# Appendix G: Book Statistics and Word Counts This page reports the size of each chapter and of each section within it, measured in markdown words (the prose; code and figures are additional and reported separately per chapter). It is generated automatically from the book source. Approximate pages assume about 500 words per page. Last generated: 2026-06-18. ## Summary by Chapter | Chapter | Markdown words | Code words | Approx. pages | |---|---:|---:|---:| | Introduction | 1,023 | 0 | 2.0 | | Preface | 433 | 0 | 0.9 | | Chapter 1: Introduction to Cybersecurity | 10,534 | 361 | 21.1 | | Chapter 2: Cryptography | 30,625 | 2,387 | 61.2 | | Chapter 3: Networking and Network Attacks | 14,892 | 374 | 29.8 | | Chapter 4: Social Engineering and the Human Element | 7,476 | 203 | 15.0 | | Chapter 5: Risk Management | 12,487 | 469 | 25.0 | | Chapter 6: Penetration Testing Methodology | 9,748 | 265 | 19.5 | | Chapter 7: Reconnaissance and Open-Source Intelligence | 7,202 | 381 | 14.4 | | Chapter 8: Scanning and Enumeration | 7,195 | 816 | 14.4 | | Chapter 9: Exploitation and Post-Exploitation | 6,174 | 316 | 12.3 | | Chapter 10: Web Application Security | 7,266 | 202 | 14.5 | | Chapter 11: Network Defense and Hardening | 5,689 | 258 | 11.4 | | Chapter 12: Intrusion Detection and Prevention Systems | 4,191 | 377 | 8.4 | | Chapter 13: Digital Forensics | 4,175 | 300 | 8.3 | | Chapter 14: Incident Response | 3,918 | 373 | 7.8 | | Chapter 15: Malware Analysis | 4,704 | 339 | 9.4 | | Chapter 16: Capture the Flag and Competitive Security | 3,903 | 366 | 7.8 | | Chapter 17: Emerging Threats and Future Challenges | 13,524 | 851 | 27.0 | | Chapter 18: Privacy, Law, and Information Governance | 4,806 | 387 | 9.6 | | Chapter 19: Security Governance, Policy, and Culture | 6,329 | 482 | 12.7 | | Chapter 20: Industrial Control Systems and OT Security | 3,663 | 442 | 7.3 | | Appendix A: Security Command Reference | 1,653 | 0 | 3.3 | | Appendix B: Glossary | 2,345 | 0 | 4.7 | | Appendix C: Certification Mapping | 1,277 | 0 | 2.6 | | Appendix D: ABET Outcomes and Bloom's Taxonomy Mapping | 775 | 0 | 1.6 | | Appendix E: Selected Works by the Author | 1,540 | 0 | 3.1 | | Appendix F: Companion Code and Repositories | 1,169 | 0 | 2.3 | | Appendix H: Capstone and Group Project Ideas | 1,930 | 0 | 3.9 | | Appendix I: Protocol Security Reference | 3,230 | 0 | 6.5 | | **TOTAL** | **183,876** | **9,949** | **368** | ## Detailed Word Count by Section ### Introduction *1,023 markdown words (2.0 pages); 0 code words.* | Section | Words | |---|---:| | Course Mapping | 328 | | What Every Chapter Contains | 64 | | How to Cite This Book | 181 | | Accessibility | 310 | | License | 27 | ### Preface *433 markdown words (0.9 pages); 0 code words.* | Section | Words | |---|---:| | About This Textbook | 38 | | Who This Book Is For | 49 | | How This Book Is Organized | 145 | | Ethical Commitment | 65 | | Using This Book in a Course | 83 | | A Note on Currency | 53 | ### Chapter 1: Introduction to Cybersecurity *10,534 markdown words (21.1 pages); 361 code words.* | Section | Words | |---|---:| | Learning Objectives | 179 | | Key Terms | 252 | | 1.1 What Is Cybersecurity? | 636 | | 1.2 The CIA Triad and Its Extensions | 649 | | The DIE Model: A Modern Complement to CIA | 254 | | 1.3 The Anatomy of an Attack | 594 | | A Concept Map of the Core Terms | 130 | | 1.4 Threat Actors and the Adversary Model | 529 | | 1.5 Defense in Depth and Security Controls | 488 | | 1.6 Hardware Foundations: Rings, Modes, and the Trusted Computing Base | 561 | | 1.7 The NIST Cybersecurity Framework | 403 | | 1.8 Quantifying Risk in Monetary Terms | 375 | | 1.9 The Saltzer and Schroeder Design Principles | 641 | | The Principle of Least Privilege (PoLP) | 246 | | 1.10 The Security Mindset, Ethics, and the Law | 369 | | 1.11 A Taxonomy of Threats and a Roadmap to This Book | 547 | | 1.12 Classic Security Models | 96 | | Confidentiality: Bell-LaPadula | 230 | | Integrity: Biba and Clark-Wilson | 306 | | Hybrid and Specialized Models | 175 | | Foundational System Models | 189 | | Security Models versus Cryptographic Security Definitions | 224 | | 1.13 Security versus Resilience | 214 | | Chapter Summary | 240 | | Why This Matters | 133 | | News in Focus: The Colonial Pipeline Ransomware Incident (2021) | 215 | | A Second Case: The SolarWinds Supply-Chain Compromise (2020) | 266 | | News in Focus: Cyber Warfare and the US-Iran Cyber Conflict | 535 | | Review Questions (MCQ) | 349 | | Answer Key | 39 | | Lab Assignment | 248 | | References | 183 | ### Chapter 2: Cryptography *30,625 markdown words (61.2 pages); 2,387 code words.* | Section | Words | |---|---:| | Learning Objectives | 170 | | Key Terms | 648 | | 2.1 What Cryptography Is and What It Promises | 387 | | Encoding versus Encryption versus Hashing | 477 | | 2.2 Classical Ciphers and Why They Fall | 604 | | Classical versus Modern Ciphers | 295 | | A Classification of Ciphers | 226 | | Classical Ciphers in Code | 294 | | 2.3 Perfect Secrecy and the One-Time Pad | 633 | | XOR, the One-Time Pad, and Perfect Secrecy, Formally | 698 | | From Information-Theoretic to Computational Security | 311 | | Game-Based (Provable) Security and Ciphertext Indistinguishability | 2,292 | | Real-World Case: The ANC's One-Time Pad and Operation Vula | 441 | | 2.4 Randomness: True, Pseudo, and Cryptographically Secure | 517 | | Insecure versus Cryptographically Secure Randomness in Code | 168 | | 2.5 Symmetric Encryption: Stream and Block Ciphers | 850 | | The Feistel Network: A Blueprint for Block Ciphers | 222 | | 2.6 Block Cipher Modes of Operation | 540 | | AES Modes in Code: ECB versus CTR | 324 | | 2.7 Cryptographic Hash Functions | 626 | | The Merkle-Damgard Construction | 215 | | Hashing in Code, and Why a CRC Is Not a Hash | 213 | | Error Detection versus Error Correction: CRC and Hamming Codes | 205 | | 2.8 Message Authentication Codes and Authenticated Encryption | 596 | | Hash, MAC, and Digital Signature Compared | 490 | | Wrong-Key Behavior: Garbage Output versus Null Rejection | 526 | | The Three-Behavior Hierarchy of Incorrect Decryption | 2,298 | | Computing an HMAC in Code | 98 | | Authenticated Encryption in Practice: Encrypt-then-MAC | 190 | | 2.9 Key Derivation and Password Storage | 510 | | 2.10 Public-Key Cryptography and RSA | 686 | | 2.11 Diffie-Hellman Key Exchange | 519 | | ElGamal Encryption | 277 | | ElGamal in Code | 266 | | 2.12 Elliptic-Curve Cryptography | 495 | | Elliptic Curves Up Close: Group Law, the ECDLP, and the Curve Zoo | 776 | | 2.13 Digital Signatures, Certificates, and PKI | 619 | | Generating a Digital Signature in Code | 145 | | 2.14 Putting It Together: The TLS Handshake | 354 | | 2.15 Advanced and Emerging Cryptography | 831 | | Computing Paradigms: Mainframes, Classical, DNA, and Quantum | 395 | | Searchable, Deniable, and Functional Encryption | 341 | | The Algebra Beneath Cryptography: Finite Fields, Abelian and Non-Abelian Groups | 471 | | Lattice-Based Cryptography: The Hard Problems Behind Post-Quantum Schemes | 356 | | The Mathematics of Lattices | 315 | | Three Families by Underlying Structure: Abelian, Non-Abelian, and Lattice | 298 | | 2.16 Key Management | 530 | | Key Management Services and Key Escrow | 347 | | 2.17 A Taxonomy of Cryptographic Attacks | 348 | | 2.18 Applied Cryptographic Systems | 392 | | 2.19 Practical Guidance: Choosing and Using Cryptography | 380 | | 2.19a Protecting Data in All Three States | 289 | | 2.19b Tamper-Evident and Tamper-Proof Mechanisms | 207 | | 2.20 Formal Security Analysis and Provable Security | 125 | | The Anatomy of a Security Definition | 331 | | Hardness Assumptions and the Random Oracle Model | 234 | | The Zoo of Security Notions | 251 | | Simulation-Based Security and Universal Composability | 234 | | Symbolic Models: Dolev-Yao and Automated Verification | 316 | | A Taxonomy of Security Properties | 326 | | Writing a Security Analysis: Proof Sketches and Experimental Evaluation | 372 | | 2.21 Post-Quantum Standards and the Migration Timeline | 282 | | Worked Example: Toy Ring-LWE Encryption | 60 | | Chapter Summary | 149 | | Why This Matters | 161 | | News in Focus: Heartbleed (2014) | 202 | | Review Questions (MCQ) | 433 | | Answer Key | 106 | | Lab Assignment | 387 | | References | 917 | ### Chapter 3: Networking and Network Attacks *14,892 markdown words (29.8 pages); 374 code words.* | Section | Words | |---|---:| | Learning Objectives | 152 | | Key Terms | 407 | | 3.1 Why Networking Is the Battleground | 359 | | 3.2 The OSI Model | 550 | | Mapping the OSI and TCP/IP Models | 270 | | 3.3 The TCP/IP Model and Encapsulation | 293 | | Network Devices and Segments | 194 | | Routing and the Route Table | 250 | | 3.4 IP Addressing: IPv4 and IPv6 | 508 | | Subnetting, CIDR, and Network versus Host Addresses | 332 | | Network Scopes and Hardware: NIC, LAN, WLAN, and WAN | 410 | | Special and Reserved Addresses | 233 | | IP Address Management and Internet Registries | 212 | | 3.5 Ports and Common Protocols | 434 | | Application Protocols and Their Security Posture | 383 | | Secure versus Insecure Protocols | 319 | | 3.6 The Core Protocols: TCP, UDP, ICMP, and Their Headers | 793 | | Sockets: Programming the Transport Layer | 216 | | Sockets in Code: A TCP Server, Client, and a Tiny Web Server | 586 | | 3.7 ARP and DHCP: Convenience and Its Abuse | 472 | | The Domain Name System (DNS) | 548 | | 3.8 Sniffing: Listening on the Wire | 530 | | Wireless Networking Fundamentals | 250 | | Traffic Analysis and Network Monitoring | 158 | | Syslog and Centralized Logging | 354 | | 3.9 Spoofing, Man-in-the-Middle, and Session Hijacking | 613 | | Packet Capture, On-Path Attacks, and SSL Stripping | 315 | | Hands-On: Capturing a Plaintext Password, Then Encrypting It | 501 | | 3.10 Denial-of-Service and Distributed Denial-of-Service Attacks | 1,068 | | Access Control Lists, NACLs, and Security Groups | 515 | | 3.11 Securing the Network: A Preview | 173 | | Secure Network Protocols | 203 | | Going Deeper: Routing Security and BGP Hijacking | 180 | | Network Access Control | 144 | | 3.12 QUIC, HTTP/3, and Encrypted Client Hello | 223 | | Chapter Summary | 215 | | Why This Matters | 153 | | News in Focus: The Mirai Botnet and the Dyn Attack (2016) | 186 | | Review Questions (MCQ) | 384 | | Answer Key | 30 | | Lab Assignment | 393 | | References | 313 | ### Chapter 4: Social Engineering and the Human Element *7,476 markdown words (15.0 pages); 203 code words.* | Section | Words | |---|---:| | Learning Objectives | 115 | | Key Terms | 169 | | 4.1 Why People Are the Weakest Link | 394 | | 4.2 The Psychology of Influence | 468 | | 4.3 The Social-Engineering Attack Lifecycle | 463 | | 4.4 The Taxonomy of Social-Engineering Attacks | 813 | | 4.5 Vectors and the Role of Open-Source Intelligence | 429 | | 4.6 Recognizing and Analyzing Phishing | 472 | | 4.7 Physical Security as Social Engineering's Partner | 363 | | Environmental and Availability Threats | 338 | | 4.8 Authentication Factors | 386 | | 4.9 Defending Against Social Engineering | 315 | | Technical Controls That Reinforce the Human Defenses | 216 | | Measuring and Sustaining the Human Firewall | 359 | | 4.10 Social Engineering in the Age of Artificial Intelligence | 441 | | 4.11 Deepfakes, Voice Cloning, and Synthetic Identities | 239 | | Chapter Summary | 219 | | Why This Matters | 169 | | News in Focus: The 2020 Twitter Account Takeover | 185 | | Review Questions (MCQ) | 396 | | Answer Key | 30 | | Lab Assignment | 243 | | References | 162 | ### Chapter 5: Risk Management *12,487 markdown words (25.0 pages); 469 code words.* | Section | Words | |---|---:| | Learning Objectives | 155 | | Key Terms | 160 | | 5.1 Risk as the Organizing Principle of Security | 395 | | 5.2 The Vocabulary of Risk | 607 | | 5.3 The Risk-Management Lifecycle | 399 | | 5.4 Risk Identification | 275 | | Asset and Data Classification | 239 | | A Worked Risk Register | 281 | | 5.5 Qualitative Risk Assessment | 346 | | 5.6 Quantitative Risk Assessment | 682 | | 5.7 Risk Treatment | 740 | | 5.8 Threat Modeling | 720 | | 5.9 Risk Frameworks and Standards | 329 | | The NIST RMF Steps in Detail | 170 | | CSF Tiers and Profiles, and ISO 27001 | 413 | | 5.10 The Security Program: Policies, Standards, and Controls | 306 | | Control Catalogs and Foundational Control Principles | 344 | | 5.11 Business Continuity and Disaster Recovery | 328 | | Resilience Engineering: Backups, Redundancy, and Plan Testing | 441 | | 5.12 Third-Party and Supply-Chain Risk | 460 | | 5.13 Assurance Evaluation | 337 | | 5.14 Security Roles, Responsibilities, and Accountability | 251 | | 5.15 Measuring Risk: Metrics, KPIs, and KRIs | 236 | | 5.16 Managing Risk Across the System Lifecycle | 244 | | 5.17 Compliance as a Risk Driver | 303 | | 5.18 Insider Risk and Human Factors | 279 | | 5.19 Emerging Risks: AI, Quantum, and the Expanding Attack Surface | 293 | | 5.20 Bringing It Together: An End-to-End Risk Scenario | 431 | | 5.21 Common Pitfalls in Risk Management | 274 | | 5.22 Comparing FAIR, NIST RMF, and ISO/IEC 27005 | 244 | | Chapter Summary | 242 | | Why This Matters | 164 | | News in Focus: Repeat Breaches at Neiman Marcus | 467 | | Review Questions (MCQ) | 364 | | Answer Key | 30 | | Lab Assignment | 210 | | References | 196 | ### Chapter 6: Penetration Testing Methodology *9,748 markdown words (19.5 pages); 265 code words.* | Section | Words | |---|---:| | Learning Objectives | 117 | | Key Terms | 147 | | 6.1 Why Methodology Matters | 409 | | 6.2 What Penetration Testing Is, and Is Not | 584 | | 6.3 Hats and Team Colors | 273 | | 6.4 Knowledge Levels: Black, Gray, and White Box | 284 | | 6.5 The Phases of a Penetration Test | 643 | | 6.6 Types of Penetration Tests | 409 | | 6.7 Pre-Engagement: Scope and the Rules of Engagement | 520 | | 6.8 The Legal Framework | 500 | | 6.9 Ethics and Professional Conduct | 529 | | 6.10 Vulnerability Disclosure | 725 | | Worked Example: CVE and CVSS in Practice (the Log4Shell case) | 513 | | 6.11 The Test Environment and Toolkit | 494 | | 6.12 Threat Modeling and Intelligence in the Engagement | 183 | | 6.13 Post-Exploitation, Pivoting, and Operational Discipline | 470 | | 6.14 Compliance-Driven and Standards-Based Testing | 232 | | 6.15 Reporting | 530 | | 6.16 Professional Certifications for Penetration Testers | 206 | | 6.17 An End-to-End Engagement, Start to Finish | 354 | | 6.18 Limitations, Pitfalls, and Misconceptions | 307 | | Chapter Summary | 224 | | Why This Matters | 156 | | Review Questions (MCQ) | 388 | | Answer Key | 30 | | Lab Assignment | 218 | | References | 177 | ### Chapter 7: Reconnaissance and Open-Source Intelligence *7,202 markdown words (14.4 pages); 381 code words.* | Section | Words | |---|---:| | Learning Objectives | 93 | | Key Terms | 153 | | 7.1 Why Reconnaissance Comes First | 501 | | 7.2 Footprinting: Passive and Active | 338 | | 7.3 Open-Source Intelligence (OSINT) | 606 | | 7.4 Search-Engine Reconnaissance ("Google Dorking") | 416 | | 7.5 WHOIS and the Regional Internet Registries | 455 | | 7.6 DNS Reconnaissance | 436 | | 7.7 Email Harvesting, Metadata, and Social-Media Profiling | 211 | | 7.8 Reconnaissance of Cloud and Modern Infrastructure | 345 | | 7.9 The Intelligence Cycle and Organizing Findings | 377 | | 7.10 Reconnaissance Tools | 383 | | 7.11 Passive Fingerprinting | 265 | | 7.12 Defending Against Reconnaissance | 485 | | 7.13 AI-Assisted Reconnaissance and Modern WHOIS | 232 | | Lab: Reading Exposure Data the Way Shodan and Censys Present It | 72 | | Chapter Summary | 206 | | Why This Matters | 132 | | News in Focus: Mass Scraping of Public Profiles (2021) | 215 | | Finding Exposed Devices with Shodan, and Defending Them | 448 | | Review Questions (MCQ) | 372 | | Answer Key | 30 | | Lab Assignment | 185 | | References | 126 | ### Chapter 8: Scanning and Enumeration *7,195 markdown words (14.4 pages); 816 code words.* | Section | Words | |---|---:| | Learning Objectives | 152 | | Key Terms | 161 | | 8.1 From Reconnaissance to Active Probing | 301 | | 8.2 The Scanning Taxonomy and the Tyranny of Time | 168 | | Why Scanning Time Dominates Planning | 304 | | 8.3 A TCP/IP Refresher for Scanners | 214 | | The Six Nmap Port States | 280 | | 8.4 Host Discovery and Network Sweeps | 164 | | What Nmap Probes by Default | 130 | | 8.5 Network Mapping: Traceroute, Firewalking, and Nmap | 209 | | Firewalking, LFT, and Nmap's Smarter Traceroute | 219 | | 8.6 Port Scanning with Nmap | 132 | | TCP Scan Types | 288 | | UDP Scanning, Timing, and Output | 355 | | 8.7 hping3: Crafting Packets by Hand | 289 | | 8.8 Always Sniff the Wire | 176 | | 8.9 Operating-System Fingerprinting | 202 | | 8.10 Service and Version Scanning, and Enumeration | 216 | | 8.11 Vulnerability Scanning | 314 | | 8.12 The Nmap Scripting Engine (NSE) | 160 | | 8.13 Detection and Evasion | 309 | | 8.14 Scanning Safely, Legally, and Within Scope | 195 | | Automated Discovery and Mapping Tools | 142 | | Scanning IPv6 | 143 | | The Pentester's Toolkit: Kali and BackTrack | 262 | | 8.15 Attack Surface Management and Continuous Exposure Management | 203 | | Chapter Summary | 119 | | Why This Matters | 125 | | News in Focus: Internet-Scale Scanning as an Early-Warning Signal | 253 | | Review Questions (MCQ) | 310 | | Answer Key | 82 | | Lab Assignment | 315 | | References | 187 | ### Chapter 9: Exploitation and Post-Exploitation *6,174 markdown words (12.3 pages); 316 code words.* | Section | Words | |---|---:| | Learning Objectives | 91 | | Key Terms | 166 | | 9.1 What Exploitation Is (and Is Not) | 0 | | In a Penetration Test | 53 | | Ethical Boundaries | 64 | | 9.2 Common Vulnerability Classes | 0 | | Injection Vulnerabilities | 121 | | Memory Corruption | 161 | | Authentication and Session Vulnerabilities | 33 | | 9.3 From Source to Machine Code: The Compilation Pipeline | 247 | | 9.4 Memory Corruption: The Stack, the Heap, and Buffer Overflows | 344 | | Stack Exhaustion and Heap Problems | 249 | | 9.5 From Stack Smashing to Return-Oriented Programming | 513 | | 9.6 Programming Survival Skills for Exploitation | 302 | | 9.7 Shellcode and Shellcode Strategies | 276 | | 9.8 The Exploit-Development Workflow | 414 | | Inside the Metasploit Framework | 281 | | 9.9 Passive and Static Analysis: Reverse Engineering for Exploitation | 208 | | Privilege Escalation in Depth | 193 | | Post-Exploitation, Lateral Movement, and Defense Evasion | 386 | | Software Design Patterns and Security | 402 | | 9.10 Metasploit Framework | 0 | | Structure | 51 | | Responsible Use | 46 | | 9.11 Privilege Escalation | 0 | | Linux Privilege Escalation | 142 | | Windows Privilege Escalation | 85 | | 9.12 Lateral Movement | 0 | | Pass-the-Hash | 58 | | Pass-the-Ticket | 60 | | 9.13 Persistence | 0 | | Common Persistence Mechanisms and Their Detection Signatures | 93 | | 9.14 Privilege Escalation Paths: Windows, Linux, and Active Directory | 303 | | Chapter Summary | 121 | | Why This Matters | 62 | | News in Focus: The Ransomware Post-Exploitation Playbook | 78 | | Review Questions (MCQ) | 285 | | Lab Assignment | 189 | | References | 78 | ### Chapter 10: Web Application Security *7,266 markdown words (14.5 pages); 202 code words.* | Section | Words | |---|---:| | Learning Objectives | 105 | | Key Terms | 153 | | 10.1 How the Web Works: HTTP, Sessions, and the Same-Origin Policy | 234 | | 10.2 The OWASP Top 10 | 67 | | Broken Access Control | 164 | | The OWASP Top 10:2025 | 424 | | 10.3 Injection Attacks | 0 | | Introducing SQL Injection | 179 | | Cross-Site Scripting | 150 | | Cross-Site Request Forgery | 99 | | Server-Side Request Forgery | 65 | | 10.4 SQL Injection in Depth | 0 | | Database Models: Traditional and Modern | 759 | | 10.5 Cross-Site Scripting (XSS) | 378 | | 10.6 Broken Access Control, CSRF, SSRF, and Other High-Impact Flaws | 224 | | 10.7 Authentication and Session Management | 0 | | Broken Authentication | 165 | | Authentication, Sessions, and the Insufficient-Session-Expiration Flaw | 145 | | 10.8 Security Misconfigurations | 51 | | Security Headers | 64 | | 10.9 The Web-Application Testing Toolkit | 279 | | 10.10 Application Security Testing: SAST, DAST, IAST, and DevSecOps | 429 | | 10.11 Web Application Firewalls and Their Limits | 40 | | WAF Bypass Techniques | 76 | | 10.12 The OWASP API Security Top 10 | 332 | | 10.13 Database Systems in Depth: Engines, Replication, and Security | 41 | | Relational Database Management Systems | 247 | | Non-Relational, In-Memory, and Graph Databases | 197 | | Schemas: Schema-on-Write versus Schema-on-Read | 137 | | Database Kernels and Engines | 150 | | Replication: Synchronous versus Asynchronous | 159 | | Read (Only) Replicas | 100 | | Cloud Database Instance Classes | 561 | | Attacks and Defenses | 263 | | Chapter Summary | 130 | | Why This Matters | 79 | | News in Focus: SQL Injection Breaches That Persist | 78 | | Review Questions (MCQ) | 314 | | Lab Assignment | 154 | | References | 55 | ### Chapter 11: Network Defense and Hardening *5,689 markdown words (11.4 pages); 258 code words.* | Section | Words | |---|---:| | Learning Objectives | 86 | | Key Terms | 202 | | 11.1 Firewalls | 0 | | Firewall Types and Evolution | 144 | | Writing Firewall Rules | 154 | | 11.2 Firewall Types and Topologies | 399 | | Physical and Virtual Firewalls | 174 | | Stateless and Stateful Packet Filtering | 362 | | 11.3 Network Segmentation | 0 | | DMZ Architecture | 89 | | VLAN and Micro-Segmentation | 60 | | 11.4 Zero-Trust Architecture | 0 | | The Zero-Trust Principle | 363 | | 11.5 DNS Security | 0 | | DNSSEC | 44 | | DNS over HTTPS and DNS over TLS | 53 | | DNS Sinkholing | 54 | | NXDOMAIN and the DNS_PROBE_FINISHED_NXDOMAIN Error | 249 | | 11.6 VPNs and Remote Access | 0 | | IPsec and WireGuard | 57 | | Split Tunnelling and Its Risks | 64 | | 11.7 Proxies, VPNs, and Tor | 284 | | 11.8 Network Access Control and 802.1X | 49 | | 802.1X Operation | 54 | | 11.9 DDoS and Mitigation | 0 | | DDoS Attack Categories | 41 | | DDoS Mitigation | 60 | | 11.10 Authentication, Identity, and Access | 351 | | Biometrics and the Reality of False Positives and Negatives | 392 | | 11.11 Network Monitoring and Visibility | 201 | | 11.12 Deception: Honeypots, Honeynets, and Honeytokens | 175 | | 11.13 Network Forensics in Defense | 154 | | 11.14 CVE Case Study: When the Firewall Is the Door (CVE-2024-3400) | 242 | | 11.15 Capstone and Group Project Ideas (Network Defense) | 265 | | Chapter Summary | 114 | | Why This Matters | 72 | | News in Focus: Flat Networks and Nation-State Lateral Movement | 64 | | Review Questions (MCQ) | 299 | | Lab Assignment | 159 | | References | 126 | ### Chapter 12: Intrusion Detection and Prevention Systems *4,191 markdown words (8.4 pages); 377 code words.* | Section | Words | |---|---:| | Learning Objectives | 97 | | Key Terms | 152 | | 12.1 Detection System Types | 0 | | Network-Based IDS and IPS | 135 | | Host-Based IDS | 49 | | Intrusion Detection Systems: What They Watch | 211 | | Intrusion Prevention Systems: From Alert to Action | 238 | | 12.2 Detection Methods | 0 | | Signature-Based Detection | 133 | | Anomaly-Based Detection | 116 | | Stateful Protocol Analysis | 50 | | Detection Methods: Signature, Heuristic, and Anomaly | 466 | | 12.3 SIEM and Log Aggregation | 0 | | SIEM Architecture | 110 | | SIEM Challenges | 59 | | SIEM, SOAR, XDR, and EDR: The Detection Stack | 269 | | 12.4 UEBA and Threat Hunting | 0 | | User and Entity Behavior Analytics | 58 | | Threat Hunting | 185 | | Detection Engineering, Threat Hunting, and Deception | 350 | | 12.5 The Cyber Kill Chain and MITRE ATT&CK | 461 | | 12.6 Modern SOC Operations: EDR, XDR, SOAR, and Detection Engineering | 220 | | Chapter Summary | 91 | | Why This Matters | 85 | | News in Focus: Breaches That Were Detectable but Missed | 69 | | Review Questions (MCQ) | 306 | | Lab Assignment | 183 | | References | 79 | ### Chapter 13: Digital Forensics *4,175 markdown words (8.3 pages); 300 code words.* | Section | Words | |---|---:| | Learning Objectives | 99 | | Key Terms | 244 | | 13.1 Forensic Principles | 0 | | The Locard Exchange Principle | 69 | | Forensic Soundness | 125 | | The Forensic Process, Order of Volatility, and Chain of Custody | 228 | | 13.2 Evidence Acquisition | 0 | | Write Blockers | 64 | | Forensic Imaging | 107 | | Hash Verification | 62 | | 13.3 File System Forensics | 0 | | NTFS Artefacts | 125 | | Deleted Files and Unallocated Space | 60 | | Disk, Memory, and Mobile Forensics in Practice | 289 | | 13.4 Memory Forensics | 0 | | Why Memory Matters | 54 | | Acquiring Memory | 53 | | Analyzing Memory with Volatility | 91 | | 13.5 Network Forensics | 0 | | PCAP Analysis | 95 | | 13.6 Anti-Forensics | 85 | | Countermeasures | 55 | | 13.7 Artificial Intelligence in Digital Evidence Triage | 224 | | 13.8 IoT Forensics and Explainable AI | 244 | | 13.9 AI-Driven Cybercrime Analytics and Attribution | 371 | | 13.10 Legal Admissibility and Reporting | 285 | | 13.11 Cloud Forensics | 223 | | Chapter Summary | 96 | | Why This Matters | 76 | | News in Focus: When Digital Forensic Evidence Decides a Case | 70 | | Review Questions (MCQ) | 298 | | Lab Assignment | 172 | | References | 177 | ### Chapter 14: Incident Response *3,918 markdown words (7.8 pages); 373 code words.* | Section | Words | |---|---:| | Learning Objectives | 115 | | Key Terms | 137 | | 14.1 Incidents Versus Events | 63 | | Incident Severity Classification | 96 | | 14.2 The NIST SP 800-61 Lifecycle | 13 | | Preparation | 119 | | Detection and Analysis | 160 | | Containment | 107 | | Eradication | 117 | | Recovery | 87 | | Post-Incident Activity | 111 | | NIST SP 800-61 Rev. 3 and the CSF 2.0 Framing | 139 | | 14.3 Legal and Regulatory Obligations | 0 | | Breach Notification Laws | 60 | | Law Enforcement and Evidence Preservation | 68 | | 14.4 The Assume-Breach Mindset | 133 | | 14.5 Before, During, and After: An Operational IR Playbook | 375 | | 14.6 Case Study: The Locky Ransomware Incident | 280 | | 14.7 The CSIRT, Roles, and Communication | 152 | | 14.8 Triage, Severity, Containment, and Recovery in Depth | 288 | | 14.9 Postmortem, Metrics, and Exercises | 199 | | 14.10 Playbooks, Ransomware Negotiation, and Executive Communication | 229 | | Chapter Summary | 103 | | Why This Matters | 75 | | News in Focus: Attacker Dwell Time in Major Ransomware Incidents | 88 | | Review Questions (MCQ) | 320 | | Lab Assignment | 176 | | References | 90 | ### Chapter 15: Malware Analysis *4,704 markdown words (9.4 pages); 339 code words.* | Section | Words | |---|---:| | Learning Objectives | 97 | | Key Terms | 162 | | 15.1 Malware Taxonomy | 0 | | Viruses and Worms | 81 | | Trojans and RATs | 53 | | Ransomware | 107 | | Rootkits | 65 | | Botnets and C2 | 75 | | 15.2 Analysis Environment Setup | 0 | | Safe Lab Requirements | 94 | | REMnux and FlareVM | 41 | | 15.3 Static Analysis | 0 | | File Identification | 86 | | PE Analysis | 93 | | YARA Rules | 76 | | Reverse Engineering Malware with Ghidra | 444 | | 15.4 Dynamic Analysis | 0 | | Behavioral Monitoring Tools | 75 | | Common Malware Behaviors to Watch | 92 | | 15.5 Anti-Analysis and Evasion Techniques | 0 | | VM and Sandbox Detection | 64 | | Packers and Obfuscators | 55 | | Fileless Malware | 42 | | 15.6 Malware Analysis Report Structure | 130 | | 15.7 Antivirus and Antimalware Defenses | 387 | | The Anti-* Family: Beyond Antivirus | 326 | | 15.8 A Field Guide to Malware Types | 262 | | 15.9 The Malware Lifecycle and a Ransomware Deep Dive | 250 | | Notable Ransomware Strains: LockBit 3.0 and Rorschach | 214 | | Free Recovery: The No More Ransom Project | 141 | | Chapter Summary | 98 | | Why This Matters | 61 | | News in Focus: WannaCry and the Worm That Used a Leaked Exploit (2017) | 286 | | News in Focus: Fileless and Living-off-the-Land Attacks | 68 | | Review Questions (MCQ) | 335 | | Lab Assignment | 176 | | References | 155 | ### Chapter 16: Capture the Flag and Competitive Security *3,903 markdown words (7.8 pages); 366 code words.* | Section | Words | |---|---:| | Learning Objectives | 89 | | Key Terms | 112 | | 16.1 What Is a CTF? | 46 | | Jeopardy Format | 146 | | 16.2 Category Deep Dives | 0 | | Web Challenges | 136 | | Forensics Challenges | 147 | | Cryptography Challenges | 122 | | Binary Exploitation (Pwn) | 93 | | Reverse Engineering | 74 | | Tooling, Chapter Mapping, and Workflow | 234 | | 16.3 The National Cyber League (NCL) | 81 | | Structure of a Season | 146 | | Challenge Categories | 78 | | Scoring and the NICE Framework | 175 | | How to Prepare and Compete Well | 176 | | 16.4 CTF Platforms for Learning | 84 | | 16.5 CTF Skills and Professional Mapping | 103 | | 16.6 Formats: Jeopardy, Attack-Defense, and King-of-the-Hill | 263 | | 16.7 Why CTFs Build Real Skill | 280 | | 16.8 Hosting a CTF and Competition Etiquette | 294 | | 16.9 Notable Competitions: picoCTF, CyberPatriot, and CCDC | 230 | | Chapter Summary | 87 | | Why This Matters | 62 | | News in Focus: Government-Sponsored CTF Competitions | 58 | | Review Questions (MCQ) | 312 | | Lab Assignment | 164 | | References | 97 | ### Chapter 17: Emerging Threats and Future Challenges *13,524 markdown words (27.0 pages); 851 code words.* | Section | Words | |---|---:| | Learning Objectives | 88 | | Key Terms | 149 | | 17.1 Post-Quantum Cryptography | 0 | | The Quantum Threat to Current Cryptography | 60 | | NIST PQC Standardization | 162 | | Quantum Key Distribution and the Quantum Horizon | 168 | | 17.2 AI-Enabled Attacks and Defenses | 0 | | Offensive AI | 151 | | Defensive AI | 77 | | The OWASP Top 10 for LLM Applications (2025) | 337 | | Privacy in LLM Chat and AI Agents | 367 | | 17.3 Pattern Matching, Machine Learning, and Deep Learning in Security | 63 | | Pattern Matching: Rules and Signatures | 123 | | Machine Learning: Learning Patterns from Data | 189 | | Deep Learning: Neural Networks at Scale | 229 | | Adversarial Machine Learning | 398 | | 17.4 Privacy-Preserving and Collaborative Machine Learning | 338 | | Case Study: A Privacy-Preserving ML Research Program (SigML, SplitML, Fairis) | 2,221 | | Applied Privacy and Trust Systems | 842 | | 17.5 Anomaly Detection Across Domains | 271 | | 17.6 Modeling, Simulation, and Control for Security | 275 | | 17.7 Probability Distributions in Security | 319 | | 17.8 Supply Chain Attacks | 0 | | Why Supply Chain Is a High-Value Target | 32 | | Notable Supply Chain Attack Patterns | 98 | | SBOM and Dependency Management | 55 | | 17.9 Cloud Security | 0 | | The Shared Responsibility Model | 94 | | Cloud-Native Threats | 32 | | Control Plane and Data Plane | 159 | | Static and Dynamic Stability | 165 | | Availability and Durability Risk | 205 | | Cloud Compute Audit and Security | 181 | | VPC and Cloud Network Isolation | 264 | | Cloud Compute Models: VMs, Containers, Serverless, and Edge | 348 | | Cloud Service Scope, Resiliency, and Data Protection | 304 | | Reliability Properties: Availability, Resiliency, Reliability, Scalability, Elasticity, Durability | 270 | | Cloud Storage Models: Object, Block, and File | 857 | | Storage Media: SSD versus HDD | 639 | | Load Balancers, Hypervisors, and Content Delivery | 253 | | Cloud Security Services and the Cost of DDoS | 230 | | Event-Driven Architecture: Queues, Pub/Sub, and Event Buses | 220 | | AI for Security and Security for AI | 263 | | 17.10 Internet of Things Security | 0 | | The IoT Attack Surface | 47 | | Consequences | 57 | | Smart-Home Energy Data and Privacy-Preserving Forecasting | 234 | | 17.11 Zero-Day Markets and Disclosure | 0 | | The Zero-Day Economy | 54 | | Responsible Disclosure and Bug Bounties | 48 | | 17.12 Securing AI Systems: Agentic AI, Red Teaming, and the Model Supply Chain | 301 | | Lab: Crafting an Adversarial Example | 83 | | Lab: Recognizing Prompt Injection | 104 | | Chapter Summary | 106 | | Why This Matters | 71 | | News in Focus: The Post-Quantum Migration Begins | 72 | | Review Questions (MCQ) | 342 | | Lab Assignment | 192 | | References | 301 | ### Chapter 18: Privacy, Law, and Information Governance *4,806 markdown words (9.6 pages); 387 code words.* | Section | Words | |---|---:| | Learning Objectives | 101 | | Key Terms | 170 | | 18.1 Foundational Privacy Principles | 0 | | The 1973 HEW Report and Fair Information Practice Principles | 91 | | The OECD Privacy Guidelines | 109 | | 18.2 GDPR | 0 | | Scope and Jurisdiction | 70 | | Lawful Bases for Processing | 115 | | Data Subject Rights | 131 | | GDPR Breach Notification | 57 | | 18.3 US Privacy Law | 0 | | HIPAA | 102 | | CCPA and CPRA | 60 | | FERPA and COPPA | 45 | | 18.4 PCI DSS | 0 | | Scope and Requirements | 43 | | Scoping and Cardholder Data Environment | 59 | | 18.5 Privacy by Design | 0 | | The Seven Foundational Principles | 60 | | Data Protection Impact Assessments | 124 | | 18.6 The Fourth Amendment and the Reasonable Expectation of Privacy | 54 | | The Katz Reasonable-Expectation-of-Privacy Test | 198 | | The Third-Party Doctrine and Its Erosion | 147 | | Current Issue: Geofence Warrants and Chatrie v. United States | 281 | | What the Chatrie Oral Argument Signaled | 592 | | 18.7 Entrapment versus Enticement in Investigations | 482 | | 18.8 Computer-Crime Law: CFAA, DMCA, and the Ethical Hacker | 232 | | 18.9 The Global Privacy Landscape and Breach Notification | 219 | | 18.10 Cryptography, Lawful Access, and Privacy-Enhancing Technologies | 330 | | Chapter Summary | 107 | | Why This Matters | 50 | | News in Focus: Billion-Euro GDPR Enforcement | 76 | | Review Questions (MCQ) | 325 | | Lab Assignment | 203 | | References | 68 | ### Chapter 19: Security Governance, Policy, and Culture *6,329 markdown words (12.7 pages); 482 code words.* | Section | Words | |---|---:| | Learning Objectives | 97 | | Key Terms | 128 | | 19.1 What Security Governance Is | 48 | | Why Governance Matters | 50 | | 19.2 The CISO Role | 0 | | Strategic Responsibilities | 44 | | Organizational Models | 83 | | Reporting Lines and Independence | 62 | | 19.3 The Policy Hierarchy | 0 | | Policy | 92 | | Standard | 47 | | Procedure | 54 | | Guideline | 44 | | 19.4 Board-Level Security Reporting | 0 | | Communicating Risk in Business Language | 68 | | Key Metrics for Board Reporting | 78 | | Key Risk Indicators | 47 | | 19.5 Security Culture | 0 | | What Culture Is and Why It Matters | 89 | | Tone at the Top | 66 | | Building a Positive Security Culture | 115 | | 19.6 Common Compliance Frameworks | 192 | | Frameworks, Methodologies, and Tools | 117 | | NIST CSF, ISO/IEC 27001, and the RMF Compared | 195 | | FISMA in Depth | 275 | | NIST SP 800-53 in Depth | 262 | | FedRAMP in Depth | 399 | | 19.7 NIST Cybersecurity Framework 2.0 and the Govern Function | 268 | | The NIST AI Risk Management Framework (AI RMF 1.0) | 249 | | CSF 2.0 versus AI RMF 1.0 | 232 | | 19.8 Cybersecurity Governance at the Municipal Level | 135 | | Benchmarking Readiness with Automated Policy Analytics | 305 | | Governance and Supply-Chain Gaps | 350 | | Compliance Reports, Certifications, and Agreements | 342 | | 19.9 Governance, Risk, and Compliance (GRC) as an Integrated Discipline | 229 | | 19.10 Audits, Assurance, and Security Maturity | 222 | | 19.11 Third-Party Risk and the Human Layer of Governance | 347 | | Chapter Summary | 96 | | Why This Matters | 63 | | News in Focus: SEC Enforcement Against CISOs and Boards | 67 | | Review Questions (MCQ) | 368 | | Lab Assignment | 190 | | References | 116 | ### Chapter 20: Industrial Control Systems and OT Security *3,663 markdown words (7.3 pages); 442 code words.* | Section | Words | |---|---:| | Learning Objectives | 105 | | Key Terms | 148 | | 20.1 IT Versus OT: A Fundamental Difference in Priorities | 75 | | Safety as the Overriding Priority | 57 | | 20.2 ICS Components | 0 | | Programmable Logic Controllers | 67 | | SCADA Systems | 53 | | Human-Machine Interfaces | 61 | | ICS Components and Protocols in Depth | 163 | | 20.3 The Purdue Model and Network Segmentation | 96 | | The Industrial DMZ | 57 | | Air Gaps and Their Limitations | 66 | | The Purdue Model, IEC 62443, and OT Defense in Depth | 372 | | 20.4 OT-Specific Security Challenges | 0 | | Legacy Equipment and Long Lifecycles | 69 | | Availability Requirements | 51 | | Protocol Insecurity | 65 | | 20.5 ICS Malware Case Studies | 0 | | Stuxnet (2010) | 69 | | Industroyer/CRASHOVERRIDE (2016) | 44 | | TRITON/TRISIS (2017) | 56 | | ICS Malware: Additional Case Studies | 192 | | 20.6 IEC 62443 and NIST SP 800-82 | 0 | | IEC 62443 | 49 | | NIST SP 800-82 | 41 | | 20.7 OT Defense-in-Depth | 176 | | 20.8 OT Incident Response, Safety, and Resilience | 557 | | Chapter Summary | 93 | | Why This Matters | 81 | | News in Focus: Attacks on Water-Treatment Facilities | 88 | | Review Questions (MCQ) | 372 | | Lab Assignment | 193 | | References | 57 | ### Appendix A: Security Command Reference *1,653 markdown words (3.3 pages); 0 code words.* | Section | Words | |---|---:| | Network Scanning and Enumeration | 0 | | Nmap | 80 | | DNS Enumeration | 39 | | Web Enumeration | 37 | | Password and Credential Tools | 54 | | Forensics | 82 | | Network Analysis | 49 | | Cryptography | 72 | | Python One-Liners | 42 | | Security Tools Reference | 30 | | Metasploit Framework (exploitation -- Chapter 9) | 39 | | Wireshark / tshark (packet analysis -- Chapters 3, 8) | 36 | | hping3 (packet crafting / testing -- Chapters 3, 8) | 40 | | LOIC (Low Orbit Ion Cannon) (DoS demonstration -- Chapter 3) | 27 | | Nmap (scanning and mapping -- Chapters 7, 8) | 36 | | John the Ripper (password cracking -- Chapters 2 and 9) | 22 | | Hashcat (GPU password cracking -- Chapters 2 and 9) | 31 | | Aircrack-ng (wireless auditing -- Chapters 3, 16) | 35 | | Snort (intrusion detection/prevention -- Chapters 12, 17) | 50 | | Zeek (network security monitoring -- Chapters 12, 17) | 54 | | pfSense (firewall / router -- Chapters 11, 17) | 103 | | OWASP Tools and Projects | 43 | | OWASP ZAP (Zed Attack Proxy) (web app testing -- Chapter 10) | 74 | | OWASP WebGoat (deliberately vulnerable app -- Chapters 6, 10) | 43 | | OWASP Juice Shop (deliberately vulnerable app -- Chapter 10) | 27 | | OWASP Amass (attack-surface discovery -- Chapter 7) | 33 | | OWASP Dependency-Check (software composition analysis -- Chapters 5, 10) | 80 | | Reverse Engineering with Ghidra | 365 | ### Appendix B: Glossary *2,345 markdown words (4.7 pages); 0 code words.* | Section | Words | |---|---:| | Cloud and Infrastructure Terminology | 1,490 | ### Appendix C: Certification Mapping *1,277 markdown words (2.6 pages); 0 code words.* | Section | Words | |---|---:| | C.1 (ISC)2 CISSP - 8 Domains | 177 | | C.2 CompTIA Security+ SY0-701 - 5 Domains | 129 | | C.3 EC-Council CEH v13 - 9 Domains | 175 | | C.4 ISACA CISA - 5 Domains | 140 | | C.5 (ISC)2 CGRC / CAP - 7 Job Practice Areas (NIST RMF) | 167 | | C.6 Chapter-to-Certification Coverage Matrix | 378 | ### Appendix D: ABET Outcomes and Bloom's Taxonomy Mapping *775 markdown words (1.6 pages); 0 code words.* | Section | Words | |---|---:| | ABET Student Outcomes (computing programs, Criterion 3) | 99 | | Bloom's Revised Cognitive Taxonomy (lowest to highest order) | 93 | | Chapter Mapping | 382 | | Coverage Summary | 137 | ### Appendix E: Selected Works by the Author *1,540 markdown words (3.1 pages); 0 code words.* | Section | Words | |---|---:| | Cryptography and Privacy-Preserving Computation | 263 | | Privacy-Preserving Machine Learning and Emerging Topics | 148 | | Security Analytics, Monitoring, and Detection | 68 | | Networking, Wireless, and Packet Analysis | 121 | | Offensive Security, Social Engineering, and Capture the Flag | 135 | | Software, Systems, Data, and Governance | 313 | | Additional Notes, Talks, and Early Works (by topic) | 405 | ### Appendix F: Companion Code and Repositories *1,169 markdown words (2.3 pages); 0 code words.* | Section | Words | |---|---:| | Worked Code Examples in This Book | 375 | | Author Repositories (github.com/devharsh) | 191 | | Computer Tips Organization (github.com/com-puter-tips) | 182 | | Companion Blog Tutorials (com.puter.tips) | 347 | ### Appendix H: Capstone and Group Project Ideas *1,930 markdown words (3.9 pages); 0 code words.* | Section | Words | |---|---:| | H.1 Deliverables and Scholarly Lifecycle | 85 | | H.2 Track 1: Advanced Research, Innovation, and Privacy-Preserving Systems | 170 | | H.3 Track 2: Autonomous Threats, AI Security, and Offensive Security | 77 | | H.4 Track 3: Specialized Technical Tools and Ethical Hacking | 152 | | H.5 Track 4: Defensive Security, Detection, and Digital Forensics | 88 | | H.6 Track 5: Penetration Testing, Governance, Privacy, and Society | 193 | | H.7 GitHub Submission Standards | 71 | | H.8 Approved Preprint Servers for DOI Generation | 34 | | H.9 Where to Publish Each Type of Research Output (Free Platforms) | 671 | | H.10 Example Completed Student Projects (Spring 2026) | 195 | ### Appendix I: Protocol Security Reference *3,230 markdown words (6.5 pages); 0 code words.* | Section | Words | |---|---:| | I.1 Internet and Transport Layer | 278 | | I.2 Naming and Address Assignment | 270 | | I.3 Web, Transport Security, and Identity | 386 | | I.4 Email | 128 | | I.5 File Transfer, Remote Access, and Sharing | 336 | | I.6 Management, Authentication, Time, and Logging | 296 | | I.7 VPN and Tunneling | 240 | | I.8 Routing, Switching, and Redundancy | 197 | | I.9 Wireless | 139 | | I.10 Multimedia, Messaging, IoT, and Discovery | 334 | | I.11 Industrial Control Systems and Operational Technology | 192 | | I.12 Storage Interfaces | 152 | | I.13 How to Use This Reference | 127 |