Business Continuity and Disaster Recovery for InfoSec Managers (eBook)
408 Seiten
Elsevier Science (Verlag)
978-0-08-052833-5 (ISBN)
communications systems. Since 9/11 it has become increasingly important for companies to implement a
plan for disaster recovery. This comprehensive book addresses the operational and day-to-day security
management requirements of business stability and disaster recovery planning specifically tailored for the needs and requirements of an Information Security Officer.
This book has been written by battle tested security consultants who have based all the material, processes and problem- solving on real-world planning and recovery events in enterprise environments world wide.
John has over 25 years experience in the IT and security sector. He is an often sought management consultant for large enterprise and is currently a member of the Federal Communication Commission's Homeland Security Network Reliability and Interoperability Council Focus Group on Cybersecurity, working in the Voice over Internet Protocol workgroup.
James has over 30 years experience in security operations and technology assessment as a corporate security executive and positions within the intelligence, DoD, and federal law enforcement communities. He has a Ph.D. in information systems specializing in information security and is a member of Upsilon Pi Epsilon (UPE), the International Honor Society for the Computing and Information Disciplines. He is currently an Independent Consultant.
?Provides critical strategies for maintaining basic business functions when and if systems are shut down
?Establishes up to date methods and techniques for maintaining second site back up and recovery
?Gives managers viable and efficient processes that meet new government rules for saving and protecting data in the event of disasters"
Every year, nearly one in five businesses suffers a major disruption to its data or voice networks or communications systems. Since 9/11 it has become increasingly important for companies to implement a plan for disaster recovery. This comprehensive book addresses the operational and day-to-day security management requirements of business stability and disaster recovery planning specifically tailored for the needs and requirements of an Information Security Officer. This book has been written by battle tested security consultants who have based all the material, processes and problem- solving on real-world planning and recovery events in enterprise environments world wide.John has over 25 years experience in the IT and security sector. He is an often sought management consultant for large enterprise and is currently a member of the Federal Communication Commission's Homeland Security Network Reliability and Interoperability Council Focus Group on Cybersecurity, working in the Voice over Internet Protocol workgroup. James has over 30 years experience in security operations and technology assessment as a corporate security executive and positions within the intelligence, DoD, and federal law enforcement communities. He has a Ph.D. in information systems specializing in information security and is a member of Upsilon Pi Epsilon (UPE), the International Honor Society for the Computing and Information Disciplines. He is currently an Independent Consultant.*Provides critical strategies for maintaining basic business functions when and if systems are shut down*Establishes up to date methods and techniques for maintaining second site back up and recovery*Gives managers viable and efficient processes that meet new government rules for saving and protecting data in the event of disasters
Front Cover 1
Business Continuity and Disaster Recovery for InfoSec Managers 4
Copyright Page 5
Contents 6
Foreword 16
Foreword by Mr. Paul Kurtz 16
Introduction 20
Introduction: Business Security 101 20
The State of the BCP and Network Disaster Recovery Industry: Where Are We and Why? 21
Threats to Personal Privacy 24
Fraud and Theft 25
Internet Fraud 25
Employee Sabotage 28
Infrastructure Attacks 28
Malicious Hackers 28
Malicious Coders 29
Industrial Espionage 30
Social Engineering 32
Educate Staff and Security Personnel 34
Managing Access 42
Physical Access 42
Access Control 43
Access Control Models 45
Password Management 58
Security Management Practices 64
Chapter Summary 65
Endnotes 66
Acknowledgments 70
Chapter 1. Contingency and Continuity Planning 72
1.1 Business Continuity Planning 73
1.2 BCP Standards and Guidelines 82
1.3 BCP Project Organization 85
1.4 Chapter Summary 91
1.5 Endnotes 92
Chapter 2. Assessing Risk 94
2.1 Determining Threats 94
2.2 Risk Management 98
2.3 The Risk Manager 99
2.4 Risk Assessment 99
2.5 Emergency Incident Assessment 101
2.6 Business Risk Assessment 136
2.7 Business Impact Analysis (BIA) 140
2.8 Information Security, IT and Communications 157
2.9 Chapter Summary 164
2.10 Endnotes 165
Chapter 3. Mitigation Strategies 168
3.1 Preventative Measures for Information Security Managers 171
3.2 Information Security Preventative Controls 178
3.3 Other Preventative Controls 181
3.4 Summary of Existing Emergency Procedures 186
3.5 Key Personnel for Handling Emergency Procedures 186
3.6 External Emergency Services 200
3.7 Premises Issues 202
3.8 Chapter Summary 202
3.9 Endnotes 203
Chapter 4. Preparing for a Possible Emergency 204
4.1 Backup and Recovery Procedures 204
4.2 IT Systems Recovery 207
4.3 Key BCP Personnel and Supplies 223
4.4 Key Documents and Procedures 223
4.5 Chapter Summary 224
4.6 Endnotes 224
Chapter 5. Disaster Recovery Phase 226
5.1 Disaster Recovery Legal Issues 227
5.2 Planning for Handling the Emergency 229
5.3 Disaster Recovery Team Management Actions 236
5.4 Notification and Reporting in Disaster Recovery Phase 237
5.5 Disaster Recovery Phase Report 239
5.6 Chapter Summary 240
5.7 Endnotes 240
Chapter 6. Business Recovery Phase 242
6.1 Business Recovery Planning Process 242
6.2 Planning Business Recovery Activities 256
6.3 Chapter Summary 261
Chapter 7. Testing, Auditing, and Training 264
7.1 Testing the Business Recovery Process 265
7.2 Security Testing 268
7.3 The Open Source Security Testing Methodology Manual 271
7.4 Monitoring and Updating 273
7.5 Hardening Systems 274
7.6 System Patches 277
7.7 Auditing Fundamentals 278
7.8 Auditor's Role in Developing Security Policies 279
7.9 Auditing Standards and Groups 281
7.10 Audit Oversight Committee 285
7.11 Auditing and Assessment Strategies 285
7.12 Basic Audit Methods and Tools 292
7.13 General Information Systems (IS) Audit Process 296
7.14 Perimeter Audits 299
7.15 Using Nmap 300
7.16 Mapping the Network with Nmap 302
7.17 Analyzing Nmap Scan Results 303
7.18 Penetration Testing Using Nessus 304
7.19 Training Staff for the Business Recovery Process 305
7.20 Chapter Summary 308
7.21 Endnotes 309
Chapter 8. Maintaining a Business Continuity Plan 312
8.1 How to Maintain the Business Continuity Plan 312
8.2 BCP Maintenance 316
8.3 BCP Distribution Issues 318
8.4 Awareness and Training Programs 319
8.5 Monitor and Review 320
8.6 Roles and Responsibilities for Maintaining the BCP Plan 320
8.7 Chapter Summary 321
BCP/DR Glossary 324
General References 346
A. Sample Recovery Checklist 354
A.1 Recovery Checklist (Incident Response Team) 354
B Physical Facility Questionnaire 362
C Organizational Security Management 366
C.1 Organizational Security Management 366
C.2 Security Management Areas of Responsibility 370
C.3 Security Policies 378
C.4 Security Personnel 384
C.5 Management of Security Professionals 389
C.6 Summary 392
C.7 Endnotes 393
Index 394
| Erscheint lt. Verlag | 8.4.2011 |
|---|---|
| Sprache | englisch |
| Themenwelt | Sachbuch/Ratgeber |
| Informatik ► Netzwerke ► Sicherheit / Firewall | |
| Wirtschaft ► Betriebswirtschaft / Management ► Unternehmensführung / Management | |
| ISBN-10 | 0-08-052833-3 / 0080528333 |
| ISBN-13 | 978-0-08-052833-5 / 9780080528335 |
| Informationen gemäß Produktsicherheitsverordnung (GPSR) | |
| Haben Sie eine Frage zum Produkt? |
PDF (Adobe DRM)Kopierschutz: Adobe-DRM
Adobe-DRM ist ein Kopierschutz, der das eBook vor Mißbrauch schützen soll. Dabei wird das eBook bereits beim Download auf Ihre persönliche Adobe-ID autorisiert. Lesen können Sie das eBook dann nur auf den Geräten, welche ebenfalls auf Ihre Adobe-ID registriert sind.
Details zum Adobe-DRM
Dateiformat: PDF (Portable Document Format)
Mit einem festen Seitenlayout eignet sich die PDF besonders für Fachbücher mit Spalten, Tabellen und Abbildungen. Eine PDF kann auf fast allen Geräten angezeigt werden, ist aber für kleine Displays (Smartphone, eReader) nur eingeschränkt geeignet.
Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen eine
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen eine
Geräteliste und zusätzliche Hinweise
Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.
aus dem Bereich
