Principles of Incident Response & Disaster Recovery
Learn how to identify vulnerabilities within computer networks and implement countermeasures that mitigate risks and damage with Whitman/Mattord's PRINCIPLES OF INCIDENT RESPONSE & DISASTER RECOVERY, 3rd Edition. This edition offers the knowledge you need to help organizations prepare for and avert system interruptions and natural disasters. Comprehensive coverage addresses information security and IT in contingency planning today. Updated content focuses on incident response and disaster recovery. You examine the complexities of organizational readiness from an IT and business perspective with emphasis on management practices and policy requirements. You review industry's best practices for minimizing downtime in emergencies and curbing losses during and after system service interruptions. This edition includes the latest NIST knowledge, expanded coverage of security information and event management (SIEM) and unified threat management, and more explanations of cloud-based systems and Web-accessible tools to prepare you for success.
1137345681
Principles of Incident Response & Disaster Recovery
Learn how to identify vulnerabilities within computer networks and implement countermeasures that mitigate risks and damage with Whitman/Mattord's PRINCIPLES OF INCIDENT RESPONSE & DISASTER RECOVERY, 3rd Edition. This edition offers the knowledge you need to help organizations prepare for and avert system interruptions and natural disasters. Comprehensive coverage addresses information security and IT in contingency planning today. Updated content focuses on incident response and disaster recovery. You examine the complexities of organizational readiness from an IT and business perspective with emphasis on management practices and policy requirements. You review industry's best practices for minimizing downtime in emergencies and curbing losses during and after system service interruptions. This edition includes the latest NIST knowledge, expanded coverage of security information and event management (SIEM) and unified threat management, and more explanations of cloud-based systems and Web-accessible tools to prepare you for success.
231.95 In Stock
Principles of Incident Response & Disaster Recovery

Principles of Incident Response & Disaster Recovery

Principles of Incident Response & Disaster Recovery

Principles of Incident Response & Disaster Recovery

Overview

Learn how to identify vulnerabilities within computer networks and implement countermeasures that mitigate risks and damage with Whitman/Mattord's PRINCIPLES OF INCIDENT RESPONSE & DISASTER RECOVERY, 3rd Edition. This edition offers the knowledge you need to help organizations prepare for and avert system interruptions and natural disasters. Comprehensive coverage addresses information security and IT in contingency planning today. Updated content focuses on incident response and disaster recovery. You examine the complexities of organizational readiness from an IT and business perspective with emphasis on management practices and policy requirements. You review industry's best practices for minimizing downtime in emergencies and curbing losses during and after system service interruptions. This edition includes the latest NIST knowledge, expanded coverage of security information and event management (SIEM) and unified threat management, and more explanations of cloud-based systems and Web-accessible tools to prepare you for success.

Product Details

ISBN-13: 9780357508329
Publisher: Cengage Learning
Publication date: 01/01/2021
Series: MindTap Course List
Edition description: 3rd ed.
Pages: 624
Product dimensions: 8.40(w) x 10.80(h) x 0.70(d)

About the Author

Michael E. Whitman, Ph.D., C.I.S.M., C.I.S.S.P., is the executive director of the Institute for Cybersecurity Workforce Development and a professor of information security at Kennesaw State University. In 2004, 2007, 2012 and 2015, under Dr. Whitman's direction, the Center for Information Security Education spearheaded K.S.U.’s successful bid for the prestigious National Center of Academic Excellence recognitions (CAE/IAE and CAE/CDE), awarded jointly by the Department of Homeland Security and the National Security Agency. Dr. Whitman is also the editor-in-chief of the Journal of Cybersecurity Education and Research and Practice and director of the Southeast Collegiate Cyber Defense Competition. Dr. Whitman is an active researcher and author in information security policy, threats, curriculum development and ethical computing. He currently teaches graduate and undergraduate courses in information security. Dr. Whitman has several information security textbooks currently in print, including "Principles of Information Security," "Principles of Incident Response and Disaster Recovery," "Management of Information Security," "Readings and Cases in the Management of Information Security, Volumes I and II, "The Hands-On Information Security Lab Manual," "The Guide to Network Security" and "The Guide to Firewalls and Network Security." He has published articles in Information Systems Research, the Communications of the ACM, the Journal of International Business Studies, Information and Management and the Journal of Computer Information Systems. Dr. Whitman is a member of the Information Systems Security Association, ISACA and the Association for Information Systems. Previously, Dr. Whitman served the U.S. Army as an armored cavalry officer with additional duties as the automated data processing system security officer (ADPSSO).

Herbert Mattord, Ph.D., C.I.S.M., C.I.S.S.P., completed 24 years of IT industry experience as an application developer, database administrator, project manager and information security practitioner before joining the faculty at Kennesaw State University, where he serves as a professor of information security and assurance and cybersecurity. Dr. Mattord currently teaches graduate and undergraduate courses. He is also a senior editor of the Journal of Cybersecurity Education, Research and Practice. He and Dr. Michael Whitman have authored "Principles of Information Security," "Principles of Incident Response and Disaster Recovery," "Management of Information Security," "Readings and Cases in the Management of Information Security," "The Guide to Network Security" and "The Hands-On Information Security Lab Manual." Dr. Mattord is an active researcher, author and consultant in information security management and related topics. He has published articles in the Information Resources Management Journal, Journal of Information Security Education, the Journal of Executive Education and the International Journal of Interdisciplinary Telecommunications and Networking. Dr. Mattord is a member of the Information Systems Security Association, ISACA and the Association for Information Systems. During his career as an IT practitioner, Dr. Mattord was an adjunct professor at Kennesaw State University, Southern Polytechnic State University, Austin Community College and Texas State University: San Marcos. He was formerly the manager of corporate information technology security at Georgia-Pacific Corporation, where he acquired much of the practical knowledge found in this and his other textbooks.

Table of Contents

Module 1 An Overview of Information Security and Risk Management 1

Introduction 2

An Overview of Information Security 2

Key information Security Concepts 3

The 12 Categories of Threats 5

The Role of Information Security Policy in Developing Contingency Plans 12

Key Policy Components 13

Types of InfoSec Policies 13

Guidelines for Effective Policy Development and implementation 15

Overview of Risk Management 19

Knowing Yourself and Knowing Your Enemy 19

Risk Management and the RM Framework 20

The RM Process 23

Risk Treatment/Risk Control 36

Module Summary 39

Review Questions 40

Real-World Exercises 41

Hands-On Projects 42

References 44

Module 2 Planning for Organizational Readiness 47

Introduction to Planning for Organizational Readiness 48

Key Laws, Regulations, and Standards Associated with Contingency Planning 49

Ethical Deterrence 49

Laws Germane to Contingency Planning 50

Beginning the Contingency Planning Process 52

Forming the CPMT 53

Contingency Planning Policy 56

Business Impact Analysis 57

Determine Mission/Business Processes and Recovery Criticality 58

Identify Resource Requirements 62

Identify Recovery Priorities for System Resources 62

BIA Data Collection 62

Budgeting for Contingency Operations 67

Incident Response Budgeting 68

Disaster Recovery Budgeting 68

Business Continuity Budgeting 69

Crisis Management Budgeting 69

Module Summary 70

Review Questions 71

Real-World Exercises 71

Hands-On Projects 72

References 72

Module 3 Contingency Strategies for Incident Response, Disaster Recovery, and Business Continuity 73

Introduction 74

Safeguarding Information 76

The Impact of Cloud Computing on Contingency Planning and Operations 77

Disk to Disk to Other: Delayed Protection 79

Redundancy-Based Backup and Recovery Using RAID 81

Database Backups 83

Application Backups 84

Backup and Recovery Plans 84

Virtualization 91

Backup of Other Devices 92

Site Resumption Strategies 92

Exclusive Site Resumption Strategies 92

Shared-Site Resumption Strategies 94

Mobile Sites and Other Options 96

Service Agreements 96

Module Summary 99

Review Questions 100

Real-World Exercises 101

Hands-On Projects 102

References 102

Module 4 Incident Response: Planning 103

Introduction 104

The IR Planning Process 104

Forming the IR Planning Team (IRPT) 105

Developing the Incident Response Policy 106

Integrating the BIA 108

Identifying and Reviewing Preventative Controls 111

Organizing the CSIRT 112

Developing the IR Plan 112

Planning for the Response "During the Incident" 113

Planning for "After the Incident" 114

Planning for "Before the Incident" 115

Ensuring Plan Training, Testing, and Exercising 116

Assembling and Maintaining the Final IR Plan 121

Hard-Copy IR Plans 122

Electronic IR Plans 122

Maintaining the Plan 123

Module Summary 124

Review Questions 125

Real-World Exercises 125

Hands-On Projects 126

References 126

Module 5 Incident Response: Organizing and Preparing the CSIRT 127

Introduction 128

Building the CSIRT 128

Step 1 Obtaining Management Support and Buy-In 129

Step 2 Determining the CSIRT Strategic Plan 129

Step 3 Gathering Relevant Information 133

Step 4 Designing the CSIRT's Vision 134

Step 5 Communicating the CSIRT's Vision and Operational Plan 141

Step 6 Beginning CSIRT Implementation 142

Step 7 Announcing the Operational CSIRT 142

Step 8 Evaluating the CSIRT's Effectiveness 143

Final Thoughts on CSIRT Development 144

Special Circumstances in CSIRT Development and Operations 144

CSIRT Operations and the Security Operations Center 144

Outsourcing Incident Response and the CSIRT 145

Module Summary 147

Review Questions 149

Real-World Exercises 149

Hands-On Projects 150

References 150

Module 6 Incident Response: Incident Detection Strategies 151

Introduction 152

Anatomy of an Attack-the "Kill Chain" 152

Incident Indicators 158

Possible Indicators of an Incident 158

Probable Indicators of an Incident 159

Definite Indicators 160

Identifying Real Incidents 161

Incident Detection Strategies 162

Detecting Incidents through Processes and Services 162

Detection Strategies for Common Incidents 165

General Detection Strategies 171

Manage Logging and Other Data Collection Mechanisms 173

Challenges in Intrusion Detection 173

Collection of Data to Aid in Detecting Incidents 174

Module Summary 177

Review Questions 177

Real-World Exercises 178

Hands-On Projects 178

References 178

Module 7 Incident Response: Detection Systems 181

Introduction to Intrusion Detection and Prevention Systems 182

IDPS Terminology 183

Why Use an IDPS? 185

Forces Working Against an IDPS 186

Justifying the Cost 186

IDPS Types 189

Network-Based IDPSs 189

Host-Based IDPSs 194

Application-Based IDPSs 197

Comparison of IDPS Technologies 198

IDPS Detection Approaches 199

Signature-Based IDPSs 199

Anomaly-Based IDPSs 199

IDPS Implementation 200

IDPS-Related Topics 201

Log File Monitors 201

Automated Response 201

Security Information and Event Management 203

What Are SIEM Systems? 203

Selecting a SIEM Solution 206

Module Summary 208

Review Questions 209

Real-World Exercises 209

Hands-On Projects 210

References 210

Module 8 Incident Response: Response Strategies 213

Introduction 214

IR Reaction Strategies 214

Response Preparation 215

Incident Containment 215

Incident Eradication 218

Incident Recovery 218

Incident Containment and Eradication Strategies for Specific Attacks 220

Handling Denial-of-Service (DoS) Incidents 221

Malware 224

Unauthorized Access 230

Inappropriate Use 235

Hybrid or Multicomponent Incidents 239

Automated IR Systems 241

Module Summary 242

Review Questions 243

Real-World Exercises 243

Hands-On Projects 244

References 244

Module 9 Incident Response: Recovery, Maintenance, and Investigations 247

Introduction 248

Recovery 248

Identify and Resolve Vulnerabilities 249

Restore Data 249

Restore Services and Processes 250

Restore Confidence Across the Organization 250

Maintenance 250

After-Action Review 251

Plan Review and Maintenance 252

Training 252

Rehearsal 253

Law Enforcement Involvement 253

Reporting to Upper Management 254

Loss Analysis 254

Incident Investigations and Forensics 255

Legal Issues in Digital Forensics 256

Digital Forensics Team 256

Digital Forensics Methodology 258

eDiscovery and Anti-Forensics 270

Module Summary 272

Review Questions 273

Real-World Exercises 274

Hands-On Projects 275

References 275

Module 10 Disaster Recovery 277

Introduction 278

Disaster Classifications 279

Forming the Disaster Recovery Team 281

Organization of the DR Team 281

Special Documentation and Equipment 283

Disaster Recovery Planning Functions 284

Develop the DR Planning Policy Statement 285

Review the Business Impact Analysis 287

Identify Preventive Controls 288

Develop Recovery Strategies 288

Develop the DR Plan Document 288

Plan Testing, Training, and Exercises 291

Plan Maintenance 291

Implementing the DR Plan 291

Preparation: Training the DR Team and the Users 292

Disaster Response Phase 300

Disaster Recovery Phase 301

Restoration Phase 301

Disaster Resumption Phase 302

Building the DR Plan 304

The Business Resumption Plan 305

Information Technology Contingency Planning Considerations 305

Systems Contingency Strategies 306

Systems Contingency Solutions 307

Module Summary 308

Review Questions 309

Real-World Exercises 310

Hands-On Projects 311

References 311

Module 11 Business Continuity 313

Introduction 314

Business Continuity Teams 315

Organization of BC Response Teams 316

Special Documentation and Equipment 317

Business Continuity Policy and Plan 318

Develop the BC Planning Policy Statement 318

Review the BIA 321

Identify Preventive Controls 321

Create BC Contingency (Relocation) Strategies 321

Develop the BC Plan 322

Ensure BC Plan Testing, Training, and Exercises 325

Ensure BC Plan Maintenance 325

Sample Business Continuity Plans 325

Implementing the BC Plan 325

Preparation for BC Actions 325

Relocation to the Alternate Site 326

Returning to a Primary Site 327

BC After-Action Review 328

Continuous Improvement of the BC Process 329

Improving the BC Plan 329

Improving the BC Staff 331

BC Training 331

Maintaining the BC Plan 333

Periodic BC Review 333

BC Plan Archival 333

Final Thoughts on Business Continuity and the COVID-19 Pandemic 334

Module Summary 335

Review Questions 335

Real-World Exercises 336

Hands-On Projects 336

References 337

Crisis Management in IR, DR, and BC 339

Introduction 340

Crisis Management in the Organization 340

Crisis Terms and Definitions 341

Crisis Misconceptions 342

Preparing for Crisis Management 343

General Crisis Preparation Guidelines 343

Organizing the Crisis Management Teams 345

Crisis Management Critical Success Factors 346

Developing the Crisis Management Plan 348

Crisis Management Training and Testing 350

Other Crisis Management Preparations 352

Post-Crisis Trauma 353

Post-Traumatic Stress Disorder 353

Employee Assistance Programs 353

Immediately after the Crisis 353

Getting People Back to Work 354

Dealing with Loss 354

Law Enforcement Involvement 355

Federal Agencies 356

State Agencies 357

Local Agencies 358

Managing Crisis Communications 358

Crisis Communications 358

Avoiding Unnecessary Blame 361

Succession Planning 363

Elements of Succession Planning 363

Succession Planning Approaches for Crisis Management 364

International Standards in IR, DR, and BC 365

NIST Standards and Publications in IR, DR, and BC 365

ISO Standards and Publications in IR, DR, and BC 366

Other Standards and Publications in IR, DR, and BC 367

Module Summary 370

Review Questions 371

Real-World Exercises 372

Hands-On Projects 372

References 373

Glossary 375

Index 389

From the B&N Reads Blog
Page 1 of

Customer Reviews