See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/311573916

Principles of Incident Response and Disaster Recovery

Article · April 2006

CITATIONS READS
30 9,494

2 authors:

Michael E. Whitman Herb Mattord

Kennesaw State University Kennesaw State University
107 PUBLICATIONS 3,262 CITATIONS 59 PUBLICATIONS 1,817 CITATIONS

SEE PROFILE SEE PROFILE

All content following this page was uploaded by Michael E. Whitman on 19 July 2019.

The user has requested enhancement of the downloaded file.

36955_FM 1/3/2006 16:30:40 Page 1

PRINCIPLES OF
INCIDENT RESPONSE AND
D I S A S T E R R E C OV E RY

Here you will find the final draft of the Table of Contents for the 1st edition of PIRDR. For
the complete text of the book, please visit www.cengage.com or your favorite online book
dealer.

Regards
Mike Whitman & Herb Mattord, authors
36955_FM 1/3/2006 16:22:48 Page 2
36955_FM 1/3/2006 16:24:24 Page 3

PRINCIPLES OF
INCIDENT RESPONSE AND
D I S A S T E R R E C OV E RY

Dr. Michael E. Whitman, CISSP

Herbert J. Mattord, CISSP
Kennesaw State University

Australia • Canada • Mexico • Singapore • Spain • United Kingdom • United States

36955_FM 1/9/2006 13:52:24 Page 4

Principles of Incident Response and Disaster Recovery

Dr. Michael E. Whitman, CISSP
Herbert J. Mattord, CISSP
Kennesaw State University

Senior Vice President, Publisher: Associate Product Manager: Cover Designer:

NAME HERE NAME HERE Abby Scholz

Executive Editor: Editorial Assistant: Manufacturing Coordinator:

NAME HERE NAME HERE George Morrison

Product Manager: Marketing Manager: Compositor:

Nick Lombardi NAME HERE GEX Publishing Services

Production Editor: Text Designer:

Kristen Guevara NAME HERE

COPYRIGHT © 2007 Thomson For permission to use material from The Web sites and companies men-
Course Technology, a division of this text or product, contact us by tioned in this book are subject to
Thomson Learning, Inc. Thomson Tel (800) 730-2214 change from time to time as neces-
Fax (800) 730-2215 sary without notice.
Printed in the United States. www.thomsonrights.com
If the names of companies, charac-
For more information, contact Course Disclaimers ters, or places, and the events por-
Technology, 25 Thomson Place, Bos- Course Technology reserves the right trayed, in the opening and closing
ton, Massachusetts, 02210. to revise this publication and make scenarios of each chapter in this book
changes from time to time in its con- bear any similarity to those of actual
Or find us on the World Wide Web at:
tent without notice. Some of the prod- persons (living or dead), companies,
www.course.com
uct names and company names used places, or events, the similarity is
in this book have been used for identi- purely coincidental and accidental.
ALL RIGHTS RESERVED. No part of
this work covered by the copyright fication purposes only and may be
trademarks or registered trademarks ISBN 1-4188-3663-X
hereon may be reproduced or used in
of their respective manufacturers and
any form or by any means—graphic,
electronic, or mechanical, including sellers.
photocopying, recording, taping, Web
distribution, or information storage and
retrieval systems—without the written
permission of the publisher.
36955_FM 1/3/2006 16:30:14 Page 5

To Rhonda, Rachel, Alex and Meghan, thank you for your loving support.
—MEW

For my family.
—HJM
36955_FM 1/3/2006 16:28:53 Page 6
36955_toc 1/9/2006 14:0:10 Page 7

TABLE OF CONTENTS

Preface xiii

Chapter 1 Contingency Planning Within Information Security 1

Introduction 2
Information Security 4
Key Information Security Concepts 5
Overview of Risk Management 12
Know Yourself 14
Know the Enemy 14
Risk Identification 15
Risk Assessment 19
Risk Control Strategies 22
Transference 23
Contingency Planning and Its Components 24
Business Impact Analysis 25
Incident Response Plan 25
Disaster Recovery Plan 26
Business Continuity Plan 26
Contingency Planning Timeline 27
Information Security Policy in Developing Contingency Plans 30
Key Policy Definitions 31
Enterprise Information Security Policy 32
Issue-Specific Security Policy 32
Systems-Specific Policy 35
Policy Management 36
Chapter Summary 37
Review Questions 38
Chapter Exercises 39
Case Discussion 40
How HAL Is Organized 40
More About HAL 42
The Discussion Questions 43
References 43

Chapter 2 Planning for Organizational Readiness 45

Introduction 47
Beginning the Contingency Planning Process 47
Commitment and Support of Senior Management 49
Elements to Begin Contingency Planning 50
Contingency Planning Policy 51
Business Impact Analysis 55
Threat or Attack Identification and Prioritization 56
Business Unit Analysis 61
Attack Success Scenario Development 62
Potential Damage Assessment 66
Subordinate Plan Classification 68
36955_toc 1/3/2006 16:51:19 Page 8

BIA Data Collection 69

Online Questionnaires 70
Facilitated Data-Gathering Sessions 78
Process Flows and Interdependency Studies 78
Risk Assessment Research 82
IT Application or System Logs 82
Financial Reports and Departmental Budgets 82
Audit Documentation 83
Production Schedules 83
Budgeting for Contingency Operations 83
Incident Response Budgeting 83
Disaster Recovery Budgeting 84
Business Continuity Budgeting 85
Crisis Management Budgeting 86
Chapter Summary 87
Review Questions 88
Case Exercises 89
Case Discussion 89
References 89

Chapter 3 Incident Response: Preparation, Organization, and Prevention 91

Introduction 92
Preparing For Incident Response 93
Incident Response Policy 95
Building the Security Incident Response Team 97
Information Collection from Stakeholders 98
Incident Response Planning 109
Planning for the Response During the Incident 111
Planning for After the Incident 114
Planning for Before the Incident 115
Assembling and Maintaining the Final Incident Response Plan 123
Chapter Summary 125
Review Questions 127
Exercises 127
Endnotes 127

Chapter 4 Incident Response: Detection and Decision Making 129

Introduction 131
Detecting Incidents 131
Possible Indicators of an Incident 131
Probable Indicators of an Incident 133
Definite Indicators 134
Identifying Real Incidents 135
Intrusion Detection Systems 144
IDS Terminology 145
Why Use an IDS? 147
Classification of IDS by Network Placement 149
Classification of IDS by Detection Approach 162
Intrusion Prevention Systems 163
Automated Response 164
Incident Decision Making 167
Collection of Data to Aid in Detecting Incidents 168
Challenges in Intrusion Detection 173
Chapter Summary 174
Review Questions 175

viii Principles of Incident Response and Disaster Recovery

36955_toc 1/9/2006 14:4:35 Page 9

Exercises 176
Case Recap 176
Endnotes 177

Chapter 5 Incident Response: Reaction, Recovery, and Maintenance 181

Introduction 183
Reaction 184
Selecting an IR Strategy 184
Notification 188
Documenting an Incident 190
Incident Containment Strategies 190
Interviewing Individuals Involved in the Incident 192
Incident Escalation 193
Recovery from Incidents 193
Identify and Resolve Vulnerabilities 194
Restore Data 195
Restore Services and Processes 195
Restore Confidence Across the Organization 195
Maintenance 196
The After-Action Review 196
Plan Review and Maintenance 198
Training 198
Rehearsal 198
Intrusion Forensics 199
Computer Forensics Methodology 199
Collecting Evidentiary Material 200
Analyzing the Evidentiary Material 210
Reporting on the Evidentiary Material 214
Managing Evidentiary Data in an Electronic Environment 214
Law Enforcement Involvement 215
Reporting to Upper Management 216
Loss Analysis 216
Chapter Summary 218
Review Questions 219
Chapter Exercises 219
Case Discussion 220
References 220

Chapter 6 Contingency Strategies for Business Resumption Planning 135

Introduction 137
Data and Application Resumption 139
Disk-to-Disk-to-Tape: Delayed Protection 139
Redundancy-Based Backup and Recovery Using RAID 144
Database Backups 146
Application Backups 147
Backup and Recovery Plans 147
Real-Time Protection, Server Recovery, and Application Recovery 148
Site Resumption Strategies 154
Exclusive Site Resumption Strategies 154
Shared Site Resumption Strategies 159
Service Agreements 161
Chapter Summary 168
Review Questions 169
Exercises 170
Endnotes 171

Table of Contents ix
36955_toc 1/3/2006 16:51:30 Page 10

Chapter 7 Disaster Recovery: Preparation andImplementation 173

Introduction 175
Disaster Classifications 175
Forming the Disaster Recovery Team 177
Organization 177
Special Documentation and Equipment 180
Disaster Planning Functions 181
Develop the DR Planning Policy Statement 182
Review the Business Impact Analysis 187
Identify Preventive Controls 187
Develop Recovery Strategies 188
Develop the DR Plan Document 188
Plan Testing, Training, and Exercises 192
Plan Maintenance 192
Technical Contingency Planning Considerations 192
Desktop Computers and Portable Systems 193
Servers 194
Web Sites 195
Local Area Networks 195
Wide Area Networks 196
Distributed Systems 197
Mainframe Systems 197
Summary of Technical Contingency Planning Considerations 198
Sample Disaster Recovery Plans 200
The Combined DRP/BCP 205
Final Comments on the DR Plan 205
Chapter Summary 206
Review Questions 207
Chapter Exercises 208
References 209

Chapter 8 Disaster Recovery: Operation and Maintenance 211

Introduction 213
Facing Key Challenges 213
Preparation: Training the DR Team and the Users 214
Disaster Recovery Planning as Preparation 216
DR Training and Awareness 218
DRP Testing and Rehearsal 224
Rehearsal and Testing of the Alert Roster 226
Disaster Response Phase 228
Recovery Phase 230
Resumption Phase 231
Restoration Phase 233
Repair or Replacement 233
Restoration of the Primary Site 235
Relocation from Temporary Offices 236
Resumption at the Primary Site 237
Standing Down and the After-Action Review 237
Chapter Summary 240
Review Questions 240
Chapter Exercises 241
References 242

x Principles of Incident Response and Disaster Recovery

36955_toc 1/3/2006 16:51:30 Page 11

Chapter 9 Business Continuity Preparation and Implementation 243

Introduction 245
Elements of Business Continuity Revisited 247
Continuity Strategies Revisited 247
Off-Site Data Recovery Revisited 249
Business Continuity Team 249
BC Team Organization 250
Special Documentation and Equipment 251
Business Continuity Policy and Plan Functions 253
Develop the BC Planning Policy Statement 253
Review the BIA 258
Identify Preventive Controls 258
Develop Relocation Strategies 259
Develop the Continuity Plan 259
CP Testing, Training, and Exercises 263
CP Maintenance 263
Tips for Creating Effective BCPs 264
Tips from Progress Software 264
Tips from Doug Kavanagh at Continuity Central 264
Sample Business Continuity Plans 265
Ready.gov Sample Emergency Plan 266
Sample BC Plan for ABC Company 273
Chapter Summary 281
Review Questions 282
Chapter Exercises 283
References 284

Chapter 10 Business Continuity Operations and Maintenance 285

Introduction 286
Implementing the BC Plan 286
Preparation for BC Actions 286
Relocation to the Alternate Site 289
Returning to a Primary Site 296
BC After-Action Review 298
Continuous Improvement of the BC Process 299
Improving the BCP 299
Improving the BC Staff 303
Maintaining the BC Plan 309
The Periodic BC Review 309
BC Plan Archivist 310
Chapter Summary 311
Review Questions 312
Exercises 312
Endnotes 313

Chapter 11 Crisis Management and Human Factors 315

Introduction 316
Crisis Management in the Organization 316
Crisis Terms and Definitions 317
Crisis Misconceptions 319
Preparing for Crisis Management 320
General Preparation Guidelines 320
Organizing the Crisis Management Team 321
Crisis Management Critical Success Factors 323
Developing the Crisis Management Plan 325

Table of Contents xi
36955_toc 1/3/2006 16:51:30 Page 12

Crisis Management Training and Testing 329

Other Crisis Management Preparations 331
Post Crisis Trauma 333
Post-Traumatic Stress Disorder 333
Employee Assistance Programs 334
Immediately After the Crisis 334
Getting People Back to Work 335
Dealing with Loss 336
Law Enforcement Involvement 337
Federal Agencies 337
State Agencies 341
Local Agencies 342
Managing Crisis Communications 342
Crisis Communications 342
Avoiding Unnecessary Blame 347
Succession Planning 349
Elements of Succession Planning 349
Succession Planning Approaches for Crisis Management 352
Chapter Summary 354
Review Questions 355
Exercises 356
Endnotes 356

xii Principles of Incident Response and Disaster Recovery

36955_preface 1/3/2006 16:50:30 Page 13

PREFACE

AS GLOBAL NETWORKS CONTINUE TO EXPAND, the interconnections between them become

ever more vital to the smooth operation of communication and computing systems. However,
escalating incidences of virus and worm attacks and the success of criminal attackers illustrate
the weaknesses in current information technologies and the need for heightened system security.
In attempting to secure current systems and networks, organizations must draw on the pool
of current information security practitioners. These same organizations will count on the next
generation of professionals to have the correct mix of skills and experiences to develop more
secure computing environments in the future. Students of technology must learn to recognize and
plan for the threats and vulnerabilities present in existing systems. They must also learn how to
design and develop the secure systems that will address these threats in the future.
The purpose of this textbook is to fill the increasing need for a quality academic textbook in
the discipline of Information Security and its associated areas of Contingency Operations. While
there are dozens of quality publications on information security and assurance oriented to the
practitioner, there are fewer textbooks that provide the student with a focus on the managerial
issues associated with planning for and reacting to events, incidents, disasters and crises. By cre-
ating a book specifically oriented toward students of information systems management, we hope
to close this gap. Specifically, there is a clear need for disciplines such as Information Systems,
Criminal Justice, Political Science, and Accounting Information Systems to understand the foun-
dations of contingency operations and the development of managerial plans to deal with them.
The fundamental tenet of this textbook is that information security in the modern organization is
a management problem, and not one that technology alone can answer; it is a problem that has
important economic consequences and for which management is accountable.

Approach
The book provides an overview of contingency operations – including its components of, and a
thorough treatment of the administration of the planning process for incident response, disaster
recovery and business continuity planning. It can be used to support course delivery for informa-
tion security driven programs targeted at Information Technology students as well as IT manage-
ment and technology management curricula aimed at business or technical management students.
Chapter Scenarios — Each chapter opens with a short story that follows the same fictional
company as it encounters various contingency planning or operational issues. The scenario also
offers a few discussion questions to round out each scenario. These questions give the student
and the instructor an opportunity to discuss the issues that underlay the content.
Ongoing Case Sidebars — These sections highlight an ongoing case in which a hypothetical
organization deals with the challenges in preparation for and reacting to events that become inci-
dents, disasters and crises. The boxes put the human face to the theoretical context and con-
structs presented, allowing students to experience the challenges and stress of dealing with the
issues associated with contingency operations.
Technical Details Sidebars – These sections highlight specific technical issues, allowing the
student to explore these topics in greater detail.
General Sidebars –
36955_preface 1/9/2006 14:10:5 Page 14

Boxed Examples –
Hands-On Learning — At the end of each chapter, students will find a Chapter Sum-
mary and Review Questions, as well as Exercises, which give them the opportunity to
examine the contingency planning arena outside the classroom. Using the Exercises, the
student can research, analyze and write to reinforce learning objectives and deepen their
understanding of the text.

Author Team
Michael Whitman and Herbert Mattord have jointly developed this text to merge knowledge
from the world of academic study with practical experience from the business world.
Michael Whitman, Ph.D., CISSP is a Professor of Information Systems in the Computer
Science and Information Systems Department at Kennesaw State University, Kennesaw,
Georgia, where he is also the Director of the KSU Center for Information Security Education
(infosec.kennesaw.edu), and the Coordinator of the Bachelor of Science in Information
Security and Assurance. Dr. Whitman teaches graduate and undergraduate courses in
Information Security and Data Communications. He and Herbert Mattord are the authors of
Principles of Information Security, Management of Information Security, Readings and
Cases in the Management of Information Security, and the Hands-On Informaion Security
Lab Manual all from Course Technology. Dr. Whitman is an active researcher in Information
Security, Fair and Responsible Use Policies, Ethical Computing, and Information Systems
Research Methods. He currently teaches graduate and undergraduate courses in Information
Security, Local Area Networking, and Data Communications. He has published articles in the
top journals in his field, including Information Systems Research, the Communications of the
ACM, Information and Management, the Journal of International Business Studies, and the
Journal of Computer Information Systems. He is the chair of the Human Firewall Council and
a member of the Metro Atlanta Information Systems Security Association, the Computer
Security Institute, the Association for Computing Machinery and the Association for Informa-
tion Systems.
Herbert Mattord, M.B.A. CISSP recently completed 24 years of IT industry experience
as an application developer, database administrator, project manager, and information security
practitioner to join the faculty as Kennesaw State University. He and Michael Whitman are the
authors of Principles of Information Security, Management of Information Security, Readings
and Cases in the Management of Information Security, and the Hands-On Information
Security Lab Manual from Course Technology. During his career as an IT practitioner, he
has been an adjunct professor at Kennesaw State University, Southern Polytechnic State
University in Marietta, Georgia, Austin Community College in Austin, Texas, and Texas State
University: San Marcos. He currently teaches undergraduate courses in Information Security,
Data Communications, Local Area Networks, Database Technology, Project Management, and
Systems Analysis & Design. He was formerly the Manager of Corporate Information Technol-
ogy Security at Georgia-Pacific Corporation, where much of the practical knowledge found in
this and his other textbooks was acquired.

Structure
The textbook is organized into sections based on the functions associated with the various
facets of Contingency Planning: Business Impact Analysis, Incident Response Planning,

xiv Principles of Incident Response and Disaster Recovery

36955_preface 1/3/2006 16:50:30 Page 15

Disaster Recovery Planning, Business Continuity Planning and Crisis Management Plan-
ning, and consists of eleven chapters and an Appendix. The text also includes hands-on
laboratory exercises included in the Instructor’s Resource Kit.

UNIT I—INTRODUCTION

Chapter 1. Introduction and Overview of Contingency Planning

This chapter introduces the student to the concept of Contingency Planning, and defines
the constituent components of Business Impact Analysis, Incident Response Planning,
Disaster Recovery Planning, Business Continuity Planning and Crisis Management
Planning. The chapter provides an overview of integrated planning for contingencies and
defines the responsibilities of each community of interest and stakeholder in the process.

U N I T I I — O R G A N I Z AT I O N A L R E A D I N E S S A N D
T H E B U S I N E S S I M PA C T A N A LY S I S

Chapter 2. Planning for Organizational Readiness

This chapter shows how organizational readiness and a Business Impact Analysis (BIA) lay the
foundation for all contingency planning and operations. The BIA is essentially an analysis of
the threats facing the organization, focusing on the attacks that could occur and the damage
that could result from those attacks. This information can then be used to support Incident
Response, Disaster Recovery, Business Continuity and Crisis Management planning.

UNIT III—INCIDENT RESPONSE

Chapter 3. Incident Response: Preparation, Organization & Prevention

This chapter introduces the phases associated with the preparation and organization of
incident response operations and tasks the organization can implement or prevent inci-
dents from occurring. It examines the necessary communications and planning that the
organization undertakes to prevent, detect, and react to these disruptions in operations.

Chapter 4. Incident Response: Detection, Decision and Notification

This chapter continues the discussion of incident response, providing additional insight
into the mechanisms and plans the organization uses to detect an incident. It also dis-
cusses the decision challenges the organization must face in determining what course of
action to pursue. It concludes with discussion on internal and external organizational com-
munications, informing management and other stakeholders as to what happened.

Chapter 5. Incident Response: Recovery and Maintenance

The chapter concludes the discussion of incident response by focusing on response activi-
ties the organization must undertake to conclude a specific incident response action. It
also describes the ongoing management activities necessary to keep the organization ready
to respond, including plan maintenance and rehearsal and testing strategies.

Preface xv
36955_preface 1/3/2006 16:50:30 Page 16

U N I T I V — C O N T I N G E N C Y S T R AT E G I E S

Chapter 6. Contingency Strategies for Disaster Recovery and Business

Continuity
This chapter introduces a series of strategies that serve both the disaster recovery and
business continuity efforts. These strategies include exclusive options like hot, warm and
cold sites, as well as shared functions like time-shares, mutual agreements, and service
bureaus, as well as other options. The chapter also examines data backup and recovery
strategies, which if effectively implemented assist both disaster recovery and business con-
tinuity efforts in recovering and reestablishing operations after the respective plans have
been activated.

UNIT V—DISASTER RECOVERY

Chapter 7. Disaster Recovery: Preparation and Implementation

This chapter begins the examination of disaster through an examination of the tasks asso-
ciated with formulating the disaster recovery team, developing the disaster recovery plan,
and preparing for a disaster. It specifies the individual and team responsibilities during a
disaster and presents the tasks that must be performed to assist in disaster recovery
efforts.

Chapter 8. Disaster Recovery: Operation and Maintenance

This chapter continues the discussion of disaster recovery through an examination of the
operations during a disaster as covered in the disaster recovery plan. It examines the
actions of the team during each of the key phases of a disaster including preparation,
response, resumption, recovery, restoration.

UNIT VI—BUSINESS CONTINUITY

Chapter 9. Business Continuity Preparation and Implementation

This chapter introduces the subject of business continuity, and overviews the necessary
steps to prepare for business continuity operations. It covers the process of developing a
business continuity plan and describes the components critical to its success. The chapter
also discusses the design and preparation of a business continuity team, and presents the
roles and responsibilities associated with it.

Chapter 10. Business Continuity Operations and Maintenance

This chapter continues the discussion of business continuity by discussing the actions of
the business continuity team during an actual implementation. The chapter provides
insight into the planning and efforts that must occur to make a business continuity effort a
success, and examines the impact of business continuity on the organization workflow.

xvi Principles of Incident Response and Disaster Recovery

36955_preface 1/9/2006 14:11:14 Page 17

UNIT V—CRISIS MANAGEMENT

Chapter 11. Crisis Management and Human Factors

The final chapter examines the special requirements associated with dealing with crises –
incidents or disasters that have directly impacted human safety and life. The special
requirements for preparing to deal with crises, and the challenges associated with crises
are also presented and discussed.

Instructor Resources
A variety of teaching tools have been prepared to support this textbook and offer many
options to enhance the classroom learning experience:
Electronic Instructor’s Manual — The Instructor’s Manual includes suggestions and
strategies for using this text, such as suggestions for lecture topics. The Instructors Manual
also includes answers to the review questions and suggested solutions to the exercises at
the end of each chapter.
Figure Files — Figure Files allow instructors to create their own presentations using
figures taken from the text.
PowerPoint Presentations — This book comes with Microsoft PowerPoint slides for
each chapter. These are included as a teaching aid for classroom presentation, to make
available to students on the network for chapter review, or to be printed for classroom
distribution. Instructors can add their own slides for additional topics they introduce to
the class.
Lab Manual Content — The Instructor’s Resource Kit contains a set of laboratory
exercises specifically designed to assist in student understanding of the challenges in pre-
paring for and reacting to incidents. These exercises are provided for use in hands-on com-
puter labs by the instructor, and include setup and use guides. This information will be
incorporated into future issues of the Hands-On Information Security Lab Manual, also
published by Course Technology.
Curriculum Model for Programs of Study in Information Security and Assurance—
In addition to the texts authored by this team, a curriculum model for programs of study
in Information Security and Assurance is available from the Kennesaw State University
Center for Information Security Education (http://infosec.kennesaw.edu). This document
provides details on designing and implementing security coursework and curricula in aca-
demic institutions, as well as guidance and lessons learned from the authors’ perspective.
ExamView — ExamView®, the ultimate tool for objective-based testing needs. Exam-
View® is a powerful objective-based test generator that enables instructors to create paper,
LAN or Web-based tests from testbanks designed specifically for their Course Technology
text. Instructors can utilize the ultra-efficient QuickTest Wizard to create tests in less than
five minutes by taking advantage of Course Technology’s question banks, or customize
their own exams from scratch.

Preface xvii
36955_preface 1/3/2006 16:50:30 Page 18

ACKNOWLEDGMENTS
The authors would like to thank their families for their support and understanding for the
many hours dedicated to this project, hours taken in many cases from family activities.
Special thanks to Carola Mattord, postgraduate student of English at Georgia State
University. Her reviews of early drafts and suggestions for keeping the writing focused on
the students resulted in a more readable manuscript.

Contributors
Two Kennesaw State University students also assisted in the preparation of the textbook,
and we thank them for their contributions.
-Dan Martin
-Matthew North

Reviewers
We are indebted to the following individuals for their respective contributions of perceptive
feedback on the initial proposal, the project outline, and the chapter-by-chapter reviews of
the text:
TO BE ADDED

Special Thanks
The authors wish to thank the Editorial and Production teams at Course Technology. Their
diligent and professional efforts greatly enhanced the final product:
TO BE ADDED
In addition, several professional and commercial organizations and individuals have
aided the development of the textbook by providing information and inspiration, and the
authors wish to acknowledge their contribution:
-Bernstein Crisis Management
-Continuity Central
-The Human Firewall Council
-Information Systems Security Associations
-The Institute for Crisis Management
-The National Institute of Standards and Technology
-Onecle, Inc.
-Purdue University
-Rothstein Associates, Inc-SunGard
Our colleagues in the Department of Computer Science and Information Systems, Ken-
nesaw State University Professor Merle King, Chair of the Department of Computer Science
and Information Systems, Kennesaw State University

Our Commitment
The authors are committed to serving the needs of the adopters and readers. We would be
pleased and honored to receive feedback on the textbook and its supporting materials. You
can contact us through Course Technology at [email protected].

xviii Principles of Incident Response and Disaster Recovery

View publication stats