Principles of Incident Response & Disaster Recovery, 3rd Edition PDF by Michael E Whitman and Herbert J Mattord

By

Principles of Incident Response & Disaster Recovery, Third Edition

By Michael E. Whitman and Herbert J. Mattord

Principles of Incident Response & Disaster Recovery, Third Edition

Table Of Contents:

MODULE 1

An Overview Of Information Security And Risk Management 1

Introduction 2

An Overview of Information Security 2

Key Information Security Concepts 3

The 12 Categories of Threats 5

The Role of Information Security Policy in Developing Contingency Plans 12

Key Policy Components 13

Types of Info Sec Policies 13

Guidelines for Effective Policy Development and Implementation 15

Overview of Risk Management 19

Knowing Yourself and Knowing Your Enemy 19

Risk Management and the RM Framework 20

The RM Process 23

Risk Treatment/Risk Control 36

Module Summary 39

Review Questions 40

Real-World Exercises 41

Hands-On Projects 42

References 44

MODULE 2

Planning For Organizational Readiness 47

Introduction to Planning for Organizational Readiness 48

Key Laws, Regulations, and Standards Associated with Contingency Planning 49

Ethical Deterrence 49

Laws Germane to Contingency Planning 50

Beginning the Contingency Planning Process 52

Forming the CPMT 53

Contingency Planning Policy 56

Business Impact Analysis 57

Determine Mission/Business Processes and Recovery Criticality 58

Identify Resource Requirements 62

Identify Recovery Priorities for Systemn Resources 62

BIA Data Collection 62

Budgeting for Contingency Operations 67

Incident Response Budgeting 68

Disaster Recovery Budgeting 68

Business Continuity Budgeting 69

Crisis Management Budgeting 69

Module Summary 70

Review Questions 71

Real-World Exercises 71

Hands-On Projects 72

References 72

MODULE 3

Contingency Strategies For Incident Response, Disaster Recovery, And Business Continuity 73

Introduction 74

Safeguarding Information 76

The Impact of Cloud Computing on

Contingency Planning and Operations 77

Disk to Disk to Other: Delayed Protection 79

Redundancy-Based Backup and Recovery Using RAID 81

Database Backups 83

Application Backups 84

Backup and Recovery Plans 84

Virtualization 91

Backup of Other Devices 92

Site Resumption Strategies 92

Exclusive Site Resumption Strategies 92

Shared-Site Resumption Strategies 94

Mobile Sites and Other Options 96

Service Agreements 96

Module Summary 99

Review Questions 100

Real-World Exercises 101

Hands-On Projects 102

References 102

MODULE 4

Incident Response: Planning 103

Introduction 104

The IR Planning Process 104

Forming the IR Planning Team (IRPT) 105

Developing the Incident Response Policy 106

Integrating the BIA 108

Identifying and Reviewing Preventative Controls 111

Organizing the CSIRT 112

Developing the IR Plan 112

Planning for the Response “During the Incident” 113

Planning for “After the Incident” 114

Planning for “Before the Incident” 115

Ensuring Plan Training, Testing, and Exercising 116

Assembling and Maintaining the Final IR Plan 121

Hard-Copy IR Plans 122

Electronic IR Plans 122

Maintaining the Plan 123

Module Summary 124

Review Questions 125

Real-World Exercises 125

Hands-On Projects 126

References 126

MODULE 5

Incident Response: Organizing

And Preparing The Csirt 127

Introduction 128

Building the CSIRT 128

Step 1: Obtaining Management Support and Buy-In 129

Step 2: Determining the CSIRT Strategic Plan 129

Step 3: Gathering Relevant Information 133

Step 4: Designing the CSIRT’s Vision 134

Step 5: Communicating the CSIRT’s Vision and Operational Plan 141

Step 6: Beginning CSIRT Implementation 142

Step 7: Announcing the Operational CSIRT 142

Step 8: Evaluating the CSIRT’s Effectiveness 143

Final Thoughts on CSIRT Development 144

Special Circumstances in CSIRT Development and Operations 144

CSIRT Operations and the Security Operations Center 144

Outsourcing Incident Response and the CSIRT 145

Module Summary 147

Review Questions 149

Real-World Exercises 149

Hands-On Projects 150

References 150

MODULE 6

Incident Response: Incident

Detection Strategies 151

Introduction 152

Anatomy of an Attack—the “Kill Chain” 152

Incident Indicators 158

Possible Indicators of an Incident 158

Probable Indicators of an Incident 159

Definite Indicators 160

Identifying Real Incidents 161

Incident Detection Strategies 162

Detecting Incidents through Processes and Services 162

Detection Strategies for Common Incidents 165

General Detection Strategies 171

Manage Logging and Other Data Collection Mechanisms 173

Challenges in Intrusion Detection 173

Collection of Data to Aid in Detecting Incidents 174

Module Summary 177

Review Questions 177

Real-World Exercises 178

Hands-On Projects 178

References 178

MODULE 7

Incident Response: Detection Systems 181

Introduction to Intrusion Detection and Prevention Systems 182

IDPS Terminology 183

Why Use an IDPS? 185

Forces Working Against an IDPS 186

Justifying the Cost 186

IDPS Types 189

Network-Based IDPSs 189

Host-Based IDPSs 194

Application-Based IDPSs 197

Comparison of IDPS Technologies 198

IDPS Detection Approaches 199

Signature-Based IDPSs 199

Anomaly-Based IDPSs 199

IDPS Implementation 200

IDPS-Related Topics 201

Log File Monitors 201

Automated Response 201

Security Information and Event Management 203

What Are SIEM Systems? 203

Selecting a SIEM Solution 206

Module Summary 208

Review Questions 209

Real-World Exercises 209

Hands-On Projects 210

References 210

MODULE 8

Incident Response: Response Strategies 213

Introduction 214

IR Reaction Strategies 214

Response Preparation 215

Incident Containment 215

Incident Eradication 218

Incident Recovery 218

Incident Containment and Eradication Strategies for Specific Attacks 220

Handling Denial-of-Service (DoS) Incidents 221

Malware 224

Unauthorized Access 230

Inappropriate Use 235

Hybrid or Multicomponent Incidents 239

Automated IR Systems 241

Module Summary 242

Review Questions 243

Real-World Exercises 243

Hands-On Projects 244

References 244

MODULE 9

Incident Response: Recovery, Maintenance, And Investigations 247

Introduction 248

Recovery 248

Identify and Resolve Vulnerabilities 249

Restore Data 249

Restore Services and Processes 250

Restore Confidence Across the Organization 250

Maintenance 250

After-Action Review 251

Plan Review and Maintenance 252

Training 252

Rehearsal 253

Law Enforcement Involvement 253

Reporting to Upper Management 254

Loss Analysis 254

Incident Investigations and Forensics 255

Legal Issues in Digital Forensics 256

Digital Forensics Team 256

Digital Forensics Methodology 258

eDiscovery and Anti-Forensics 270

Module Summary 272

Review Questions 273

Real-World Exercises 274

Hands-On Projects 275

References 275

MODULE 10

Disaster Recovery 277

Introduction 278

Disaster Classifications 279

Forming the Disaster Recovery Team 281

Organization of the DR Team 281

Special Documentation and Equipment 283

Disaster Recovery Planning Functions 284

Develop the DR Planning Policy Statement 285

Review the Business Impact Analysis 287

Identify Preventive Controls 288

Develop Recovery Strategies 288

Develop the DR Plan Document 288

Plan Testing, Training, and Exercises 291

Plan Maintenance 291

Implementing the DR Plan 291

Preparation: Training the DR Team and the Users 292

Disaster Response Phase 300

Disaster Recovery Phase 301

Restoration Phase 301

Disaster Resumption Phase 302

Building the DR Plan 304

The Business Resumption Plan 305

Information Technology Contingency Planning Considerations 305

Systems Contingency Strategies 306

Systems Contingency Solutions 307

module summary 308

review questions 309

real-world exercises 310

hands-on projects 311

references 311

MODULE 11

Business Continuity 313

Introduction 314

Business Continuity Teams 315

Organization of BC Response Teams 316

Special Documentation and Equipment 317

Business Continuity Policy and Plan 318

Develop the BC Planning Policy Statement 318

Review the BIA 321

Identify Preventive Controls 321

Create BC Contingency (Relocation) Strategies 321

Develop the BC Plan 322

Ensure BC Plan Testing, Training, and Exercises 325

Ensure BC Plan Maintenance 325

Sample Business Continuity Plans 325

Implementing the BC Plan 325

Preparation for BC Actions 325

Relocation to the Alternate Site 326

Returning to a Primary Site 327

BC After-Action Review 328

Continuous Improvement of the BC Process 329

Improving the BC Plan 329

Improving the BC Staff 331

BC Training 331

Maintaining the BC Plan 333

Periodic BC Review 333

BC Plan Archival 333

Final Thoughts on Business Continuity and the COVID-19 Pandemic 334

Module Summary 335

Review Questions 335

Real-World Exercises 336

Hands-On Projects 336

References 337

MODULE 12

Crisis Management In Ir, Dr, And Bc 339

Introduction 340

Crisis Management in the

Organization 340

Crisis Terms and Definitions 341

Crisis Misconceptions 342

Preparing for Crisis Management 343

General Crisis Preparation Guidelines 343

Organizing the Crisis Management Teams 345

Crisis Management Critical Success Factors 346

Developing the Crisis Management Plan 348

Crisis Management Training and Testing 350

Other Crisis Management Preparations 352

Post-Crisis Trauma 353

Post-Traumatic Stress Disorder 353

Employee Assistance Programs 353

Immediately after the Crisis 353

Getting People Back to Work 354

Dealing with Loss 354

Law Enforcement Involvement 355

Federal Agencies 356

State Agencies 357

Local Agencies 358

Managing Crisis Communications 358

Crisis Communications 358

Avoiding Unnecessary Blame 361

Succession Planning 363

Elements of Succession Planning 363

Succession Planning Approaches for Crisis Management 364

International Standards in IR, DR, and BC 365

NIST Standards and Publications in IR, DR, and BC 365

ISO Standards and Publications in IR, DR, and BC 366

Other Standards and Publications in IR, DR, and BC 367

Module Summary 370

Review Questions 371

Real-World Exercises 372

Hands-On Projects 372

References 373

Glossary 375

Index 389

This book is US$10
To get free sample pages OR Buy this book


Share this Book!

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.