
Software Configuration Management . . . . . . . . . . . . . . . . . . 1114
Security of Code Repositories . . . . . . . . . . . . . . . . . . . . . . . . 1116
Programming Languages and Concepts . . . . . . . . . . . . . . . . . . . . . . 1116
Assemblers, Compilers, Interpreters . . . . . . . . . . . . . . . . . . . . 1119
Object-Oriented Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . 1121
Other Software Development Concepts . . . . . . . . . . . . . . . . 1129
Application Programming Interfaces . . . . . . . . . . . . . . . . . . . 1131
Distributed Computing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1132
Distributed Computing Environment . . . . . . . . . . . . . . . . . . 1132
CORBA and ORBs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1134
COM and DCOM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1136
Java Platform, Enterprise Edition . . . . . . . . . . . . . . . . . . . . . 1138
Service-Oriented Architecture . . . . . . . . . . . . . . . . . . . . . . . . 1138
Mobile Code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1142
Java Applets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1142
ActiveX Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1144
Web Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1146
Specific Threats for Web Environments . . . . . . . . . . . . . . . . . 1146
Web Application Security Principles . . . . . . . . . . . . . . . . . . . 1154
Database Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1155
Database Management Software . . . . . . . . . . . . . . . . . . . . . . 1155
Database Models . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1157
Database Programming Interfaces . . . . . . . . . . . . . . . . . . . . . 1161
Relational Database Components . . . . . . . . . . . . . . . . . . . . . 1164
Integrity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1166
Database Security Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1169
Data Warehousing and Data Mining . . . . . . . . . . . . . . . . . . . 1174
Malicious Software (Malware) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1178
Viruses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1179
Worms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1182
00-FM.indd 19 14/04/16 10:24 AM


xx
Rootkit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1182
Spyware and Adware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1184
Botnets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1184
Logic Bombs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1186
Trojan Horses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1186
Antimalware Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1187
Spam Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1190
Antimalware Programs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1192
Assessing the Security of Acquired Software . . . . . . . . . . . . . . . . . . 1193
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1194
Quick Tips . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1194
Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1199
Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1207
Appendix A Comprehensive Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1213
Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1249
Appendix B About the CD-ROM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1269
System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1269
Total Tester Premium Practice Exam Software . . . . . . . . . . . . . . . . . 1269
Installing and Running Total Tester
Premium Practice Exam Software . . . . . . . . . . . . . . . . . . . . . . . . 1270
Hotspot and Drag-and-Drop Questions . . . . . . . . . . . . . . . . . . . . . 1270
PDF Copy of the Book . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1270
Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1271
Total Seminars Technical Support . . . . . . . . . . . . . . . . . . . . . 1271
McGraw-Hill Education Content Support . . . . . . . . . . . . . . 1271
Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1273
Index. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1291
00-FM.indd 20 14/04/16 10:24 AM

Random documents with unrelated
content Scribd suggests to you:
his purpose. His anger was in no way mitigated; his intention of
revenge lessened by no whit. He was merely waiting to collect his
thoughts so as to be in a position to attack with most deadly effect.
He was opening his lips to speak when the other went on as though
he had but concluded one section or division of what he had to say:
“And now sir as to the manifest doubt you expressed as to my
bona fides in placing my life in your hands—your apprehension lest I
should try to evade my responsibility to the laws of honour by an
appeal in some way to a court of law. Let me set your mind at ease
by placing before you my views; and my views, let me tell you, are
ultimately my intentions. I have tried to assure you that with the
exception of waiting to ask your consent to taking … a certain
passenger for a drive, my conduct has from that moment been such
as you could not find fault with. I take it for granted that you—nor
no man—could honestly resent such familiarities as are customary
to, and consequent on, a man offering marriage to a lady, and
pressing his suit with such zeal as is, or should be, attendant on the
expression of a passion which he feels very deeply!” Even whilst he
was speaking, his subconsciousness was struck by his own coolness.
He marvelled that he could, synchronously with the fearful effort
necessary to his self-control and with despair gnawing at his heart,
speak with such cold blooded preciseness. As is usual in such
psychical stresses his memory took note for future reference of
every detail.
His opponent on the contrary burst all at once into another fit of
flaming passion. Athlyne’s very preciseness seemed to have inflamed
him afresh. He thundered out:
“Familiarities sir, on offering marriage! Do you dare to trifle with
me at a time like this. When but a few minutes ago I saw you here
in this lonely place, at this hour of the morning after a night of
absence, undressed as you were, holding in your arms my daughter
undressed also… God’s death! sir, be careful or you shall rue it!” He
stopped almost choking with passion. Athlyne felt himself once more
overwhelmed with the cold wave of responsibility. “Joy! Joy! Joy!” he
kept repeating to himself as a sort of charm to keep off evil. To let
go his anger now might—would be fatal to her happiness. He
marvelled to himself as he went on in equal voice, seemingly calm:
“That sir was with no intent of evil. ’Twas but a natural
consequence of the series of disasters which fell on the enterprise
which had so crowned my happiness. When I turned to come home
so that … so that the lady might be in time to meet her parents who
were expected to arrive at—at her destination, I forgot, in my
eagerness to meet her wishes, the regulations as to speed; and I
was arrested for furious driving. In my anxiety to save her from any
form of exposal to publicity, and in my perplexity as to how to
manage it, I advised her returning by herself in my motor, I
remaining at Dalry. When she had gone, and I had arranged for
attending the summons served on me, I wired over to this hotel to
keep me rooms. I thought it better that as J … that as the lady had
gone to England I should remain in Scotland. I started to walk here;
but I was overtaken by a fog and delayed for hours behind my time.
The house was locked up—every one asleep. The night porter who
let me in told me that as I had not arrived, as by my telegram, the
bedroom I had ordered was let to some one else who had arrived in
a plight similar to my own. ‘Another party’ were his words; I had no
clue to whom or what the other visitor was. The only place left in
the house unoccupied—for there were many unexpected guests
through the fog—was that sofa. There I slept. Only a few minutes
ago I was waked by some one coming into the room. When I saw
that it was … when I saw who it was—the woman whom I loved and
whom I intended to marry—I naturally took her in my arms without
thinking.” Then without pausing, for he saw the anger in the
Colonel’s face and felt that to prolong this part of the narration was
dangerous, he went on quickly:
“I trust that you understand, Colonel Ogilvie, that this
explanation in no way infringes your right of punishing me as you
suggest. Please understand—and this is my answer to your
suggestion as to my appealing to law—that I accept your wish to go
through the form of a duel!” He was hotly interrupted by the
Colonel:
“Form of a duel! Is this another insult? When I say fight I mean
fight—understand that. I fight à l’outrance; and that way only.”
Athlyne’s composure did not seem even ruffled:
“Exactly! I took no other meaning. But surely I am entitled to
take it that even a real duel has the form of a duel!”
“Then what do you mean sir by introducing the matter that
way?”
“Simply, Colonel Ogilvie, to protect myself from a later
accusation on your part—either to me or of me—of a charge of
poltroonery; or even a silent suspicion of it in your own mind!”
“How do you mean?”
“Sir, I only speak for myself. I have already said more than once
that I hold my life at your disposal. From that I do not shrink; I
accept the form of a duel for my execution.”
“Your execution! Explain yourself, sir?” In a calm even voice
came the answer.
“Colonel Ogilvie, I put it to you as man to man—if you will
honour me with so simple a comparison, or juxtaposition whichever
you like to consider it—how can I fight freely against the father of
the woman whom I love. Pray, sir,” for the Colonel made an angry
gesture “be patient for a moment. I intend no kind of plea or appeal.
I feel myself forced to let you know my position from my point of
view. You need bear no new anger towards me for this expression of
my feelings. I do so with reluctance, and only because you must
understand, here and now, or it may make, later on, further
unhappiness for some one else—some one whom we both hold in
our hearts.” Colonel Ogilvie hesitated before replying. The bitter
scowl was once again on his face as he spoke:
“Then I suppose I am to take it, sir, that you will begin our
meeting on the field of honour by putting me publicly—through the
expression of your intention—in the position of a murderer.”
“Not so! Surely you know better than that. I did not think that
any honourable man could have so mistaken another. If I have to
speak explicitly on this point—on which for your own sake and the
sake of … of one dear to you, I would fain be reticent—let me
reassure you on one point: I shall play the game fairly. For this duel
is a game, and, so far as I am concerned at all events, one for a
pretty large stake. If indeed that can be called a ‘game’ which can
only end in one way. You need not, I assure you, feel the least
uneasy as to my not going through with it properly. I am telling you
this now so that you may not distort my intention yourself by some
injudicious comment on my conduct, or speech, or action, made
under a misapprehension or from distrust of me. Sir, your own
honour shall be protected all along, so far as the doing so possibly
rests with me.” Here, seeing some new misunderstanding in the
Colonel’s eye he went on quickly:
“I venture to say this because I am aware that you doubt my
being able to carry out my intention. When I say ‘rests with me,’ I
mean the responsibility of acting properly the rôle I have
undertaken. I shall conduct my part of the duel in all seriousness. It
must be in some other country; this for your sake. For mine it will
not have mattered. We have only to bear ourselves properly and
none will suspect. I shall go through all the forms—with your
permission—of fighting à l’outrance, so that no one can suspect. No
one will be able afterwards to say that you could have been aware of
my intention. I shall fire at you all right; but I shall not hit!”
Instinctively Colonel Ogilvie bowed. He did not intend to do so.
He said no word. The rancour of his heart was not mitigated; his
intention to kill in no way lessened. His action was simply a
spontaneous recognition of the chivalry of another, and his
appreciation of it.
Athlyne could not but be glad of even so slight a relaxation of
the horrible tension. He stood quite still. He felt that in some way he
had scored with his antagonist; and as he was fighting for Joy he
was unwilling to do anything which might not be good for her. He
was standing well out in the room with his back to the door of the
bedroom. As they stood he saw a look of surprise flash in Colonel
Ogilvie’s face. This changed instantly to a fixed one of horror. His
eyes seemed to look right through his antagonist to something
beyond. Instinctively he turned to see what it might be that caused
that strange look. And then he looked horrified himself.
In the open door-way of the bedroom stood Joy.
CHAPTER XX.
KNOWLEDGE OF LAW
All three stood stone still. Not a sound was heard except faint quick
breathing. Athlyne tried to think; but his brain seemed numb. He
knew that now was a crisis if not the crisis of the whole affair. It
chilled him with a deathly chill to think that Joy must have heard all
the conversation between her father and himself. What a
remembrance for her in all the empty years to come! What sorrow,
what pain! Presently he heard behind him as he stood facing her a
sound which was rather a groan than an ejaculation—a groan
endowed with articulated utterance:
“Good God!” Unconsciously he repeated the word under his
breath:
“Good God!”
Joy, with a fixed high-strung look, stepped down into the room.
She stood beside Athlyne who, as she came close to him, turned
with her so that together they faced her father. Colonel Ogilvie said
in a slow whisper, the words dropping out one by one:
“Have—you—been—there—all—the—time? Did—you—hear—all
—we—said?” She answered boldly:
“Yes! I was there and heard everything!” Again a long pause of
silence, ended by Colonel Ogilvie’s next question:
“Why did you stay?” Joy answered at once; her quick speech
following the slow tension sounded almost voluble.
“I could not get away. I wanted to; but there is no other door to
the room. That is why I came out here when I woke. … I could not
get my boots which the maid had taken last night, and I wanted to
get away as quickly as possible. And, Father, being there, though I
had to move about dressing myself, I could not help hearing
everything!” Her father had evidently expected that she would say
something more, for as she stopped there he looked at her
expectantly. There was a sort of dry sob in his throat. Athlyne stood
still and silent; he hardly dared to breathe lest he should
unintentionally thwart Joy’s purpose. For with all his instincts he
realised that she had a purpose. He knew that she understood her
father and that she was the most potent force to deal with him; and
knowing this he felt that the best thing he could do would be to
leave her quite free and unhampered to take her own course. He
kept his eyes on her face, gazing at her unwinkingly. Her face was
fixed—not stern but set to a purpose. Somehow at that moment he
began to realise how well he understood her. Without more help
than his eyes could give him, he seemed to follow the workings of
her mind. For her mind was changing. At the first her expression
was of flinty fixedness; but as she continued to look at the old man
it softened; and with the softening her intentioned silence gave way.
Her lover’s thoughts translated thus:
“I will protect my—him against my father. He has threatened
him; he is forcing him to death. I shall not help him by sparing him a
pang, an awkwardness. And yet—why that? He is an old man—and
my father! That white hair demands respect. He is angry—hard and
untender now; but his life has been a tender one to me—and he is
my father! Though I am determined to save my lover—my husband,
I need not in the doing cause that white head to sink in shame; I
can spare him the pang of what he may think ingratitude in me.
And, after all, he has what must seem to him just cause of offence.
… He cannot—will not understand. … He is brave and proud, and
has a code of honour which is more than a religion. And he my lover
—my husband is brave too. And as unyielding as my father. And he
is willing to die—for me. To die for me—my honour my happiness.
Though his dying is worse—far worse than death to me. … But he is
dying bravely, and I—that was to have been his wife—must die
bravely, worthily too. If he can suffer and die in silence, so too must
I. …”
It seemed a natural sequence of thought when she said to her
father:
“Daddy, do you know you have not said a word to me yet. What
have I ever done in my life that you should not trust me now? Have
I ever lied to you that you cannot trust me to answer truly when you
ask me—ask me anything. Why don’t you ask me now? I know that
things do not look well. I realise that you must have been shocked
when you came into the room. But, Daddy dear, there are few things
in the world that cannot be explained—at any rate in part. Don’t
forget that I am a woman now. I am no longer a child whose
ignorance is her innocence. Speak to me! Ask me what you will, and
I will answer you truly! Hear me, even as you would listen to one
dying! For indeed it is so. If you carry out your intention, as I have
heard it expressed, I shall no longer live; there will be nothing for
me to live for.”
“Do you mean that you will commit suicide?” said her father.
“Oh, no! I hope I have pluck enough to live—if I can. Do not
fear for me, Daddy! I shall play the game full, as he will do.” As she
spoke, she pointed a finger at Athlyne. She felt now, and for the first
time, acutely that she did not know what to call him before a third
person—even her father. Athlyne looked relieved by her words.
When she spoke of dying he had grown sadly white; he shared her
father’s apprehension. Colonel Ogilvie saw the change in his look,
and took it ill. As may be surmised a part of his anger towards
Athlyne arose from jealousy. Until this man had appeared upon the
scene his “little girl” was his alone; no other man shared in her
affection. As she was an only child all his parental affection had been
centred in her. Though he might have been prepared to see her
mate with a man of his own choosing—or at any rate of his
acceptance, he was jealous of the man who had stepped in,
unaccredited and wanting in deference to himself. It must have been
a tinge of this jealousy which prompted his next question. Turning
with a bitter formality to Athlyne he said:
“I suppose you are satisfied, now, sir. Whatever may come, my
daughter is estranged from me; and it is your doing!” In answer Joy
and Athlyne spoke together. Said the latter:
“Oh sir!” There he stopped; he feared to say more lest his anger
should master him. But the protest was effective; the old man
flushed—over forehead and ears and neck. Joy spoke in a different
vein:
“There is no estrangement, Daddy dear; and therefore it can be
no one’s doing. Least of all could such a thing come from this man
who loves me, and … and whom I love.” As she spoke she blushed
divinely, and taking her lover’s right hand between both her hands
held it tight. This seemed for some reason to infuriate her father
afresh. He strode forward towards Athlyne as though about to strike
him. But at the instant there came a quick rap on the door.
Instinctively he drew away, and, having called out “Come!” stood
expectingly and seemingly calm. The door opened slightly and the
voice of the Sheriff was heard:
“May I come in? I am Alexander Fenwick, Sheriff of Galloway!”
As he was speaking he entered the room with a formal bow to each
in turn. He continued to speak to Colonel Ogilvie:
“You will pardon this intrusion I hope, sir. Indeed I trust you will
not look upon it as an intrusion at all when you know the reason of
my coming.” Colonel Ogilvie’s habit of old-fashioned courtesy came
at once to the fore with the coming of a stranger. With a bow which
to those reared in a newer and less formal school of manners
seemed almost grandiloquent he spoke:
“I came here on some business, and on my arrival a few
minutes ago was asked by our landlady—an old servant of my own—
who on that account thought that she might ask what she thought a
favour—to come up here. She thought, poor anxious soul, that some
unpleasantness might be afoot as she heard high words, and feared
a quarrel. All the more on account of a sudden arrival of a
gentleman who seemed somewhat incensed. This I took from her
description of the personality, to be you sir. Indeed, I recognise all
the points, except that of the anger!” As he spoke he bowed with
pleasant courtesy. The other bowed too, partly in answer to the
implied question and partly in recognition of the expressed courtesy
of the words and manner.
Whilst he had been speaking, the Sheriff had been watching
keenly those around him. He had been for so long a time in the
habit of forming his opinion rather by looks than words that the
situation seemed to explain itself; young lovers, angry father. This
opinion was justified and sustained by the confidence which had
been given to him by Athlyne on the previous afternoon. He had
been, on entering the room, rather anxious at the state of affairs;
but now he began to breathe more freely. He felt that his experience
of life and of law might really be here of some service. But his
profession had also taught him wariness and caution; also not to
speak on side issues till he knew the ground thoroughly. Joy he read
like an open book. There was no mistaking her love, her anxiety, her
apprehension. Athlyne he knew something of already, but he now
saw in his face a warning look which bade him be silent regarding
him. He diagnosed Colonel Ogilvie as a proud, masterful, vain,
passionate man; something of a prig; tender, in a way he
understood himself; faithful to his word; relentless to an expressed
intention; just—according to his own ideas of right and wrong.
Weighing these attributes for his own pacific purposes he came to
the conclusion that his first effort at conciliation should be made with
regard to the last-mentioned. So he began, speaking in a manner of
courtly and deferential grace:
“I trust sir, you will yield to me the consideration often asked by,
and sometimes granted to a well-intentioned man, however bungling
the same might be in thought or method or manner.” Colonel Ogilvie
conceded the favour with a gracious bow. Thus emboldened, if not
justified, he went on:
“I fain would ask that I might be allowed to make something in
the nature of a short statement, and to make it without interruption
or expostulation. You will understand why presently.” Again the
gracious acquiescence; he continued:
“You are, I take it, a stranger to this country; though, if I am
not misled by name and lineament, claiming Scottish forbears?”
Colonel Ogilvie’s bow came more naturally this time. His in-lying
pride was coming to the rescue of common sense. The Sheriff
understood, and went on with better heart:
“The experience which I have had in the performance of my
duties as sheriff has shewn me that such a group as I see before me
—father, daughter and lover, if I mistake not—is not uncommon in
this part of Scotland.” No one answered his bow this time. All were
grimly silent in expectancy. He felt that it was a dangerous topic; but
the fact had been stated without being denied. He hurried on:
“Just across the Border, as we are, we have had very many
occasions of run-away marriages; I have had myself in earlier days
to explain for the good of all parties how the law stands in such
matters. More than once the knowledge enabled those interested in
it to spare much pain to others; generally to those whom they loved
best. I trust that now I may use that knowledge in your behalf—as a
friend. I am not here in my official capacity—or perhaps I might not
be so free to advise as I am now without, I trust, offence to any
one.” Colonel Ogilvie’s gracious bow here answered for all the party.
The Sheriff felt more at ease. He was now well into his subject; and
the most difficult part of his duty had been, he thought, passed. All
three of his hearers listened eagerly as he went on:
“A knowledge of the law can hurt no one; though it may now
and again disappoint some one—when expounded too late. Well,
there is a common belief in South Britain—and elsewhere that the
marriage law in Scotland is a very filmy thing, with bounds of
demarcation which are actually nebulous. This doubtless arises from
the fact that all such laws are based on the theory that it is good to
help such contracting parties to the secure and speedy fulfilment of
their wishes. But anyone who thinks that they are loose in either
purpose or action is apt to be rudely enlightened. The Scots’
Marriage laws demand that there be a manifest and honest intention
of marriage on the part of the contractors. This intention can be
proved in many ways. Indeed the law in certain cases is willing to
infer it, when direct proof is not attainable, from subsequent acts of
the parties. I may fairly say that in all such cases courts of law will
hold that mutuality of intention is of the essence of marriage rite.
This followed by co-habitation is the marriage; though the latter to
follow close on the declaration is not always deemed necessary. In
our law the marriage may be either of two kinds. The most formal is
that effected by a minister or proper official after due calling of
banns, or by notice given to sheriff or registrar. The other form is by
what is known in the law as ‘Irregular marriage.’ This is in legal
parlance—for which I make no apology as it is necessary that all
married folk, or those intending to enter that honourable condition
should understand it—is known as ‘intention followed by copula.’
Now you must know that either form of marriage is equally binding
—equal in law and honour; and when the conditions attached to
each form have been duly fulfilled such marriage is irrefragable. In
old days this facility of marriage made Gretna Green, which is the
first place across the Border, the objective for eloping lovers
matrimonially inclined; and as till 1856 no previous residence in
Scotland was required, romance was supposed to stop at the Border.
That is, the marriage could be effected and parental objections—did
such exist—were overborne. There were many cynical souls who
held that repentance for the hasty marriage could then begin. I feel
bound to say that this is an opinion in which I do not myself share.
“In 1856 an Act of Parliament, 20th Vict. Cap. 96, was passed,
by which it became necessary for the validity of irregular marriage
that at least one of the two contractors should have his or her usual
residence in Scotland, or have been resident in Scotland for three
full weeks next preceding the marriage.
“I thank you, Colonel Ogilvie, for having listened to me so
patiently. But as I have no doubt that you three have much to say to
each other I shall withdraw for the present. This will leave you free
to discuss matters. And perhaps I may say, as an old man as well as
a responsible officer of the Law, that I trust the effect will be to
make for peace and amity. I am staying here in the hotel and I shall
take it as a great pleasure and a great honour if you will breakfast
with me in say an hour’s time. All your family will be most welcome.”
With a bow, in which deference and geniality were mingled, he
withdrew.
Each of the three left kept looking at each other in silence. Joy
drew closer to Athlyne and took his hand. Colonel Ogilvie pretended
not to notice the act—an effort on his part which made his daughter
radiant with hope. The first words spoken were by the Colonel:
“That man is a gentleman!” The two others felt that silence was
present discretion; to agree with Colonel Ogilvie in his present mood
was almost as dangerous as to disagree with him. His next words
were in no way conciliatory though the arrière pensée made for
hope.
“Now sir, what have you to say for yourself in this unhappy
matter? Remember I in no way relax my intention of—of
punishment; but I am willing to hear what you have to say.” Athlyne
winced at the word “punishment,” which was not one which he was
accustomed to hear applied to himself. But for Joy’s sake he made
no comment. He even kept his face fixed so as not to betray his
anger. He felt that any change of subject, or drifting off that before
them, must be for the better; things could, he felt, hardly be worse
than at present. Moreover, it might smooth matters somewhat if
Colonel Ogilvie could be brought to recollect that he was not himself
an undesirable person for alliance, and that his intention of
matrimony had been already brought before Joy’s father. In this
conviction he spoke:
“As in this country, sir, intention counts for so much, may I crave
your indulgence for a moment and refer you back to my letter to you
on the subject of a very dear wish of mine—a wish put before you
with a very decided intention.” Colonel Ogilvie’s answer, given in
manner of equal suavity, was disconcerting; the bitterness behind it
was manifest.
“I think sir, there must be some error—which is not mine. I
never received any letter from you! Your epistolary efforts seem to
have been confined to the ladies of my family.” With an effort
Athlyne restrained himself. When he felt equal to the task he spoke,
still with a manner of utmost deference:
“An error there surely is; but it is not mine either. I posted
yesterday at the Ambleside post office a letter to you. …” He was
interrupted by Colonel Ogilvie who said bluntly:
“I am not so sure, sir, that the fault of my not reading such a
letter was not yours; though perhaps not in the direct manner you
mean. When I arrived home last night and found the horrible state
of things with regard to my daughter’s rash act—due to you” this
with a look of actual malevolence “I was so upset that I did not look
at the pile of letters awaiting me. I only read Joy’s messages.” As he
said this Athlyne’s eyes flashed and there was an answering flash in
the eyes of the woman who looked so keenly at him; this was the
first time since his arrival that the father had condescended to even
mention his daughter’s name. There might be some softening of that
hard nature after all. Then the old man continued:
“I put them in my pocket; here they are!”—Whilst he looked at
the envelopes in that futile way that some people unused to large
correspondence love, Joy said with an easy calmness which made
her lover glance at her in surprise:
“Daddy, hadn’t you better read your letters now; we shall wait.”
The tone was so much that to which he was accustomed from her
that he did not notice the compromising “we” which would otherwise
have inflamed him afresh. Drawing a chair close to one of the
windows he opened the letters and began to read. Athlyne and Joy,
instinctively and with unity of thought, moved towards the other
window which was behind him. There they stood hand in hand, their
eyes following every movement of the old man. Joy did not know, of
course, what was in the letter; but she had seen it before in the
garden at Ambleside and when he had posted it before setting out
on their motor ride. And so, piecing her information with the idea
conveyed by her lover’s recent words, she was able to form some
sort of idea of its general import. A soft, beautiful blush suffused her
face, and her eyes glistened as she stood thinking; in the effort of
thought she recalled many sweet passages. She now understood in
a vague way what was the restraining influence which had moved
her lover to reticence during all those hours when he had tried to tell
her of his love and his hopes without actually speaking words, the
knowledge of which given without his consent would have incensed
her father against him, and so wrought further havoc. So moved was
she that Athlyne, whose eyes were instinctively drawn to her from
the observation of her father, was amazed and not a little
disconcerted. There must be some strange undercurrent of feeling in
her which he could not understand. Joy saw the look on his face and
seemed to understand. She raised to her lips the hand that she so
strongly clasped in hers and kissed it. Then she raised a finger of her
other hand and touched her lips. Thus reassured of her love and
understanding, Athlyne followed with his eyes the trend of hers; and
so together they continued to watch her father, trying to gather from
his bearing some indication of his thoughts. Indeed this was not a
difficult matter. Colonel Ogilvie seemed to have lost himself in his
task, and expressed his comments on what he read by a series of
childlike movements and ejaculations. Athlyne who knew what the
letter contained could apply these enlightening comments, and even
Joy in her ignorance of detail could inferentially follow the text.
Colonel Ogilvie did say a word of definite speech, but the general
tendency of his comment was that of surprise—astonishment. When
he had finished reading Athlyne’s letter—it was the last of the batch
—he sat for quite half a minute quite still and silent, holding the
paper between finger and thumb of his dropped left hand. Then with
a deep frown on his forehead he began to read it again. He was
evidently looking for some passage, for when he had found it he
stood up at once and turned to them. By this time Joy, warned by
the movement, had dropped her lover’s hand and now stood some
distance away from him. The old man began:
“Sir … There is a passage in a letter here which I understand to
be yours. So far I must acknowledge that I have been wrong. You
evidently did send the letter, and I evidently received it. Listen to
this: ‘Having heard in a roundabout way that there was a woman in
New York who was passing herself off as my wife I undertook a
journey to that City to make investigation into the matter; and in
order to secure the necessary secrecy as to my movements took for
the time an assumed name—or rather used as Christian and
surname two of those names in the middle of my full equipment
which I do not commonly use.’ What does all that mean? No, do not
speak. Wait and I shall tell you. You say the lady—woman you call
her—took your name. For saying such a thing, and for the disrespect
in her description as a woman, you will have to answer me. Either of
them will cost you your life.” Athlyne answered with a quiet,
impressive dignity which helped in some degree to reassure Joy who
stood motionless in open-eyed wonder—her heart seeming to her as
cold as ice at the horror of this new phase of danger. It was a
veritable “bolt from the blue,” incomprehensible to her in every way:
“Colonel Ogilvie, I regret I shall be unable to meet your wishes
in this respect!” As the old man looked astonished in his turn, he
proceeded:
“I already owe you a life on another count; and I have but one.
But if I had ten you should have them all, could they in any way
assuage the sorrow which it seems must follow from my thoughtless
act. I have told you already that I shall freely give my life in
expiation of the wrong I have—all unintentionally—done to your
daughter and yourself. And if any means could be found by which it
could add to Joy’s happiness or lessen her sorrow I should in
addition and as freely give my soul!”
Colonel Ogilvie’s reception of these words was characteristic of
the man, as he took himself to be. He drew himself up to his full
height and stood at attention. Then he saluted, and followed his
salute with a grave bow. The soldier in him spoke first, the man
after. Both Joy and Athlyne noticed with new hope that he allowed
the speaking of her name to pass unchallenged as a further cause of
offence. Presently, and in a new tone, he said:
“I have taken it for granted from the allusions in your letter that
you are the writer; and from your mentioning an alias have not been
surprised at seeing a strange name in the signature. But I have been
and am surprised at the familiarity from a man of your years to a
man of mine of a mere Christian name.”
It was now Athlyne’s turn to be surprised.
“A Christian name!” he said with a puzzled pucker of his brows.
“I am afraid I don’t understand.” Then a light dawning on him he
said with a slight laugh: “But that is not my Christian name.”
“Then your surname?” queried the Colonel.
“Nor my surname either.” His laugh was now more pronounced,
more boyish.
“Oh I see; still another alias!” The words were bitter; the tone
of manifest offence.
Athlyne laughed again; it was not intentional but purely
spontaneous. He was recalled to seriousness by the look of pain and
apprehension on Joy’s face and by the Colonel’s angry words, given
with a look of fury:
“I am not accustomed to be laughed at—and to my face Mr.—
Mr.—Mr. Richard Hardy Athlyne et cetera.”
His apology for inopportune mirth was given with contrition—
even humbly:
“I ask your pardon, Colonel Ogilvie, very deeply, very truly. But
the fact is that Athlyne is my proper signature, though it is neither
Christian name nor surname. I do hope you will attribute my
rudeness rather to national habit than to any personal wish to
wound. Surely you will see that I would at least be foolish to
transgress in such a direction, if it be only that I aim at so much that
it is in your power to grant.” There was reason in this which there
was no resisting. Colonel Ogilvie bowed—he felt that he could do no
less. Athlyne wisely said no more; both men regarded the incident as
closed.
With Joy it was different. The incident gave her the information
she lacked for the completion of the circle of her knowledge. As with
a flash she realised the whole secret: that this man who had saved
her life and whom now her father wanted to kill was none other than
the man whose name she had taken—at first in sport and only lately
in order to protect herself from troubles of inquisitiveness and
scandal. At the moment she was in reality the only one of the three
—the only one at all—who had in her hand all the clues. Neither her
father nor Athlyne knew that she had given to the maid at the hotel
a name other than her own.
She began to have also an unconscious knowledge of something
else. Something which she could not define, some intuition of some
coming change; something which hinged on her giving of the name.
Now, for the first time she realised how dangerous it may be for any
one to take the name of any other person—for any purpose
whatever, or from any cause. She could not see the end.
But though her brain did not classify the idea her blood did. She
blushed so furiously that she had serious thoughts of escaping from
the room. Nothing but the danger which might arise from such a
step kept her in her place. But something must, she felt, be done.
Things were so shaping towards reconciliation that it would be wise
to prevent matters slipping back. For an instant she was puzzled as
to what to do; then an inspiration came to her. Turning to her father
she said:
“Daddy, let us ask the old Sheriff to come in again!” She felt
that she could rely on his discretion, and that in his hands things
might slide into calmer waters. Her father acquiesced willingly, and a
courteous message was sent through a servant.
CHAPTER XXI.
APPLICATION OF LAW
Whilst the servant was gone there was a great clatter of arrival of a
motor at the hotel; but all in Athlyne’s room were too deeply
concerned with their own affairs to notice it.
Presently there was a light tap at the door, and the Sheriff’s
“May I come in?” was heard. Colonel Ogilvie went himself to the
door and threw it open. Beside the Sheriff stood a lady, heavily clad
and with a motor veil.
“Joy! Joy!” said the veiled figure, and Aunt Judy stepping
forward took the girl in her arms. In the meantime the Sheriff was
explaining the situation:
“I was just coming from my room in obedience to your
summons, when this lady entered the hall. She was asking for you,
Colonel, and for Miss Ogilvie, as who she had learned at the railway
station, was stopping here. I ventured to offer my services, and as
she was coming up here, undertook to pilot her.”
Joy was delighted to see Judy. She had so long been
accustomed to look with fixed belief on her love and friending that
she now expected she would be able to set matters right. Had she
had any doubt of her Aunt’s affection such must have soon
disappeared in the warmth of the embrace accorded by her. When
this was concluded—which was soon for it was short, if strenuous—
she turned to Colonel Ogilvie and held out her hand:
“Good morning, Lucius. I see you got here all right. I hope you
had a good journey?” Then turning to Athlyne she said, as if in
surprise:
“Why, Mr. Hardy, how are you? And how do you come to be
here? We thought we were never going to see you again.” Then she
rattled on; it was evident to Joy, and to Colonel Ogilvie also, that she
was purposeful to baffle comment by flow of her own speech:
“Lucius, you must thank this gentleman who is, as the landlady
whispered to me, the Sheriff of somewhere or other. He’s a nice
man, but a funny sort of Sheriff. When I asked him where was his
posse he didn’t know what I meant.” Here she was interrupted by
the Sheriff who said with a low bow to her:
“It is enough for any man, dear lady, to be in esse in such a
charming presence!” Judy did not comprehend the joke; but she
knew, being a woman, that some sort of compliment was intended;
and, being a woman, beamed accordingly:
“Thank you, sir, both for your kindness in helping me and for
your pretty talk. Joy, I have brought your dressing bag and a fresh
rig out. You must need them, poor dear. Now you must tell me all
your adventures. I told them to bring the things presently to your
room. I shall then come with you whilst you are changing. Now, Mr.
Sheriff, we must leave you for a little; but I suppose that as you
have to talk business—you told me they had sent for you—you will
doubtless prefer to be without us?”
“Your pardon,” said the Sheriff gracefully. “I hope the time will
never come when I shall prefer to be without such charming
company!” This was said with such a meaning look, and in such a
meaning tone, that Judy coloured. Joy, unseen by the others, smiled
at her, rejoicing. The Sheriff, thinking they were moving off, turned
to the Colonel saying:
“Now, Colonel Ogilvie, I am at your disposal; likewise such
knowledge of law and custom as I possess.” He purposely addressed
himself to Colonel Ogilvie, evidently bearing in mind Athlyne’s look of
warning to silence regarding himself.
Whilst he had been speaking, Joy stood still, holding Judy by
the hand and keeping her close to her. Judy whispered, holding her
mouth close to her ear and trying to avoid the observation of the
others:
“Come away dear whilst they are talking. They will be freer
alone!” Joy whispered in return:
“No, I must not go. I must stay here, I am wanted. Do not say
anything, dear—not a word; but stay by me.” Judy in reply squeezed
her hand and remained silent. Colonel Ogilvie, with manifest
uneasiness and after clearing his throat, said to the Sheriff:
“As you have been so good sir, as to tell me some matters of
law; and as you have very kindly offered us other services, may I
trespass on your kindness in enlightening me as to some matters of
fact.” The Sheriff bowed; he continued:
“I must crave your indulgence, for I am in some very deep
distress, and possibly not altogether master of myself. But I need
some advice, or at any rate enlightenment as to some matters of
law. And as I am far from home and know no one here who is of
legal authority—except yourself,” this with a bow, “I shall be deeply
grateful if I may accept your kindness and speak to you as a friend.”
Again the Sheriff bowed, his face beaming. Colonel Ogilvie, with a
swift, meaning glance at each of the others in turn, went on:
“I must ask you all to keep silent. I am speaking with this
gentleman for my own enlightenment, and require no comments
from any of you. Indeed, I forbid interruption!” Unpromising as this
warning sounded, both Joy and Athlyne took a certain comfort from
it. The point they both attached importance to was that Athlyne was
simply classed with the rest without differentiation. The Sheriff, who
feared lest the father’s domineering tone might provoke hostilities,
spoke quickly:
“Now, Colonel Ogilvie, I am at your disposal for whatever you
may wish to ask me.”
“I suppose Mr. Sheriff, I need not say, that I trust you will
observe honourable silence regarding this whole painful affair; as I
expect that all present will.” This was said with a threatening smile.
When the Sheriff bowed acceptance of the condition he went on:
“Since you spoke to us here a little while ago a strange
enlightenment has come to me. Indeed a matter so strange and so
little in accord with the experiences of my own life that I am in a
quandary. I should really like to know exactly how I—how we all
stand at present. From what you have said about the Scottish
marriage laws I take it that you have an inkling of what has gone
on. And so, as you are in our confidence, you will not perhaps mind
if I confide further in you?”
“I shall be deeply honoured, Colonel Ogilvie.”
“Thank you again, sir. You are a true friend to a man in deep
distress and in much doubt … We are, as you perhaps know,
Americans. My daughter’s life was saved by a gentleman in New
York. I think it right to say that it was on his part a very gallant act,
and that we were all deeply grateful to him. He came to my house—
at my own invitation; and my wife and her sister, Miss Judith
Hayes”—the Sheriff turned to Judy and bowed as at an introduction;
she curtsied in reply—“were very pleased with him. But we never
saw him again. He returned very soon afterwards to England; and
though we were coming to London he never came near us. Indeed
his neglect was marked; for though I invited him to call, he ignored
us.” As he said this he looked straight at Athlyne with hard eyes. “I
have reason to know that my daughter was much interested in him.
Ordinarily speaking I should not mention a matter of this kind. But
as I have received from him—it has only been made known to me in
the interval since our meeting—an assurance of his affection and a
proffer of marriage, I feel that I may speak.” He turned away and
began walking up and down the room as though trying to collect his
thoughts.
As Joy heard him speak of her own interest in the man and of
his proposal of marriage she blushed deeply, letting her eyes fall. But
when, by some of the divine instinct of love, she knew that he was
looking ardently at her she raised them, swimming, to his. And so
once more they looked deep into each other’s souls. Judy felt the
trembling of the girl’s hand and held it harder with a sympathetic
clasp, palm to palm and with fingers interlaced. She felt that she
understood; and her eyes, too, became sympathetically suffused.
The Sheriff had now no eyes except for Judy. Whilst the Colonel had
been speaking he had looked at him of course—he knew well that it
would be a cause of offence if he did not. But the walking up and
down gave him opportunity for his wishes. Judy could not but
recognise the ardour of his glance, and she too blushed exceedingly.
Somehow, she was glad of it; she knew that blushing became her,
and she felt that she would like to look her best to the eyes of this
fine, kindly old man.
When Colonel Ogilvie began to speak again there was a change
in him. He seemed more thoughtful, more cautious, more self-
controlled; altogether he was more like his old self. There was even
a note of geniality in his voice.
“What I want to ask you in especial is this: How can we avoid
any sort of scandal over this unhappy occurrence? My daughter has
acted thoughtlessly in going out alone in a motor with a gentleman.
Through a series of accidents it appears that that ride was unduly
and unintentionally prolonged, and ended in her being caught in a
fog and lost. By accident she came here, walking after the motor
had broken down. She slept last night in that room; and the man,
who had also found his way hither later, slept, unknowing of her
proximity, in this. I need not tell you that such a state of things is
apt to lead to a scandal. Now, and now only, is the time to prevent
it” … He was interrupted by the Sheriff who spoke hurriedly, as one
who had already considered the question and had his mind made
up:
“There will be no scandal!” He spoke in so decided a way that
the other was impressed.
“How do you know? What ground have you for speaking so
decidedly?”
“It rests entirely on you—yourself, Colonel Ogilvie.”
“What!” His tone was laden with both anger and surprise. “Do
you think I would spread any ill report of my own daughter? Sir, you
must——” Once more the Sheriff cut into his speaking:
“You misapprehend me, Colonel Ogilvie. You misapprehend me
entirely. Why should I—how could I think such a thing! No! I mean
that if you accept the facts as they seem to me to be, no one—not
you, nor any one else, can make scandal; if you do not!”
“Explain yourself,” he interrupted. “Nay, do not think me rude”—
here he put up a deprecating hand—“but I am so deeply anxious
about my daughter’s happiness—her future welfare and happiness,”
he added as he remembered how his violent attitude had, only a few
minutes ago imperilled—almost destroyed, that happiness. Joy had
been, off and on, whispering a word to her aunt so that the latter
was now fairly well posted in the late events.
“Quite so! quite so, my dear sir. Most natural thing in the world,”
said the Sheriff soothingly. “Usual thing under the circumstances is
to kill the man; or want to kill him!” As he spoke he looked at
Athlyne meaningly. The other understood and checked the words
which were rising to his lips. Then, having tided over the immediate
danger of explosion, the Sheriff went on:
“The fact is Colonel Ogilvie, that the series of doings (and
perhaps misdoings) and accidents, which have led to our all meeting
here and now, has brought about a strange conclusion. So far as I
can see”—here his manner grew grave and judicial—“these two
young people are at the present moment man and wife. Lawfully
married according to Scottish law!”
The reception of this dictum was varied. Colonel Ogilvie almost
collapsed in overwhelming amazement. Joy, blushing divinely, looked
at her husband adoringly. Athlyne seemed almost transfigured and
glorified; the realisation of all his hopes in this sudden and
unexpected way showed unmistakably how earnest they had been.
Judy, alone of all the party, was able to express herself in
conventional fashion. This she did by clapping her hands and, then
by kissing the whole party—except the Sheriff who half stood
forward as though in hope that some happy chance might include
him in the benison. She began with Joy and went on to her brother-
in-law, who accepted with a better grace than she feared would
have been accorded. When she came to Athlyne she hesitated for a
moment, but with a “now-or-never” rush completed the act, and fell
back shyly with a belated timorousness.
The Sheriff, having paused for the completion of this little
domestic ceremony, went on calmly:
“Since I left you a few minutes ago I have busied myself with
making a few necessary inquiries from my old servant Jane McBean,
now McPherson. I made them, I assure you Colonel Ogilvie, very
discreetly. Even Jane, who is in her way a clever woman, has no
suspicion that I was even making inquiry. The result has been to
confirm me in my original conjecture, which was to the effect that
there has been executed between these two people an ‘irregular’
marriage!” At the mention of the words the Colonel exploded:
“God’s death, sir, the women of the Ogilvies don’t make irregular
marriages!” The Sheriff went calmly on, only noticing the protest for
the sake of answering it.
By this time Joy and Judith were close together, holding hands.
Insensibly the girl drew her Aunt over to where Athlyne was
standing and took him by the arm. He raised his other hand and
with it covered the hand that lay on his arm, pressing it closer as he
listened attentively to the Sheriff’s expounding of the law:
“I gather that I did not express myself clearly when a short time
ago I spoke of the Scottish marriage laws. Let me now be more
precise. And as I am trying to put into words understandable by all a
somewhat complex subject I shall ask that no one present will make
any remark whatever till this part of my task has been completed. I
shall then answer to the best of my power any question or questions
which any of you may choose to ask me.
“Let me begin by assuring you all that what in Scottish law we
call an ‘irregular’ marriage is equally binding in every way with a
‘regular’ marriage; the word only refers to form or method, and in
no wise to the antecedents or to the result. In our law ‘Mutual
Consent’ constitutes marriage. You will observe that I speak of
marriage—not the proof of it. Proof is quite a different matter; and
as it is formally to be certified by a Court it is naturally hedged in by
formalities. This consent, whether proved or not, whether before
witnesses or not, should of course be followed by co-habitation; but
even this is not necessary. The dictum of Scots’ law is ‘Concensus
non concubitus facit matrimonium.’ But I have a shrewd suspicion
that the mind of the Court is helped to a declaration of validity when
concensus has been followed by concubitus.
“Now let us take the present case and examine it as though
testing it in a Court of Law; for such is the true means to be exact.
This man and woman—we don’t know ‘gentleman’ and ‘lady’ in the
Law—declared in the presence of witnesses that they were man and
wife. That is, the man declared to the police sergeant at Dalry that
the woman was his wife; and the woman declared timeously to the
police officer who made the arrest that the man was her husband.
These two statements, properly set out, would in themselves be
evidence not only of inferred consent by declaration de præsenti but
of the same thing by ‘habit and repute.’ The law has been thus
stated:
“‘It may be held that a man and a woman, by living
together and holding themselves out as married persons,
have sufficiently declared their matrimonial consent; and in
that case they will be declared to be married although no
specific promise of marriage or of de præsenti
acknowledgement has been proved.’
“But there is a still more cogent and direct proof, should such be
required. Each of these consenting parties to the contract of
‘marriage by consent,’ on coming separately to this hotel last night
gave to the servant of the house who admitted them the name by
which I hold they are now bound in honourable wedlock!” He spoke
the last sentences gravely and impressively after the manner of an
advocate pressing home on a jury the conclusion of an elaborate
train of reasoning. Whilst speaking he had kept his eyes fixed on
Colonel Ogilvie, who unconsciously took it that an exhortation on
patience and toleration was being addressed to him. The effect was
increased by the action of Joy, who seeing him all alone and
inferring his spiritual loneliness, left Judith but still holding Athlyne’s
arm drew the latter towards him. Then she took her father’s arm and
stood between the two men whom she loved. Judy quietly took
Athlyne’s other arm, and so all stood in line holding each other as
they faced the Sheriff. No one said a word; all were afraid to break
the silence.
“We now come to further proofs if such be required. The
woman, who arrived first, gave the name of Lady Athlyne.” Here Joy
got fearfully red; she was conscious of her father’s eyes on her, even
before she heard him say:
“That foolish joke again! Did not I forbid you to use it
daughter?” She felt it would be unwise to answer, to speak at all just
at present. In desperation she raised her eyes to the face of her
lover—and was struck with a sort of horrified amazement. For an
instant it had occurred to him that Joy must have known his identity
—for some time past at all events. The thought was, however, but
momentary. Her eyes fell again quickly, and she stood in abashed
silence. There was nothing to do now but to wait. The calm voice of
the Sheriff went on, like the voice of Doom:
“The man arrived later. He himself had wired in his own name
for rooms; but by the time he had arrived the possibility of his
coming had, owing to the fog, been given up. The other traveller
had been given the bedroom, and he slept on the sofa in the sitting-
room—this room.” As he spoke he went over to the door of
communication between the rooms and examined the door. There
were no fastenings except the ordinary latch; neither lock nor bolt.
He did not say a word, but walked back to his place. Judy could not
contain her curiosity any longer; she blurted out:
“What name did he give?” The Sheriff looked at her admiringly
as he answered:
“The name he gave, dear lady, was ‘Athlyne’!”
“Is that your name?” she queried—this time to Athlyne.
“It is!” He pulled himself up to his full height and stood on his
dignity as he said it. His name should not be dishonoured if he could
help it.
Colonel Ogilvie stood by with an air of conscious superiority. He
already knew the name from Athlyne’s letter, though he had not up
to that moment understood the full import of it. He was willing to be
further informed through Judy’s questioning.
“And you are Lord Athlyne—the Earl of Athlyne?”
“Certainly!”
To the astonishment of every one of the company Judy burst
into a wild peal of hysterical laughter. This closely followed a speech
of broken utterance which only some of those present understood at
all—and of those some only some few partly. “Athlyne!”—“kill him for
it!”—“calling herself by his name,”—“oh! oh! A-h-h!” There was a
prolonged screech and then hysterical laughter followed. At the first
this unseemly mirth created a feeling of repulsion in all who heard.
It seemed altogether out of place; in the midst of such a serious
conversation, when the lives and happiness of some of those present
were at stake, to have the train of thought broken by so inopportune
a cachinnation was almost unendurable. Colonel Ogilvie was furious.
Well was it for the possibilities of peace that his peculiar life and
ideas had trained him to be tolerant of woman’s weakness, and to
be courteous to them even under difficulties. For had he given any
expression to his natural enough feelings such would inevitably have
brought him into collision—intellectual if not physical—with both
Athlyne and the Sheriff; and either was to be deplored. Joy was in
her heart indignant, for several reasons. It was too hard that, just as
things were possibly beginning to become right and the fine edge of
tragedy to be turned, her father’s mind should be taken back to
anger and chagrin. But far beyond this on the side of evil was the
fact that it imperilled afresh the life of—of the man she loved, her …
her husband. Even the personal aspect to her could not be
overlooked. The ill-timed laughter prevented her hearing more of …
of the man who it now seemed was already her husband. However
she restrained and suppressed herself and waited, still silent, for the
development of things. But she did not consider looks as
movements; she raised her eyes to Athlyne’s adoringly, and kept
them there. He in turn had been greatly upset for the moment; even
now, whilst those wild peals of hysterical laughter continued to
resound, he could not draw any conclusions from the wild whirl of
inchoate thoughts. There was just one faint gleam of light which had
its origin rather in instinct than reason, that perhaps the interruption
had its beneficial side which would presently be made manifest.
When Joy looked towards him there was a balm for his troubled
spirit. In the depths of her beautiful eyes he lost himself—and his
doubts and sorrows, and was content.
The only one unmoved was the Sheriff. His mental attitude
allowed him to look at things more calmly than did those personally
interested. With the exception of one phase—that of concern that
this particular woman, who had already impressed her charming
personality on his heart, should be in such distress—he could think,
untroubled, of the facts before him. With that logical mind of his,
and with his experience of law and the passions that lead to law-
invoking, he knew that the realization of Athlyne’s name and position
was a troublesome matter which might have been attended with
disastrous consequences. To a man of Colonel Ogilvie’s courage and
strong passion the presence of an antagonist worthy of his powers is
rather an incentive to quarrel than a palliative.
As to poor Judy she was in no position to think at all. She was
to all practical intents, except for the noise she was occasionally
making—her transport was subsiding—as one who is not. She
continued intermittently her hysterical phrenzy—to laugh and cry,
each at the top note—and commingling eternally. She struggled
violently as she sat on the chair into which she had fallen when the
attack began; she stamped her heels on the floor, making a sound
like gigantic castanets. The sound and restless movement made an
embarrassing milieu for the lucid expression of law and entangled
facts; but through it all the Sheriff, whose purpose after all was to
convince Ogilvie, went on with his statement. By this time Joy, and
Athlyne, whom with an appealing look she had summoned to help,
were endeavouring to restore Judy. One at either side they knelt by
her, holding her hands and slapping them and exercising such other
ministrations as the girl out of her limited experience of such matters
could, happily to soothing effect, suggest. The Sheriff’s voice, as
calm voices will, came through the disturbance seemingly
unhindered:
“Thus you will note that in all this transaction the Earl of Athlyne
had made no disguise of his purpose. To the police who arrested him
he at once disclosed his identity, which the sergeant told me was
verified by the name on his motor-driver’s license. He telegraphed to
the hotel by his title—as is fitting and usual; and he gave his title
when he arrived. As I have already said, he stated to the police, at
first on his own initiative and later when interrogated directly on the
point, that the woman in the motor was his wife. And the identity of
the woman in the motor and the woman in the hotel can easily be
proved. Thus on the man’s part there is ample evidence of that
matrimonial purpose which the law requires. All this without
counting the letter to the woman’s father, in which he stated his wish
and intention to marry her.
“Now as to the woman—and I must really apologise to her for
speaking of the matter in her presence.”—Here Athlyne interrupted
his ministrations with regard to Judy in order to expostulate:
“Oh, I say Mr. Sheriff. Surely it is not necessary.” But the Sheriff
shut him up quite shortly. He had a purpose in so doing: he wished
in his secret heart to warn both Athlyne and Joy not to speak a word
till he had indicated that the time had come for so doing.
“There is nothing necessary, my Lord; except that both you and
the young lady should listen whilst I am speaking! I am doing so for
the good of you both; and I take it as promised that neither of you
will say a single word until I have told you that you may do so.”
“Quite right!” this was said sotto voce by Colonel Ogilvie.
“You, young madam, have taken upon yourself the
responsibilities of wifehood; and it is right as well as necessary that
you understand them; such of them at least as have bearing upon
the present situation.
“As to the woman. She, when questioned by the police as to her
status for the purpose of verification of Lord Athlyne’s statement,
accepted that statement. Later on, she of her own free will and of
her own initiative, gave her name as Lady Athlyne—only the bearer
of which could be the wife of the Defender; I mean of Lord Athlyne.”
The interruption this time came from Colonel Ogilvie.
“If Lord Athlyne is Defender, who is the other party?”
“Lady Athlyne, or Miss Ogilvie, in whichever name she might
take action, would be the Pursuer!”
“Sir!” thundered the Colonel, going off as usual at half-cock, “do
you insinuate that my daughter is pursuer of a man?” He grew
speechless with indignation. The Sheriff’s coolness stood to him
there, when the fury of the Kentuckian was directed to him
personally. In the same even tone he went on speaking:
“I must ask—I really must ask that you do not be so hasty in
your conclusions whilst I am speaking, Colonel Ogilvie. You must
understand that I am only explaining the law; not even giving any
opinion of my own. The terminology of Scot’s Law is peculiar, and
differs from English law in such matters. For instance what in English
law is ‘Plaintiff and Defendant’ becomes with us ‘Pursuer and
Defender.’ There may be a female as well as a male Pursuer. Thus on
the grounds of present consent as there is ample proof of
Matrimonial Consent of either and both parties—sufficient for either

Instant Access To CISSP All in One Exam Guide 7th Edition Shon Harris Ebook Full Chapters

Uploaded by

Copyright:

Available Formats

Instant Access To CISSP All in One Exam Guide 7th Edition Shon Harris Ebook Full Chapters

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Instant Access To CISSP All in One Exam Guide 7th Edition Shon Harris Ebook Full Chapters

Uploaded by

Copyright:

Available Formats

Full download ebook at ebookmass.

CISSP All in one Exam Guide 7th Edition Shon

Download more ebook from https://ebookmass.com

Cissp All-In-One Exam Guide 8th Edition Shon Harris

CISSP All-in-One Exam Guide 7th edition Edition Harris

All in One CISSP Exam Guide 9th Edition Fernando Maymí

CISSP Practice Exams, Fourth Edition Shon Harris

CompTIA PenTest+ Certification All-in-One Exam Guide (Exam

CEH All-in-One Exam Guide, 3e, Professional Matt Walker

CC Certified in Cybersecurity All-in-One Exam Guide Steven

CC Certified in Cybersecurity All-in-One Exam Guide Steven

New York Chicago San Francisco

00-FM.indd 1 14/04/16 10:24 AM

Library of Congress Cataloging-in-Publication Data

Sponsoring Editor Technical Editor Production Supervisor

00-FM.indd 2 14/04/16 5:04 PM

We dedicate this book to all those who have served selflessly.

00-FM.indd 3 14/04/16 10:24 AM

ABOUT THE AUTHORS

Fernando Maymí, Ph.D., CISSP, is a security practitioner

About the Contributor

00-FM.indd 4 14/04/16 10:24 AM

About the Technical Editor

00-FM.indd 5 14/04/16 10:24 AM

Chapter 1 Security and Risk Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

00-FM.indd 6 14/04/16 10:24 AM

In Memory of Shon Harris . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxi

00-FM.indd 7 14/04/16 10:24 AM

CISSP All-in-One Exam Guide

00-FM.indd 8 14/04/16 10:24 AM

00-FM.indd 9 14/04/16 10:24 AM

CISSP All-in-One Exam Guide

00-FM.indd 10 14/04/16 10:24 AM

00-FM.indd 11 14/04/16 10:24 AM

CISSP All-in-One Exam Guide

00-FM.indd 12 14/04/16 10:24 AM

00-FM.indd 13 14/04/16 10:24 AM

CISSP All-in-One Exam Guide

00-FM.indd 14 14/04/16 10:24 AM

00-FM.indd 15 14/04/16 10:24 AM

CISSP All-in-One Exam Guide

00-FM.indd 16 14/04/16 10:24 AM

00-FM.indd 17 14/04/16 10:24 AM

CISSP All-in-One Exam Guide

00-FM.indd 18 14/04/16 10:24 AM

00-FM.indd 19 14/04/16 10:24 AM

CISSP All-in-One Exam Guide

00-FM.indd 20 14/04/16 10:24 AM

You might also like