Business Continuity and Disaster Recovery for InfoSec Managers

333

Index

Ofﬁce supplies, 187

Open Source Security Testing Methodology

Manual (OSSTMM), 200–201

Operational impact, 84–86

Operations

backup and recovery, 151

as business recovery activity, 187

handing back to management, 184–85

Organizational security management, 295–

convincing management of need, 297–99

organizational structure, 296–97

security group placement, 296

security perceptions, 295

Organized/deliberate destruction, 42–54

acts of sabotage, 44–47

acts of terrorism, 42–44

acts of war, 47–49

arson, 53–54

labor disputes/industrial action, 54

theft, 49–53

See also Emergency Incident Assessment

Packet ﬁlters, 103

Password cracking, lix–lx

deﬁned, lx

for self-defense, lxi–lxii

Password management, lvii–lxiii

basic, lvii–lviii

biometric systems, lviii

L0phtCrack (LC5), lx–lxi

SmartCards, lviii

Passwords, lii

attack countermeasures, lxiii

good, characteristics, lix

Patches, 206–7

Penetration testing, 223, 233–34

Perimeter audits, 228–29

Personnel security, 304–5

Petroleum/oil shortage, 55

Physical access, xli

Physical facility questionnaire, 291–94

Physical security, 307

Physical security team, 127–28

Port protection devices (PPDs), lv–lvi

Premises issues, 131

Presidential Decision Directive (PDD) 63

and 67, 13

Preventative controls, 107–15

air conditioning, 111–12

backup/recovery management, 108–9

data backup, 108

electronic ﬁle archives, 110

emergency master system shutdown

switches, 114–15

ﬁle recovery/restore, 110

ﬁre suppression/control systems, 112–14

gasoline-/diesel-powered generators, 111

heat-resistant/waterproof containers, 114

information archives, 109

offsite storage, 109

smoke detectors/ﬁre extinguishers, 114

subﬂoor cabling and water detection

system, 114

system restart/recovery, 107–8

UPSs, 110–11

water sensors, 114

Preventative measures, 100–107

antivirus, anti-spyware, anti-spam

software, 105–6

encryption, 104

ﬁrewalls, 103–4

intrusion detection and prevention

systems, 105

theft prevention, 107

VPNs and remote access, 100–103

Privacy standards/regulations, xxxv–xxxvi

Production equipment, 189

Production line failure, 57–58

Project initiation, 3

Property

Get Business Continuity and Disaster Recovery for InfoSec Managers now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Business Continuity and Disaster Recovery for InfoSec Managers by John Rittinghouse, PhD, CISM, James F. Ransome, PhD, CISM, CISSP

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly