SlideShare a Scribd company logo

(eBook PDF) Effective Cybersecurity: A Guide to Using Best Practices and Standards

B
baruulisy

(eBook PDF) Effective Cybersecurity: A Guide to Using Best Practices and Standards (eBook PDF) Effective Cybersecurity: A Guide to Using Best Practices and Standards (eBook PDF) Effective Cybersecurity: A Guide to Using Best Practices and Standards

Education
1 of 38
Downloaded 12 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
(eBook PDF) Effective Cybersecurity: A Guide to Using Best Practices and Standards pdf download https://ebooksecure.com/product/ebook-pdf-effective- cybersecurity-a-guide-to-using-best-practices-and-standards/ Download more ebook from https://ebooksecure.com
We believe these products will be a great fit for you. Click the link to download now, or visit ebooksecure.com to discover even more! (eBook PDF) A Risk Professional's Survival Guide: Applied Best Practices in Risk Management http://ebooksecure.com/product/ebook-pdf-a-risk-professionals- survival-guide-applied-best-practices-in-risk-management/ (eBook PDF) Information Governance: Concepts, Strategies, and Best Practices http://ebooksecure.com/product/ebook-pdf-information-governance- concepts-strategies-and-best-practices/ (eBook PDF) Change Management: A Guide to Effective Implementation 4th Edition http://ebooksecure.com/product/ebook-pdf-change-management-a- guide-to-effective-implementation-4th-edition/ (eBook PDF) Regression & Linear Modeling: Best Practices and Modern Methods http://ebooksecure.com/product/ebook-pdf-regression-linear- modeling-best-practices-and-modern-methods/
(eBook PDF) Policing America: Challenges and Best Practices 9th Edition http://ebooksecure.com/product/ebook-pdf-policing-america- challenges-and-best-practices-9th-edition/ (eBook PDF) Modeling and Simulation: Challenges and Best Practices for Industry http://ebooksecure.com/product/ebook-pdf-modeling-and-simulation- challenges-and-best-practices-for-industry/ (eBook PDF) Human Capital Management Standards: A Complete Guide http://ebooksecure.com/product/ebook-pdf-human-capital- management-standards-a-complete-guide/ (eBook PDF) Effective Training Systems Strategies and Practices 5th Edition http://ebooksecure.com/product/ebook-pdf-effective-training- systems-strategies-and-practices-5th-edition/ (eBook PDF) Improving Board Risk Oversight Through Best Practices http://ebooksecure.com/product/ebook-pdf-improving-board-risk- oversight-through-best-practices/
(eBook PDF) Effective Cybersecurity: A Guide to Using Best Practices and Standards
7 Appendix A: References and Standards Appendix B: Glossary Index Appendix C (Online Only): Answers to Review Questions You can find Appendix C at informit.com/title/9780134772806. Click the Downloads tab to access the PDF file.
8 Table of Contents Preface Chapter 1: Best Practices, Standards, and a Plan of Action 1.1 Defining Cyberspace and Cybersecurity 1.2 The Value of Standards and Best Practices Documents 1.3 The Standard of Good Practice for Information Security 1.4 The ISO/IEC 27000 Suite of Information Security Standards ISO 27001 ISO 27002 1.5 Mapping the ISO 27000 Series to the ISF SGP 1.6 NIST Cybersecurity Framework and Security Documents NIST Cybersecurity Framework NIST Security Documents 1.7 The CIS Critical Security Controls for Effective Cyber Defense 1.8 COBIT 5 for Information Security 1.9 Payment Card Industry Data Security Standard (PCI DSS) 1.10 ITU-T Security Documents 1.11 Effective Cybersecurity The Cybersecurity Management Process Using Best Practices and Standards Documents 1.12 Key Terms and Review Questions Key Terms Review Questions 1.13 References Part I: Planning for Cybersecurity Chapter 2: Security Governance 2.1 Security Governance and Security Management
9 2.2 Security Governance Principles and Desired Outcomes Principles Desired Outcomes 2.3 Security Governance Components Strategic Planning Organizational Structure Roles and Responsibilities Integration with Enterprise Architecture Policies and Guidance 2.4 Security Governance Approach Security Governance Framework Security Direction Responsible, Accountable, Consulted, and Informed (RACI) Charts 2.5 Security Governance Evaluation 2.6 Security Governance Best Practices 2.7 Key Terms and Review Questions Key Terms Review Questions 2.8 References Chapter 3: Information Risk Assessment 3.1 Risk Assessment Concepts Risk Assessment Challenges Risk Management Structure of This Chapter 3.2 Asset Identification Hardware Assets Software Assets Information Assets Business Assets Asset Register 3.3 Threat Identification
10 The STRIDE Threat Model Threat Types Sources of Information 3.4 Control Identification 3.5 Vulnerability Identification Vulnerability Categories National Vulnerability Database and Common Vulnerability Scoring System 3.6 Risk Assessment Approaches Quantitative Versus Qualitative Risk Assessment Simple Risk Analysis Worksheet Factor Analysis of Information Risk 3.7 Likelihood Assessment Estimating Threat Event Frequency Estimating Vulnerability Loss Event Frequency 3.8 Impact Assessment Estimating the Primary Loss Estimating the Secondary Loss Business Impact Reference Table 3.9 Risk Determination 3.10 Risk Evaluation 3.11 Risk Treatment Risk Reduction Risk Retention Risk Avoidance Risk Transfer 3.12 Risk Assessment Best Practices 3.13 Key Terms and Review Questions Key Terms Review Questions 3.14 References
11 Chapter 4: Security Management 4.1 The Security Management Function Security Planning Capital Planning 4.2 Security Policy Security Policy Categories Security Policy Document Content Management Guidelines for Security Policies Monitoring the Policy 4.3 Acceptable Use Policy 4.4 Security Management Best Practices 4.5 Key Terms and Review Questions Key Terms Review Questions 4.6 References PART II: Managing the Cybersecurity Function Chapter 5: People Management 5.1 Human Resource Security Security in the Hiring Process During Employment Termination of Employment 5.2 Security Awareness and Education Security Awareness Cybersecurity Essentials Program Role-Based Training Education and Certification 5.3 People Management Best Practices 5.4 Key Terms and Review Questions Key Terms Review Questions 5.5 References
12 Chapter 6: Information Management 6.1 Information Classification and Handling Information Classification Information Labeling Information Handling 6.2 Privacy Privacy Threats Privacy Principles and Policies Privacy Controls 6.3 Document and Records Management Document Management Records Management 6.4 Sensitive Physical Information 6.5 Information Management Best Practices 6.6 Key Terms and Review Questions Key Terms Review Questions 6.7 References Chapter 7: Physical Asset Management 7.1 Hardware Life Cycle Management Planning Acquisition Deployment Management Disposition 7.2 Office Equipment Threats and Vulnerabilities Security Controls Equipment Disposal 7.3 Industrial Control Systems
13 Differences Between IT Systems and Industrial Control Systems ICS Security 7.4 Mobile Device Security Mobile Device Technology Mobile Ecosystem Vulnerabilities Mobile Device Security Strategy Resources for Mobile Device Security 7.5 Physical Asset Management Best Practices 7.6 Key Terms and Review Questions Key Terms Review Questions 7.7 References Chapter 8: System Development 8.1 System Development Life Cycle NIST SDLC Model The SGP’s SDLC Model DevOps 8.2 Incorporating Security into the SDLC Initiation Phase Development/Acquisition Phase Implementation/Assessment Phase Operations and Maintenance Phase Disposal Phase 8.3 System Development Management System Development Methodology System Development Environments Quality Assurance 8.4 System Development Best Practices 8.5 Key Terms and Review Questions Key Terms
14 Review Questions 8.6 References Chapter 9: Business Application Management 9.1 Application Management Concepts Application Life Cycle Management Application Portfolio Management Application Performance Management 9.2 Corporate Business Application Security Business Application Register Business Application Protection Browser-Based Application Protection 9.3 End User-Developed Applications (EUDAs) Benefits of EUDAs Risks of EUDAs EUDA Security Framework 9.4 Business Application Management Best Practices 9.5 Key Terms and Review Questions Key Terms Review Questions 9.6 References Chapter 10: System Access 10.1 System Access Concepts Authorization 10.2 User Authentication A Model for Electronic User Authentication Means of Authentication Multifactor Authentication 10.3 Password-Based Authentication The Vulnerability of Passwords The Use of Hashed Passwords Password Cracking of User-Chosen Passwords
15 Password File Access Control Password Selection 10.4 Possession-Based Authentication Memory Cards Smart Cards Electronic Identity Cards One-Time Password Device Threats to Possession-Based Authentication Security Controls for Possession-Based Authentication 10.5 Biometric Authentication Criteria for Biometric Characteristics Physical Characteristics Used in Biometric Applications Operation of a Biometric Authentication System Biometric Accuracy Threats to Biometric Authentication Security Controls for Biometric Authentication 10.6 Risk Assessment for User Authentication Authenticator Assurance Levels Selecting an AAL Choosing an Authentication Method 10.7 Access Control Subjects, Objects, and Access Rights Access Control Policies Discretionary Access Control Role-Based Access Control Attribute-Based Access Control Access Control Metrics 10.8 Customer Access Customer Access Arrangements Customer Contracts Customer Connections
16 Protecting Customer Data 10.9 System Access Best Practices 10.10 Key Terms and Review Questions Key Terms Review Questions 10.11 References Chapter 11: System Management 11.1 Server Configuration Threats to Servers Requirements for Server Security 11.2 Virtual Servers Virtualization Alternatives Virtualization Security Issues Securing Virtualization Systems 11.3 Network Storage Systems 11.4 Service Level Agreements Network Providers Computer Security Incident Response Team Cloud Service Providers 11.5 Performance and Capacity Management 11.6 Backup 11.7 Change Management 11.8 System Management Best Practices 11.9 Key Terms and Review Questions Key Terms Review Questions 11.10 References Chapter 12: Networks and Communications 12.1 Network Management Concepts Network Management Functions Network Management Systems
17 Network Management Architecture 12.2 Firewalls Firewall Characteristics Types of Firewalls Next-Generation Firewalls DMZ Networks The Modern IT Perimeter 12.3 Virtual Private Networks and IP Security Virtual Private Networks IPsec Firewall-Based VPNs 12.4 Security Considerations for Network Management Network Device Configuration Physical Network Management Wireless Access External Network Connections Firewalls Remote Maintenance 12.5 Electronic Communications Email Instant Messaging Voice over IP (VoIP) Networks Telephony and Conferencing 12.6 Networks and Communications Best Practices 12.7 Key Terms and Review Questions Key Terms Review Questions 12.8 References Chapter 13: Supply Chain Management and Cloud Security 13.1 Supply Chain Management Concepts The Supply Chain
18 Supply Chain Management 13.2 Supply Chain Risk Management Supply Chain Threats Supply Chain Vulnerabilities Supply Chain Security Controls SCRM Best Practices 13.3 Cloud Computing Cloud Computing Elements Cloud Computing Reference Architecture 13.4 Cloud Security Security Considerations for Cloud Computing Threats for Cloud Service Users Risk Evaluation Best Practices Cloud Service Agreement 13.5 Supply Chain Best Practices 13.6 Key Terms and Review Questions Key Terms Review Questions 13.7 References Chapter 14: Technical Security Management 14.1 Security Architecture 14.2 Malware Protection Activities Types of Malware The Nature of the Malware Threat Practical Malware Protection 14.3 Malware Protection Software Capabilities of Malware Protection Software Managing Malware Protection Software 14.4 Identity and Access Management IAM Architecture
19 Federated Identity Management IAM Planning IAM Best Practices 14.5 Intrusion Detection Basic Principles Approaches to Intrusion Detection Host-Based Intrusion Detection Techniques Network-Based Intrusion Detection Systems IDS Best Practices 14.6 Data Loss Prevention Data Classification and Identification Data States 14.7 Digital Rights Management DRM Structure and Components DRM Best Practices 14.8 Cryptographic Solutions Uses of Cryptography Cryptographic Algorithms Selection of Cryptographic Algorithms and Lengths Cryptography Implementation Considerations 14.9 Cryptographic Key Management Key Types Cryptoperiod Key Life Cycle 14.10 Public Key Infrastructure Public Key Certificates PKI Architecture Management Issues 14.11 Technical Security Management Best Practices 14.12 Key Terms and Review Questions Key Terms Review Questions
20 14.13 References Chapter 15: Threat and Incident Management 15.1 Technical Vulnerability Management Plan Vulnerability Management Discover Known Vulnerabilities Scan for Vulnerabilities Log and Report Remediate Vulnerabilities 15.2 Security Event Logging Security Event Logging Objective Potential Security Log Sources What to Log Protection of Log Data Log Management Policy 15.3 Security Event Management SEM Functions SEM Best Practices 15.4 Threat Intelligence Threat Taxonomy The Importance of Threat Intelligence Gathering Threat Intelligence Threat Analysis 15.5 Cyber Attack Protection Cyber Attack Kill Chain Protection and Response Measures Non-Malware Attacks 15.6 Security Incident Management Framework Objectives of Incident Management Relationship to Information Security Management System Incident Management Policy Roles and Responsibilities
21 Incident Management Information Incident Management Tools 15.7 Security Incident Management Process Preparing for Incident Response Detection and Analysis Containment, Eradication, and Recovery Post-Incident Activity 15.8 Emergency Fixes 15.9 Forensic Investigations Prepare Identify Collect Preserve Analyze Report 15.10 Threat and Incident Management Best Practices 15.11 Key Terms and Review Questions Key Terms Review Questions 15.12 References Chapter 16: Local Environment Management 16.1 Local Environment Security Local Environment Profile Local Security Coordination 16.2 Physical Security Physical Security Threats Physical Security Officer Defense in Depth Physical Security: Prevention and Mitigation Measures Physical Security Controls 16.3 Local Environment Management Best Practices
22 16.4 Key Terms and Review Questions Key Terms Review Questions 16.5 References Chapter 17: Business Continuity 17.1 Business Continuity Concepts Threats Business Continuity in Operation Business Continuity Objectives Essential Components for Maintaining Business Continuity 17.2 Business Continuity Program Governance Business Impact Analysis Risk Assessment Business Continuity Strategy 17.3 Business Continuity Readiness Awareness Training Resilience Control Selection Business Continuity Plan Exercising and Testing Performance Evaluation 17.4 Business Continuity Operations Emergency Response Crisis Management Business Recovery/Restoration 17.5 Business Continuity Best Practices 17.6 Key Terms and Review Questions Key Terms Review Questions
23 17.7 References Part III: Security Assessment Chapter 18: Security Monitoring and Improvement 18.1 Security Audit Security Audit and Alarms Model Data to Collect for Auditing Internal and External Audit Security Audit Controls 18.2 Security Performance Security Performance Measurement Security Monitoring and Reporting Information Risk Reporting Information Security Compliance Monitoring 18.3 Security Monitoring and Improvement Best Practices 18.4 Key Terms and Review Questions Key Terms Review Questions 18.5 References Appendix A: References and Standards Appendix B: Glossary Index Appendix C (Online Only): Answers to Review Questions You can find Appendix C at informit.com/title/9780134772806. Click the Downloads tab to access the PDF file.
24 Preface There is the book, Inspector. I leave it with you, and you cannot doubt that it contains a full explanation. —The Adventure of the Lion’s Mane, by Sir Arthur Conan Doyle Background Effective cybersecurity is very difficult. A number of organizations, based on wide professional input, have developed best-practices types of documents as well as standards for implementing and evaluating cybersecurity. On the standards side, the most prominent player is the National Institute of Standards and Technology (NIST). NIST has created a huge number of security publications, including 9 Federal Information Processing Standards (FIPS) and well over 100 active Special Publications (SP) that provide guidance on virtually all aspects of cybersecurity. Equally important is the International Organization for Standardization (ISO) 27000 series of standards on information security management systems. Other organizations that have produced cybersecurity standards and guidelines include: ISACA/COBIT: The COBIT-5 for information security and related documents are widely used by the industry. ITU Telecommunication Standardization Sector (ITU-T): Most important are the series X.1050 through X.1069 on security management. Internet Society (ISOC): A number of published standards and RFCs relate to cybersecurity. In addition, a number of professional and industry groups have produced best-practices documents and guidelines. The most important such document is The Standard of Good Practice for Information Security (SGP), produced by the Information Security Forum (ISF). This almost 300-page document provides a wide range of best practices based on the consensus of industry and
Another Random Scribd Document with Unrelated Content
XIX. Hugo mortis; de tiu horo Parizina ne estis plu aŭdita nek vidita en la palaco, en la salono, en la ĝardeno. Ŝia nomo, kiel malnobla aŭ timinda vorto, estis ekzilita el ĉiuj lipoj kaj oreloj, kvazaŭ ŝi neniam estus vivinta; el Princo Azo, neniu aŭdis ian raporton pri edzino aŭ filo. Ili ne havis monumenton nek memoron, estis entombigitaj en nesankta tero, almenaŭ la kavaliro, kiu mortis je tiu tago. La fatalo de Parizina restis kaŝita, kiel la polvo sub tomba ŝtono. Ĉu ŝi loĝadis en ia monaĥejo kaj gajnis la ĉielan vojon per malkvietaj kaj riproĉindaj jaroj de turmento, fastoj kaj senĉesaj ploroj; aŭ ĉu ŝi falis per la bulo aŭ glavo, pro la funebra amo, kiu submetis sin; aŭ ĉu frapita je tiu momento, ŝi mortis de tujaj suferoj, kiam tiun ŝi vidis morti sur la ŝtipo; aŭ ĉu la frapo de l’ekzekutisto, ekmovinte ŝian kompateman koron, neniigis ŝian organismon; neniu sciis, neniu iam scios: sed io estis ŝia fatalo tie ĉi, ŝia vivo komenciĝis kaj finiĝis malfeliĉe.
XX. Kaj Azo trovis alian edzinon; belaj filoj kreskis apud li, sed neniu estis tiel aminda, tiel brava kiel tiu velkinta en la tombo; aŭ se ili estis tiaj, ilia kreskado pasis neatentinda por lia rigardo aŭ rimarkita kun sufokita ekĝemo. La ploro neniam malsupreniris lian vangon, la rido neniam malstreĉis lian frunton, sur kiu estis gravuritaj la kruciĝintaj linioj de la pripensoj, sulkoj, kiujn la varmega parto de Malĝojo tie fendis antaŭtempe, cikatroj de la ŝirinta spirito, kiujn la batalo de l’Animo lasis malantaŭe! Li estis sentinta tutan ĝojon kaj malfeliĉon; apenaŭ restis al li sendormaj noktoj, pezaj tagoj; animo tute mortinta por la malestimo aŭ laŭdo, konscienco kiu evitante sin mem, tamen ne cedis nek forgesis; kiam li ŝajnis malpli kvieta li pensis kaj sentis forte; nur la densa glacia tavolo povas kovri la supraĵon, la viva fluo loĝas aktiva malsupre, tial ke ĝi kuras senĉese. Ĉe lia fermita brusto loĝis sentoj enradikigitaj de la Naturo tre profunde por esti eltiritaj el tie. Kiam ni bataladas por deteni la larmojn farante ilin forflui koron, ili ne sekiĝas, iras returnen al la primitiva fonto, tie ili fariĝas pli puraj, restante en ĝia profundeco, neverŝitaj, ne glaciitaj, sed pli amataj tie, ili estas malpli videblaj. Forlasita al la intimaj ekstremoj de ĉagreno por kompati tiujn formetitajn el la vivo, kaj sen la potenco plenigi la mankon, kiun kaŭzis lia suferado, kaj plene konscia, ke li estis parolinta justan sentencon; ke ili estis preparintaj siajn kondamnojn, tamen, la vivo de Azo defluis mizeroplena! La malbonigitaj branĉoj de l’arbo zorge ĉirkaŭhakitaj alportas al la resto forton, floradon, vivon, freŝan verdaĵon, liberan ŝtonĵetilon; sed se la kolerema fulmo furioze ruinigas la balanciĝantajn branĉetojn, la dika ŝtipo sentas la malbonon, kaj neniam plu produktos unu folion.
(eBook PDF) Effective Cybersecurity: A Guide to Using Best Practices and Standards
*** END OF THE PROJECT GUTENBERG EBOOK PARIZINA *** Updated editions will replace the previous one—the old editions will be renamed. Creating the works from print editions not protected by U.S. copyright law means that no one owns a United States copyright in these works, so the Foundation (and you!) can copy and distribute it in the United States without permission and without paying copyright royalties. Special rules, set forth in the General Terms of Use part of this license, apply to copying and distributing Project Gutenberg™ electronic works to protect the PROJECT GUTENBERG™ concept and trademark. Project Gutenberg is a registered trademark, and may not be used if you charge for an eBook, except by following the terms of the trademark license, including paying royalties for use of the Project Gutenberg trademark. If you do not charge anything for copies of this eBook, complying with the trademark license is very easy. You may use this eBook for nearly any purpose such as creation of derivative works, reports, performances and research. Project Gutenberg eBooks may be modified and printed and given away—you may do practically ANYTHING in the United States with eBooks not protected by U.S. copyright law. Redistribution is subject to the trademark license, especially commercial redistribution. START: FULL LICENSE
THE FULL PROJECT GUTENBERG LICENSE
PLEASE READ THIS BEFORE YOU DISTRIBUTE OR USE THIS WORK To protect the Project Gutenberg™ mission of promoting the free distribution of electronic works, by using or distributing this work (or any other work associated in any way with the phrase “Project Gutenberg”), you agree to comply with all the terms of the Full Project Gutenberg™ License available with this file or online at www.gutenberg.org/license. Section 1. General Terms of Use and Redistributing Project Gutenberg™ electronic works 1.A. By reading or using any part of this Project Gutenberg™ electronic work, you indicate that you have read, understand, agree to and accept all the terms of this license and intellectual property (trademark/copyright) agreement. If you do not agree to abide by all the terms of this agreement, you must cease using and return or destroy all copies of Project Gutenberg™ electronic works in your possession. If you paid a fee for obtaining a copy of or access to a Project Gutenberg™ electronic work and you do not agree to be bound by the terms of this agreement, you may obtain a refund from the person or entity to whom you paid the fee as set forth in paragraph 1.E.8. 1.B. “Project Gutenberg” is a registered trademark. It may only be used on or associated in any way with an electronic work by people who agree to be bound by the terms of this agreement. There are a few things that you can do with most Project Gutenberg™ electronic works even without complying with the full terms of this agreement. See paragraph 1.C below. There are a lot of things you can do with Project Gutenberg™ electronic works if you follow the terms of this agreement and help preserve free future access to Project Gutenberg™ electronic works. See paragraph 1.E below.
1.C. The Project Gutenberg Literary Archive Foundation (“the Foundation” or PGLAF), owns a compilation copyright in the collection of Project Gutenberg™ electronic works. Nearly all the individual works in the collection are in the public domain in the United States. If an individual work is unprotected by copyright law in the United States and you are located in the United States, we do not claim a right to prevent you from copying, distributing, performing, displaying or creating derivative works based on the work as long as all references to Project Gutenberg are removed. Of course, we hope that you will support the Project Gutenberg™ mission of promoting free access to electronic works by freely sharing Project Gutenberg™ works in compliance with the terms of this agreement for keeping the Project Gutenberg™ name associated with the work. You can easily comply with the terms of this agreement by keeping this work in the same format with its attached full Project Gutenberg™ License when you share it without charge with others. 1.D. The copyright laws of the place where you are located also govern what you can do with this work. Copyright laws in most countries are in a constant state of change. If you are outside the United States, check the laws of your country in addition to the terms of this agreement before downloading, copying, displaying, performing, distributing or creating derivative works based on this work or any other Project Gutenberg™ work. The Foundation makes no representations concerning the copyright status of any work in any country other than the United States. 1.E. Unless you have removed all references to Project Gutenberg: 1.E.1. The following sentence, with active links to, or other immediate access to, the full Project Gutenberg™ License must appear prominently whenever any copy of a Project Gutenberg™ work (any work on which the phrase “Project Gutenberg” appears, or with which the phrase “Project Gutenberg” is associated) is accessed, displayed, performed, viewed, copied or distributed:
This eBook is for the use of anyone anywhere in the United States and most other parts of the world at no cost and with almost no restrictions whatsoever. You may copy it, give it away or re-use it under the terms of the Project Gutenberg License included with this eBook or online at www.gutenberg.org. If you are not located in the United States, you will have to check the laws of the country where you are located before using this eBook. 1.E.2. If an individual Project Gutenberg™ electronic work is derived from texts not protected by U.S. copyright law (does not contain a notice indicating that it is posted with permission of the copyright holder), the work can be copied and distributed to anyone in the United States without paying any fees or charges. If you are redistributing or providing access to a work with the phrase “Project Gutenberg” associated with or appearing on the work, you must comply either with the requirements of paragraphs 1.E.1 through 1.E.7 or obtain permission for the use of the work and the Project Gutenberg™ trademark as set forth in paragraphs 1.E.8 or 1.E.9. 1.E.3. If an individual Project Gutenberg™ electronic work is posted with the permission of the copyright holder, your use and distribution must comply with both paragraphs 1.E.1 through 1.E.7 and any additional terms imposed by the copyright holder. Additional terms will be linked to the Project Gutenberg™ License for all works posted with the permission of the copyright holder found at the beginning of this work. 1.E.4. Do not unlink or detach or remove the full Project Gutenberg™ License terms from this work, or any files containing a part of this work or any other work associated with Project Gutenberg™. 1.E.5. Do not copy, display, perform, distribute or redistribute this electronic work, or any part of this electronic work, without prominently displaying the sentence set forth in paragraph 1.E.1
with active links or immediate access to the full terms of the Project Gutenberg™ License. 1.E.6. You may convert to and distribute this work in any binary, compressed, marked up, nonproprietary or proprietary form, including any word processing or hypertext form. However, if you provide access to or distribute copies of a Project Gutenberg™ work in a format other than “Plain Vanilla ASCII” or other format used in the official version posted on the official Project Gutenberg™ website (www.gutenberg.org), you must, at no additional cost, fee or expense to the user, provide a copy, a means of exporting a copy, or a means of obtaining a copy upon request, of the work in its original “Plain Vanilla ASCII” or other form. Any alternate format must include the full Project Gutenberg™ License as specified in paragraph 1.E.1. 1.E.7. Do not charge a fee for access to, viewing, displaying, performing, copying or distributing any Project Gutenberg™ works unless you comply with paragraph 1.E.8 or 1.E.9. 1.E.8. You may charge a reasonable fee for copies of or providing access to or distributing Project Gutenberg™ electronic works provided that: • You pay a royalty fee of 20% of the gross profits you derive from the use of Project Gutenberg™ works calculated using the method you already use to calculate your applicable taxes. The fee is owed to the owner of the Project Gutenberg™ trademark, but he has agreed to donate royalties under this paragraph to the Project Gutenberg Literary Archive Foundation. Royalty payments must be paid within 60 days following each date on which you prepare (or are legally required to prepare) your periodic tax returns. Royalty payments should be clearly marked as such and sent to the Project Gutenberg Literary Archive Foundation at the address specified in Section 4, “Information
about donations to the Project Gutenberg Literary Archive Foundation.” • You provide a full refund of any money paid by a user who notifies you in writing (or by e-mail) within 30 days of receipt that s/he does not agree to the terms of the full Project Gutenberg™ License. You must require such a user to return or destroy all copies of the works possessed in a physical medium and discontinue all use of and all access to other copies of Project Gutenberg™ works. • You provide, in accordance with paragraph 1.F.3, a full refund of any money paid for a work or a replacement copy, if a defect in the electronic work is discovered and reported to you within 90 days of receipt of the work. • You comply with all other terms of this agreement for free distribution of Project Gutenberg™ works. 1.E.9. If you wish to charge a fee or distribute a Project Gutenberg™ electronic work or group of works on different terms than are set forth in this agreement, you must obtain permission in writing from the Project Gutenberg Literary Archive Foundation, the manager of the Project Gutenberg™ trademark. Contact the Foundation as set forth in Section 3 below. 1.F. 1.F.1. Project Gutenberg volunteers and employees expend considerable effort to identify, do copyright research on, transcribe and proofread works not protected by U.S. copyright law in creating the Project Gutenberg™ collection. Despite these efforts, Project Gutenberg™ electronic works, and the medium on which they may be stored, may contain “Defects,” such as, but not limited to, incomplete, inaccurate or corrupt data, transcription errors, a copyright or other intellectual property infringement, a defective or
damaged disk or other medium, a computer virus, or computer codes that damage or cannot be read by your equipment. 1.F.2. LIMITED WARRANTY, DISCLAIMER OF DAMAGES - Except for the “Right of Replacement or Refund” described in paragraph 1.F.3, the Project Gutenberg Literary Archive Foundation, the owner of the Project Gutenberg™ trademark, and any other party distributing a Project Gutenberg™ electronic work under this agreement, disclaim all liability to you for damages, costs and expenses, including legal fees. YOU AGREE THAT YOU HAVE NO REMEDIES FOR NEGLIGENCE, STRICT LIABILITY, BREACH OF WARRANTY OR BREACH OF CONTRACT EXCEPT THOSE PROVIDED IN PARAGRAPH 1.F.3. YOU AGREE THAT THE FOUNDATION, THE TRADEMARK OWNER, AND ANY DISTRIBUTOR UNDER THIS AGREEMENT WILL NOT BE LIABLE TO YOU FOR ACTUAL, DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE OR INCIDENTAL DAMAGES EVEN IF YOU GIVE NOTICE OF THE POSSIBILITY OF SUCH DAMAGE. 1.F.3. LIMITED RIGHT OF REPLACEMENT OR REFUND - If you discover a defect in this electronic work within 90 days of receiving it, you can receive a refund of the money (if any) you paid for it by sending a written explanation to the person you received the work from. If you received the work on a physical medium, you must return the medium with your written explanation. The person or entity that provided you with the defective work may elect to provide a replacement copy in lieu of a refund. If you received the work electronically, the person or entity providing it to you may choose to give you a second opportunity to receive the work electronically in lieu of a refund. If the second copy is also defective, you may demand a refund in writing without further opportunities to fix the problem. 1.F.4. Except for the limited right of replacement or refund set forth in paragraph 1.F.3, this work is provided to you ‘AS-IS’, WITH NO OTHER WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY OR FITNESS FOR ANY PURPOSE. 1.F.5. Some states do not allow disclaimers of certain implied warranties or the exclusion or limitation of certain types of damages. If any disclaimer or limitation set forth in this agreement violates the law of the state applicable to this agreement, the agreement shall be interpreted to make the maximum disclaimer or limitation permitted by the applicable state law. The invalidity or unenforceability of any provision of this agreement shall not void the remaining provisions. 1.F.6. INDEMNITY - You agree to indemnify and hold the Foundation, the trademark owner, any agent or employee of the Foundation, anyone providing copies of Project Gutenberg™ electronic works in accordance with this agreement, and any volunteers associated with the production, promotion and distribution of Project Gutenberg™ electronic works, harmless from all liability, costs and expenses, including legal fees, that arise directly or indirectly from any of the following which you do or cause to occur: (a) distribution of this or any Project Gutenberg™ work, (b) alteration, modification, or additions or deletions to any Project Gutenberg™ work, and (c) any Defect you cause. Section 2. Information about the Mission of Project Gutenberg™ Project Gutenberg™ is synonymous with the free distribution of electronic works in formats readable by the widest variety of computers including obsolete, old, middle-aged and new computers. It exists because of the efforts of hundreds of volunteers and donations from people in all walks of life. Volunteers and financial support to provide volunteers with the assistance they need are critical to reaching Project Gutenberg™’s goals and ensuring that the Project Gutenberg™ collection will
remain freely available for generations to come. In 2001, the Project Gutenberg Literary Archive Foundation was created to provide a secure and permanent future for Project Gutenberg™ and future generations. To learn more about the Project Gutenberg Literary Archive Foundation and how your efforts and donations can help, see Sections 3 and 4 and the Foundation information page at www.gutenberg.org. Section 3. Information about the Project Gutenberg Literary Archive Foundation The Project Gutenberg Literary Archive Foundation is a non-profit 501(c)(3) educational corporation organized under the laws of the state of Mississippi and granted tax exempt status by the Internal Revenue Service. The Foundation’s EIN or federal tax identification number is 64-6221541. Contributions to the Project Gutenberg Literary Archive Foundation are tax deductible to the full extent permitted by U.S. federal laws and your state’s laws. The Foundation’s business office is located at 809 North 1500 West, Salt Lake City, UT 84116, (801) 596-1887. Email contact links and up to date contact information can be found at the Foundation’s website and official page at www.gutenberg.org/contact Section 4. Information about Donations to the Project Gutenberg Literary Archive Foundation Project Gutenberg™ depends upon and cannot survive without widespread public support and donations to carry out its mission of increasing the number of public domain and licensed works that can be freely distributed in machine-readable form accessible by the widest array of equipment including outdated equipment. Many
small donations ($1 to $5,000) are particularly important to maintaining tax exempt status with the IRS. The Foundation is committed to complying with the laws regulating charities and charitable donations in all 50 states of the United States. Compliance requirements are not uniform and it takes a considerable effort, much paperwork and many fees to meet and keep up with these requirements. We do not solicit donations in locations where we have not received written confirmation of compliance. To SEND DONATIONS or determine the status of compliance for any particular state visit www.gutenberg.org/donate. While we cannot and do not solicit contributions from states where we have not met the solicitation requirements, we know of no prohibition against accepting unsolicited donations from donors in such states who approach us with offers to donate. International donations are gratefully accepted, but we cannot make any statements concerning tax treatment of donations received from outside the United States. U.S. laws alone swamp our small staff. Please check the Project Gutenberg web pages for current donation methods and addresses. Donations are accepted in a number of other ways including checks, online payments and credit card donations. To donate, please visit: www.gutenberg.org/donate. Section 5. General Information About Project Gutenberg™ electronic works Professor Michael S. Hart was the originator of the Project Gutenberg™ concept of a library of electronic works that could be freely shared with anyone. For forty years, he produced and distributed Project Gutenberg™ eBooks with only a loose network of volunteer support.
Project Gutenberg™ eBooks are often created from several printed editions, all of which are confirmed as not protected by copyright in the U.S. unless a copyright notice is included. Thus, we do not necessarily keep eBooks in compliance with any particular paper edition. Most people start at our website which has the main PG search facility: www.gutenberg.org. This website includes information about Project Gutenberg™, including how to make donations to the Project Gutenberg Literary Archive Foundation, how to help produce our new eBooks, and how to subscribe to our email newsletter to hear about new eBooks.

More Related Content

PDF
(eBook PDF) Effective Cybersecurity: A Guide to Using Best Practices and Stan...
eapysvt6956
 
PDF
(eBook PDF) Effective Cybersecurity: A Guide to Using Best Practices and Stan...
foxyyhqlcu515
 
PDF
(eBook PDF) Effective Cybersecurity: A Guide to Using Best Practices and Stan...
osikalopex47
 
PDF
(eBook PDF) Effective Cybersecurity: A Guide to Using Best Practices and Stan...
homjpxaa9886
 
PPTX
Chapter 1 Introduction about information assurance.pptx
mc0225225
 
PPTX
A guide to Sustainable Cyber Security
Ernest Staats
 
PDF
Mergers and Acquisition Security - Areas of Interest
Matthew Rosenquist
 
PPTX
cyber security awareness------------.pptx
sagarraj219758
 
(eBook PDF) Effective Cybersecurity: A Guide to Using Best Practices and Stan...
eapysvt6956
 
(eBook PDF) Effective Cybersecurity: A Guide to Using Best Practices and Stan...
foxyyhqlcu515
 
(eBook PDF) Effective Cybersecurity: A Guide to Using Best Practices and Stan...
osikalopex47
 
(eBook PDF) Effective Cybersecurity: A Guide to Using Best Practices and Stan...
homjpxaa9886
 
Chapter 1 Introduction about information assurance.pptx
mc0225225
 
A guide to Sustainable Cyber Security
Ernest Staats
 
Mergers and Acquisition Security - Areas of Interest
Matthew Rosenquist
 
cyber security awareness------------.pptx
sagarraj219758
 

Similar to (eBook PDF) Effective Cybersecurity: A Guide to Using Best Practices and Standards (20)

PPTX
Privacies are Coming
Ernest Staats
 
PPTX
Introduction-to-Cybersecurit57hhfcbbcxxx
zahraomer517
 
PPTX
Top Cybersecurity Challenges Facing Your Business
Nicholas Davis
 
PPTX
Cybersecurity Frameworks and You: The Perfect Match
McKonly & Asbury, LLP
 
PPTX
Cybersecurity-Real World Approach FINAL 2-24-16
James Rutt
 
PPTX
Privacies are coming
Ernest Staats
 
PDF
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
JustinBrown267905
 
PDF
(eBook PDF) Information Security: Principles and Practices 2nd Edition
rrnohojhxx852
 
PDF
Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...
360 BSI
 
PPTX
IMPORTANCE OF IN THE WORLD Cyber security.pptx
falloudiop940
 
PPTX
Cyber Security Overview for Small Businesses
Charles Cline
 
PDF
Introduction to Cybersecurity.pdf
ssuserf98dd4
 
PDF
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)
Shawn Tuma
 
PDF
Cyber Risk Management in 2017: Challenges & Recommendations
Ulf Mattsson
 
PPTX
Digital literacy lecture 2 data security.pptx
johnnderitu16
 
PPT
Cybersecurity and the regulator, what you need to know
Cordium
 
PPTX
Securing your digital world cybersecurity for sb es
Sonny Hashmi
 
PPTX
Securing your digital world - Cybersecurity for SBEs
Sonny Hashmi
 
PDF
Building an effective Information Security Roadmap
Elliott Franklin
 
PPT
S nandakumar
IPPAI
 
Privacies are Coming
Ernest Staats
 
Introduction-to-Cybersecurit57hhfcbbcxxx
zahraomer517
 
Top Cybersecurity Challenges Facing Your Business
Nicholas Davis
 
Cybersecurity Frameworks and You: The Perfect Match
McKonly & Asbury, LLP
 
Cybersecurity-Real World Approach FINAL 2-24-16
James Rutt
 
Privacies are coming
Ernest Staats
 
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
JustinBrown267905
 
(eBook PDF) Information Security: Principles and Practices 2nd Edition
rrnohojhxx852
 
Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...
360 BSI
 
IMPORTANCE OF IN THE WORLD Cyber security.pptx
falloudiop940
 
Cyber Security Overview for Small Businesses
Charles Cline
 
Introduction to Cybersecurity.pdf
ssuserf98dd4
 
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)
Shawn Tuma
 
Cyber Risk Management in 2017: Challenges & Recommendations
Ulf Mattsson
 
Digital literacy lecture 2 data security.pptx
johnnderitu16
 
Cybersecurity and the regulator, what you need to know
Cordium
 
Securing your digital world cybersecurity for sb es
Sonny Hashmi
 
Securing your digital world - Cybersecurity for SBEs
Sonny Hashmi
 
Building an effective Information Security Roadmap
Elliott Franklin
 
S nandakumar
IPPAI
 
Ad

Recently uploaded (20)

PPTX
Lesson notes of climatology university.
sgladness67
 
PPTX
IMMUNITY IMMUNITY refers to protection against infection, and the immune syst...
shilpa939953
 
PDF
O7-L3 Supply Chain Operations - ICLT Program
labyankof
 
PDF
BÀI TẬP BỔ TRỢ 4 KỸ NĂNG TIẾNG ANH 9 GLOBAL SUCCESS - CẢ NĂM - BÁM SÁT FORM Đ...
Nguyen Thanh Tu Collection
 
PPTX
human mycosis Human fungal infections are called human mycosis..pptx
shilpa939953
 
PPTX
1st Inaugural Professorial Lecture held on 19th February 2020 (Governance and...
kawisojames10
 
PDF
grade 11-chemistry_fetena_net_5883.pdf teacher guide for all student
banteamlakmebratu738
 
PDF
Black Hat USA 2025 - Micro ICS Summit - ICS/OT Threat Landscape
Chris Sistrunk
 
PDF
01-Introduction-to-Information-Management.pdf
PrinceIbarra
 
PDF
Sports Quiz easy sports quiz sports quiz
nikunj2757
 
PPTX
Final Presentation General Medicine 03-08-2024.pptx
ZaheerAhmad228692
 
PDF
FourierSeries-QuestionsWithAnswers(Part-A).pdf
Raji Murugan
 
PDF
Microbial disease of the cardiovascular and lymphatic systems
KeyaSharma
 
PDF
2.FourierTransform-ShortQuestionswithAnswers.pdf
Raji Murugan
 
PDF
The Lost Whites of Pakistan by Jahanzaib Mughal.pdf
jahanzaibmughal6
 
PDF
Saundersa Comprehensive Review for the NCLEX-RN Examination.pdf
sreejithcareers
 
PDF
Module 4: Burden of Disease Tutorial Slides S2 2025
Jonathan Hallett
 
PPTX
Pharma ospi slides which help in ospi learning
rameetkumar304
 
PDF
Computing-Curriculum for Schools in Ghana
abigailanane203
 
PDF
Abdominal Access Techniques with Prof. Dr. R K Mishra
mohitsuren827
 
Lesson notes of climatology university.
sgladness67
 
IMMUNITY IMMUNITY refers to protection against infection, and the immune syst...
shilpa939953
 
O7-L3 Supply Chain Operations - ICLT Program
labyankof
 
BÀI TẬP BỔ TRỢ 4 KỸ NĂNG TIẾNG ANH 9 GLOBAL SUCCESS - CẢ NĂM - BÁM SÁT FORM Đ...
Nguyen Thanh Tu Collection
 
human mycosis Human fungal infections are called human mycosis..pptx
shilpa939953
 
1st Inaugural Professorial Lecture held on 19th February 2020 (Governance and...
kawisojames10
 
grade 11-chemistry_fetena_net_5883.pdf teacher guide for all student
banteamlakmebratu738
 
Black Hat USA 2025 - Micro ICS Summit - ICS/OT Threat Landscape
Chris Sistrunk
 
01-Introduction-to-Information-Management.pdf
PrinceIbarra
 
Sports Quiz easy sports quiz sports quiz
nikunj2757
 
Final Presentation General Medicine 03-08-2024.pptx
ZaheerAhmad228692
 
FourierSeries-QuestionsWithAnswers(Part-A).pdf
Raji Murugan
 
Microbial disease of the cardiovascular and lymphatic systems
KeyaSharma
 
2.FourierTransform-ShortQuestionswithAnswers.pdf
Raji Murugan
 
The Lost Whites of Pakistan by Jahanzaib Mughal.pdf
jahanzaibmughal6
 
Saundersa Comprehensive Review for the NCLEX-RN Examination.pdf
sreejithcareers
 
Module 4: Burden of Disease Tutorial Slides S2 2025
Jonathan Hallett
 
Pharma ospi slides which help in ospi learning
rameetkumar304
 
Computing-Curriculum for Schools in Ghana
abigailanane203
 
Abdominal Access Techniques with Prof. Dr. R K Mishra
mohitsuren827
 
Ad

(eBook PDF) Effective Cybersecurity: A Guide to Using Best Practices and Standards

  • 1. (eBook PDF) Effective Cybersecurity: A Guide to Using Best Practices and Standards pdf download https://ebooksecure.com/product/ebook-pdf-effective- cybersecurity-a-guide-to-using-best-practices-and-standards/ Download more ebook from https://ebooksecure.com
  • 2. We believe these products will be a great fit for you. Click the link to download now, or visit ebooksecure.com to discover even more! (eBook PDF) A Risk Professional's Survival Guide: Applied Best Practices in Risk Management http://ebooksecure.com/product/ebook-pdf-a-risk-professionals- survival-guide-applied-best-practices-in-risk-management/ (eBook PDF) Information Governance: Concepts, Strategies, and Best Practices http://ebooksecure.com/product/ebook-pdf-information-governance- concepts-strategies-and-best-practices/ (eBook PDF) Change Management: A Guide to Effective Implementation 4th Edition http://ebooksecure.com/product/ebook-pdf-change-management-a- guide-to-effective-implementation-4th-edition/ (eBook PDF) Regression & Linear Modeling: Best Practices and Modern Methods http://ebooksecure.com/product/ebook-pdf-regression-linear- modeling-best-practices-and-modern-methods/
  • 3. (eBook PDF) Policing America: Challenges and Best Practices 9th Edition http://ebooksecure.com/product/ebook-pdf-policing-america- challenges-and-best-practices-9th-edition/ (eBook PDF) Modeling and Simulation: Challenges and Best Practices for Industry http://ebooksecure.com/product/ebook-pdf-modeling-and-simulation- challenges-and-best-practices-for-industry/ (eBook PDF) Human Capital Management Standards: A Complete Guide http://ebooksecure.com/product/ebook-pdf-human-capital- management-standards-a-complete-guide/ (eBook PDF) Effective Training Systems Strategies and Practices 5th Edition http://ebooksecure.com/product/ebook-pdf-effective-training- systems-strategies-and-practices-5th-edition/ (eBook PDF) Improving Board Risk Oversight Through Best Practices http://ebooksecure.com/product/ebook-pdf-improving-board-risk- oversight-through-best-practices/
  • 5. 7 Appendix A: References and Standards Appendix B: Glossary Index Appendix C (Online Only): Answers to Review Questions You can find Appendix C at informit.com/title/9780134772806. Click the Downloads tab to access the PDF file.
  • 6. 8 Table of Contents Preface Chapter 1: Best Practices, Standards, and a Plan of Action 1.1 Defining Cyberspace and Cybersecurity 1.2 The Value of Standards and Best Practices Documents 1.3 The Standard of Good Practice for Information Security 1.4 The ISO/IEC 27000 Suite of Information Security Standards ISO 27001 ISO 27002 1.5 Mapping the ISO 27000 Series to the ISF SGP 1.6 NIST Cybersecurity Framework and Security Documents NIST Cybersecurity Framework NIST Security Documents 1.7 The CIS Critical Security Controls for Effective Cyber Defense 1.8 COBIT 5 for Information Security 1.9 Payment Card Industry Data Security Standard (PCI DSS) 1.10 ITU-T Security Documents 1.11 Effective Cybersecurity The Cybersecurity Management Process Using Best Practices and Standards Documents 1.12 Key Terms and Review Questions Key Terms Review Questions 1.13 References Part I: Planning for Cybersecurity Chapter 2: Security Governance 2.1 Security Governance and Security Management
  • 7. 9 2.2 Security Governance Principles and Desired Outcomes Principles Desired Outcomes 2.3 Security Governance Components Strategic Planning Organizational Structure Roles and Responsibilities Integration with Enterprise Architecture Policies and Guidance 2.4 Security Governance Approach Security Governance Framework Security Direction Responsible, Accountable, Consulted, and Informed (RACI) Charts 2.5 Security Governance Evaluation 2.6 Security Governance Best Practices 2.7 Key Terms and Review Questions Key Terms Review Questions 2.8 References Chapter 3: Information Risk Assessment 3.1 Risk Assessment Concepts Risk Assessment Challenges Risk Management Structure of This Chapter 3.2 Asset Identification Hardware Assets Software Assets Information Assets Business Assets Asset Register 3.3 Threat Identification
  • 8. 10 The STRIDE Threat Model Threat Types Sources of Information 3.4 Control Identification 3.5 Vulnerability Identification Vulnerability Categories National Vulnerability Database and Common Vulnerability Scoring System 3.6 Risk Assessment Approaches Quantitative Versus Qualitative Risk Assessment Simple Risk Analysis Worksheet Factor Analysis of Information Risk 3.7 Likelihood Assessment Estimating Threat Event Frequency Estimating Vulnerability Loss Event Frequency 3.8 Impact Assessment Estimating the Primary Loss Estimating the Secondary Loss Business Impact Reference Table 3.9 Risk Determination 3.10 Risk Evaluation 3.11 Risk Treatment Risk Reduction Risk Retention Risk Avoidance Risk Transfer 3.12 Risk Assessment Best Practices 3.13 Key Terms and Review Questions Key Terms Review Questions 3.14 References
  • 9. 11 Chapter 4: Security Management 4.1 The Security Management Function Security Planning Capital Planning 4.2 Security Policy Security Policy Categories Security Policy Document Content Management Guidelines for Security Policies Monitoring the Policy 4.3 Acceptable Use Policy 4.4 Security Management Best Practices 4.5 Key Terms and Review Questions Key Terms Review Questions 4.6 References PART II: Managing the Cybersecurity Function Chapter 5: People Management 5.1 Human Resource Security Security in the Hiring Process During Employment Termination of Employment 5.2 Security Awareness and Education Security Awareness Cybersecurity Essentials Program Role-Based Training Education and Certification 5.3 People Management Best Practices 5.4 Key Terms and Review Questions Key Terms Review Questions 5.5 References
  • 10. 12 Chapter 6: Information Management 6.1 Information Classification and Handling Information Classification Information Labeling Information Handling 6.2 Privacy Privacy Threats Privacy Principles and Policies Privacy Controls 6.3 Document and Records Management Document Management Records Management 6.4 Sensitive Physical Information 6.5 Information Management Best Practices 6.6 Key Terms and Review Questions Key Terms Review Questions 6.7 References Chapter 7: Physical Asset Management 7.1 Hardware Life Cycle Management Planning Acquisition Deployment Management Disposition 7.2 Office Equipment Threats and Vulnerabilities Security Controls Equipment Disposal 7.3 Industrial Control Systems
  • 11. 13 Differences Between IT Systems and Industrial Control Systems ICS Security 7.4 Mobile Device Security Mobile Device Technology Mobile Ecosystem Vulnerabilities Mobile Device Security Strategy Resources for Mobile Device Security 7.5 Physical Asset Management Best Practices 7.6 Key Terms and Review Questions Key Terms Review Questions 7.7 References Chapter 8: System Development 8.1 System Development Life Cycle NIST SDLC Model The SGP’s SDLC Model DevOps 8.2 Incorporating Security into the SDLC Initiation Phase Development/Acquisition Phase Implementation/Assessment Phase Operations and Maintenance Phase Disposal Phase 8.3 System Development Management System Development Methodology System Development Environments Quality Assurance 8.4 System Development Best Practices 8.5 Key Terms and Review Questions Key Terms
  • 12. 14 Review Questions 8.6 References Chapter 9: Business Application Management 9.1 Application Management Concepts Application Life Cycle Management Application Portfolio Management Application Performance Management 9.2 Corporate Business Application Security Business Application Register Business Application Protection Browser-Based Application Protection 9.3 End User-Developed Applications (EUDAs) Benefits of EUDAs Risks of EUDAs EUDA Security Framework 9.4 Business Application Management Best Practices 9.5 Key Terms and Review Questions Key Terms Review Questions 9.6 References Chapter 10: System Access 10.1 System Access Concepts Authorization 10.2 User Authentication A Model for Electronic User Authentication Means of Authentication Multifactor Authentication 10.3 Password-Based Authentication The Vulnerability of Passwords The Use of Hashed Passwords Password Cracking of User-Chosen Passwords
  • 13. 15 Password File Access Control Password Selection 10.4 Possession-Based Authentication Memory Cards Smart Cards Electronic Identity Cards One-Time Password Device Threats to Possession-Based Authentication Security Controls for Possession-Based Authentication 10.5 Biometric Authentication Criteria for Biometric Characteristics Physical Characteristics Used in Biometric Applications Operation of a Biometric Authentication System Biometric Accuracy Threats to Biometric Authentication Security Controls for Biometric Authentication 10.6 Risk Assessment for User Authentication Authenticator Assurance Levels Selecting an AAL Choosing an Authentication Method 10.7 Access Control Subjects, Objects, and Access Rights Access Control Policies Discretionary Access Control Role-Based Access Control Attribute-Based Access Control Access Control Metrics 10.8 Customer Access Customer Access Arrangements Customer Contracts Customer Connections
  • 14. 16 Protecting Customer Data 10.9 System Access Best Practices 10.10 Key Terms and Review Questions Key Terms Review Questions 10.11 References Chapter 11: System Management 11.1 Server Configuration Threats to Servers Requirements for Server Security 11.2 Virtual Servers Virtualization Alternatives Virtualization Security Issues Securing Virtualization Systems 11.3 Network Storage Systems 11.4 Service Level Agreements Network Providers Computer Security Incident Response Team Cloud Service Providers 11.5 Performance and Capacity Management 11.6 Backup 11.7 Change Management 11.8 System Management Best Practices 11.9 Key Terms and Review Questions Key Terms Review Questions 11.10 References Chapter 12: Networks and Communications 12.1 Network Management Concepts Network Management Functions Network Management Systems
  • 15. 17 Network Management Architecture 12.2 Firewalls Firewall Characteristics Types of Firewalls Next-Generation Firewalls DMZ Networks The Modern IT Perimeter 12.3 Virtual Private Networks and IP Security Virtual Private Networks IPsec Firewall-Based VPNs 12.4 Security Considerations for Network Management Network Device Configuration Physical Network Management Wireless Access External Network Connections Firewalls Remote Maintenance 12.5 Electronic Communications Email Instant Messaging Voice over IP (VoIP) Networks Telephony and Conferencing 12.6 Networks and Communications Best Practices 12.7 Key Terms and Review Questions Key Terms Review Questions 12.8 References Chapter 13: Supply Chain Management and Cloud Security 13.1 Supply Chain Management Concepts The Supply Chain
  • 16. 18 Supply Chain Management 13.2 Supply Chain Risk Management Supply Chain Threats Supply Chain Vulnerabilities Supply Chain Security Controls SCRM Best Practices 13.3 Cloud Computing Cloud Computing Elements Cloud Computing Reference Architecture 13.4 Cloud Security Security Considerations for Cloud Computing Threats for Cloud Service Users Risk Evaluation Best Practices Cloud Service Agreement 13.5 Supply Chain Best Practices 13.6 Key Terms and Review Questions Key Terms Review Questions 13.7 References Chapter 14: Technical Security Management 14.1 Security Architecture 14.2 Malware Protection Activities Types of Malware The Nature of the Malware Threat Practical Malware Protection 14.3 Malware Protection Software Capabilities of Malware Protection Software Managing Malware Protection Software 14.4 Identity and Access Management IAM Architecture
  • 17. 19 Federated Identity Management IAM Planning IAM Best Practices 14.5 Intrusion Detection Basic Principles Approaches to Intrusion Detection Host-Based Intrusion Detection Techniques Network-Based Intrusion Detection Systems IDS Best Practices 14.6 Data Loss Prevention Data Classification and Identification Data States 14.7 Digital Rights Management DRM Structure and Components DRM Best Practices 14.8 Cryptographic Solutions Uses of Cryptography Cryptographic Algorithms Selection of Cryptographic Algorithms and Lengths Cryptography Implementation Considerations 14.9 Cryptographic Key Management Key Types Cryptoperiod Key Life Cycle 14.10 Public Key Infrastructure Public Key Certificates PKI Architecture Management Issues 14.11 Technical Security Management Best Practices 14.12 Key Terms and Review Questions Key Terms Review Questions
  • 18. 20 14.13 References Chapter 15: Threat and Incident Management 15.1 Technical Vulnerability Management Plan Vulnerability Management Discover Known Vulnerabilities Scan for Vulnerabilities Log and Report Remediate Vulnerabilities 15.2 Security Event Logging Security Event Logging Objective Potential Security Log Sources What to Log Protection of Log Data Log Management Policy 15.3 Security Event Management SEM Functions SEM Best Practices 15.4 Threat Intelligence Threat Taxonomy The Importance of Threat Intelligence Gathering Threat Intelligence Threat Analysis 15.5 Cyber Attack Protection Cyber Attack Kill Chain Protection and Response Measures Non-Malware Attacks 15.6 Security Incident Management Framework Objectives of Incident Management Relationship to Information Security Management System Incident Management Policy Roles and Responsibilities
  • 19. 21 Incident Management Information Incident Management Tools 15.7 Security Incident Management Process Preparing for Incident Response Detection and Analysis Containment, Eradication, and Recovery Post-Incident Activity 15.8 Emergency Fixes 15.9 Forensic Investigations Prepare Identify Collect Preserve Analyze Report 15.10 Threat and Incident Management Best Practices 15.11 Key Terms and Review Questions Key Terms Review Questions 15.12 References Chapter 16: Local Environment Management 16.1 Local Environment Security Local Environment Profile Local Security Coordination 16.2 Physical Security Physical Security Threats Physical Security Officer Defense in Depth Physical Security: Prevention and Mitigation Measures Physical Security Controls 16.3 Local Environment Management Best Practices
  • 20. 22 16.4 Key Terms and Review Questions Key Terms Review Questions 16.5 References Chapter 17: Business Continuity 17.1 Business Continuity Concepts Threats Business Continuity in Operation Business Continuity Objectives Essential Components for Maintaining Business Continuity 17.2 Business Continuity Program Governance Business Impact Analysis Risk Assessment Business Continuity Strategy 17.3 Business Continuity Readiness Awareness Training Resilience Control Selection Business Continuity Plan Exercising and Testing Performance Evaluation 17.4 Business Continuity Operations Emergency Response Crisis Management Business Recovery/Restoration 17.5 Business Continuity Best Practices 17.6 Key Terms and Review Questions Key Terms Review Questions
  • 21. 23 17.7 References Part III: Security Assessment Chapter 18: Security Monitoring and Improvement 18.1 Security Audit Security Audit and Alarms Model Data to Collect for Auditing Internal and External Audit Security Audit Controls 18.2 Security Performance Security Performance Measurement Security Monitoring and Reporting Information Risk Reporting Information Security Compliance Monitoring 18.3 Security Monitoring and Improvement Best Practices 18.4 Key Terms and Review Questions Key Terms Review Questions 18.5 References Appendix A: References and Standards Appendix B: Glossary Index Appendix C (Online Only): Answers to Review Questions You can find Appendix C at informit.com/title/9780134772806. Click the Downloads tab to access the PDF file.
  • 22. 24 Preface There is the book, Inspector. I leave it with you, and you cannot doubt that it contains a full explanation. —The Adventure of the Lion’s Mane, by Sir Arthur Conan Doyle Background Effective cybersecurity is very difficult. A number of organizations, based on wide professional input, have developed best-practices types of documents as well as standards for implementing and evaluating cybersecurity. On the standards side, the most prominent player is the National Institute of Standards and Technology (NIST). NIST has created a huge number of security publications, including 9 Federal Information Processing Standards (FIPS) and well over 100 active Special Publications (SP) that provide guidance on virtually all aspects of cybersecurity. Equally important is the International Organization for Standardization (ISO) 27000 series of standards on information security management systems. Other organizations that have produced cybersecurity standards and guidelines include: ISACA/COBIT: The COBIT-5 for information security and related documents are widely used by the industry. ITU Telecommunication Standardization Sector (ITU-T): Most important are the series X.1050 through X.1069 on security management. Internet Society (ISOC): A number of published standards and RFCs relate to cybersecurity. In addition, a number of professional and industry groups have produced best-practices documents and guidelines. The most important such document is The Standard of Good Practice for Information Security (SGP), produced by the Information Security Forum (ISF). This almost 300-page document provides a wide range of best practices based on the consensus of industry and
  • 23. Another Random Scribd Document with Unrelated Content
  • 24. XIX. Hugo mortis; de tiu horo Parizina ne estis plu aŭdita nek vidita en la palaco, en la salono, en la ĝardeno. Ŝia nomo, kiel malnobla aŭ timinda vorto, estis ekzilita el ĉiuj lipoj kaj oreloj, kvazaŭ ŝi neniam estus vivinta; el Princo Azo, neniu aŭdis ian raporton pri edzino aŭ filo. Ili ne havis monumenton nek memoron, estis entombigitaj en nesankta tero, almenaŭ la kavaliro, kiu mortis je tiu tago. La fatalo de Parizina restis kaŝita, kiel la polvo sub tomba ŝtono. Ĉu ŝi loĝadis en ia monaĥejo kaj gajnis la ĉielan vojon per malkvietaj kaj riproĉindaj jaroj de turmento, fastoj kaj senĉesaj ploroj; aŭ ĉu ŝi falis per la bulo aŭ glavo, pro la funebra amo, kiu submetis sin; aŭ ĉu frapita je tiu momento, ŝi mortis de tujaj suferoj, kiam tiun ŝi vidis morti sur la ŝtipo; aŭ ĉu la frapo de l’ekzekutisto, ekmovinte ŝian kompateman koron, neniigis ŝian organismon; neniu sciis, neniu iam scios: sed io estis ŝia fatalo tie ĉi, ŝia vivo komenciĝis kaj finiĝis malfeliĉe.
  • 25. XX. Kaj Azo trovis alian edzinon; belaj filoj kreskis apud li, sed neniu estis tiel aminda, tiel brava kiel tiu velkinta en la tombo; aŭ se ili estis tiaj, ilia kreskado pasis neatentinda por lia rigardo aŭ rimarkita kun sufokita ekĝemo. La ploro neniam malsupreniris lian vangon, la rido neniam malstreĉis lian frunton, sur kiu estis gravuritaj la kruciĝintaj linioj de la pripensoj, sulkoj, kiujn la varmega parto de Malĝojo tie fendis antaŭtempe, cikatroj de la ŝirinta spirito, kiujn la batalo de l’Animo lasis malantaŭe! Li estis sentinta tutan ĝojon kaj malfeliĉon; apenaŭ restis al li sendormaj noktoj, pezaj tagoj; animo tute mortinta por la malestimo aŭ laŭdo, konscienco kiu evitante sin mem, tamen ne cedis nek forgesis; kiam li ŝajnis malpli kvieta li pensis kaj sentis forte; nur la densa glacia tavolo povas kovri la supraĵon, la viva fluo loĝas aktiva malsupre, tial ke ĝi kuras senĉese. Ĉe lia fermita brusto loĝis sentoj enradikigitaj de la Naturo tre profunde por esti eltiritaj el tie. Kiam ni bataladas por deteni la larmojn farante ilin forflui koron, ili ne sekiĝas, iras returnen al la primitiva fonto, tie ili fariĝas pli puraj, restante en ĝia profundeco, neverŝitaj, ne glaciitaj, sed pli amataj tie, ili estas malpli videblaj. Forlasita al la intimaj ekstremoj de ĉagreno por kompati tiujn formetitajn el la vivo, kaj sen la potenco plenigi la mankon, kiun kaŭzis lia suferado, kaj plene konscia, ke li estis parolinta justan sentencon; ke ili estis preparintaj siajn kondamnojn, tamen, la vivo de Azo defluis mizeroplena! La malbonigitaj branĉoj de l’arbo zorge ĉirkaŭhakitaj alportas al la resto forton, floradon, vivon, freŝan verdaĵon, liberan ŝtonĵetilon; sed se la kolerema fulmo furioze ruinigas la balanciĝantajn branĉetojn, la dika ŝtipo sentas la malbonon, kaj neniam plu produktos unu folion.
  • 27. *** END OF THE PROJECT GUTENBERG EBOOK PARIZINA *** Updated editions will replace the previous one—the old editions will be renamed. Creating the works from print editions not protected by U.S. copyright law means that no one owns a United States copyright in these works, so the Foundation (and you!) can copy and distribute it in the United States without permission and without paying copyright royalties. Special rules, set forth in the General Terms of Use part of this license, apply to copying and distributing Project Gutenberg™ electronic works to protect the PROJECT GUTENBERG™ concept and trademark. Project Gutenberg is a registered trademark, and may not be used if you charge for an eBook, except by following the terms of the trademark license, including paying royalties for use of the Project Gutenberg trademark. If you do not charge anything for copies of this eBook, complying with the trademark license is very easy. You may use this eBook for nearly any purpose such as creation of derivative works, reports, performances and research. Project Gutenberg eBooks may be modified and printed and given away—you may do practically ANYTHING in the United States with eBooks not protected by U.S. copyright law. Redistribution is subject to the trademark license, especially commercial redistribution. START: FULL LICENSE
  • 28. THE FULL PROJECT GUTENBERG LICENSE
  • 29. PLEASE READ THIS BEFORE YOU DISTRIBUTE OR USE THIS WORK To protect the Project Gutenberg™ mission of promoting the free distribution of electronic works, by using or distributing this work (or any other work associated in any way with the phrase “Project Gutenberg”), you agree to comply with all the terms of the Full Project Gutenberg™ License available with this file or online at www.gutenberg.org/license. Section 1. General Terms of Use and Redistributing Project Gutenberg™ electronic works 1.A. By reading or using any part of this Project Gutenberg™ electronic work, you indicate that you have read, understand, agree to and accept all the terms of this license and intellectual property (trademark/copyright) agreement. If you do not agree to abide by all the terms of this agreement, you must cease using and return or destroy all copies of Project Gutenberg™ electronic works in your possession. If you paid a fee for obtaining a copy of or access to a Project Gutenberg™ electronic work and you do not agree to be bound by the terms of this agreement, you may obtain a refund from the person or entity to whom you paid the fee as set forth in paragraph 1.E.8. 1.B. “Project Gutenberg” is a registered trademark. It may only be used on or associated in any way with an electronic work by people who agree to be bound by the terms of this agreement. There are a few things that you can do with most Project Gutenberg™ electronic works even without complying with the full terms of this agreement. See paragraph 1.C below. There are a lot of things you can do with Project Gutenberg™ electronic works if you follow the terms of this agreement and help preserve free future access to Project Gutenberg™ electronic works. See paragraph 1.E below.
  • 30. 1.C. The Project Gutenberg Literary Archive Foundation (“the Foundation” or PGLAF), owns a compilation copyright in the collection of Project Gutenberg™ electronic works. Nearly all the individual works in the collection are in the public domain in the United States. If an individual work is unprotected by copyright law in the United States and you are located in the United States, we do not claim a right to prevent you from copying, distributing, performing, displaying or creating derivative works based on the work as long as all references to Project Gutenberg are removed. Of course, we hope that you will support the Project Gutenberg™ mission of promoting free access to electronic works by freely sharing Project Gutenberg™ works in compliance with the terms of this agreement for keeping the Project Gutenberg™ name associated with the work. You can easily comply with the terms of this agreement by keeping this work in the same format with its attached full Project Gutenberg™ License when you share it without charge with others. 1.D. The copyright laws of the place where you are located also govern what you can do with this work. Copyright laws in most countries are in a constant state of change. If you are outside the United States, check the laws of your country in addition to the terms of this agreement before downloading, copying, displaying, performing, distributing or creating derivative works based on this work or any other Project Gutenberg™ work. The Foundation makes no representations concerning the copyright status of any work in any country other than the United States. 1.E. Unless you have removed all references to Project Gutenberg: 1.E.1. The following sentence, with active links to, or other immediate access to, the full Project Gutenberg™ License must appear prominently whenever any copy of a Project Gutenberg™ work (any work on which the phrase “Project Gutenberg” appears, or with which the phrase “Project Gutenberg” is associated) is accessed, displayed, performed, viewed, copied or distributed:
  • 31. This eBook is for the use of anyone anywhere in the United States and most other parts of the world at no cost and with almost no restrictions whatsoever. You may copy it, give it away or re-use it under the terms of the Project Gutenberg License included with this eBook or online at www.gutenberg.org. If you are not located in the United States, you will have to check the laws of the country where you are located before using this eBook. 1.E.2. If an individual Project Gutenberg™ electronic work is derived from texts not protected by U.S. copyright law (does not contain a notice indicating that it is posted with permission of the copyright holder), the work can be copied and distributed to anyone in the United States without paying any fees or charges. If you are redistributing or providing access to a work with the phrase “Project Gutenberg” associated with or appearing on the work, you must comply either with the requirements of paragraphs 1.E.1 through 1.E.7 or obtain permission for the use of the work and the Project Gutenberg™ trademark as set forth in paragraphs 1.E.8 or 1.E.9. 1.E.3. If an individual Project Gutenberg™ electronic work is posted with the permission of the copyright holder, your use and distribution must comply with both paragraphs 1.E.1 through 1.E.7 and any additional terms imposed by the copyright holder. Additional terms will be linked to the Project Gutenberg™ License for all works posted with the permission of the copyright holder found at the beginning of this work. 1.E.4. Do not unlink or detach or remove the full Project Gutenberg™ License terms from this work, or any files containing a part of this work or any other work associated with Project Gutenberg™. 1.E.5. Do not copy, display, perform, distribute or redistribute this electronic work, or any part of this electronic work, without prominently displaying the sentence set forth in paragraph 1.E.1
  • 32. with active links or immediate access to the full terms of the Project Gutenberg™ License. 1.E.6. You may convert to and distribute this work in any binary, compressed, marked up, nonproprietary or proprietary form, including any word processing or hypertext form. However, if you provide access to or distribute copies of a Project Gutenberg™ work in a format other than “Plain Vanilla ASCII” or other format used in the official version posted on the official Project Gutenberg™ website (www.gutenberg.org), you must, at no additional cost, fee or expense to the user, provide a copy, a means of exporting a copy, or a means of obtaining a copy upon request, of the work in its original “Plain Vanilla ASCII” or other form. Any alternate format must include the full Project Gutenberg™ License as specified in paragraph 1.E.1. 1.E.7. Do not charge a fee for access to, viewing, displaying, performing, copying or distributing any Project Gutenberg™ works unless you comply with paragraph 1.E.8 or 1.E.9. 1.E.8. You may charge a reasonable fee for copies of or providing access to or distributing Project Gutenberg™ electronic works provided that: • You pay a royalty fee of 20% of the gross profits you derive from the use of Project Gutenberg™ works calculated using the method you already use to calculate your applicable taxes. The fee is owed to the owner of the Project Gutenberg™ trademark, but he has agreed to donate royalties under this paragraph to the Project Gutenberg Literary Archive Foundation. Royalty payments must be paid within 60 days following each date on which you prepare (or are legally required to prepare) your periodic tax returns. Royalty payments should be clearly marked as such and sent to the Project Gutenberg Literary Archive Foundation at the address specified in Section 4, “Information
  • 33. about donations to the Project Gutenberg Literary Archive Foundation.” • You provide a full refund of any money paid by a user who notifies you in writing (or by e-mail) within 30 days of receipt that s/he does not agree to the terms of the full Project Gutenberg™ License. You must require such a user to return or destroy all copies of the works possessed in a physical medium and discontinue all use of and all access to other copies of Project Gutenberg™ works. • You provide, in accordance with paragraph 1.F.3, a full refund of any money paid for a work or a replacement copy, if a defect in the electronic work is discovered and reported to you within 90 days of receipt of the work. • You comply with all other terms of this agreement for free distribution of Project Gutenberg™ works. 1.E.9. If you wish to charge a fee or distribute a Project Gutenberg™ electronic work or group of works on different terms than are set forth in this agreement, you must obtain permission in writing from the Project Gutenberg Literary Archive Foundation, the manager of the Project Gutenberg™ trademark. Contact the Foundation as set forth in Section 3 below. 1.F. 1.F.1. Project Gutenberg volunteers and employees expend considerable effort to identify, do copyright research on, transcribe and proofread works not protected by U.S. copyright law in creating the Project Gutenberg™ collection. Despite these efforts, Project Gutenberg™ electronic works, and the medium on which they may be stored, may contain “Defects,” such as, but not limited to, incomplete, inaccurate or corrupt data, transcription errors, a copyright or other intellectual property infringement, a defective or
  • 34. damaged disk or other medium, a computer virus, or computer codes that damage or cannot be read by your equipment. 1.F.2. LIMITED WARRANTY, DISCLAIMER OF DAMAGES - Except for the “Right of Replacement or Refund” described in paragraph 1.F.3, the Project Gutenberg Literary Archive Foundation, the owner of the Project Gutenberg™ trademark, and any other party distributing a Project Gutenberg™ electronic work under this agreement, disclaim all liability to you for damages, costs and expenses, including legal fees. YOU AGREE THAT YOU HAVE NO REMEDIES FOR NEGLIGENCE, STRICT LIABILITY, BREACH OF WARRANTY OR BREACH OF CONTRACT EXCEPT THOSE PROVIDED IN PARAGRAPH 1.F.3. YOU AGREE THAT THE FOUNDATION, THE TRADEMARK OWNER, AND ANY DISTRIBUTOR UNDER THIS AGREEMENT WILL NOT BE LIABLE TO YOU FOR ACTUAL, DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE OR INCIDENTAL DAMAGES EVEN IF YOU GIVE NOTICE OF THE POSSIBILITY OF SUCH DAMAGE. 1.F.3. LIMITED RIGHT OF REPLACEMENT OR REFUND - If you discover a defect in this electronic work within 90 days of receiving it, you can receive a refund of the money (if any) you paid for it by sending a written explanation to the person you received the work from. If you received the work on a physical medium, you must return the medium with your written explanation. The person or entity that provided you with the defective work may elect to provide a replacement copy in lieu of a refund. If you received the work electronically, the person or entity providing it to you may choose to give you a second opportunity to receive the work electronically in lieu of a refund. If the second copy is also defective, you may demand a refund in writing without further opportunities to fix the problem. 1.F.4. Except for the limited right of replacement or refund set forth in paragraph 1.F.3, this work is provided to you ‘AS-IS’, WITH NO OTHER WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED,
  • 35. INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY OR FITNESS FOR ANY PURPOSE. 1.F.5. Some states do not allow disclaimers of certain implied warranties or the exclusion or limitation of certain types of damages. If any disclaimer or limitation set forth in this agreement violates the law of the state applicable to this agreement, the agreement shall be interpreted to make the maximum disclaimer or limitation permitted by the applicable state law. The invalidity or unenforceability of any provision of this agreement shall not void the remaining provisions. 1.F.6. INDEMNITY - You agree to indemnify and hold the Foundation, the trademark owner, any agent or employee of the Foundation, anyone providing copies of Project Gutenberg™ electronic works in accordance with this agreement, and any volunteers associated with the production, promotion and distribution of Project Gutenberg™ electronic works, harmless from all liability, costs and expenses, including legal fees, that arise directly or indirectly from any of the following which you do or cause to occur: (a) distribution of this or any Project Gutenberg™ work, (b) alteration, modification, or additions or deletions to any Project Gutenberg™ work, and (c) any Defect you cause. Section 2. Information about the Mission of Project Gutenberg™ Project Gutenberg™ is synonymous with the free distribution of electronic works in formats readable by the widest variety of computers including obsolete, old, middle-aged and new computers. It exists because of the efforts of hundreds of volunteers and donations from people in all walks of life. Volunteers and financial support to provide volunteers with the assistance they need are critical to reaching Project Gutenberg™’s goals and ensuring that the Project Gutenberg™ collection will
  • 36. remain freely available for generations to come. In 2001, the Project Gutenberg Literary Archive Foundation was created to provide a secure and permanent future for Project Gutenberg™ and future generations. To learn more about the Project Gutenberg Literary Archive Foundation and how your efforts and donations can help, see Sections 3 and 4 and the Foundation information page at www.gutenberg.org. Section 3. Information about the Project Gutenberg Literary Archive Foundation The Project Gutenberg Literary Archive Foundation is a non-profit 501(c)(3) educational corporation organized under the laws of the state of Mississippi and granted tax exempt status by the Internal Revenue Service. The Foundation’s EIN or federal tax identification number is 64-6221541. Contributions to the Project Gutenberg Literary Archive Foundation are tax deductible to the full extent permitted by U.S. federal laws and your state’s laws. The Foundation’s business office is located at 809 North 1500 West, Salt Lake City, UT 84116, (801) 596-1887. Email contact links and up to date contact information can be found at the Foundation’s website and official page at www.gutenberg.org/contact Section 4. Information about Donations to the Project Gutenberg Literary Archive Foundation Project Gutenberg™ depends upon and cannot survive without widespread public support and donations to carry out its mission of increasing the number of public domain and licensed works that can be freely distributed in machine-readable form accessible by the widest array of equipment including outdated equipment. Many
  • 37. small donations ($1 to $5,000) are particularly important to maintaining tax exempt status with the IRS. The Foundation is committed to complying with the laws regulating charities and charitable donations in all 50 states of the United States. Compliance requirements are not uniform and it takes a considerable effort, much paperwork and many fees to meet and keep up with these requirements. We do not solicit donations in locations where we have not received written confirmation of compliance. To SEND DONATIONS or determine the status of compliance for any particular state visit www.gutenberg.org/donate. While we cannot and do not solicit contributions from states where we have not met the solicitation requirements, we know of no prohibition against accepting unsolicited donations from donors in such states who approach us with offers to donate. International donations are gratefully accepted, but we cannot make any statements concerning tax treatment of donations received from outside the United States. U.S. laws alone swamp our small staff. Please check the Project Gutenberg web pages for current donation methods and addresses. Donations are accepted in a number of other ways including checks, online payments and credit card donations. To donate, please visit: www.gutenberg.org/donate. Section 5. General Information About Project Gutenberg™ electronic works Professor Michael S. Hart was the originator of the Project Gutenberg™ concept of a library of electronic works that could be freely shared with anyone. For forty years, he produced and distributed Project Gutenberg™ eBooks with only a loose network of volunteer support.
  • 38. Project Gutenberg™ eBooks are often created from several printed editions, all of which are confirmed as not protected by copyright in the U.S. unless a copyright notice is included. Thus, we do not necessarily keep eBooks in compliance with any particular paper edition. Most people start at our website which has the main PG search facility: www.gutenberg.org. This website includes information about Project Gutenberg™, including how to make donations to the Project Gutenberg Literary Archive Foundation, how to help produce our new eBooks, and how to subscribe to our email newsletter to hear about new eBooks.