1300 187 187
Most businesses are aware of the danger posed by malicious network intruders and other internal and external security threats. Unfortunately, in many cases the actions they have taken to secure people, information and infrastructure from outside attacks are inefficient or incomplete. Responding to security threats and incidents requires a competent mixture of risk management, security policies and procedures, security auditing, incident response, legal and law enforcement issues, and privacy.
Critical Incident Management presents an expert overview of the elements that organizations need to address in order to prepare for and respond to network and information security violations. Written in a concise, practical style that emphasizes key points, this guide focuses on the establishment of policies and actions that prevent the loss of critical information or damage to infrastructure.
CTOs, CFOs, Chief Legal Officers, and senior IT managers can rely on this book to develop plans that thwart critical security incidents. And if such incidents do occur, these executives will have a reference to help put the people and procedures in place to contain the damage and get back to business.
| Risk Management | p. 1 |
| Ancient History: My, How Time Passes when You're Having Fun | p. 1 |
| Critical Incidents: Damaging Critical Assets | p. 3 |
| Risk Definitions: No Dictionaries, Please | p. 5 |
| Yes, Sir. I'm Motivated! Fear, Uncertainty, and Doubt | p. 7 |
| PDD 63 (President's Decision Directive) | p. 8 |
| The Law Is the Law | p. 8 |
| CIA: Not the Central Intelligence Agency | p. 9 |
| Down to Risk-Business | p. 10 |
| GOOOAAALLL! | p. 10 |
| Plan to Plan | p. 11 |
| Risk Assessments | p. 14 |
| A Little Organization, Please | p. 14 |
| Best Practices in Risk Assessments | p. 16 |
| The Facts and Only the Facts | p. 18 |
| Ask Good Questions of Good People and You Will Get Good Answers | p. 20 |
| And Now a Word about Asset Criticality | p. 20 |
| Mathematics Can Be Simple, even for the Mathematically Challenged | p. 21 |
| Are You Threatening Me? | p. 22 |
| Protection Strategies | p. 26 |
| Disaster Recovery Plans: Murphy's Law | p. 32 |
| Who's in Charge Here, Anyway? | p. 35 |
| Risk Assessment Reports | p. 38 |
| Suggestions | p. 39 |
| Policies and Procedures | p. 41 |
| Policies, Procedures, Standards, and Politics | p. 41 |
| Et Tu, Policy | p. 42 |
| Trust Models: Trust Me, I'm a Good Person | p. 44 |
| The Policy of Policy Development | p. 44 |
| Policy Writing Techniques | p. 48 |
| Policy Distributions | p. 50 |
| Enhancements to Written Policies | p. 50 |
| E-Mail Policy: Avoiding Hidden Risks | p. 51 |
| Information Tsunami | p. 51 |
| To Keep or Not to Keep, that Is the Question | p. 53 |
| What's in that Cute Little E-Mail Mailbox? | p. 54 |
| Employees Must Think before Clicking the Send Button: Is There an Undelete Button? | p. 54 |
| Employee Privacy Expectations and Legal Rights | p. 57 |
| Connecting to the Internet: Policies and Procedures of Survivability | p. 69 |
| Systems Development Lifecycle (SDLC) | p. 71 |
| Physical and Environmental Safety | p. 76 |
| Network Management Policies | p. 77 |
| Forensics Policy: Looking for Evidence | p. 78 |
| Wireless Network Security | p. 82 |
| Network Vulnerability Assessment Policies: Why Am I Hearing about My Network Leaking Sensitive Information on the News? | p. 85 |
| Vendor Policies and Procedures | p. 87 |
| Policies and Procedures Involving Outsourcing: What Is Yours and What Is Mine? | p. 89 |
| Employee Privacy Policy | p. 91 |
| Internet Firewall Policy | p. 91 |
| Intrusion Detection Policies | p. 95 |
| Web Server Security Policies and Procedures | p. 97 |
| Web Server Policies and Procedures | p. 97 |
| Information Systems Support Policies | p. 98 |
| Securing Systems | p. 100 |
| The Auditors Are Coming. The Auditors Are Coming | p. 103 |
| Information Technology Human Resources Management Policies: Yes, Virginia, IT Employees Really Are Different | p. 105 |
| Employee Training | p. 108 |
| Conclusion | p. 109 |
| Auditing | p. 111 |
| Auditing for the Masses | p. 111 |
| Auditors: Who Are They? | p. 113 |
| Controls | p. 117 |
| Subsystem Interaction and Reliability | p. 118 |
| Evidence Collection: Evidence Is not just Evidence | p. 121 |
| Audit Management Planning | p. 129 |
| Audit Conferences: More (but Important) Meetings You Need to Attend | p. 145 |
| Vulnerability Self-Assessments | p. 150 |
| Specialized Auditing Matters | p. 154 |
| Network Vulnerability Assessments: The Practical Examination of Your System | p. 171 |
| Web Application Vulnerability Assessments | p. 191 |
| Auditing Remote System Administration | p. 202 |
| Firewall Auditing: First We Build an Impregnable Barrier, then We Punch Holes in It | p. 204 |
| Auditing Wireless Networks: Who Is Listening to My Network Traffic? | p. 206 |
| Auditing Security Measures Preventing Automated Attacks | p. 212 |
| Auditing E-Commerce Web Sites | p. 214 |
| Critical Incident Response and CIRT Development | p. 229 |
| Critical Incident Management | p. 229 |
| Critical Incident Detection: How to Know What Is Serious and What Is Not | p. 235 |
| Collecting Evidence | p. 260 |
| Performing Forensic Duplication: When a Clone Really Is a Clone | p. 267 |
| Forensic Investigation: Not Exactly a Needle in a Haystack | p. 285 |
| Responding to Windows NT Incidents | p. 293 |
| Examining the Evidence: Taking a Look when You Have Time | p. 296 |
| UNIX-Based Investigations | p. 307 |
| Types of Malicious Code Attacks: Even Kevlar Will not Stop all Attacks | p. 315 |
| Forming a Critical Incident Response Team | p. 324 |
| CIRT Composition: What Kind of Skills and Talent Do I Need for a CIRT? | p. 331 |
| Legal Matters | p. 341 |
| Legal Functions: More than Speeding Tickets | p. 341 |
| Investigators' Goals | p. 342 |
| Common Types of Unlawful Acts | p. 343 |
| Copyrights, Trademarks, Service Marks, Patents, and Trade Secrets Comprising Intellectual Property | p. 343 |
| Fraud in the Workplace | p. 354 |
| Evidence, Its Collection, Preservation, Analysis, and Introduction at Trial | p. 356 |
| The Cost of Computer Crime | p. 357 |
| Criminal Law | p. 358 |
| Civil Suits | p. 374 |
| Privacy | p. 381 |
| Privacy Expectations | p. 381 |
| Privacy Protection | p. 383 |
| Employee Privacy: Is Monitoring the Same as Spying? | p. 391 |
| Industry-Specific Privacy Issues | p. 397 |
| Appendix A | p. 409 |
| Port Numbers (Updated 2/9/2003) | p. 409 |
| Well-Known Port Numbers | p. 409 |
| References | p. 449 |
| Site Security Handbook RFC 2196 | p. 451 |
| Status | p. 451 |
| Abstract | p. 451 |
| Table of Contents | p. 451 |
| Introduction | p. 452 |
| Security Policies | p. 456 |
| Architecture | p. 459 |
| Security Services and Procedures | p. 468 |
| Security Incident Handling | p. 478 |
| Ongoing Activities | p. 493 |
| Tools and Locations | p. 494 |
| Mailing Lists and Other Resources | p. 495 |
| References | p. 496 |
| Appendix C | p. 503 |
| Tools | p. 503 |
| Vulnerability Lists | p. 504 |
| Bulletins and Listservs | p. 504 |
| Index | p. 505 |
| Table of Contents provided by Ingram. All Rights Reserved. |
ISBN: 9780849300103
ISBN-10: 084930010X
Audience:
Professional
Format:
Hardcover
Language:
English
Number Of Pages: 552
Published: 29th September 2003
Dimensions (cm): 25.4 x 17.8
x 3.2
Weight (kg): 1.111
9am - 4pm AEST, Monday - Friday
