- 1
- 2
- Table of Contents
- Table of Contents
- BackCover
- Critical Incident Management
- Preface
- Chapter 1: Risk Management
- Critical Incidents: Damaging Critical Assets
- Risk Definitions: No Dictionaries, Please
- Yes, Sir. I m Motivated Fear, Uncertainty, and Doubt
- PDD 63 (President s Decision Directive)
- The Law Is the Law
- CIA: Not the Central Intelligence Agency
- Down to Risk-Business
- GOOOAAALLL
- Plan to Plan
- Risk Assessments
- A Little Organization, Please
- Best Practices in Risk Assessments
- The Facts and Only the Facts
- Ask Good Questions of Good People and You Will Get Good Answers
- And Now a Word about Asset Criticality
- Mathematics Can Be Simple, even for the Mathematically Challenged
- Are You Threatening Me?
- Protection Strategies
- Disaster Recovery Plans: Murphy s Law
- Who s in Charge Here, Anyway?
- Risk Assessment Reports
- Suggestions
- Chapter 2: Policies and Procedures
- Et Tu, Policy
- Trust Models: Trust Me, I m a Good Person
- The Policy of Policy Development
- Policy Writing Techniques
- Policy Distributions
- Enhancements to Written Policies
- E-Mail Policy: Avoiding Hidden Risks
- Information Tsunami
- To Keep or Not to Keep, that Is the Question
- What s in that Cute Little E-Mail Mailbox?
- Employees Must Think before Clicking the Send Button: Is There an Undelete Button?
- Employee Privacy Expectations and Legal Rights
- Connecting to the Internet: Policies and Procedures of Survivability
- Systems Development Lifecycle (SDLC)
- Physical and Environmental Safety
- Network Management Policies
- Forensics Policy: Looking for Evidence
- Wireless Network Security
- Network Vulnerability Assessment Policies: Why Am I Hearing about My Network Leaking Sensitive Information on the News?
- Vendor Policies and Procedures
- Policies and Procedures Involving Outsourcing: What Is Yours and What Is Mine?
- Employee Privacy Policy
- Internet Firewall Policy
- Intrusion Detection Policies
- Web Server Security Policies and Procedures
- Web Server Policies and Procedures
- Information Systems Support Policies
- Securing Systems
- The Auditors Are Coming. The Auditors Are Coming.
- Information Technology Human Resources Management Policies: Yes, Virginia, IT Employees Really Are Different
- Employee Training
- Conclusion
- Chapter 3: Auditing
- Auditors: Who Are They?
- Controls
- Subsystem Interaction and Reliability
- Evidence Collection: Evidence Is not just Evidence
- Audit Management Planning
- Audit Conferences: More (but Important) Meetings You Need to Attend
- Vulnerability Self-Assessments
- Specialized Auditing Matters
- Network Vulnerability Assessments: The Practical Examination of Your System
- Web Application Vulnerability Assessments
- Auditing Remote System Administration
- Firewall Auditing: First We Build an Impregnable Barrier, then We Punch Holes in It
- Auditing Wireless Networks: Who Is Listening to My Network Traffic?
- Auditing Security Measures Preventing Automated Attacks
- Auditing E-Commerce Web Sites
- Chapter 4: Critical Incident Response and CIRT Development
- Critical Incident Detection: How to Know What Is Serious and What Is Not
- Collecting Evidence
- 1
- 2
