O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Business Continuity and Disaster Recovery for InfoSec Managers

Book Description

Every year, nearly one in five businesses suffers a major disruption to its data or voice networks or
communications systems. Since 9/11 it has become increasingly important for companies to implement a
plan for disaster recovery. This comprehensive book addresses the operational and day-to-day security
management requirements of business stability and disaster recovery planning specifically tailored for the needs and requirements of an Information Security Officer.

This book has been written by battle tested security consultants who have based all the material, processes and problem- solving on real-world planning and recovery events in enterprise environments world wide.

John has over 25 years experience in the IT and security sector. He is an often sought management consultant for large enterprise and is currently a member of the Federal Communication Commission's Homeland Security Network Reliability and Interoperability Council Focus Group on Cybersecurity, working in the Voice over Internet Protocol workgroup.

James has over 30 years experience in security operations and technology assessment as a corporate security executive and positions within the intelligence, DoD, and federal law enforcement communities. He has a Ph.D. in information systems specializing in information security and is a member of Upsilon Pi Epsilon (UPE), the International Honor Society for the Computing and Information Disciplines. He is currently an Independent Consultant.

· Provides critical strategies for maintaining basic business functions when and if systems are shut down
· Establishes up to date methods and techniques for maintaining second site back up and recovery
· Gives managers viable and efficient processes that meet new government rules for saving and protecting data in the event of disasters

Table of Contents

  1. Front Cover
  2. Business Continuity and Disaster Recovery for InfoSec Managers
  3. Copyright Page
  4. Contents (1/2)
  5. Contents (2/2)
  6. Foreword
    1. Foreword by Mr. Paul Kurtz
  7. Introduction
    1. Introduction: Business Security 101
    2. The State of the BCP and Network Disaster Recovery Industry: Where Are We and Why?
    3. Threats to Personal Privacy
    4. Fraud and Theft
    5. Internet Fraud
    6. Employee Sabotage
    7. Infrastructure Attacks
    8. Malicious Hackers
    9. Malicious Coders
    10. Industrial Espionage
    11. Social Engineering
    12. Educate Staff and Security Personnel (1/2)
    13. Educate Staff and Security Personnel (2/2)
    14. Managing Access
    15. Physical Access
    16. Access Control
    17. Access Control Models (1/3)
    18. Access Control Models (2/3)
    19. Access Control Models (3/3)
    20. Password Management (1/2)
    21. Password Management (2/2)
    22. Security Management Practices
    23. Chapter Summary
    24. Endnotes
  8. Acknowledgments
  9. Chapter 1. Contingency and Continuity Planning
    1. 1.1 Business Continuity Planning (1/2)
    2. 1.1 Business Continuity Planning (2/2)
    3. 1.2 BCP Standards and Guidelines
    4. 1.3 BCP Project Organization (1/2)
    5. 1.3 BCP Project Organization (2/2)
    6. 1.4 Chapter Summary
    7. 1.5 Endnotes
  10. Chapter 2. Assessing Risk
    1. 2.1 Determining Threats
    2. 2.2 Risk Management
    3. 2.3 The Risk Manager
    4. 2.4 Risk Assessment
    5. 2.5 Emergency Incident Assessment (1/7)
    6. 2.5 Emergency Incident Assessment (2/7)
    7. 2.5 Emergency Incident Assessment (3/7)
    8. 2.5 Emergency Incident Assessment (4/7)
    9. 2.5 Emergency Incident Assessment (5/7)
    10. 2.5 Emergency Incident Assessment (6/7)
    11. 2.5 Emergency Incident Assessment (7/7)
    12. 2.6 Business Risk Assessment
    13. 2.7 Business Impact Analysis (BIA) (1/4)
    14. 2.7 Business Impact Analysis (BIA) (2/4)
    15. 2.7 Business Impact Analysis (BIA) (3/4)
    16. 2.7 Business Impact Analysis (BIA) (4/4)
    17. 2.8 Information Security, IT and Communications (1/2)
    18. 2.8 Information Security, IT and Communications (2/2)
    19. 2.9 Chapter Summary
    20. 2.10 Endnotes
  11. Chapter 3. Mitigation Strategies
    1. 3.1 Preventative Measures for Information Security Managers (1/2)
    2. 3.1 Preventative Measures for Information Security Managers (2/2)
    3. 3.2 Information Security Preventative Controls
    4. 3.3 Other Preventative Controls
    5. 3.4 Summary of Existing Emergency Procedures
    6. 3.5 Key Personnel for Handling Emergency Procedures
    7. 3.6 External Emergency Services
    8. 3.7 Premises Issues
    9. 3.8 Chapter Summary
    10. 3.9 Endnotes
  12. Chapter 4. Preparing for a Possible Emergency
    1. 4.1 Backup and Recovery Procedures
    2. 4.2 IT Systems Recovery (1/4)
    3. 4.2 IT Systems Recovery (2/4)
    4. 4.2 IT Systems Recovery (3/4)
    5. 4.2 IT Systems Recovery (4/4)
    6. 4.3 Key BCP Personnel and Supplies
    7. 4.4 Key Documents and Procedures
    8. 4.5 Chapter Summary
    9. 4.6 Endnotes
  13. Chapter 5. Disaster Recovery Phase
    1. 5.1 Disaster Recovery Legal Issues
    2. 5.2 Planning for Handling the Emergency (1/2)
    3. 5.2 Planning for Handling the Emergency (2/2)
    4. 5.3 Disaster Recovery Team Management Actions
    5. 5.4 Notification and Reporting in Disaster Recovery Phase
    6. 5.5 Disaster Recovery Phase Report
    7. 5.6 Chapter Summary
    8. 5.7 Endnotes
  14. Chapter 6. Business Recovery Phase
    1. 6.1 Business Recovery Planning Process
    2. 6.2 Planning Business Recovery Activities
    3. 6.3 Chapter Summary
  15. Chapter 7. Testing, Auditing, and Training
    1. 7.1 Testing the Business Recovery Process
    2. 7.2 Security Testing
    3. 7.3 The Open Source Security Testing Methodology Manual
    4. 7.4 Monitoring and Updating
    5. 7.5 Hardening Systems
    6. 7.6 System Patches
    7. 7.7 Auditing Fundamentals
    8. 7.8 Auditor's Role in Developing Security Policies
    9. 7.9 Auditing Standards and Groups
    10. 7.10 Audit Oversight Committee
    11. 7.11 Auditing and Assessment Strategies
    12. 7.12 Basic Audit Methods and Tools
    13. 7.13 General Information Systems (IS) Audit Process
    14. 7.14 Perimeter Audits
    15. 7.15 Using Nmap
    16. 7.16 Mapping the Network with Nmap
    17. 7.17 Analyzing Nmap Scan Results
    18. 7.18 Penetration Testing Using Nessus
    19. 7.19 Training Staff for the Business Recovery Process
    20. 7.20 Chapter Summary
    21. 7.21 Endnotes
  16. Chapter 8. Maintaining a Business Continuity Plan
    1. 8.1 How to Maintain the Business Continuity Plan
    2. 8.2 BCP Maintenance
    3. 8.3 BCP Distribution Issues
    4. 8.4 Awareness and Training Programs
    5. 8.5 Monitor and Review
    6. 8.6 Roles and Responsibilities for Maintaining the BCP Plan
    7. 8.7 Chapter Summary
  17. BCP/DR Glossary (1/5)
  18. BCP/DR Glossary (2/5)
  19. BCP/DR Glossary (3/5)
  20. BCP/DR Glossary (4/5)
  21. BCP/DR Glossary (5/5)
  22. General References (1/2)
  23. General References (2/2)
  24. A. Sample Recovery Checklist
    1. A.1 Recovery Checklist (Incident Response Team)
  25. B Physical Facility Questionnaire
  26. C Organizational Security Management
    1. C.1 Organizational Security Management
    2. C.2 Security Management Areas of Responsibility (1/2)
    3. C.2 Security Management Areas of Responsibility (2/2)
    4. C.3 Security Policies (1/2)
    5. C.3 Security Policies (2/2)
    6. C.4 Security Personnel
    7. C.5 Management of Security Professionals
    8. C.6 Summary
    9. C.7 Endnotes
  27. Index (1/4)
  28. Index (2/4)
  29. Index (3/4)
  30. Index (4/4)