Textbook Ebook Principles of Incident Response Disaster Recovery Mindtap Course List 3Rd Edition Michael E Whitman Herbert J Mattord All Chapter PDF

Principles of Incident Response &
Disaster Recovery (MindTap Course

List) 3rd Edition Michael E. Whitman &
Herbert J. Mattord
Visit to download the full and correct content document:
https://ebookmass.com/product/principles-of-incident-response-disaster-recovery-min
dtap-course-list-3rd-edition-michael-e-whitman-herbert-j-mattord/
Copyright 2022 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Third Edition
Principles of
Incident Response &
Disaster Recovery
MICHAEL E. WHITMAN
PH.D., CISM, CISSP
HERBERT J. MATTORD
PH.D., CISM, CISSP
INFORMATION
SECURITY
Australia • Brazil • Canada • Mexico • Singapore • United Kingdom • United States
Copyright 2021 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
This is an electronic version of the print textbook. Due to electronic rights restrictions,
some third party content may be suppressed. Editorial review has deemed that any suppressed
content does not materially affect the overall learning experience. The publisher reserves the right
to remove content from this title at any time if subsequent rights restrictions require it. For
valuable information on pricing, previous editions, changes to current editions, and alternate
formats, please visit www.cengage.com/highered to search by ISBN#, author, title, or keyword for
materials in your areas of interest.
Important Notice: Media content referenced within the product description or the product
text may not be available in the eBook version.
Principles of Incident Response & Disaster © 2021, 2014 Cengage Learning, Inc.
Recovery, 3rd Edition WCN: 02-300
Michael Whitman and Herbert Mattord
Unless otherwise noted, all content is © Cengage.
ALL RIGHTS RESERVED. No part of this work covered by the copyright herein
SVP, Higher Education Product Management:
may be reproduced or distributed in any form or by any means, except as
Erin Joyner
permitted by U.S. copyright law, without the prior written permission of the
VP, Product Management: Thais Alencar copyright owner.
Product Team Manager: Kristin McNary

For product information and technology assistance, contact us at
Associate Product Manager: Danielle Klahr
Cengage Customer & Sales Support, 1-800-354-9706
Product Assistant: Tom Benedetto or support.cengage.com.
Director, Learning Design: Rebecca von Gillern

For permission to use material from this text or product, submit all
requests online at www.cengage.com/permissions.
Senior Manager, Learning Design: Leigh
Hefferon
Learning Designer: Mary Clyne Library of Congress Control Number: 2020917514
Vice President, Marketing – Science,

ISBN: 978-0-357-50832-9
Technology, & Math: Jason Sakos
Loose-leaf Edition:
Senior Marketing Director: Michele McTighe
ISBN: 978-0-357-50833-6
Marketing Manager: Cassie Cloutier
Cengage
Product Specialist: Mackenzie Paine
200 Pier 4 Boulevard
Director, Content Creation: Juliet Steiner Boston, MA 02210
USA
Senior Manager, Content Creation: Patty
Stephan
Cengage is a leading provider of customized learning solutions with employees
Senior Content Manager: Brooke Greenhouse residing in nearly 40 different countries and sales in more than 125 countries
around the world. Find your local representative at www.cengage.com.
Director, Digital Production Services: Krista
Kellman
To learn more about Cengage platforms and services, register or access your
Digital Delivery Lead: Jim Vaughey online learning solution, or purchase materials for your course, visit
www.cengage.com.
Developmental Editor: Dan Seiter
Notice to the Reader
Production Service/Composition: SPi Global Publisher does not warrant or guarantee any of the products described herein or perform any
independent analysis in connection with any of the product information contained herein.
Design Director: Jack Pendleton Publisher does not assume, and expressly disclaims, any obligation to obtain and include
information other than that provided to it by the manufacturer. The reader is expressly warned
Designer: Erin Griffin to consider and adopt all safety precautions that might be indicated by the activities described
herein and to avoid all potential hazards. By following the instructions contained herein, the
reader willingly assumes all risks in connection with such instructions. The publisher makes no
Cover image(s): Kolonko/ShutterStock.com representations or warranties of any kind, including but not limited to, the warranties of fitness
for particular purpose or merchantability, nor are any such representations implied with respect
to the material set forth herein, and the publisher takes no responsibility with respect to such
material. The publisher shall not be liable for any special, consequential, or exemplary damages
resulting, in whole or part, from the readers’ use of, or reliance upon, this material.
Printed in Mexico
Print Number: 01 Print Year: 2020
To Rhonda, Rachel, Alex, and Meghan, thank you for your loving
support.
—MEW
To my granddaughters, Julie and Ellie. Always stay strong.
—HJM
BRIEF CONTENTS
MODULE 1 MODULE 8
An Overview of Information Security and Risk Incident Response: Response Strategies 213
Management 1
MODULE 9
MODULE 2 Incident Response: Recovery, Maintenance, and
Planning for Organizational Readiness 47 Investigations 247
MODULE 3 MODULE 10
Contingency Strategies for Incident Response, Disaster Recovery 277
Disaster Recovery, and Business Continuity 73
MODULE 11
MODULE 4 Business Continuity 313
Incident Response: Planning 103
MODULE 12
MODULE 5 Crisis Management in
Incident Response: Organizing and Preparing IR, DR, and BC 339
the CSIRT 127
GLOSSARY 375
MODULE 6 INDEX 389
Incident Response: Incident Detection Strategies
151
MODULE 7
Incident Response: Detection Systems 181
TABLE OF CONTENTS
MODULE 1 Identify Resource Requirements 62
Identify Recovery Priorities for System
AN OVERVIEW OF INFORMATION Resources 62
BIA Data Collection 62
SECURITY AND RISK MANAGEMENT 1
Budgeting for Contingency Operations 67
Introduction 2 Incident Response Budgeting 68
An Overview of Information Security 2 Disaster Recovery Budgeting 68
Business Continuity Budgeting 69
Key Information Security Concepts 3
Crisis Management Budgeting 69
The 12 Categories of Threats 5
The Role of Information Security Policy in MODULE SUMMARY 70
Developing Contingency Plans 12 REVIEW QUESTIONS 71
Key Policy Components 13 REAL-WORLD EXERCISES 71
Types of InfoSec Policies 13
HANDS-ON PROJECTS 72
Guidelines for Effective Policy Development
and Implementation 15 REFERENCES 72
Overview of Risk Management 19
Knowing Yourself and Knowing Your Enemy 19 MODULE 3
Risk Management and the RM Framework 20
The RM Process 23 CONTINGENCY STRATEGIES FOR
Risk Treatment/Risk Control 36
INCIDENT RESPONSE, DISASTER
MODULE SUMMARY 39
RECOVERY, AND BUSINESS
REVIEW QUESTIONS 40
CONTINUITY 73
REAL-WORLD EXERCISES 41
Introduction 74
Safeguarding Information 76
REFERENCES 44
The Impact of Cloud Computing on
Contingency Planning
MODULE 2 and Operations 77
Disk to Disk to Other: Delayed Protection 79
PLANNING FOR ORGANIZATIONAL Redundancy-Based Backup and
Recovery Using RAID 81
READINESS 47
Database Backups 83
Introduction to Planning for Application Backups 84
Organizational Readiness 48 Backup and Recovery Plans 84
Virtualization 91
Key Laws, Regulations, and Standards Backup of Other Devices 92
Associated with Contingency
Site Resumption Strategies 92
Planning 49
Exclusive Site Resumption Strategies 92
Ethical Deterrence 49
Shared-Site Resumption Strategies 94
Laws Germane to Contingency Planning 50
Mobile Sites and Other Options 96
Beginning the Contingency Planning Service Agreements 96
Process 52
MODULE SUMMARY 99
Forming the CPMT 53
REVIEW QUESTIONS 100
Contingency Planning Policy 56
Business Impact Analysis 57
Determine Mission/Business Processes HANDS-ON PROJECTS 102
and Recovery Criticality 58 REFERENCES 102
vi TABLE OF CONTENTS
MODULE 4 Special Circumstances in CSIRT Development

and Operations 144
INCIDENT RESPONSE: PLANNING 103 CSIRT Operations and the Security
Operations Center 144
Introduction 104 Outsourcing Incident Response and
The IR Planning Process 104 the CSIRT 145
Forming the IR Planning Team (IRPT) 105 MODULE SUMMARY 147
Developing the Incident Response Policy 106
Integrating the BIA 108
Identifying and Reviewing Preventative REAL-WORLD EXERCISES 149
Controls 111 HANDS-ON PROJECTS 150
Organizing the CSIRT 112
REFERENCES 150
Developing the IR Plan 112
Planning for the Response “During the
Incident” 113
MODULE 6
Planning for “After the Incident” 114
Planning for “Before the Incident” 115 INCIDENT RESPONSE: INCIDENT
Ensuring Plan Training, Testing, and Exercising 116 DETECTION STRATEGIES 151
Assembling and Maintaining the Introduction 152
Final IR Plan 121 Anatomy of an Attack—the “Kill Chain” 152
Hard-Copy IR Plans 122
Incident Indicators 158
Electronic IR Plans 122
Maintaining the Plan 123 Possible Indicators of an Incident 158
Probable Indicators of an Incident 159
MODULE SUMMARY 124 Definite Indicators 160
REVIEW QUESTIONS 125 Identifying Real Incidents 161
REAL-WORLD EXERCISES 125 Incident Detection Strategies 162
HANDS-ON PROJECTS 126 Detecting Incidents through Processes
and Services 162
REFERENCES 126 Detection Strategies for Common Incidents 165
General Detection Strategies 171
Manage Logging and Other Data Collection
MODULE 5 Mechanisms 173
Challenges in Intrusion Detection 173
INCIDENT RESPONSE: ORGANIZING Collection of Data to Aid in Detecting Incidents 174
AND PREPARING THE CSIRT 127 MODULE SUMMARY 177
Introduction 128 REVIEW QUESTIONS 177
Building the CSIRT 128 REAL-WORLD EXERCISES 178
Step 1: Obtaining Management Support HANDS-ON PROJECTS 178
and Buy-In 129
Step 2: Determining the CSIRT Strategic Plan 129 REFERENCES 178
Step 3: Gathering Relevant Information 133
Step 4: Designing the CSIRT’s Vision 134 MODULE 7
Step 5: Communicating the CSIRT’s Vision and
Operational Plan 141 INCIDENT RESPONSE: DETECTION
Step 6: Beginning CSIRT Implementation 142
SYSTEMS 181
Step 7: Announcing the Operational CSIRT 142
Step 8: Evaluating the CSIRT’s Effectiveness 143 Introduction to Intrusion Detection and
Final Thoughts on CSIRT Development 144 Prevention Systems 182
TABLE OF CONTENTS vii
IDPS Terminology 183 REVIEW QUESTIONS 243

Why Use an IDPS? 185 REAL-WORLD EXERCISES 243
Forces Working Against an IDPS 186
Justifying the Cost 186 HANDS-ON PROJECTS 244
IDPS Types 189 REFERENCES 244

Network-Based IDPSs 189
Host-Based IDPSs 194 MODULE 9
Application-Based IDPSs 197
Comparison of IDPS Technologies 198 INCIDENT RESPONSE: RECOVERY,
IDPS Detection Approaches 199 MAINTENANCE, AND
Signature-Based IDPSs 199 INVESTIGATIONS 247
Anomaly-Based IDPSs 199
IDPS Implementation 200 Introduction 248
IDPS-Related Topics 201 Recovery 248
Log File Monitors 201 Identify and Resolve Vulnerabilities 249
Automated Response 201 Restore Data 249
Security Information and Event Restore Services and Processes 250
Restore Confidence Across the Organization 250
Management 203
What Are SIEM Systems? 203 Maintenance 250
Selecting a SIEM Solution 206 After-Action Review 251
Plan Review and Maintenance 252
MODULE SUMMARY 208
Training 252
REVIEW QUESTIONS 209 Rehearsal 253
REAL-WORLD EXERCISES 209 Law Enforcement Involvement 253
Reporting to Upper Management 254
Loss Analysis 254
REFERENCES 210
Incident Investigations and Forensics 255
Legal Issues in Digital Forensics 256
MODULE 8 Digital Forensics Team 256
Digital Forensics Methodology 258
INCIDENT RESPONSE: RESPONSE eDiscovery and Anti-Forensics 270
STRATEGIES 213 MODULE SUMMARY 272
Introduction 214 REVIEW QUESTIONS 273
IR Reaction Strategies 214 REAL-WORLD EXERCISES 274

Response Preparation 215 HANDS-ON PROJECTS 275
Incident Containment 215 REFERENCES 275
Incident Eradication 218
Incident Recovery 218
Incident Containment and Eradication MODULE 10
Strategies for Specific Attacks 220
DISASTER RECOVERY 277
Handling Denial-of-Service (DoS) Incidents 221
Malware 224 Introduction 278
Unauthorized Access 230 Disaster Classifications 279
Inappropriate Use 235
Forming the Disaster Recovery
Hybrid or Multicomponent Incidents 239
Team 281
Automated IR Systems 241 Organization of the DR Team 281
MODULE SUMMARY 242 Special Documentation and Equipment 283
viii TABLE OF CONTENTS
Disaster Recovery Planning Implementing the BC Plan 325

Functions 284 Preparation for BC Actions 325
Develop the DR Planning Policy Statement 285 Relocation to the Alternate Site 326
Review the Business Impact Analysis 287 Returning to a Primary Site 327
Identify Preventive Controls 288 BC After-Action Review 328
Develop Recovery Strategies 288 Continuous Improvement of the BC
Develop the DR Plan Document 288 Process 329
Plan Testing, Training, and Exercises 291
Improving the BC Plan 329
Plan Maintenance 291
Improving the BC Staff 331
Implementing the DR Plan 291 BC Training 331
Preparation: Training the DR Team Maintaining the BC Plan 333
and the Users 292 Periodic BC Review 333
Disaster Response Phase 300 BC Plan Archival 333
Disaster Recovery Phase 301 Final Thoughts on Business Continuity
Restoration Phase 301 and the COVID-19 Pandemic 334
Disaster Resumption Phase 302
Building the DR Plan 304 MODULE SUMMARY 335
The Business Resumption Plan 305 REVIEW QUESTIONS 335
Information Technology Contingency REAL-WORLD EXERCISES 336
Planning Considerations 305 HANDS-ON PROJECTS 336
Systems Contingency Strategies 306
REFERENCES 337
Systems Contingency Solutions 307
MODULE SUMMARY 308 MODULE 12
REAL-WORLD EXERCISES 310 CRISIS MANAGEMENT IN
HANDS-ON PROJECTS 311 IR, DR, AND BC 339
REFERENCES 311 Introduction 340
Crisis Management in the
MODULE 11 Organization 340
Crisis Terms and Definitions 341
BUSINESS CONTINUITY 313 Crisis Misconceptions 342
Preparing for Crisis Management 343
Introduction 314
General Crisis Preparation Guidelines 343
Business Continuity Teams 315 Organizing the Crisis Management Teams 345
Organization of BC Response Teams 316 Crisis Management Critical Success Factors 346
Special Documentation and Equipment 317 Developing the Crisis Management Plan 348
Business Continuity Policy and Plan 318 Crisis Management Training and Testing 350
Develop the BC Planning Policy Statement 318 Other Crisis Management Preparations 352
Review the BIA 321 Post-Crisis Trauma 353
Identify Preventive Controls 321 Post-Traumatic Stress Disorder 353
Create BC Contingency (Relocation) Employee Assistance Programs 353
Strategies 321 Immediately after the Crisis 353
Develop the BC Plan 322
Getting People Back to Work 354
Ensure BC Plan Testing, Training, and
Dealing with Loss 354
Exercises 325
Ensure BC Plan Maintenance 325 Law Enforcement Involvement 355
Sample Business Continuity Plans 325 Federal Agencies 356
TABLE OF CONTENTS ix
State Agencies 357 MODULE SUMMARY 370

Local Agencies 358 REVIEW QUESTIONS 371
Managing Crisis Communications 358
Crisis Communications 358
Avoiding Unnecessary Blame 361 HANDS-ON PROJECTS 372
Succession Planning 363 REFERENCES 373

Elements of Succession Planning 363
Succession Planning Approaches for Crisis GLOSSARY 375
Management 364
INDEX 389
International Standards in IR, DR,
and BC 365
NIST Standards and Publications in IR, DR,
and BC 365
ISO Standards and Publications in IR, DR,
and BC 366
Other Standards and Publications in IR, DR,
and BC 367
PREFACE
As global networks expand the interconnection of the world’s technically complex infrastructure,
communication and computing systems gain added importance. Information security has gained
in importance as a professional practice, and it has also emerged as an academic discipline. Ongo-
ing security events, such as malware attacks and successful hacking efforts, have pointed out the
weaknesses inherent in unprotected systems and exposed the need for heightened security of
these systems. In order to secure technologically advanced systems and networks, both educa-
tion and the infrastructure to deliver that education are needed to prepare the next generation
of information technology and information security professionals to develop a more secure and
ethical computing environment. Therefore, improved tools and more sophisticated techniques
are needed to prepare students to recognize the threats and vulnerabilities present in existing
systems and to design and develop secure systems. Many years have passed since the need for
improved information security education was recognized, and as Dr. Ernest McDuffie, Lead of
NIST NICE, points out:
While there is no doubt that technology has changed the way we live, work, and
play, there are very real threats associated with the increased use of technology and
our growing dependence on cyberspace. . . .
Education can prepare the general public to identify and avoid risks in
cyberspace; education will ready the cybersecurity workforce of tomorrow; and
education can keep today’s cybersecurity professionals at the leading edge of the
latest technology and mitigation strategies.
The need for improvements in information security education is so great that the U.S. National
Security Agency (NSA) has established Centers of Academic Excellence in Information Assurance,
as described in Presidential Decision Directive 63, “The Policy on Critical Infrastructure Protection”
(1998):
The goal of the program is to reduce vulnerability in our national information

infrastructure by promoting higher education and research in cyber defense and
producing professionals with cyber defense expertise.
Academics who want to focus on delivering skilled undergraduates to the commercial informa-
tion technology (IT) sector need teaching resources that focus on key topics in the broader area
of information security.
APPROACH
This resource provides an overview of contingency operations and its components as well as a thor-
ough treatment of the administration of the planning process for incident response (IR), disaster
recovery (DR), and business continuity (BC). It can be used to support course delivery for informa-
tion security-driven programs targeted at information technology students, as well as IT manage-
ment and technology management curricula aimed at business or technical management students.
xii PREFACE
Features
To ensure a successful learning experience, this product includes the following pedagogical features:
• Module Objectives—Each module in this book begins with a detailed list of the concepts to be mastered within
that module. This list provides you with a quick reference to the contents of the module as well as a useful
study aid.
• Module Scenarios—Each module opens and closes with a case scenario that follows the same fictional com-
pany as it encounters various contingency planning or operational issues. The closing scenario also includes
discussion questions to give students and the instructor an opportunity to discuss the issues that underlie
the content. New in this edition is an example of an ethical decision that extends the opportunity to discuss
the impact of events in the scenario.
• Boxed Examples—These supplemental sections, which feature examples not associated with the ongoing case
study, are included to illustrate key learning objectives and technical details or extend the coverage of plans
and policies.
• Learning Support—Each module includes a Module Summary section, definitions of key terms, and a set of open-
ended review questions. These are used to reinforce learning of the subject matter presented in the module.
• Real-World Exercises—At the end of each module, Real-World Exercises give students the opportunity to exam-
ine the contingency planning arena outside the classroom. Using these structured exercises, students can
pursue the learning objectives listed at the beginning of each module and deepen their understanding of the
text material.
• Hands-On Projects—Virtual labs are now available through the MindTap that accompanies Principles of Inci-
dent Response and Disaster Recovery. These labs have been designed by the authors to help students develop
valuable practical skills. They can be accessed in the Practice It folder in MindTap or through the instructor’s
learning management system (LMS).
New to This Edition

This edition extends the work from the previous edition by adding more detail and examples, specifically in the exami-
nation of incident response activities. It continues to track the evolution in approaches and methods that have been
developed at NIST. Although the material on disaster recovery, business continuity, and crisis management has not
been reduced, the text’s focus now follows that of the IT industry in shifting to the prevention, detection, reaction to,
and recovery from computer-based incidents and avoidance of threats to the security of information.
Several modules have been reorganized, with a new module on incident detection that has an increased focus on
IDPSs, security information and event management systems (SIEMs), and security event correlation.
Structure
The narrative is organized into 12 modules. Appendices and other materials are available with the instructor resources
online and in MindTap. Here are summaries of each module’s contents:
Module 1, An Overview of Information Security and Risk Management, defines the concepts of information security
and risk management and explains how they are integral to the management processes used for incident response
and contingency planning.
Module 2, Planning for Organizational Readiness, focuses on how an organization can plan for and develop pro-
cesses and staffing appointments needed for successful incident response and contingency plans.
Module 3, Contingency Strategies for Incident Response, Disaster Recovery, and Business Continuity, explores the
relationships among contingency planning and the subordinate elements of incident response, business resumption,
disaster recovery, and business continuity planning. It also explains the techniques used for data and application
backup and recovery.
PREFACE xiii
Module 4, Incident Response: Planning, expands on the incident response planning process to include processes
and activities that are needed as well as the skills and techniques used to develop such plans.
Module 5, Incident Response: Organizing and Preparing the CSIRT, presents a detailed explanation of the actions
that the CSIRT performs and how they are designed and developed.
Module 6, Incident Response: Incident Detection Strategies, describes IR reaction strategies and how they are applied
to incidents.
Module 7, Incident Response: Detection Systems, describes IDPSs, security information and event management
systems (SIEMs), and security event correlation.
Module 8, Incident Response: Response Strategies, describes how an organization plans for and executes the recov-
ery process when an incident occurs.
Module 9, Incident Response: Recovery, Maintenance, and Investigations, explores how organizations recover from
incidents. It also expands on the steps involved in the ongoing maintenance of the IR plan as well as the IT forensics
process.
Module 10, Disaster Recovery, presents the challenges an organization faces when engaged in disaster recovery
and how such challenges are met.
Module 11, Business Continuity, covers how organizations ensure continuous operations even when their primary
facilities are not available.
Module 12, Crisis Management in IR, DR, and BC, covers the role of crisis management and recommends the ele-
ments of a plan to prepare for crisis response. The module also covers the key international standards that affect IR,
DR, and BC.
Three appendices in the instructor’s resources and MindTap present sample BC and crisis management plans and
templates.
MINDTAP
MindTap activities for Principles of Incident Response and Disaster Recovery are designed to help you master the skills
you need in today’s workforce. Research shows that employers need critical thinkers, troubleshooters, and creative
problem-solvers to stay relevant in this fast-paced, technology-driven world. MindTap helps you achieve this goal with
assignments and activities that provide hands-on practice with real-life relevance.
All MindTap activities and assignments are tied to defined learning objectives. Readings with spaced knowledge
checks support the course objectives, while hands-on labs provide practice and give you an opportunity to trouble-
shoot, explore, and try different solutions in a secure sandbox environment. Videos, Review Questions, and Real-World
Exercises will help you reinforce your understanding of each module’s concepts, and Security for Life assignments will
prompt you to explore industry-related news and events.
Use the interactive Flashcards and PowerPoint slides in each module to help you study for exams. Measure how
well you have mastered the material by taking the Review Quizzes and completing the Case Exercises at the end of
each module. Finally, the Post-Assessment Quiz helps you assess all that you have learned throughout the course, see
where you gained deeper knowledge, and identify the skills where you need additional practice!
Instructors can use the content and learning path as they are, or choose how these materials wrap around their
own resources. MindTap supplies the analytics and reporting so you can easily see where the class stands in terms
of progress, engagement, and completion rates. To learn more about shaping what students see and scheduling when
they see it, instructors can go to www.cengage.com/mindtap/.
xiv PREFACE
INSTRUCTOR RESOURCES
Instructors can access a robust set of teaching resources tailored to this product at Cengage’s Companion Site. An
instructor login is required. Please visit instructor.cengage.com to request access or log in to your existing account.
There, you will find the following instructor-specific resources:
• Instructor’s Manual—The Instructor’s Manual that accompanies this resource includes additional instructional
material to assist in class preparation, including suggestions for classroom activities, discussion topics, and
additional projects.
• Solution Files—The solution files include answers to selected end-of-module materials, including the review
questions and some of the hands-on projects.
• Test Bank—Cengage Testing, powered by Cognero, is a flexible, online system that allows you to do the
following:
❍❍ Author, edit, and manage test bank content from multiple Cengage solutions.
❍❍ Create multiple test versions in an instant.
❍❍ Deliver tests from your LMS, your classroom, or wherever you want.
The generous question sets developed for this edition include a variety of question types tagged to core learn-
ing objectives and narrative topics.
• PowerPoint Presentations—This edition includes Microsoft PowerPoint slides for each module. These are
included as a teaching aid for classroom presentation. They can also be made available to students on the
network for module review, or they can be printed for classroom distribution. Instructors should feel free to
add their own slides for additional topics they introduce to the class.
• Hands-On Projects—The virtual labs provided with this resource can help students develop practical skills
that will be of value as they progress through the course. These author-developed lab projects are available
via MindTap or at the Companion Site for LMS integration.
• Information Security Community Site—Stay secure with the Information Security Community Site! Connect with
students, professors, and professionals from around the world, and stay on top of this ever-changing field.
❍❍ Visit www.cengage.com/community/infosec.
❍❍ Download resources such as instructional videos and labs.
❍❍ Ask authors, professors, and students the questions that are on your mind in our Discussion Forums.
❍❍ See up-to-date news, videos, and articles.
❍❍ Read author blogs.
❍❍ Listen to podcasts on the latest information security topics.
AUTHOR TEAM
Long-time college professors and information security professionals Michael Whitman and Herbert Mattord have jointly
developed this text and MindTap to merge knowledge from the world of academic study with practical experience
from the business world.
Michael Whitman, Ph.D., CISM, CISSP, is the Executive Director of the KSU Institute for Cybersecurity Workforce
Development (ICWD, cyberinstitute.kennesaw.edu) and a Professor of Information Security and Assurance at Kennesaw
State University, Kennesaw, Georgia. Dr. Whitman has over 30 years of experience in higher education, with over 20
years of experience in designing and teaching information security courses. He is an active researcher in information
security, fair and responsible use policies, and computer-use ethics. He currently teaches graduate and undergraduate
courses in information security and cybersecurity. He has published articles in the top journals in his field, including
Information Systems Research, Communications of the ACM, Information and Management, Journal of International Busi-
ness Studies, and Journal of Computer Information Systems. Under Dr. Whitman’s leadership, Kennesaw State University
has been recognized by the National Security Agency and the Department of Homeland Security as a National Center
of Academic Excellence in Information Assurance/Cyber Defense Education four times. Dr. Whitman is also the coau-
thor of Principles of Information Security; Management of Information Security; Readings and Cases in the Management
PREFACE xv
of Information Security; Readings and Cases in Information Security: Law and Ethics; The Hands-On Information Security
Lab Manual; Roadmap to the Management of Information Security for IT and Information Security Professionals; Guide
to Firewalls and VPNs; Guide to Firewalls and Network Security; and Guide to Network Security, all published by Course
Technology (now Cengage). Prior to his career in academia, Dr. Whitman was an officer in the United States Army.
Herbert Mattord, Ph.D., CISM, CISSP, completed 24 years of IT industry experience as an application developer,
database administrator, project manager, and information security practitioner before joining the faculty of Kennesaw
State University in 2002. Dr. Mattord is a Professor of Information Security and Assurance and the Director of Under-
graduate Education and Outreach at the ICWD. During his career as an IT practitioner, Dr. Mattord has been an adjunct
professor at Kennesaw State University; Southern Polytechnic State University in Marietta, Georgia; Austin Community
College in Austin, Texas; and Texas State University: San Marcos. He currently teaches undergraduate and graduate
courses in information security and cybersecurity. He was formerly the manager of corporate information technology
security at Georgia-Pacific Corporation, where much of the practical knowledge found in this text was acquired. Pro-
fessor Mattord is also the coauthor of Principles of Information Security; Management of Information Security; Readings
and Cases in the Management of Information Security; Readings and Cases in Information Security: Law and Ethics; The
Hands-On Information Security Lab Manual; Roadmap to the Management of Information Security for IT and Information
Security Professionals; Guide to Firewalls and VPNs; Guide to Firewalls and Network Security; and Guide to Network Security,
all published by Course Technology (now Cengage).
ACKNOWLEDGMENTS
The authors would like to thank their families for their support and understanding for the many hours dedicated to
this project—hours taken in many cases from family activities.
Reviewers
We are indebted to the following individuals for their contributions of perceptive feedback on the initial proposal, the
project outline, and individual learning modules:
• Paul Witman, California Lutheran University

• Humayun Zafar, Kennesaw State University
• Randall Reid, University of West Florida
Special Thanks
The authors wish to thank the editorial and production teams at Cengage. Their diligent and professional efforts greatly
enhanced the final product:
• Danielle Klahr, Associate Product Manager

• Amy Savino, Senior Product Manager
• Mary Clyne, Learning Designer
• Brooke Greenhouse, Senior Content Manager
• Dan Seiter, Developmental Editor
In addition, several professional and commercial organizations and individuals have aided the development of the
text and MindTap by providing information and inspiration, and the authors wish to acknowledge their contributions:
• Bernstein Crisis Management

• Continuity Central
• Information Systems Security Associations
xvi PREFACE
• Institute for Crisis Management

• National Institute of Standards and Technology
• Oracle, Inc.
• Purdue University
• Rothstein Associates, Inc.
• SunGard
• Our colleagues in the Department of Information Systems and the Michael J. Coles College of Business,
Kennesaw State University
Our Commitment
The authors are committed to serving the needs of the adopters and readers. We would be pleased and honored to
receive feedback on the textbook, MindTap, and supporting materials. You can contact us through Cengage.
MODULE 1
AN OVERVIEW OF
INFORMATION SECURITY
AND RISK MANAGEMENT
Upon completion of this material, you should be able to: An ounce of
1 Define and explain information security prevention is worth a
2 Describe the role of information security policy in the organization pound of cure.
— Benjamin Franklin
3 Identify and explain the basic concepts and phases of risk management
Opening Scenario
Paul Alexander and his boss, Amanda Wilson, were sitting in Amanda’s office discussing the coming year’s budget when they
heard a commotion in the hall. Hearing his name mentioned, Paul stuck his head out the door and saw Jonathon Jasper (“JJ”
to his friends) walking quickly toward him.
“Paul!” JJ called again, relieved to see Paul waiting in Amanda’s office. “Hi, Amanda,” JJ said, then, looking at Paul, he added,
“We have a problem.” JJ was one of the systems administrators at Hierarchical Access LTD (HAL), a Georgia-based cloud ser-
vices firm.
Paul stepped out into the hall, closing Amanda’s door behind him. “What’s up, JJ?”
“I think we’ve got someone sniffing around our credentialing services platform,” JJ replied. “I just looked at the log files,
and there is an unusual number of failed login attempts on accounts that normally just don’t have that many, like yours!”
Paul answered, “Sounds like we need to investigate,” then paused a moment.
“That system is configured to allow off-premises VPN access,” he finally said to JJ. “Are there corresponding entries in the
reverse proxy server or the VPN logs?”
JJ shook his head “no.”
Paul sighed. “Which means it must be internal.”
“Yeah, that’s why it’s a problem,” JJ replied. “We haven’t gotten this kind of thing since we partitioned the credentialing
platform. It’s got to be someone in-house.”
JJ looked exasperated. “And after all that time I spent conducting awareness training!”
“Don’t worry just yet,” Paul told him. “Let me make a few calls, and then we’ll go from there. Grab your incident response
plan and meet me in the conference room in 10 minutes. Grab Tina in network operations on the way; she’s on call for today.”
2 PRINCIPLES OF INCIDENT RESPONSE & DISASTER RECOVERY
contingency planning
(CP) INTRODUCTION
The actions taken by senior man-
agement to specify the organi- This book is about being prepared for the unexpected—being ready for events such
zation’s efforts and actions if an
as incidents and disasters. We call this contingency planning (CP), and the sad fact
adverse event becomes an incident
or disaster. This planning includes is that most organizations don’t incorporate it into their day-to-day business activities,
incident response, disaster recov- so they are often not well prepared to offer the proper response to a disaster or secu-
ery, business continuity, and crisis rity incident. By December 2019, Internet World Stats estimated that there were over
management efforts, as well as pre-
paratory business impact analysis. 4.5 billion people online, representing well over half of the world’s 7.8 billion p
opulation.1
Each one of those online users is a potential threat to any online system. The vast
security majority of Internet users will not intentionally probe, monitor, attack, or attempt to
A state of being secure and free access an organization’s information without authorization; however, that potential
from danger or harm. Also, the does exist. If even less than one-tenth of 1 percent of online users make the effort, the
actions taken to make someone or
something secure.
result would be over four and a half million potential attackers.
In the weeks that followed the September 11, 2001 attacks in New York, Pennsylva-
nia, and Washington D.C., the media reported on the disastrous losses that various organizations were suffering. Still, many
organizations were able to continue conducting business. Why? They were prepared for unexpected events. The cataclysm
in 2001 was not the first attack on the World Trade Center (WTC). On February 26, 1993, a car bomb exploded beneath one
of the WTC towers, killing 6 and injuring over 1,000. The attack was limited in its devastation only because the attackers
weren’t able to acquire all the components for a coordinated bomb and cyanide gas attack.2
Still, this attack was a wake-up call for the hundreds of organizations that conducted business in the WTC. Many began ask-
ing, “What would we have done if the attack had been more successful?” As a direct result, many of the organizations occupying
the WTC on September 11 had developed contingency plans. Although thousands of people lost their lives in the attack, many
were able to evacuate, and many organizations were prepared to resume their businesses in the aftermath of the devastation.
In a Forrester survey called “The State of Disaster Recovery Preparedness,” only about 55 percent of respondents were
either prepared or very prepared to recover their data center in the event of a disaster or site failure, and only 54 percent
had a formal enterprise disaster recovery program.3 According to the Syncsort State of Resilience Report, “Nearly half of
businesses experienced a failure requiring a high availability/disaster recovery solution to resume operations. 35% lost a
few minutes to an hour of data, 28% lost a few hours and 31% lost a day or more.”4 According to the U.S. Federal Emergency
Management Agency, between 40 and 60 percent of small businesses affected by a disaster either never reopen or go out
of business following the event.5 Thus, having a disaster recovery and business continuity plan is vital to sustaining opera-
tions when catastrophes strike. Considering the risks, it is imperative that management teams create, implement, train, and
rehearse test plans to deal with incidents and disasters. For this reason, the importance of information security and contin-
gency planning has been steadily growing and is now taken more seriously by senior management and boards of directors.
Before we can discuss contingency planning in detail, we must introduce some critical concepts, of which contingency
planning is an integral part. The first of these, which serves as the overall disciplinary umbrella, is information security.
This term refers to many interlinked programs and activities that work together to ensure the confidentiality, integrity, and
availability of the information used by organizations. This includes steps to ensure the protection of organizational informa-
tion systems, specifically during incidents and disasters. Because information security is a complex subject that includes
risk management as well as information security policy, it is important to have an overview of that broad field and an under-
standing of these major components. That is the purpose of this first module. Contingency planning is an important element
of information security, but before management can plan for contingencies, it should have an overall strategic plan for infor-
mation security in place, including risk management processes to guide the appropriate managerial and technical controls.
This module serves as an overview of information security, with special consideration given to risk management and
the role that contingency planning plays in (1) information security in general and (2) risk management in particular.
AN OVERVIEW OF INFORMATION SECURITY

In general, security means being free from danger. To be secure in this context is to be protected from the risk of
loss, damage, unwanted modification, or other hazards. Achieving an appropriate level of security for an organization
depends on the implementation of a multilayered system that works to protect information assets from harm, unwanted
Another random document with
no related content on Scribd:
At last the signal was given and the party entered another room,
where a table had been laid in European style.
The menu was as follows:—
Roast pigeons, stuffed chickens, stewed lamb, turkey with
almonds, and highly flavoured siksu[47]; olives in oil; oranges cut in
sections and spiced, served as a vegetable; salad of olives and mint;
eggs poached with olives and oil; chicken fricassée, with a rich egg
sauce; chickens with red butter—a piquante sauce; stewed mutton
with fried eggs; chickens stewed with almonds and sweetened.
Dry siksu; rice made up in a sort of porridge; bowls of new milk;
almond tart, flavoured with musk; pastry dipped in honey.
Dessert: oranges, almonds, raisins, nuts, and fourteen dishes of
confectionery, including ‘kab ghazal,’ or gazelle hoofs, little cakes of
that form, from which they take their name, made of pastry thickly
iced and filled with a concoction of almonds.
A pleasant preparation of unripe figs, much resembling chutney,
was served with the stewed lamb.
The only beverage was water, slightly flavoured with musk and
essence of citron flowers.
Of this menu the turkey, the fricassées of chicken and the dry
siksu, were pronounced excellent, but some of the other dishes were
horrible concoctions.
The servants reported afterwards that as many dishes as had
been served remained outside untasted; but that the steward,
observing how little was eaten, promptly brought the banquet to a
close and produced coffee, well made, but curiously flavoured. After
dinner the ladies were invited to visit the harem, whither Sid Musa
proceeded to conduct them. Through the horseshoe arch of the
entrance showed a large court planted with orange-trees, illuminated
by the full moon and by numerous lanterns held by black slave girls.
Here, picturesquely grouped, the gorgeously apparelled ladies of the
harem awaited them. A stream of dazzling light from a room on one
side of the court played on the glittering jewels with which they were
loaded, producing altogether quite a theatrical effect.
The courteous, gentle manners of these Moorish ladies and their
soft voices were very attractive. The coloured women were even
more remarkable on this score than the white, who were probably
wives of inferior caste married to Sid Musa before he rose to his
present position of rank and importance, for the ‘Hajib’ was a mulatto
—one of the Bokhári, previously alluded to.
In connection with these Bokhári, their rise and fall, the following
tale was often related by Sir John:—
‘In the days of Mulai Sliman one of the Bokhári had risen, through
his merits and by the favour of his lord, to be Master of the Horse, a
much coveted post at the Court, as it conferred great dignity and
ample emoluments on the holder. Accordingly, in the course of time,
he amassed great wealth and possessed much property and many
wives and slaves.
‘Unfortunately, in an evil hour, he one day gave cause of offence
to his Royal Master, traduced possibly by others who were jealous of
his influence and the favour hitherto shown him; or, perhaps,
forgetful of his rôle as a courtier, he spoke his mind too freely at an
inopportune moment. Whatever the cause, the angry Sultan roundly
abused him, dismissed him from his post as Master of the Horse,
and ordered him to be gone from his presence.
‘Bending low, the Bokhári replied, “Your will, my Lord. May God
preserve the life of the Sultan,” and retired.
‘The following Friday, as the Sultan rode back to the palace from
the chief mosque, whither he had gone in state to take part in the
public prayers at midday, he observed a tall Bokhári sweeping the
courtyard and steps leading to the palace. Struck by his appearance,
the Sultan ordered the man to approach, inquiring who he was;
when, to his Majesty’s surprise, he discovered in the humble
sweeper his late Master of the Horse.
‘“What do you here?” asked the Sultan.
‘Prostrating himself in the dust, the Bokhári exclaimed, “I am my
Lord’s slave! Since the Sultan—whose life may God prolong!—has
dismissed me from my post of honour about his person, I am only fit
to undertake the duties of the lowest of my fellows.”
‘Needless to add, the wily courtier recovered the favour of the
Sultan and was reinstated in his post.’
One afternoon was devoted to returning the visits of the various

dignitaries, and amongst others that of the Uzir Sid Dris Ben Yamáni,
a Minister without a portfolio, as Sid Musa had usurped his functions.
At the gateway of the Uzir’s house the visitors dismounted, and
were conducted by a black slave through a pretty garden, by paths
paved with coloured tiles and shaded by vines on trellises. At the
end of a long path a scene was presented which had evidently been
carefully prepared for the occasion.
In a small ‘kubba,’ seated on a chair, was the Uzir, apparently
deeply engrossed in reading a pile of letters and documents which
lay open on another chair before him. A female slave stood in the
background, with bent head and folded hands. Sir John approached,
but the Uzir continued his occupation, as if too deeply engrossed to
hear or see any one. Not till the party were quite near him did he
start from his seat, as if taken unawares, to receive Sir John and bid
him and all welcome; then directing the slave to remove the
documents with care, he led the way to a prettily furnished room
looking on a small court.
The last visit was to the Governor of the city, who received Sir
John at the door of his dwelling. He was a handsome young man,
scarcely past boyhood, with a decided—but cruel—expression. His
father, Ben Dawud, the late Governor, who had died only a few
weeks previously, was detested by the populace, whom he cruelly
oppressed. It was generally believed that Ben Dawud had been
poisoned, by order of the Sultan.
The young Basha took Sir John by the hand and led him across
the courtyard to a ‘kubba,’ furnished with tables and chairs, whence
was perceived—with dismay—preparations for a feast in an opposite
room. The young man, who seemed shy, was much relieved when
Sir John inquired what sort of a garden he had, and immediately led
the way to another very large square court. On two sides of it were
rooms; the exquisitely chiselled archway of a fountain occupied the
third, and the fourth contained a beautiful little alcove, where the
Kaid of our guard and the escort were seated enjoying tea. The floor
of this court shone like ice, and was as white, smooth, and slippery.
The boy-Governor explained that it was composed of a fine white
clay found near Marákesh.
While in this garden, so called from the orange-trees, flowering
shrubs, roses and jasmine which adorned it, Sir John asked whether
the painted ceilings and doors were the work of natives of the city.
The Governor replied that what they saw was ancient, and, at a hint
from his secretary, he offered to show them some rooms he was
adding to the house, also the view from the flat roof. Up narrow and
steep stairs they climbed to various unfinished chambers, the
ceilings of which did honour to the modern artists of Marákesh.
Then, after a scramble, they reached the terrace over these rooms,
which, being higher than the surrounding buildings, afforded us a
lovely view of the whole city and the country around, the effect
greatly enhanced by the deep red glow in the west, left by the setting
sun, that seemed to set the graceful palms on fire as they stood out
against the beautiful Atlas Mountains, whose snowy ranges glowed
in varying tints of rose and purple.
On descending the visitors were conducted to the banquet
prepared for them and, with the best grace they could assume,
submitted to their fate.
On April 23 Sir John had a final private audience of the Sultan, to
take leave. An account of this, his last interview with Sultan Sid
Mohammed, was written by Sir John as follows:—
The Sultan received me in a ‘kubba,’ where he was seated on a
divan. As I approached, His Majesty, motioning me to a gilt arm-
chair, placed close to the divan, requested me to be seated; he then
dismissed the chamberlains and other attendants. Thus we were
alone.
After a friendly conversation and thanking the Sultan for the
hospitality and attention received during my stay at the Court, I said,
‘With Your Majesty’s permission, I am about to put a strange query.’
‘Kol’—‘Say on,’ said the Sultan, ‘for I know, whatever you say,
yours will be the words of a true friend, as you have ever been.’
‘Then,’ I continued, ‘I beg to know whether Your Majesty would
desire to listen to the language of flattery, to words that will give you
joy and pleasure, to expressions of satisfaction and admiration of all
I have seen and learnt during my long residence in Your Majesty’s
dominions; or whether Your Majesty would elect that I should speak
out the truth and make known, without reserve, that which may give
Your Majesty pain, distress, and even, it may be feared, offence?’
The Sultan, looking very grave, replied, ‘This is the first time in my
life that I have been asked by any man whether I would choose to
hear what might give me pain, or even offence, or to listen to that
which may please or flatter me. I select the former.’
I bowed and said, ‘Before I proceed further, will you graciously
promise not to take offence at the language I am about to hold, and
that I shall not lose Your Majesty’s good opinion and friendship
through rashness of speech?’
The Sultan repeated, ‘Say on. You have been, are, and will ever
remain a true friend.’
‘I will premise,’ I then said, ‘by declaring that the administration of
the Government in Morocco is the worst in the world.’ The Sultan
looked startled and frowned. ‘The present system and form of
government were not introduced by Your Majesty—nor indeed by
your sire or grandsire—and therefore Your Majesty is not responsible
for the wretched impoverished state of this fine country and of the
population over which Your Majesty reigns. The form of Government
was inherited from your forefathers. After their withdrawal from Spain
—where, for centuries, they had led the van of the world in art,
science, literature and agriculture—they set aside, on their return to
the “Moghreb,” the just laws and administration of Government which
had made them the grand people they were, and—I will add—might
become again. Their descendants inherit the same blood, bone, and
brain; therefore it is to be inferred that, under a just Government,
with security of life and property, the Moorish people might again rise
and become, as their ancestors were, one of the richest and most
powerful nations in the world.
‘At the present time the Government of Morocco is like a
community of fishes. The giant fish feed upon those that are small,
the smaller upon the least, and these again feed on the worms. In
like manner—the Uzir and other dignitaries of the Court, who receive
no salaries, depend for their livelihood upon speculation, trickery,
corruption, and the money they extort from the Bashas of provinces
and other Governors.
‘The Bashas likewise are enriched through peculation from tithes
and taxes and extortion from Sheikhs, wealthy farmers, and traders.
A man that becomes rich is treated as a criminal. Neither his life,
property, nor family are secure.
‘Sheikhs and other subordinate officials subsist upon what they
can extort from the farmers and peasantry.
‘Then again, even the gaolers, who are not paid, gain their
livelihood by extorting money from the prisoners, who, when they are
paupers, are taught to make strong baskets, which are sold by the
gaolers chiefly for their own benefit.
‘How can a country—how can a people—prosper under such a
form of Government?
‘The tribes are in a constant state of rebellion against their
Bashas. When the Sultan resides in his northern capital of Fas, the
southern tribes rebel; and when he marches South to the city of
Marákesh, eating up the rebels and confiscating their property, the
northern tribes rebel. The armies of the Sultan, like locusts, are
constantly on the move ravaging the country—to quell revolt.
‘Agriculture is destroyed. The farmers and peasantry only grow
sufficient grain for their own requirements, and rich lands are allowed
to lie fallow because the farmers know the crops would be plundered
by the Bashas and Sheikhs. Thus it happens also with the cattle and
horses; breeding is checked, since the man who may become rich
through his industry is treated as a criminal and all his possessions
are taken from him. As in the fable, the goose is killed to get the
golden eggs.
‘With dominions as extensive as those of Spain or France, with a
rich soil which can produce all that can be grown in Europe, Morocco
is poor and weak—even compared with the lesser nations like
Denmark or Holland, which kingdoms do not possess a third of the
land Morocco has; while, half the year, the ground in these Northern
countries is covered with snow and ice. Yet they have revenues
tenfold that of Morocco, highly disciplined armies, and formidable
navies: they have roads, bridges, railroads, with cities and towns
containing palaces, handsome well-paved streets lit by gas, and
other modern improvements, such as are to be seen in the largest
capitals of the world. The just administration of the laws and security
of life and property have produced this state of welfare, and the
people are content and happy and do not rebel. The wealth of these
countries is always on the increase. No Sovereign, Minister,
Governor, or other high official can take from any man a stiver of
money, or an inch of land. Every officer employed by the Sovereign
is paid, and therefore does not depend for his livelihood, as in
Morocco, upon peculation, extortion, bribery and corruption.’
The Sultan here remarked that his subjects were an ignorant and
lawless people, quite unfit to be governed in the lenient manner I had
described; that unless they were treated with the greatest severity
and were not allowed to enrich themselves, they would show a more
rebellious spirit than they do even at the present time. A lenient
administration, he repeated, was not suited to the wild races of
Morocco.
To this I replied, ‘At Your Majesty’s request, I applied in past years
to the British Government for permission to allow two hundred of
Your Majesty’s subjects to be sent to Gibraltar, for the purpose of
being instructed in the drill and discipline of the British foot-soldier.
The British Government acceded to Your Majesty’s request; a body
of two hundred Moors was sent to Gibraltar and remained there
between two and three years, the men being occasionally changed
as they acquired a knowledge of drill. I wish to know whether Your
Majesty selected these men from a superior, educated class, who
had the reputation of being orderly and intelligent, or whether they
were chosen after inquiry into their intelligence, past character, and
behaviour?’
The Sultan replied, ‘No; the men were selected at random from
various tribes, so that there might be no ground for jealousy.’
‘Well,’ I said, ‘two hundred Moors remained for nearly three years
at Gibraltar. They had good clothing given them, and a quarter of a
dollar (a shilling) a day was allowed each man by Your Majesty. The
British Government gave them tents to live in. During the time they
were stationed in Her Majesty’s garrison there were only two cases
in the police court against them for dissolute conduct. Colonel
Cameron, under whose superintendence they were placed, said they
learnt their drill as quickly and well as Englishmen. They were sober,
steady, and attentive to their duties. (“With 20,000 such men I could
march to Madrid to-morrow,” said the Colonel.) This tends to show
that Your Majesty’s subjects, living under a just and humane
Government, having, as these had, proper provision made for their
livelihood, are not a lawless or even disorderly people, and that they
are capable of being transformed, under a good Government, into
the grand warriors which their ancestors were in Spain.’
The Sultan smiled, and said, ‘“Hak”—True. Your arguments are
certainly convincing. Point out the remedy. Select the man from
amongst my Wazára (viziers), or other officers of the Court, on whom
you think I could depend to introduce a new form of administration. I
believe,’ he continued, ‘that if I were to tell my Wazára that, for the
future, I should allot them and other officers of the Court salaries,
and put a stop to bribery and peculation, they would be the first to
rebel against my authority and to oppose any change in the
administration.’
I replied, ‘I know not the Uzir, or other persons in authority, whom I
could suggest should be employed to aid in carrying out a reform in
the Government. Your Majesty—like the late Sultan Mahmud of
Turkey and the great Khedive of Egypt, Mehemet Ali—will have
yourself to take the sword in one hand and the balance of Justice in
the other.
‘Make an example of any man who dares to oppose Your
Majesty’s will and determination to improve the state of your
subjects. The latter, when they learn Your Majesty’s desire for their
welfare, will rise in a body to support you in getting rid of the tyrants,
who are now grinding them into dust and squeezing out their life-
blood.
‘In the cause of humanity and to save the lives of thousands of
men, women and children, now impoverished and starved by a cruel
system of extortion, Your Majesty will have to act with great severity
and make a manifest example of some of the Uzirs and Bashas, thus
striking terror into the hearts of other dignitaries of your Court, who
may be inclined to oppose your reforms.
‘Can I speak out,’ I then asked, ‘without risk of my words being
publicly reported?’
‘Speak,’ said the Sultan; ‘what passes now between us shall be
kept secret.’
‘If,’ I then continued, ‘I were chief Uzir and elected by Your
Majesty to carry out the proposed reforms, I should probably cause
more heads to fall in a month than have been cut off during the
whole of Your Majesty’s reign, and still I should feel that I was acting
humanely by saving the lives and property of the innocent, and
promoting the welfare and happiness of the millions over whom Your
Majesty reigns. A cancerous disease can only be arrested by the
knife, in the hands of a skilful and humane surgeon. But publish to
the world that I have held such language, and the so-called
humanitarians of my country would demand my recall as British
Minister in Morocco.’
‘Prepare for me,’ said the Sultan, ‘a secret memorandum on the
form of Government you would propose, the salaries to be paid to
the Uzir and chief officers of my Court, to Bashas and other officials
in the provinces. I will take it into consideration and commence
gradually to introduce reforms in the administration of the
Government of the provinces; and then I shall, in due course,
introduce reform also at the Court by the payment of the Uzir, &c.,
and punish severely peculation or corrupt practices.’
I gave the Sultan a rough outline of the first steps that should be
taken by payment of Governors and other functionaries to collect
taxes and tithes—to be paid direct into the Treasury, and not through
the Governors—recommending that receipts should be delivered to
all persons who paid taxes, &c., and that these collectors should also
be empowered to take all fines, imposed by Governors or Sheikhs
on criminals, and pay them into the Treasury, which would tend to
check the rapacity and injustice of Governors in imposing heavy and
unjust fines, which at the present time they appropriate to their own
use.
I reminded the Sultan that it was at my suggestion, when the
Convention of Commerce of 1856 was concluded, that the salaries
of the Customs Officers were greatly increased and, at the same
time, steps taken to prevent the wholesale robbery of the receipts of
Custom; and that he, the Sultan, had told me that, since my advice
had been followed, the revenues derived from the Customs had
greatly increased.
The Sultan said, ‘Yes, I remember, and also that I have said that
since the conclusion of the Convention of 1856 with Great Britain,
though we pay half the revenues of Customs to Spain on account of
the war debt, and a quarter, on account of a loan received, to Great
Britain, yet the amount of revenue paid into the Treasury at the
present time is greater than before the conclusion of that
Convention, and the trade of Morocco with England and other
countries has trebled in value.’
· · · · · ·
‘The day after this conversation with the Sultan,’ writes Sir John, ‘I
left Marákesh. The camp was to be pitched about twelve miles from
the city, and we started early in the morning. About an hour later, one
of the escort, looking back, exclaimed, ‘I see a horseman coming
along the plain at full gallop. I should think he is a messenger from
the Court.’ And thus it proved.
‘I have been dispatched,’ said the breathless horseman, ‘by the
Uzir, Sid Mohammed Ben Nis (the Minister of Finance) and the
Sheríf Bakáli, who have been ordered by the Sultan to convey to
Your Excellency a message from our Lord; and they wish to know
whether they are to continue their journey to the camp or whether
you might be disposed to await their arrival on the road?’
‘See,’ I replied, ‘there is a fig-tree near the road, I will sit beneath it
and await the Uzir and the Sheríf: go back and tell them so.’
Sending on the rest of the party, I, with one of my daughters and
two of the escort, awaited the functionaries, who arrived about a
quarter of an hour after I was seated.
Ben Nis began the conversation as follows:—
‘This morning I was sent for by the Sultan, who ordered me to
convey to you the following message:—His Majesty said he had not
slept all night, but lay awake pondering over all you had said to him;
that he feels more convinced than ever that you are a true friend of
himself and his people, and, I am desired to add, His Majesty thanks
you.’
I replied, ‘Convey to His Majesty the expression of my gratitude
for having deigned to dispatch such high functionaries with the very
flattering message you have now delivered. It is a great consolation,
for I learn thereby that His Majesty is satisfied that what I have said
was solely prompted by feelings of good-will and friendship.’
Ben Nis remarked, ‘The Sultan was in such a hurry to dispatch us
that he had not time to tell us the language you had held to His
Majesty, and which had prevented him from sleeping, so I shall feel
obliged if you will communicate it to me.’
‘It would not,’ I replied, ‘be regular or proper that I should make
known to any one, without the Sultan’s consent, the confidential
communication I have had the honour of making to His Majesty. Go
back, and say such was my reply to your request, and you can then
ask His Majesty, if you please, the purport of our conversation.’
Ben Nis looked sullen and angry, but the Sheríf smiled and said,
‘The Bashador is right. It is for the Sultan to tell us, if he will.’
Ben Nis then observed, ‘The reason why I am very anxious to
know what passed yesterday is, that after your long private
audience, the Sultan gave orders that all the Wazára and chief
officers of the Court, as also the Bashas of provinces who happen to
be at Marákesh, should assemble in the Meshwa (Court of
Audience).
‘When we were all assembled, His Majesty appeared and
addressed us thus:—
‘“You are all a set of thieves and robbers, who live by peculation,
bribery, corruption and plunder. Go away!”
‘All present at the Meshwa therefore drew the conclusion that the
language you may have held had caused His Majesty to thus
harangue us.’
To this I replied, ‘Go, as I said before, and ask His Majesty to tell
you of the language I held to him. I cannot and shall not do so.’
The return journey from Marákesh to Mogador afforded no new

features of special interest. On May 2 the sea was reached. Miss
Hay describes her father’s entry in her diary:—
‘We were met by the Lieutenant-Governor of the province of Haha
and a large body of horse, who after the usual salutations formed up
in our rear. Again another body of mounted men appeared, led by
the Governor of Haha in person. As the latter advanced to greet Sir
John, a number of horsemen, who had been concealed on the road
in front, dashed forward at a gallop and passed us, firing. This
startling form of salute was intended to convey a compliment.
‘Next came the Governor of the town with another troop of horse
and personally attended by a number of running footmen. Drawn up
on one side of the road was a long irregular line of wild mountaineers
on foot, all armed with long guns and handsome daggers, their blue
and white jelabs kilted short—so as not to impede their movements
—by means of gay leather belts, and bedizened with many and gay
leather pouches and bags.
‘Before these mountaineers stood a tall old man playing on a reed
flute, a sweet and harmonious, though scarcely a warlike instrument,
but a great favourite with all the native mountain tribes. The various
troops of horse having fallen in, the open plain presented a beautiful
and animated sight. Flying either past or to meet us, came every
moment the charging troopers in their brilliant flowing drapery, firing
when close to Sir John. In front of us moved the mountaineers, also
firing as they performed the different and curious gun-dances of their
tribes; or, if natives of Sus, twirling and throwing their loaded guns
and naked daggers high in the air to catch them as they fell.
‘The whole town had turned out to see the show, and when we
came within sight of the walls, the batteries fired a salute, to which
responded the joyous “zagharit” of the women who thronged
beneath the walls.
‘During this ceremonious entry a curious incident occurred. One of
the escort cried ‘Jackal!’ and, slinking along before us, we saw one
of these beasts hurrying away. In a moment, dignity and etiquette
were forgotten, and Sir John, followed by all the riders of our party
and a number of the troopers, dashed in pursuit. They followed till
the jackal reached a hollow among the sands, where the Moors
pulled up, saying there was a quicksand at the bottom which would
bear a jackal but not a horseman.
‘Beneath the walls, Sir John was received by the civil
functionaries, mounted, as became men of peace, on sleek mules.
The crowd was now so dense that the escort had to force a passage
through the people to enable us to enter the town gates, which were
shut immediately after, to keep back the rabble for a time. The
terraces and balconies of the houses were crowded, principally with
Jewesses attired in all the splendour of their rich native dress. We
rode to the Consulate, where we stayed the night, and next day re-
embarked on board H.M.S. Lively.
‘It was Sir John’s intention to call at some of the ports on his
return voyage, and Saffi—more correctly E’Sfi, or “the pure”—was
the first to be visited.
‘Off this port we arrived early the following day in fine weather,
though a heavy sea was rolling on to the shore from the Atlantic. The
landing however was effected without difficulty, in spite of the rocks
which beset the entrance to the little port. On these rocks men were
stationed who directed the boat’s course, by shouts and signs,
through the narrow passage, and warned them when to pause and
when to take advantage of a lull between two high waves.
‘Sir John met with a cordial reception from the authorities, and a
banquet was offered to the Mission by the British Vice-Consul and
residents; but just as the party had seated themselves at table to
enjoy their kindly hospitality, a messenger arrived in haste to say the
sea was rising, and, if we wished to regain the ship, not a moment
must be lost. The result was a hurried flight to the beach, where two
large surf-boats, manned by natives, were prepared. Into these the
party were stowed, each person having first been provided with a
life-belt by a kind resident, though had any accident occurred, the
life-belts could only have floated bruised and mangled bodies
ashore, so numerous and cruel were the rocks on all sides. The bar
continued to rise, and the authorities and residents tried to dissuade
Sir John from attempting to cross; but he, knowing what a long
detention might follow, and never inclined to brook the least delay,
decided on an immediate start. Extra scouts were stationed on the
rocks. The steersmen, both old men, with keen grave faces and
flowing white beards, took their places in the boats. The rowers,
twelve to each boat, stood to their short sweeps, each with a foot on
the bench before him, the passengers crouching quietly at the
bottom of the boats. The chief of the scouts from his post, on a
pinnacle of rock which commanded the perilous and tortuous
passage through the bar, raised his arms to Heaven and prayed
aloud for Divine aid and blessing, the crowd and rowers listening in
devout silence and at the close of the invocation joining heartily in
the final “Amín.” Then at a signal we started. Each immense breaker
threatened to swamp us, yet we rose and fell safely on the great
waves while struggling nearer to the narrow dangerous passage
through the rocks, yet holding back and waiting for the signal to
pass, while from the shore rose the cries of the crowd appealing to
God and “Sidna Aisa” (Our Lord Jesu) to help and protect us. At last
the signal was given, and, like a flash, the first boat passed through
and was safe in the open before another great breaker thundered in.
The second boat followed a few minutes later, and when clear of the
bar the rowers of each boat, raising their hands to Heaven in a
solemn “fatha,” thanked God and Sidna Aisa for help in the hour of
need.
‘As the sea was so high it was judged useless to attempt to cross
the bar at Rabát, and the Lively returned direct to Tangier.’
CHAPTER XX.
ASCENT OF THE ATLAS MOUNTAINS.
After his return from the Mission to Marákesh, which has been
described in the previous chapter, Sir John, writing to Sir Henry
Layard on May 24, 1873, gives an epitome of his labours at the
Court, and refers to the expeditions undertaken to the Atlas
Mountains during his travels.
‘We returned,’ he says, ‘from our travels on the 8th inst. in better health than
when we started. The weather was cool, and no rain fell to stop our march except
on one day.
‘I had no instructions from the Foreign Office except to deliver my new
credentials; but I took advantage, of course, of my visit to the Court to place our
relations on a better footing, and I flatter myself I have succeeded, as I have
settled, or put in the proper groove for settlement, a host of pending claims and
grievances.
‘Tissot was at the Court at the same time as myself, and we marched hand in
hand in all questions affecting common interests, or, as Tissot described the
position of the Moorish Government, like that of a wild boar with a hound hanging
on each ear. The Moors were astonished to find the French and British
Representatives in perfect union and showing no signs of petty jealousy about
etiquette in forms; in fact, we took our precautions of warning Moorish and our own
officials that we insisted upon no attention being shown or form observed to one or
the other which differed.
‘The Sultan and his Ministers were most courteous and hospitable. Nothing
could be more pleasing than His Majesty’s manner and language to myself in a
private audience. He conversed with great good sense, but he declared his policy
to be conservative in the strictest sense of the word.
‘In reply to the proposals made by Tissot and myself for various reforms and
improvements, His Majesty said to me, “We and thou understand very well that all
you suggest is very excellent, and might be most beneficial in developing the
resources of our dominions; but the eminent men (Ulama, &c.) do not desire that
we should introduce the innovations of Europe into this land, nor conform
ourselves with Christian usages. We made certain promises on our accession to
the throne, and unless my councillors alter their views, we cannot, without
endangering our position.” When I alluded to Turkey and Egypt, he intimated that
those Governments had no doubt increased in power and wealth, but that their
independence was shaken.
‘Tissot received a telegram from his Government regarding some frontier
conflict near Taza, stating that a large force had been sent by the Governor of
Algeria to enter Morocco and chastise the predatory tribes. Thiers stopped the
march of the force, until Tissot could be referred to. He has arranged all matters
satisfactorily with the Sultan, to whom he brought the “Grand Cordon of the Legion
of Honour.” . . .
‘Whilst the Sultan was digesting my memoranda on various affairs, we made an
expedition to the slopes of the Atlas. My son reached the snow, but was obliged to
beat a rapid retreat, as the mountaineers were in revolt against the Sultan. The
Shloh tribes of the Atlas, who were submissive to the Sultan, were most kind and
hospitable to us. They gave us all a hearty welcome, and I was delighted on
finding that I was known to all these wild fellows as being a friend to the Moors and
“a just man.” The valleys of the Atlas are very beautiful and fertile. The inhabitants
live in two-storied houses, something like the Swiss, only very rude in form. They
are a far superior race to their conquerors, the Arabs.’
As this letter shows, the hope which Sir John had entertained of
returning with the Mission through the Atlas mountains and thence to
Mogador was not completely fulfilled, as a rising of the tribes in that
district rendered the expedition unsafe. Sid Musa however
suggested that before leaving Marákesh, an expedition of a few days
might be organised to visit ‘Uríka,’ on the slope of the Atlas nearest
to the city. This was arranged, and on the morning of April 17 the
party left Marákesh by the beautiful Bab el Mahsen, or Government
gate, the fine old arch of which, built of red stone engraved with
Arabic inscriptions, is said to have been brought by the Moors from
Spain,—an improbable legend founded on the fact that Jeber was
the architect. The narrative is given from Miss Hay’s Diary.
‘As we passed the Sultan’s palace, which, by the way, is said to
contain a female population amounting to a thousand women (of all
colours!), the standard-bearer lowered the banner as a mark of
respect. This salute was also accorded when passing the tombs of
“saléhin,” or holy men.
‘On this trip, as also on the subsequent return journey to Mogador,
the usual red banner that precedes an envoy was replaced by a
green one. This latter is the emblem of the Sultan’s spiritual
authority, and there was a peculiar significance and compliment in its
being sent to precede the Representative of Great Britain and of a
Christian Sovereign. The Sultan also sent his own stirrup-holder, a
fine old Bokhári, to attend Sir John, as he would his Royal Master, an
office which the noble old man punctiliously fulfilled. He was always
near Sir John’s person, prepared to alight and hold his stirrup when
required, as he was wont to do for the Sultan. The old man had
many a quaint tale to relate, and Sir John would sometimes summon
him to his side and encourage him to talk of his recollections and
experiences.
‘The valley of the Atlas, whither we were bound, was in sight due
South. Our way at first lay across the plain and along the line of deep
and dangerous pits that mark the track of the aqueduct which
supplies Marákesh with water, said to come from the hills thirty miles
distant. These pits are about twenty feet in diameter and of equal
depth, and one of our party had a narrow escape one day, during a
wild and general race across the plain, riding nearly directly into one
of these chasms concealed by long grass. Fortunately the clever
little Barb swerved, and, jumping, cleared the pit to one side.
‘Tradition states that formerly, in remote times, an aqueduct
brought water underground direct from the Atlas to the city. This
became blocked and damaged, but could not be repaired or cleared
owing to its great depth below the surface. Therefore one of the
ancient rulers, to collect the water it supplied, made great wells or
reservoirs some fifteen miles from Marákesh, and closed all the
fountains and springs in their vicinity. From these the present water
supply was brought to the city, and originally flowed in through four
hundred canals or aqueducts. These, Arabian historians relate, were
the work of 20,000 Christian captives.

Textbook Ebook Principles of Incident Response Disaster Recovery Mindtap Course List 3Rd Edition Michael E Whitman Herbert J Mattord All Chapter PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Textbook Ebook Principles of Incident Response Disaster Recovery Mindtap Course List 3Rd Edition Michael E Whitman Herbert J Mattord All Chapter PDF

Uploaded by

Copyright:

Available Formats

Principles of Incident Response &

Disaster Recovery (MindTap Course

Australia • Brazil • Canada • Mexico • Singapore • United Kingdom • United States

Product Team Manager: Kristin McNary

Director, Learning Design: Rebecca von Gillern

Learning Designer: Mary Clyne Library of Congress Control Number: 2020917514

Vice President, Marketing – Science,

MODULE 4 Special Circumstances in CSIRT Development

IDPS Terminology 183 REVIEW QUESTIONS 243

IDPS Types 189 REFERENCES 244

IR Reaction Strategies 214 REAL-WORLD EXERCISES 274

Disaster Recovery Planning Implementing the BC Plan 325

State Agencies 357 MODULE SUMMARY 370

Succession Planning 363 REFERENCES 373

The goal of the program is to reduce vulnerability in our national information

New to This Edition

❍❍ Create multiple test versions in an instant.

❍❍ Download resources such as instructional videos and labs.

❍❍ See up-to-date news, videos, and articles.

❍❍ Read author blogs.

❍❍ Listen to podcasts on the latest information security topics.

• Paul Witman, California Lutheran University

• Danielle Klahr, Associate Product Manager

• Bernstein Crisis Management

• Institute for Crisis Management

AN OVERVIEW OF INFORMATION SECURITY

One afternoon was devoted to returning the visits of the various

The return journey from Marákesh to Mogador afforded no new

ASCENT OF THE ATLAS MOUNTAINS.

You might also like