Book Description
Every year, nearly one in five businesses suffers a major disruption to its data or voice networks or
communications systems. Since 9/11 it has become increasingly important for companies to implement a
plan for disaster recovery. This comprehensive book addresses the operational and day-to-day security
management requirements of business stability and disaster recovery planning specifically tailored for the needs and requirements of an Information Security Officer.
This book has been written by battle tested security consultants who have based all the material, processes and problem- solving on real-world planning and recovery events in enterprise environments world wide.
John has over 25 years experience in the IT and security sector. He is an often sought management consultant for large enterprise and is currently a member of the Federal Communication Commission's Homeland Security Network Reliability and Interoperability Council Focus Group on Cybersecurity, working in the Voice over Internet Protocol workgroup.
James has over 30 years experience in security operations and technology assessment as a corporate security executive and positions within the intelligence, DoD, and federal law enforcement communities. He has a Ph.D. in information systems specializing in information security and is a member of Upsilon Pi Epsilon (UPE), the International Honor Society for the Computing and Information Disciplines. He is currently an Independent Consultant.
· Provides critical strategies for maintaining basic business functions when and if systems are shut down
· Establishes up to date methods and techniques for maintaining second site back up and recovery
· Gives managers viable and efficient processes that meet new government rules for saving and protecting data in the event of disasters Book Description
Every year, nearly one in five businesses suffers a major disruption to its data or voice networks or
communications systems. Since 9/11 it has become increasingly important for companies to implement a
plan for disaster recovery. This comprehensive book addresses the operational and day-to-day security
management requirements of business stability and disaster recovery planning specifically tailored for the needs and requirements of an Information Security Officer.
This book has been written by battle tested security consultants who have based all the material, processes and problem- solving on real-world planning and recovery events in enterprise environments world wide.
John has over 25 years experience in the IT and security sector. He is an often sought management consultant for large enterprise and is currently a member of the Federal Communication Commission's Homeland Security Network Reliability and Interoperability Council Focus Group on Cybersecurity, working in the Voice over Internet Protocol workgroup.
James has over 30 years experience in security operations and technology assessment as a corporate security executive and positions within the intelligence, DoD, and federal law enforcement communities. He has a Ph.D. in information systems specializing in information security and is a member of Upsilon Pi Epsilon (UPE), the International Honor Society for the Computing and Information Disciplines. He is currently an Independent Consultant.
· Provides critical strategies for maintaining basic business functions when and if systems are shut down
· Establishes up to date methods and techniques for maintaining second site back up and recovery
· Gives managers viable and efficient processes that meet new government rules for saving and protecting data in the event of disasters
Table of Contents
- Front Cover
- Business Continuity and Disaster Recovery for InfoSec Managers
- Copyright Page
- Contents (1/2)
- Contents (2/2)
- Foreword
- Foreword by Mr. Paul Kurtz
- Introduction
- Introduction: Business Security 101
- The State of the BCP and Network Disaster Recovery Industry: Where Are We and Why?
- Threats to Personal Privacy
- Fraud and Theft
- Internet Fraud
- Employee Sabotage
- Infrastructure Attacks
- Malicious Hackers
- Malicious Coders
- Industrial Espionage
- Social Engineering
- Educate Staff and Security Personnel (1/2)
- Educate Staff and Security Personnel (2/2)
- Managing Access
- Physical Access
- Access Control
- Access Control Models (1/3)
- Access Control Models (2/3)
- Access Control Models (3/3)
- Password Management (1/2)
- Password Management (2/2)
- Security Management Practices
- Chapter Summary
- Endnotes
- Acknowledgments
- Chapter 1. Contingency and Continuity Planning
- 1.1 Business Continuity Planning (1/2)
- 1.1 Business Continuity Planning (2/2)
- 1.2 BCP Standards and Guidelines
- 1.3 BCP Project Organization (1/2)
- 1.3 BCP Project Organization (2/2)
- 1.4 Chapter Summary
- 1.5 Endnotes
- Chapter 2. Assessing Risk
- 2.1 Determining Threats
- 2.2 Risk Management
- 2.3 The Risk Manager
- 2.4 Risk Assessment
- 2.5 Emergency Incident Assessment (1/7)
- 2.5 Emergency Incident Assessment (2/7)
- 2.5 Emergency Incident Assessment (3/7)
- 2.5 Emergency Incident Assessment (4/7)
- 2.5 Emergency Incident Assessment (5/7)
- 2.5 Emergency Incident Assessment (6/7)
- 2.5 Emergency Incident Assessment (7/7)
- 2.6 Business Risk Assessment
- 2.7 Business Impact Analysis (BIA) (1/4)
- 2.7 Business Impact Analysis (BIA) (2/4)
- 2.7 Business Impact Analysis (BIA) (3/4)
- 2.7 Business Impact Analysis (BIA) (4/4)
- 2.8 Information Security, IT and Communications (1/2)
- 2.8 Information Security, IT and Communications (2/2)
- 2.9 Chapter Summary
- 2.10 Endnotes
- Chapter 3. Mitigation Strategies
- 3.1 Preventative Measures for Information Security Managers (1/2)
- 3.1 Preventative Measures for Information Security Managers (2/2)
- 3.2 Information Security Preventative Controls
- 3.3 Other Preventative Controls
- 3.4 Summary of Existing Emergency Procedures
- 3.5 Key Personnel for Handling Emergency Procedures
- 3.6 External Emergency Services
- 3.7 Premises Issues
- 3.8 Chapter Summary
- 3.9 Endnotes
- Chapter 4. Preparing for a Possible Emergency
- 4.1 Backup and Recovery Procedures
- 4.2 IT Systems Recovery (1/4)
- 4.2 IT Systems Recovery (2/4)
- 4.2 IT Systems Recovery (3/4)
- 4.2 IT Systems Recovery (4/4)
- 4.3 Key BCP Personnel and Supplies
- 4.4 Key Documents and Procedures
- 4.5 Chapter Summary
- 4.6 Endnotes
- Chapter 5. Disaster Recovery Phase
- 5.1 Disaster Recovery Legal Issues
- 5.2 Planning for Handling the Emergency (1/2)
- 5.2 Planning for Handling the Emergency (2/2)
- 5.3 Disaster Recovery Team Management Actions
- 5.4 Notification and Reporting in Disaster Recovery Phase
- 5.5 Disaster Recovery Phase Report
- 5.6 Chapter Summary
- 5.7 Endnotes
- Chapter 6. Business Recovery Phase
- 6.1 Business Recovery Planning Process
- 6.2 Planning Business Recovery Activities
- 6.3 Chapter Summary
- Chapter 7. Testing, Auditing, and Training
- 7.1 Testing the Business Recovery Process
- 7.2 Security Testing
- 7.3 The Open Source Security Testing Methodology Manual
- 7.4 Monitoring and Updating
- 7.5 Hardening Systems
- 7.6 System Patches
- 7.7 Auditing Fundamentals
- 7.8 Auditor's Role in Developing Security Policies
- 7.9 Auditing Standards and Groups
- 7.10 Audit Oversight Committee
- 7.11 Auditing and Assessment Strategies
- 7.12 Basic Audit Methods and Tools
- 7.13 General Information Systems (IS) Audit Process
- 7.14 Perimeter Audits
- 7.15 Using Nmap
- 7.16 Mapping the Network with Nmap
- 7.17 Analyzing Nmap Scan Results
- 7.18 Penetration Testing Using Nessus
- 7.19 Training Staff for the Business Recovery Process
- 7.20 Chapter Summary
- 7.21 Endnotes
- Chapter 8. Maintaining a Business Continuity Plan
- 8.1 How to Maintain the Business Continuity Plan
- 8.2 BCP Maintenance
- 8.3 BCP Distribution Issues
- 8.4 Awareness and Training Programs
- 8.5 Monitor and Review
- 8.6 Roles and Responsibilities for Maintaining the BCP Plan
- 8.7 Chapter Summary
- BCP/DR Glossary (1/5)
- BCP/DR Glossary (2/5)
- BCP/DR Glossary (3/5)
- BCP/DR Glossary (4/5)
- BCP/DR Glossary (5/5)
- General References (1/2)
- General References (2/2)
- A. Sample Recovery Checklist
- A.1 Recovery Checklist (Incident Response Team)
- B Physical Facility Questionnaire
- C Organizational Security Management
- C.1 Organizational Security Management
- C.2 Security Management Areas of Responsibility (1/2)
- C.2 Security Management Areas of Responsibility (2/2)
- C.3 Security Policies (1/2)
- C.3 Security Policies (2/2)
- C.4 Security Personnel
- C.5 Management of Security Professionals
- C.6 Summary
- C.7 Endnotes
- Index (1/4)
- Index (2/4)
- Index (3/4)
- Index (4/4)