Book description
Every year, nearly one in five businesses suffers a major disruption to its data or voice networks orcommunications systems. Since 9/11 it has become increasingly important for companies to implement a
plan for disaster recovery. This comprehensive book addresses the operational and day-to-day security
management requirements of business stability and disaster recovery planning specifically tailored for the needs and requirements of an Information Security Officer.
This book has been written by battle tested security consultants who have based all the material, processes and problem- solving on real-world planning and recovery events in enterprise environments world wide.
John has over 25 years experience in the IT and security sector. He is an often sought management consultant for large enterprise and is currently a member of the Federal Communication Commission's Homeland Security Network Reliability and Interoperability Council Focus Group on Cybersecurity, working in the Voice over Internet Protocol workgroup.
James has over 30 years experience in security operations and technology assessment as a corporate security executive and positions within the intelligence, DoD, and federal law enforcement communities. He has a Ph.D. in information systems specializing in information security and is a member of Upsilon Pi Epsilon (UPE), the International Honor Society for the Computing and Information Disciplines. He is currently an Independent Consultant.
· Provides critical strategies for maintaining basic business functions when and if systems are shut down
· Establishes up to date methods and techniques for maintaining second site back up and recovery
· Gives managers viable and efficient processes that meet new government rules for saving and protecting data in the event of disasters
Table of contents
- Front Cover
- Business Continuity and Disaster Recovery for InfoSec Managers
- Copyright Page
- Contents (1/2)
- Contents (2/2)
- Foreword
-
Introduction
- Introduction: Business Security 101
- The State of the BCP and Network Disaster Recovery Industry: Where Are We and Why?
- Threats to Personal Privacy
- Fraud and Theft
- Internet Fraud
- Employee Sabotage
- Infrastructure Attacks
- Malicious Hackers
- Malicious Coders
- Industrial Espionage
- Social Engineering
- Educate Staff and Security Personnel (1/2)
- Educate Staff and Security Personnel (2/2)
- Managing Access
- Physical Access
- Access Control
- Access Control Models (1/3)
- Access Control Models (2/3)
- Access Control Models (3/3)
- Password Management (1/2)
- Password Management (2/2)
- Security Management Practices
- Chapter Summary
- Endnotes
- Acknowledgments
- Chapter 1. Contingency and Continuity Planning
-
Chapter 2. Assessing Risk
- 2.1 Determining Threats
- 2.2 Risk Management
- 2.3 The Risk Manager
- 2.4 Risk Assessment
- 2.5 Emergency Incident Assessment (1/7)
- 2.5 Emergency Incident Assessment (2/7)
- 2.5 Emergency Incident Assessment (3/7)
- 2.5 Emergency Incident Assessment (4/7)
- 2.5 Emergency Incident Assessment (5/7)
- 2.5 Emergency Incident Assessment (6/7)
- 2.5 Emergency Incident Assessment (7/7)
- 2.6 Business Risk Assessment
- 2.7 Business Impact Analysis (BIA) (1/4)
- 2.7 Business Impact Analysis (BIA) (2/4)
- 2.7 Business Impact Analysis (BIA) (3/4)
- 2.7 Business Impact Analysis (BIA) (4/4)
- 2.8 Information Security, IT and Communications (1/2)
- 2.8 Information Security, IT and Communications (2/2)
- 2.9 Chapter Summary
- 2.10 Endnotes
-
Chapter 3. Mitigation Strategies
- 3.1 Preventative Measures for Information Security Managers (1/2)
- 3.1 Preventative Measures for Information Security Managers (2/2)
- 3.2 Information Security Preventative Controls
- 3.3 Other Preventative Controls
- 3.4 Summary of Existing Emergency Procedures
- 3.5 Key Personnel for Handling Emergency Procedures
- 3.6 External Emergency Services
- 3.7 Premises Issues
- 3.8 Chapter Summary
- 3.9 Endnotes
- Chapter 4. Preparing for a Possible Emergency
- Chapter 5. Disaster Recovery Phase
- Chapter 6. Business Recovery Phase
-
Chapter 7. Testing, Auditing, and Training
- 7.1 Testing the Business Recovery Process
- 7.2 Security Testing
- 7.3 The Open Source Security Testing Methodology Manual
- 7.4 Monitoring and Updating
- 7.5 Hardening Systems
- 7.6 System Patches
- 7.7 Auditing Fundamentals
- 7.8 Auditor's Role in Developing Security Policies
- 7.9 Auditing Standards and Groups
- 7.10 Audit Oversight Committee
- 7.11 Auditing and Assessment Strategies
- 7.12 Basic Audit Methods and Tools
- 7.13 General Information Systems (IS) Audit Process
- 7.14 Perimeter Audits
- 7.15 Using Nmap
- 7.16 Mapping the Network with Nmap
- 7.17 Analyzing Nmap Scan Results
- 7.18 Penetration Testing Using Nessus
- 7.19 Training Staff for the Business Recovery Process
- 7.20 Chapter Summary
- 7.21 Endnotes
- Chapter 8. Maintaining a Business Continuity Plan
- BCP/DR Glossary (1/5)
- BCP/DR Glossary (2/5)
- BCP/DR Glossary (3/5)
- BCP/DR Glossary (4/5)
- BCP/DR Glossary (5/5)
- General References (1/2)
- General References (2/2)
- A. Sample Recovery Checklist
- B Physical Facility Questionnaire
- C Organizational Security Management
- Index (1/4)
- Index (2/4)
- Index (3/4)
- Index (4/4)
Product information
- Title: Business Continuity and Disaster Recovery for InfoSec Managers
- Author(s):
- Release date: September 2005
- Publisher(s): Digital Press
- ISBN: 9780080528335
You might also like
book
Disaster Recovery and Business Continuity, 3rd Edition
What would you do if your systems were hacked or compromised by a virus? How would …
book
Information Security for Managers
Information systems have improved over the years to become more effective in collecting and rendering information …
book
Disaster Recovery, Crisis Response, and Business Continuity: A Management Desk Reference
You're in charge of IT, facilities, or core operations for your organization when a hurricane or …
book
Rational Cybersecurity for Business: The Security Leaders' Guide to Business Alignment
Use the guidance in this comprehensive field guide to gain the support of your top executives …