|
|
back door, 502
back door attacks, 55–56
Back Orifice, 55, 56, 502
background investigations, 427
backup policy, 463, 502
backup power, 272
backup server method, 416–417, 416
backups, 406–409
application, 412
backup plans
defined, 502
developing, 413–415, 414
issues for, 410–412, 411
backup policy, 463, 502
database, 410–411, 411
defined, 502
overview of, 405–408
snapshot, 529
types of, 412–413
differential, 413
full, 412, 510
incremental, 413, 513
of user files, 411–412
working copy, 408
BCP. See Business Continuity Planning
Bell La-Padula model, 292–293, 293, 502–503
best practices, 460–467
defined, 460, 503
designating areas of responsibility, 466
enforcing policies, 466–467
organizational security policies, 460–465
preventive security measures, 466
resource allocation, 465–466
BGP (Border Gateway Protocol), 111, 503
BIA (Business Impact Analysis), 277–278, 279
defined, 503
justifying need for change with, 369
Biba model, 294, 294, 503
binding, 219, 219, 220
biometrics
access control via, 265
defined, 503
installing biometric devices, 18, 265–266
birthday attacks, 344–345, 503
blocking social engineering attacks, 267
Blowfish encryption system, 322, 503
BNC connectors, illustrated, 142
boot sector, 503
Border Gateway Protocol (BGP), 111, 503
border routers, 110, 503
bridge trust models, 339–340, 341
brute force attacks, 58, 317, 503
buffer overflow attacks, 503
buffer overflows, 135
business continuity, 401–420
Business Continuity Planning, 276–279
Business Impact Analysis, 277–278, 279
defined, 503
overview, 276–277
risk assessment, 278–279
disaster recovery, 405–420
backups, 406–409
defined, 405–406
disaster recovery plans, 8, 409–420
emergency planning for utilities, 401–402
high availability, 402–405, 511
reciprocal agreements between companies, 419
Business Continuity Planning (BCP), 276–279
Business Impact Analysis, 277–278, 279, 369, 503
defined, 503
overview, 276–277
risk assessment, 278–279
Business Impact Analysis. See BIA
business needs, 31–35
asset identification, 31–32
risk assessment, 32
threat identification, 32–35, 33
external threats, 34–35, 509
internal threats, 33–34, 513
business policies, 427–429
document disposal and destruction policies, 429
due care policies, 428
overview, 427
personnel policies, 423–427
Acceptable Use policies, 425–426, 462–463, 500
background investigations, 427
ethics, 424–425
for hiring, 423–424
Need to Know policies, 426–427, 518
overview, 434
privacy and compartmentalized information policies, 426
termination policies, 424
Physical Access Control policies, 428–429, 521
separation of duties, 428, 527
|
|