+1443 776-2705 panelessays@gmail.com

– No plagiarism 

– Normal English 

– Use references from the internet if needed 

– Direction & Textbook Attached 

PART1: Discussion

Please read chapter 32 of your textbook and read reputable articles/ web resources and discuss:

How does disaster recovery relate to business continuity? What is the scope of DR? What is the scope of BCP?

Please list your reference/s

PART2: Assignment

Read chapter 32 , online resources and reputable articles/journals AND:

Choose an organization that you are familiar with, for example a university, place that you are working for or any other organization and write an essay and describe your plan and proposal for a comprehensive Disaster Recovery and Business Continuity plan.

List all your references/resources.


CompRef_2010 / Information Security: The Complete Reference / Rhodes / 435-7
Blind Folio i


Information Security
Second Edition

00-FM.indd 1 3/14/13 3:34 PM


CompRef_2010 / Information Security: The Complete Reference / Rhodes / 435-7
Blind Folio ii

About the Author
Mark Rhodes-Ousley is experienced with every aspect of security, from program management
to technology. That experience includes risk management, security policies, security
management, technology implementation and operations, physical security, disaster recovery,
and business continuity planning. A resident of Silicon Valley, he has been fortunate to live
through the early years, boom times, and mainstreaming of computers and the Internet,
practicing information security even before Windows existed. Mark holds a CISSP certification
from the International Information Systems Security Certification Consortium (ISC)2, a CISM
certification from the Information Systems Audit and Control Association (ISACA), and
certifications from ITIL, Microsoft (MCSE: Security 2003), Cisco, Security Dynamics, Raptor
Systems, Hewlett-Packard, and Digital Equipment Corporation, along with a bachelor’s degree
in applied mathematics and electrical engineering from the University of California, San Diego

Specializing in information security since 1994 when he built the first Internet firewall for
Santa Clara County, California, Mark has built quality-focused security programs, processes,
and technologies at Robert Half International (RHI), Merrill-Lynch, National City Bank,
Fremont Bank, Sun Microsystems, PG&E, Clorox, The Gap, Aspect Communications, Hitachi
Data Systems (HDS), SunPower, and the original Napster. He holds two core beliefs: that
business processes are just as important as technology because security relies on people; and
that security should be a business enabler, with a goal of enhancing the customer experience.
Believing that maturity of a security program should be improved one step at a time,
measured on a five-point maturity scale, with targets agreed upon by business stakeholders,
Mark is also a proponent of “management by measurement”—performance measured with
metrics (raw data) to manage down and key performance indicators (KPI dashboards) to
manage up. His experience has shown that building bridges and fostering cross-departmental
collaboration, along with executive sponsorship and engagement, enhances the success of the
security program.

Mark can be reached at [email protected] or www.facebook.com/pages/Information-
Security-The-Complete-Reference-2nd-Ed on Facebook.

About the Contributors and Technical Reviewers
Andrew Abbate, contributor, enjoys the position of principal consultant and partner at
Convergent Computing. With nearly 20 years of experience in IT, Andrew’s area of expertise
is understanding a business’s needs and translating that to processes and technologies to solve
real problems. Having worked with companies from the Fortune 10 to companies of ten
employees, Andrew has a unique perspective on IT and a grasp on “big picture” consulting.
Andrew has also written nine industry books on varying technologies ranging from Windows
to security to unified communications and has contributed to several others. Andrew can be
reached via e-mail at [email protected]

After being battered about for 20 years in the construction industry, Barrington Allen,
technical reviewer, packed up his transferable skills and began a career in information
technology 16 years ago. Working in a Fortune 100 company has provided Barrington the
opportunity to work on interesting and complex enterprise systems, while also providing
the continual learning support which is essential to any IT career. Barrington is often seen
walking his border collies, or seeking to ride on a velodrome near you.

00-FM.indd 2 3/14/13 3:34 PM


CompRef_2010 / Information Security: The Complete Reference / Rhodes / 435-7
Blind Folio iii

Brian Baker, contributor, has been an IT professional for nearly three decades. Brian has
supported environments consisting of large, multi-mainframe data centers, international
corporations, and smaller, single-site e-commerce infrastructures. He has worked for EDS,
ACS, Merrill Lynch, Ross Dress for Less, and others over the course of his career. His roles
have included systems, network, messaging, and security, and for the past ten years he has
been supporting and managing storage infrastructures. Brian initially began his storage career
while he worked as part of a small team to select and design a SAN implementation. From
there he managed the backup and storage infrastructure for a division of Merrill Lynch. As his
experience grew, Brian accepted a position with a large hosting provider, joining a small
team that managed over 3 petabytes of storage consisting of various SAN array vendors and
SAN fabrics within 16 data centers. Brian is an EMC Storage Specialist (EMCSA) and holds a
bachelor’s degree in information technology from National University. He may be contacted
at [email protected]

As a security researcher at McAfee, contributor Zheng Bu’s every day work is on host and
network security. He likes to innovate and address security problems. His recent research
includes application and mobile. He is a runner, badminton player, and photographer. Feel
free to contact him at [email protected]

Brian Buege, contributor, is the Director of Engineering at Spirent Communications.
He has more than ten years of software development experience and has been developing
large-scale, enterprise Java applications since 1998. He lives in McKinney, Texas, with his
wife and son.

Anil Desai (MCSE, MCSA, MCSD, MCDBA), contributor, is an independent consultant
based in Austin, Texas. He specializes in evaluating, developing, implementing, and managing
solutions based on Microsoft technologies. He has worked extensively with Microsoft’s server
products and the .NET platform. Anil is the author of several other technical books, including
MCSE/MCSA Managing and Maintaining a Windows Server 2003 Environment Study Guide Exam
70-290 (McGraw-Hill/Osborne, 2003), Windows 2000 Directory Services Administration Study
Guide (McGraw-Hill/Osborne, 2001), Windows NT Network Management: Reducing Total Cost of
Ownership (New Riders, 1999), and SQL Server 2000 Backup and Recovery (McGraw-Hill/
Osborne, 2001). He has made dozens of conference presentations at national events and is
also a contributor to magazines. When he’s not busy doing techie-type things, Anil enjoys
cycling in and around Austin, playing electric guitar and drums, and playing video games. For
more information, you can contact him at [email protected]

Leo Dregier, contributor, got his start in networking when he took the MCSE 4.0
Microsoft track. After a few short months, he was recognized as a very knowledgeable subject
matter expert, so much so that the corporate school he attended offered him a job to teach
other aspiring Microsoft engineers. Leo has the ability to learn very quickly and is highly
adaptable, analytical, and an overachiever (as demonstrated by having expertise in over 40 of
the popular computer certifications, including CISSP, ISSEP, CISM, CISA, CRISC, PMP, CEH,
CHFI, and several others). Leo has been a principal at the computer security firm The
Security Matrix, LLC, since 1995. He has provided consulting services to many U.S. federal
clients, including the Department of State, the Department of Labor, the Internal Revenue
Service, and the Centers for Medicaid and Medicare Services. Additionally, Leo has helped
thousands of IT professionals achieve their certifications online at TheCodeOfLearning.com
and maintains an evaluation level above 90+%. When Leo is not working as a consultant or in
the classroom, you can find him working on his other personal projects. TheProfitCycle.com
is geared toward people who need help learning how to adapt to technology and want to

00-FM.indd 3 3/14/13 3:34 PM


CompRef_2010 / Information Security: The Complete Reference / Rhodes / 435-7
Blind Folio iv

make money using technology as a solution. Leo has also created FindRealEstateHelp.com,
which is a real estate problem-solving and investment company. In his spare time, he sleeps
and spends time with his beautiful wife. Leo can be contacted for consulting, public
speaking, TV appearances, and more at www.leodregier.com.

Dr. Nick Efford, contributor, is a senior teaching fellow in the School of Computing at
the University of Leeds in the United Kingdom, where he currently teaches object-oriented
software engineering, distributed systems, and computer security. His previous published
work includes a book on digital image processing using Java.

Aaron Estes, technical reviewer, has over twelve years of experience in software
development and security engineering. His expertise includes secure coding and code
review, penetration-testing, security architecture review, and network security. Aaron has
had key security engineering roles on several of Lockheed Martin’s largest contracts. In
addition to Lockheed Martin, Aaron has worked with a number of Fortune 500 companies
as a security consultant. He has over four years of teaching experience at Southern Methodist
University at the undergraduate and graduate level, and expects to complete his doctorate
degree this year in Software Engineering with a focus on security software at Southern
Methodist University in Dallas.

Thaddeus Fortenberry (MCSE, MCT), contributor, is a senior member technical staff
and the remote access architect for employee access at HP. For the past year, he has been
working on the consolidation of the remote access solutions for the merged Compaq and
HP environments. Thaddeus specializes in complete security plans for remote deployments
that address real-world issues and protection.

Christian Genetski, contributor, is a Senior Vice President and General Counsel at the
Entertainment Software Association. Christian is a former prosecutor in the Department
of Justice Computer Crime Section, where he coordinated the investigations of several
prominent computer crime cases, including the widely publicized denial of service attacks that
hit e-commerce sites eBay, Amazon.com, and others in February 2000. In private practice, he
counsels clients on compliance with information security regulations, conducts investigations
into computer security breaches or other hostile network activity, and represents clients in civil
litigation or criminal referrals arising from network incidents. Christian graduated from the
Vanderbilt University School of Law, Order of the Coif. He regularly lectures to a wide variety
of audiences on computer crime and information security issues, and he serves as an adjunct
professor at the Georgetown University Law Center. Christian would like to thank David
Tonisson for his thoughtful contributions to Chapter 3 on legal issues.

Christine Grayban, technical reviewer, is the Enterprise Security practice lead for Stach &
Liu, where she oversees all projects related to information security compliance and
controls, risk management, governance, and security strategy. She has helped several
organizations reach compliance with PCI DSS, HIPAA, ISO 27001/2, and other information
security frameworks. Prior to joining Stach & Liu, Christie spent several years in the security
consulting practices at Accenture and Ernst & Young for clients in the Global 500, with
verticals including financial services, telecommunications, health care, and resources. She is
currently based in New York City and has worked and lived internationally in San Francisco,
London, and Mumbai.

Roger A. Grimes (CPA, MCSE NT/2000, CNE 3/4, A+), contributor, is the author of
Malicious Mobile Code: Virus Protection for Windows (O’Reilly, 2001), Honeypots for Windows
(Apress, 2004), and Professional Windows Desktop and Server Hardening (Wrox, 2006) and

00-FM.indd 4 3/14/13 3:34 PM


CompRef_2010 / Information Security: The Complete Reference / Rhodes / 435-7
Blind Folio v

has been fighting malware since 1987. He has consulted for some of the world’s largest
companies, universities, and the U.S. Navy. Roger has written dozens of articles for
national computer magazines, such as Windows & .NET Magazine, Microsoft Certified
Professional Magazine, and Network Magazine, and Newsweek covered his work fighting
computer viruses. You can contact him at [email protected]

Gregory Hoban, technical reviewer, is a Senior Systems Engineer currently in Emeryville,
California. He has over 17 years of experience dealing with a wide range of servers and
storage, specializing in systems and database installation and configuration. Gregory has
deployed highly available Oracle and SQL server databases on a number of SANs. He has
been responsible for implementing security restrictions and business IT process controls at
both FDA- and SOX-compliant facilities. Gregory holds an NCDA certification for NetApp
and an Advanced CXE certification for Xiotech.

Michael Howard, contributor, is a Principal CyberSecurity Architect at Microsoft Corp.,
a founding member of the Secure Windows Initiative group at Microsoft, and a coauthor of
Writing Secure Code (Microsoft Press, 2001). He focuses on the short- and long-term goals of
designing, building, testing, and deploying applications to withstand attack and yet to still
be usable by millions of nontechnical users.

Ayush Jain, technical reviewer, is a Senior IT Infrastructure Manager in Emeryville,
California. Ayush’s professional experiences cover all facets of information security, including,
but not limited to, designing and deploying secure infrastructures, BYOD, VDI, implementing
intrusion detection and data leak prevention systems, and developing policies and procedures
for IT Governance. He holds a bachelor’s degree in information technology from Rochester
Institute of Technology (R.I.T.) and Advanced CXE certification for Xiotech.

Michael Judd (a.k.a. Judd), contributor, is a Senior Application Engineer at FTEN
(a NASDAQ OMX company). He has taught and developed technical courseware on
subjects ranging from Java syntax, object-oriented analysis and design, patterns, and
distributed programming, to Java security and J2EE. He lives in Denver, Colorado.

Dr. Bryan Kissinger, contributor, is a seasoned security professional with over 18 years of
experience advising government and various private sector organizations on enhancing their
security posture. He is currently responsible for assessing risk, recommending infrastructure
enhancements, and managing compliance for a major healthcare provider. Bryan was previously
a Director in PricewaterhouseCoopers’ Security practice with leadership responsibilities in the
Pacific Northwest and Bay Area markets. He is considered a healthcare and technology sector
specialist and is a published author and frequent public speaker on the topics of security and
information technology strategy.

Thomas Knox, contributor, has done Unix administration for more years than he wants
to admit. He is currently a Streaming Media Engineer at Comcast and previously worked as
a network and system engineer for National Geographic and Amazon.com. His thanks go to
his wife Gisela for all her love and support.

Brenda Larcom, technical reviewer, is a Senior Security Consultant throughout the
United States and occasionally beyond. She has over 17 years of experience securing software
and the odd bit of hardware throughout the development and deployment lifecycle,
particularly for Agile organizations. Brenda cofounded an open source threat modeling
methodology that analyzes security requirements as well as architecture. Brenda holds a
bachelor’s degree in computer science from the University of Washington. She may be
contacted at [email protected]

00-FM.indd 5 3/14/13 3:34 PM


CompRef_2010 / Information Security: The Complete Reference / Rhodes / 435-7
Blind Folio vi

Eric Milam, contributor, is a Principal Security Assessor with over 14 years of experience in
information technology. Eric has performed innumerable consultative engagements, including
enterprise security and risk assessments, perimeter penetration testing, vulnerability
assessments, social engineering, physical security testing, and wireless assessments, and has
extensive experience in PCI compliance controls and assessments. Eric is a project steward
for the Ettercap project as well as creator and developer of the easy-creds and smbexec
open source software projects. He can be reached at [email protected] and jbrav
[email protected]

Michael T. Raggo (CISSP, NSA-IAM, CCSI, ACE, CSI), contributor, applies over 20 years
of security technology experience and evangelism to the technical delivery of security
research and solutions. Michael’s technology experience includes penetration testing,
wireless security assessments, compliance assessments, firewall and IDS/IPS deployments,
mobile device security, incident response and forensics, and security research, and he is also
a former security trainer. As a Product Manager at AirDefense, he co-designed a new and
innovative product (Wireless Vulnerability Assessment; U.S. patent #7,577,424), a wireless
“hacker-in-a-box” add-on module for AirDefense’s Wireless IPS solution. In addition, Michael
conducts ongoing independent research on various wireless and mobile hacking techniques,
as well as data hiding. He has presented on various security topics at numerous conferences
around the world (including BlackHat, DefCon, SANS, DoD Cyber Crime, OWASP, InfoSec,
etc.) and has even briefed the Pentagon. You can find out more on his security research
website at www.spyhunter.org.

Eric Reither, technical reviewer, is the Vice President and a Senior Security Consultant
at Security by Design Inc. Since 2001, he has been involved with numerous projects, and
his project management skills have proven invaluable for keeping projects on time and on
budget. Eric’s project involvement also extends to engineering, drafting, and database
management. This deep level of project involvement combined with Eric’s experience
helps to guarantee client expectations are exceeded on a regular basis. Eric also has over
ten years of experience in the fire suppression and facilities communication systems
industries. During that period, his responsibilities included systems installation, all facets of
project management, systems engineering and design, and training program development.
He can be reached at [email protected]

Ben Rothke (CISSP), technical reviewer, is a Corporate Services Information Security
Manager at Wyndham Worldwide, and he has more than 15 years of industry experience in
the area of information systems security. His areas of expertise are in PKI, HIPAA, 21 CFR
Part 11, design and implementation of systems security, encryption, firewall configuration
and review, cryptography, and security policy development. Prior to joining ThruPoint, Inc.,
Ben was with Baltimore Technologies, Ernst & Young, and Citicorp, and he has provided
security solutions to many Fortune 500 companies. Ben is also the lead mentor in the
ThruPoint CISSP preparation program, preparing security professionals to take the rigorous
CISSP examination. Ben has written numerous articles for such computer periodicals as the
Journal of Information Systems Security, PC Week, Network World, Information Security, SC, Windows
NT Magazine, InfoWorld, and the Computer Security Journal. Ben writes for Unix Review and
Security Management and is a former columnist for Information Security and Solutions Integrator
magazine; he is also a frequent speaker at industry conferences. Ben is a Certified
Information Systems Security Professional (CISSP) and Certified Confidentiality Officer
(CCO), and a member of HTCIA, ISSA, ICSA, IEEE, ASIS, and CSI. While not busy making
corporate America a more secure place, Ben enjoys spending time with his family.

00-FM.indd 6 3/14/13 3:34 PM


CompRef_2010 / Information Security: The Complete Reference / Rhodes / 435-7
Blind Folio vii

Zeke (Ezekiel) Rutman-Allen, technical reviewer and contributor, is first and foremost
a fanatical technologist. Zeke carries an active interest in all disciplines of technology
application, from tradecrafts to supercomputing, with expertise in many different areas
of telecommunications, networking, and data centers. Originally a network engineer, he
has held a variety of technical and management positions in enterprise and government
organizations in network engineering, data center, and voice/VoIP architecture, design,
and operation. Currently, Zeke holds the position of Senior Manager, Global Network
Services for a multibillion dollar green energy company. His responsibilities include
several key technology stacks, including data center spec/design/operation, LAN/WAN,
global voice and VoIP platforms, and all remote access. These duties have allowed Zeke to
satiate his hunger for knowledge while maintaining a wide variety of expertise across a
multitude of disciplines. Zeke can be reached at [email protected]

Stephen Singam, technical reviewer, has extensive experience in information security
architecture and management, stakeholder management, strategic planning, and security
project management and delivery. He is currently a CTO at Hewlett-Packard, and has
held security leadership positions at Commonwealth Bank of Australia (Sydney), 20th
Century Fox/News Corporation (Los Angeles), Salesforce.com (San Francisco), IBM
(New York), and Nokia (Helsinki). His accomplishments include developing a Cyber
Security Operation Center (SOC) encompassing the provisioning of security monitoring
via IDaaS, threat and vulnerability intelligence using Big Data technologies and managed
security infrastructure, and creating a cloud security reference architecture for a large
telecommunication SaaS market offering. At 20th Century Fox, Stephen developed
Intellectual Property Security Architecture, Standards, and Policies that cover all release
platforms from Script Development to Home Entertainment worldwide. This was
accomplished with a focus on the most successful movie of all time—James Cameron’s
Avatar. As a result, Fox became the first Media & Entertainment firm to successfully attain
a zero pre-release IP leak of major DVD releases in Russia. Stephen has an MS in
management of technology from the University of Pennsylvania, a joint program of
Wharton Business School and the School of Applied Science & Engineering. He is a
Moore Fellow in Management of Technology at University of Pennsylvania. He also has
an MS in international management from University of Reading (United Kingdom).
Stephen has been an Invited Panelist at: Tech ROI; New York Times Business-Innovation;
and Silicon Valley’s ISACA Annual Meeting and United Kingdom’s Knowledge Transfer
Network. In 2011, he was invited by the Chinese government in Chongqing to advise on
non-monitored cloud services for MNCs such as Microsoft, JP Morgan and IBM Corp. He
can be reached at [email protected]

Keith Strassberg (CPA, CISSP), technical reviewer, contributor, and first edition
coauthor, is now CEO/CTO of Universal Survey, one of the world’s largest independent
market research data collection companies. Keith oversees Universal’s operations and
pushes the company to be a highly competitive and efficient partner. Universal’s clients
benefit from Keith’s insight and extensive technical abilities, and he is known for
developing and executing solutions in dynamic and fast-moving technology environments.
Keith has been in the information security field for over 15 years and has worked at firms
such as The Guardian Life Insurance Company of America and Arthur Andersen. Keith
holds a BS in accounting from Binghamton University, and he can be reached at
[email protected]

00-FM.indd 7 3/14/13 3:34 PM


CompRef_2010 / Information Security: The Complete Reference / Rhodes / 435-7
Blind Folio viii

Simon Thorpe, contributor, has been working with information security technologies
since 1999. He was the first employee of SealedMedia after the founder received the first
round of funding. He was involved in the development, support, QA, sales, consulting,
product management, and marketing of the SealedMedia product. In 2006, when the
technology was acquired by Oracle, Simon continued his involvement by working on IRM
solutions with companies around the globe as well as deploying the technology internally,
protecting Oracle’s most valuable information. Simon has written for the Oracle IRM
blog, Oracle Profit Magazine, and other online publications, and has extensive knowledge
of many of the unstructured data security solutions in the market today. Simon then
moved from Oracle to Microsoft, where he continues to apply his IRM knowledge with
the Microsoft AD RMS technology. Simon is often looking for feedback on how people
implement document and file security technologies, so feel free to contact him at
[email protected]

Dr. Andrew A. Vladimirov (CISSP, CCNP, CCDP, CWNA, TIA Linux+), contributor,
currently holds the position of Chief Security Manager for Arhont Information Security
Ltd. (www.arhont.com), a fast-growing information security company based in Bristol, UK.
Andrew is a graduate of King’s College London and University of Bristol. He is a researcher
with wide interests, ranging from cryptography and network security to bioinformatics
and neuroscience. He published his first scientific paper at the age of 13 and dates his
computing experience back to the release of Z80. Andrew was one of the cofounders of
Arhont, which was established in 2000 as a pro-open-source information security company
with attitude. Over the years, Andrew has participated in Arhont’s contributions to the
security community via publications at BugTraq and other security-related public e-mail
lists, network security articles for various IT magazines, and statistical research. Andrew’s
wireless networking and security background predates the emergence of the 802.11
standard and includes hands-on experience designing, installing, configuring, penetrating,
securing, and troubleshooting wireless LANs, Bluetooth PANs, and infrared links implemented
using a wide variety of operating systems and hardware architectures. Andrew was one of
the first UK IT professionals to obtain the CWNA certification, and he is currently in
charge of the wireless consultancy service provided by Arhont. He participates in wireless
security equipment beta testing for major wireless hardware and firmware vendors, such as
Proxim, Belkin, and Netgear..

Barak Weichselbaum, contributor and technical reviewer, is a network and security
consultant who started his career in the Israeli Defense Forces and served in the intelligence
corps. He spearheaded the development of numerous network security products and
solutions, including B2B, P2P, IPS, and IDS, from the ground up to the deployment and
integration stage. He is the founder and CEO of B.W. Komodia Ltd. You can contact him at

Marcia Wilson, contributor, is an information technology veteran who has focused on
information security for the last decade. She holds the CISSP and CISM designations. She
received her master’s degree from the University of San Francisco and is finishing up her
doctoral studies in information assurance at Capella University. Marcia has worked in a
number of capacities in information security, including managing and directing security
teams in a global environment, as an individual contributor, and as a consultant for small,
medium, and large organizations. She is experienced in healthcare, financial, and high
tech organizations in both the private and public sectors. Marcia’s passion is protecting the
privacy of individual personal and healthcare information.

00-FM.indd 8 3/14/13 3:34 PM


CompRef_2010 / Information Security: The Complete Reference / Rhodes / 435-7
Blind Folio …