Index_B

B

back door, 502

back door attacks, 55–56

Back Orifice, 55, 56, 502

background investigations, 427

backup policy, 463, 502

backup power, 272

backup server method, 416–417, 416

backups, 406–409

application, 412

backup plans

defined, 502

developing, 413–415, 414

issues for, 410–412, 411

backup policy, 463, 502

database, 410–411, 411

defined, 502

overview of, 405–408

snapshot, 529

types of, 412–413

differential, 413

full, 412, 510

incremental, 413, 513

of user files, 411–412

working copy, 408

BCP. See Business Continuity Planning

Bell La-Padula model, 292–293, 293, 502–503

best practices, 460–467

defined, 460, 503

designating areas of responsibility, 466

enforcing policies, 466–467

organizational security policies, 460–465

preventive security measures, 466

resource allocation, 465–466

BGP (Border Gateway Protocol), 111, 503

BIA (Business Impact Analysis), 277–278, 279

defined, 503

justifying need for change with, 369

Biba model, 294, 294, 503

binding, 219, 219, 220

biometrics

access control via, 265

defined, 503

installing biometric devices, 18, 265–266

birthday attacks, 344–345, 503

blocking social engineering attacks, 267

Blowfish encryption system, 322, 503

BNC connectors, illustrated, 142

boot sector, 503

Border Gateway Protocol (BGP), 111, 503

border routers, 110, 503

bridge trust models, 339–340, 341

brute force attacks, 58, 317, 503

buffer overflow attacks, 503

buffer overflows, 135

business continuity, 401–420

Business Continuity Planning, 276–279

Business Impact Analysis, 277–278, 279

defined, 503

overview, 276–277

risk assessment, 278–279

disaster recovery, 405–420

backups, 406–409

defined, 405–406

disaster recovery plans, 8, 409–420

emergency planning for utilities, 401–402

high availability, 402–405, 511

reciprocal agreements between companies, 419

Business Continuity Planning (BCP), 276–279

Business Impact Analysis, 277–278, 279, 369, 503

defined, 503

overview, 276–277

risk assessment, 278–279

Business Impact Analysis. See BIA

business needs, 31–35

asset identification, 31–32

risk assessment, 32

threat identification, 32–35, 33

external threats, 34–35, 509

internal threats, 33–34, 513

business policies, 427–429

document disposal and destruction policies, 429

due care policies, 428

overview, 427

personnel policies, 423–427

Acceptable Use policies, 425–426, 462–463, 500

background investigations, 427

ethics, 424–425

for hiring, 423–424

Need to Know policies, 426–427, 518

overview, 434

privacy and compartmentalized information policies, 426

termination policies, 424

Physical Access Control policies, 428–429, 521

separation of duties, 428, 527