Business Continuity and Disaster Recovery for InfoSec ManagersElsevier, 2011. gada 8. apr. - 408 lappuses Every year, nearly one in five businesses suffers a major disruption to its data or voice networks or communications systems. Since 9/11 it has become increasingly important for companies to implement a plan for disaster recovery. This comprehensive book addresses the operational and day-to-day security management requirements of business stability and disaster recovery planning specifically tailored for the needs and requirements of an Information Security Officer. This book has been written by battle tested security consultants who have based all the material, processes and problem- solving on real-world planning and recovery events in enterprise environments world wide. John has over 25 years experience in the IT and security sector. He is an often sought management consultant for large enterprise and is currently a member of the Federal Communication Commission's Homeland Security Network Reliability and Interoperability Council Focus Group on Cybersecurity, working in the Voice over Internet Protocol workgroup. James has over 30 years experience in security operations and technology assessment as a corporate security executive and positions within the intelligence, DoD, and federal law enforcement communities. He has a Ph.D. in information systems specializing in information security and is a member of Upsilon Pi Epsilon (UPE), the International Honor Society for the Computing and Information Disciplines. He is currently an Independent Consultant. · Provides critical strategies for maintaining basic business functions when and if systems are shut down · Establishes up to date methods and techniques for maintaining second site back up and recovery · Gives managers viable and efficient processes that meet new government rules for saving and protecting data in the event of disasters |
Saturs
xv | |
xix | |
lxix | |
1 | |
Chapter 2 Assessing Risk | 23 |
Chapter 3 Mitigation Strategies | 97 |
Chapter 4 Preparing for a Possible Emergency | 133 |
Chapter 5 Disaster Recovery Phase | 155 |
Chapter 7 Testing Auditing and Training | 193 |
Chapter 8 Maintaining a Business Continuity Plan | 241 |
BCPDR Glossary | 253 |
General References | 275 |
A Sample Recovery Checklist | 283 |
B Physical Facility Questionnaire | 291 |
C Organizational Security Management | 295 |
Index | 323 |
Citi izdevumi - Skatīt visu
Business Continuity and Disaster Recovery for Infosec Managers John W. Rittinghouse,James F. Ransome Priekšskatījums nav pieejams - 2005 |
Bieži izmantoti vārdi un frāzes
access control activities administrators alternate analysis applications appropriate areas assets audit backup and recovery BCP project business continuity plans business functions business processes changes communications Computer Security configuration contingency plan coordinator corporate cost critical damage determine disaster recovery phase disaster recovery plan discretionary access control disruption documents effective emergency employees ensure environment equipment event facility failure fire hackers hardware HIPAA identify impact implement incident information security information systems infrastructure Internet John the Ripper L0phtCrack loss maintenance ment monitoring necessary Nessus Nmap occur offsite operating system organization organization’s organizational outage Page/Section Password Cracking passwords personnel potential procedures protect recovery process responsible restored result risk assessment risk management security manager security policy server specific spyware storage testing threat tion types updated vendor vulnerability
Populāri fragmenti
193. lappuse - Administration (NCUA), the Office of the Comptroller of the Currency (OCC), and the Office of Thrift Supervision (OTS), and to make recommendations to promote uniformity in the supervision of financial institutions.
xxx. lappuse - If two or more persons conspire either to commit any offense against the United States or to defraud the United States, or any agency thereof in any manner or for any purpose, and one or more of such persons do any act to effect the object of the conspiracy, each shall be fined not more than $10,000 or imprisoned not more than five years, or both.
157. lappuse - ... make and keep books, records, and accounts, which, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the issuer...
48. lappuse - Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 (USA Patriot Act) was enacted on October 26, 2001.
103. lappuse - Packet filter: Looks at each packet entering or leaving the network and accepts or rejects it based on user-defined rules. Packet filtering is fairly effective and transparent to users, but it is difficult to configure. In addition, it is susceptible to IP spoofing.
62. lappuse - ... the Environmental Protection Agency [EPA] and the Occupational Safety and Health Administration [OSHA]).
103. lappuse - A firewall is a system designed to prevent unauthorized access to or from a private network. Firewalls can be implemented in both hardware and software, or a combination of both.
xlvii. lappuse - Discretionary access control (DAC) — a means of restricting access to objects based on the identity of subjects and/or groups to which they belong. The controls are discretionary in the sense that: (a) A subject with a certain access permission is capable of passing that permission (perhaps indirectly) on to any other subject; (b) DAC is often employed to enforce need-to-know; (c) Access control may be changed by an authorized individual.
106. lappuse - Spyware, also called adware, is any software that covertly gathers user information through the user's internet connection without his or her knowledge, usually for advertising purposes. Spyware applications are typically bundled as a hidden component of freeware or shareware programs that can be downloaded from the internet. Once installed, the spyware monitors user activity on the internet and transmits that information in the background to someone else.
xxv. lappuse - Auction fraud and nondelivery of payment or merchandise are both types of confidence fraud and are the most reported offenses to the IFCC. The Nigerian Letter Scam is another offense classified under confidence fraud. The Nigerian Letter Scam...