Textbook Management of Information Security 6Th Edition Michael E Whitman Ebook All Chapter PDF

Management of Information Security
6th Edition Michael E. Whitman

Visit to download the full and correct content document:
https://textbookfull.com/product/management-of-information-security-6th-edition-mich
ael-e-whitman/
More products digital (pdf, epub, mobi) instant
download maybe you interests ...
Principles of Information Security 6th Edition Whitman
https://textbookfull.com/product/principles-of-information-
security-6th-edition-whitman/
Quantitative analysis for management Thirteenth Edition

Michael E. Hanna
https://textbookfull.com/product/quantitative-analysis-for-
management-thirteenth-edition-michael-e-hanna/
New Techniques for Management of Inoperable Gliomas 1st

Edition Michael E. Sughrue
https://textbookfull.com/product/new-techniques-for-management-
of-inoperable-gliomas-1st-edition-michael-e-sughrue/
Open Source Intelligence Techniques: Resources For

Searching And Analyzing Online Information 6th Edition
Michael Bazzell
https://textbookfull.com/product/open-source-intelligence-
techniques-resources-for-searching-and-analyzing-online-
information-6th-edition-michael-bazzell/
Principles of information security Fifth Edition
Mattord
https://textbookfull.com/product/principles-of-information-
security-fifth-edition-mattord/
Enterprise Content Management, Records Management and

Information Culture Amidst e-Government Development
Proscovia Svärd (Auth.)
https://textbookfull.com/product/enterprise-content-management-
records-management-and-information-culture-amidst-e-government-
development-proscovia-svard-auth/
Armstrong s Handbook of Performance Management An

Evidence Based Guide to Delivering High Performance 6th
Edition Michael Armstrong
https://textbookfull.com/product/armstrong-s-handbook-of-
performance-management-an-evidence-based-guide-to-delivering-
high-performance-6th-edition-michael-armstrong/
Psychological Science 6th Edition Michael Gazzaniga
https://textbookfull.com/product/psychological-science-6th-
edition-michael-gazzaniga/
Fundamentals of information systems security 3rd

Edition Kim
https://textbookfull.com/product/fundamentals-of-information-
systems-security-3rd-edition-kim/
INFORMATION SECURITY
MANAGEMENT OF
Sixth Edition
Michael E. Whitman
Herbert J. Mofford
MANAGEMENT OF
Sixth Edition
Michael E. Whitman
Herbert J. Mattord
Au stralia • Brazil • Mexico • Singapore • Un ited Kingdom • United States
This is an e lectronic version of the print textbook. Due to e lectronic right~ restrictions, some third party content
may be suppressed. Editorial review has deemed that any suppressed content does not materially affect the
overall learning experience. The publisher reserves the right to remove content from this title at any time if
subsequent right~ restrictions require it. For valuable information on pric ing, previous editions, changes to
current editions, and alternate formats, please visit www.cengage.com/highered to search by ISBN#, author,
title, or keyword for materials in your areas of interest.
Impo1tant Notice: Media content referenced within the product description or the product text may not be
available in the eBook version.
Management of Information <O 2019, 2017, 2014, 201 o Cengage Learning, Inc.
Security, Sixth Edit i on Unless otherwise noted, all content is <O (engage.
Michael E. Whitman ,
HerbertJ. Mattor d All RIGHTS RESERVED. No part of this work covered by the copyright
herein may be reproduced or distributed in any form or by any
m eans, except as permitted by U.S. copyright law, without the prior
SVP, GM Skills: Jonathan Lau
written permission of the copyright owner.
Product Director: Lauren Murphy
SOURCE FDR ILLUSTRATIONS: Copyright co (engage.
Product Team Manager: Kristin McNary Screenshots are c.t>Microsoft Corporation unless otherwise noted.
Product Manager: Amy Savino
Product Assistant: Jake Toth For product information and technology assistance, contact us at
Executive Director, Content Design: Cengage Custom er & Sales Su pport, 1·800-354-9706 or
Marah Bellegarde support.cengag e.com .
For permission to use material from this text or product, submit
Director, Learning Design: all requests online at www.cengage.com/permissions.
Leigh Hefferon
Learning Designer: Natalie Onderdonk

library of Congress Control Number: 2018936035
Sr. Marketing Director: M ichele McTighe
Assoc. Marketing Manager: ISBN: 978·1·337-40571·3

Cassie Cloutier
Ceng age
Director, Content Delivery: 20 Channel Center Street
Patty Stephan Boston, MA 02210
USA
Sr. Content Manager:
Brooke Greenhouse Cengage is a leading provider of customized learning solutions with
employees residing in nearly 40 different countries and sales in more
Digltal Delivery Lead: Jim Vaughey than 125 countries around the world. Find your local representative
Senior Designer: Diana H. Graham at www.cengage.com.
Production Service/Composition: (engage products are represented in Canada by Nelson

SPi Global Education, l td.
Cover image: iStockPhoto.com/ To learn more about Cengage platforms and services, visit
ValeryBrozhinsky www.cengage.com .
To register or access your online learning solution or purchase

materials for your course, visit www.cengagebrain.com.
Notice to the Reade r

Publisher does not warrant or guarantee any of the products described herein or perform any independent analysis
in connection with any of the product information contained herein. Publisher does not assume, and expressly
disclaims, any obligation to obtain and include information other than that provided to it by the manufacturer.
The reader is expressly warned to consider and adopt all safety precautions that might be indicated by the activities
described herein and to avoid all potential hazards. By following the instructions contained herein, the reader willingly
assumes all risks in connection with such instructions. The publisher makes no representations or warranties of any
kind, including but not limited to, the warranties of fitness for particular purpose or merchantability, nor are any
such representations implied with respect to the material set forth herein, and the publisher takes no responsibility
with respect to such material. The publisher shall not be liable for any special, consequential, or exemplary damages
resulting. in whole or part, from the readers' use of, or reliance upon, this material.
Printed in the United States of America

Print Nu,n ber: 01 Print Year: 2018
Brief Contents
PREFACE ....................................................................................................... xv
CHAPTER 1
Introduction to the Management of Information Secur ity ..................... 1
CHAPTER2
Compliance: Law and Ethics ...................................................................... 63
CHAPTER3
Governance and Strategic Planning for Security .................................. 123
CHAPTER4
Information Security Policy ..................................................................... 169
CHAPTER 5
Developing the Security Program ........................................................... 219
CHAPTER6
Risk Management: Assess ing Risk .......................................................... 303
CHAPTER 7
Risk Management: Treating Risk ............................................................ 365
CHAPTERS
Security Management Models ................................................................ 411
CHAPTER 9
Security Management Practices ............................................................. 457
CHAPTER 10
Pia nni ng for Contingencies ...................................................................... 497
CHAPTER 11
Security Maintenance .............................................................................. 567
CHAPTER 12
Protection Meehan isms ........................................................................... 619
GLOSSARY .................................................................................................. 683
IND E.X.......................................................................................................... 709
...
Ill
Table of Contents
PREFACE ....................................................................................................... xv
CHAPTER 1
Introduction to the Management
of Information Security........................................................... 1
Introducti on to Security ......................................................................................2
CNSS Security Model ........................................................................................ 5
The Value of Information and the C.I.A. Triad ................................................. 7
Key Concept s of Infor mation Security: Threats and Attacks ....................... 11
The 12 Categories of Threats ............................................................................ 13
Management and Lea dership ..........................................................................45
Behavioral Types of Leaders ........................................................................... 46
Management Characteristics .......................................................................... 47
Governance ..................................................................................................... so
Solving Problems ............................................................................................ so
Principles of Information Security Management .......................................... .52
Planning .......................................................................................................... 53
Policy ............................................................................................................... 54
Programs ......................................................................................................... 55
Protection ........................................................................................................ SS
People .............................................................................................................. SS
Projects ............................................................................................................ SS
Additional Reading ............................................................................................57
Chapter Summary............................................................................................. .57
Review Quest ions ............................................................................................. .58
Exercises ............................................................................................................ .59
Closing Case........................................................................................................60
Discussion Questions ..................................................................................... 60
Ethical Decision Making ................................................................................. 60
Endnotes .............................................................................................................61
CHAPTER2
Compliance: Law and Ethics ................................................. 63
Introduction to Law and Ethics ........................................................................64
Table of Contents
Ethics in lnfoSec .................................................................................................66

Ethics and Education ...................................................................................... 70
Deterring Unethical and Illegal Behavior ....................................................... 72
Professional Organizations and Their Codes of Conduct ............................. 74
Association for Computing Machinery (ACM) ............................................... 74
International Information Systems Security Certificatio n Consortium,
Inc. (!SC)• ..........................................................................................................75
SANS ................................................................................................................75
Informatio n Systems Audit and Control Associatio n (ISACA) ....................... 76
Informatio n Systems Security Association (ISSA) ......................................... 77
Information Security and Law..........................................................................78
Types of Law ................................................................................................... 78
Relevant U.S. Laws .......................................................................................... 79
International Laws and Legal Bodies ............................................................. 95
State and Local Regulations ............................................................................ 97
Standards Versus Law .................................................................................... 101
Policy Versus Law ......................................................................................... 104
Organizational Liability and the Management of Digital Forensics ......... 104
Key Law Enforcement Agencies ....................................................................105
Managing Digital Forensics .......................................................................... 109
Additional Reading ......................................................................................... 117
Chapter Summary........................................................................................... 117
Review Questions ........................................................................................... 118
Exercises .......................................................................................................... 119
Closing Case ..................................................................................................... 120
Discussion Questions ....................................................................................120
Ethical Decision Making ................................................................................120
Endnotes .......................................................................................................... 120
CHAPTER3
Governance and Strategic Planning for Security ............. 123
The Role of Planning....................................................................................... 125
Precursors to Planning................................................................................... 127
Strategic Planning ........................................................................................... 129
Creating a Strategic Plan .................................................................................131
Planning Levels .............................................................................................. 132
Planning and the CISO ................................................................................... 133
Information Security Governance ................................................................ 135
The ITGI Approach to Information Security Governance ............................. 136
NCSP Industry Framework for Information Security Governance ............... 138
Table of Contents vii
CERT Governing for Enterprise Security Implementation ........................... 140

ISO/IEC 27014: 2013 Governance of Information Security .............................. 143
Security Convergence .................................................................................... 145
Planning for Information Security Implementation ................................... 147
Implementing the Security Program using the SecSDLC.............................. 154
Chapter Summary........................................................................................... 164
Exercises .......................................................................................................... 165
Closing Case ..................................................................................................... 166
Discussion Questions .................................................................................... 167
Ethical Decision Making ................................................................................ 167
Endnotes .......................................................................................................... 167
CHAPTER4
Information Security Policy ................................................ 169
Why Policy? ...................................................................................................... 170
Policy, Standards, and Practices .................................................................... 175
Enterprise Information Security Policy ........................................................ 177
Integrating an Organization's Mission and Objectives into the EISP ........... 178
EISP Elements ................................................................................................ 178
Example EISP Elements ................................................................................ 180
Issue-Specific Security Policy ......................................................................... 183
Elements of the ISSP ...................................................................................... 185
Implementing the ISSP .................................................................................. 188
System-Specific Security Policy ..................................................................... 190
Managerial Guidance SysSPs ......................................................................... 191
Technical Specification SysSPs ...................................................................... 192
Guidelines for Effective Policy Development and Implement ation ......... 197
Developing Information Security Policy ....................................................... 197
Policy Distribution .........................................................................................198
Policy Reading ................................................................................................199
Policy Comprehension ...................................................................................199
Policy Compliance ........................................................................................ 200
Policy Enforcement ........................................................................................ 201
Policy Development and Implementation Using the SDLC .......................... 201
Software Support for Policy Administration ................................................ 206
Other Approaches to Information Security Policy Development ................ 207
SP 800-18, Rev. 1: Guide for Developing Security Plans
for Federal Information Systems .................................................................. 209
viii Table of Contents
A Final Note on Policy..................................................................................... 212

Add it ional Reading ......................................................................................... 213
Chapter Summary........................................................................................... 214
Exercises .......................................................................................................... 216
Closing Case ..................................................................................................... 217
Ethical Decisio n Making ................................................................................ 217
Endnotes .......................................................................................................... 218
CHAPTER 5
Developing the Security Program ...................................... 219
Organizing fo r Security .................................................................................. 220
Security in Large Organizations .................................................................... 225
Security in Medium-Sized Organizations ..................................................... 228
Security in Small Organizations .................................................................... 229
Placing Information Security Within an Organization ............................... 230
Components of the Security Program .......................................................... 241
Staffing the Security Function ...................................................................... 244
Informatio n Security Professional Credentials ............................................. 254
Entering the Information Security Profession .............................................. 265
Implementing Security Education, Train ing, and Awareness
(SETA) Programs .............................................................................................. 267
Security Education ........................................................................................ 269
Security Training ........................................................................................... 271
Security Awareness ....................................................................................... 278
Proj ect Management in Information Security ............................................ 286
Projects Versus Processes ............................................................................. 286
Organizatio nal Support for Project Management ........................................ 288
PMBOK Knowledge Areas ............................................................................. 289
Project Management Tools ............................................................................ 292
Chapter Summary........................................................................................... 297
Exercises .......................................................................................................... 299
Closing Case ..................................................................................................... 299
Discussion Questions ................................................................................... 299
Ethical Decisio n Making ............................................................................... 300
Endnotes .......................................................................................................... 300
Table of Contents
CHAPTER 6
Risk Management: Assessing Risk ..................................... 303
Introduction to the Management of Risk
in Information Security .................................................................................. 304
Knowing Yourself and Knowing the Enemy ................................................ 305
The Information Security Risk Management Framework ........................... 305
Roles of Communities of Interest in Managing Risk ................................... 308
Executive Governance and Support ............................................................. 308
Framework Design ......................................................................................... 312
Framework Implementation ......................................................................... 315
Framework Monitoring and Review ............................................................. 315
Continuous Improvement ............................................................................. 316
The Risk Management Process ..................................................................... 316
RM Process Preparation-Establishing the Context ...................................... 317
Risk Assessment: Risk Identification ............................................................ 319
Risk Assessment: Risk Analysis .................................................................... 343
Risk Evaluation .............................................................................................. 355
Risk Treatment/Risk Control .........................................................................359
Process Communications, Monitoring. and Review .....................................359
Chapter Summary........................................................................................... 360
Exercises .......................................................................................................... 361
Closing Case ..................................................................................................... 362
Ethical Decision Making ................................................................................362
Endnotes .......................................................................................................... 363
CHAPTER 7
Risk Management: Treating Risk ....................................... 365
Introduction to Risk Treatment .................................................................... 366
Risk Treatment Strategies ............................................................................. 368
Managing Risk ................................................................................................. 374
Feasibility and Cost -benefit Analysis ............................................................ 379
Other Methods of Establishing Feasibility ....................................................387
Alternatives to Feasibility Analysis .............................................................. 389
Recommended Alternative Risk Treatment Practices ...................................392
Alternative Risk Management Methodologies............................................ 393
The OCTAVE Methods ....................................................................................393
Microsoft Risk Management Approach ........................................................ 394
Table of Contents
FAIR ................................................................................................................ 395

ISO Standards for InfoSec Risk Management ............................................... 397
NIST Risk Management Framework (RMF) .................................................. 399
Other Methods .............................................................................................. 403
Selecting the Best Risk Management Model. ............................................... 404
Chapter Summary........................................................................................... 405
Exercises .......................................................................................................... 407
Closi ng Case ..................................................................................................... 408
Ethical Decision Making ............................................................................... 409
Endnotes .......................................................................................................... 409
CHAPTERS
Security Management Models ............................................ 411
Introduction to Blueprints, Frameworks,
and Security Models ....................................................................................... 412
Secur ity Management Models ...................................................................... 414
The ISO 27000 Series ..................................................................................... 414
NIST Security Publications ........................................................................... 420
Control Objectives for Information and Related Technology ...................... 428
Committee of Sponsoring Organizations ..................................................... 430
Information Technology Infrastructure Library ............................................ 431
Information Security Governance Framework ............................................. 431
Secur ity Architecture Models ........................................................................ 434
TCSEC and the Trusted Computing Base ...................................................... 434
Information Technology System Evaluation Criteria ................................... 437
The Common Criteria .................................................................................... 437
Access Control Models ................................................................................... 438
Categories of Access Controls ....................................................................... 440
Other Forms of Access Control ..................................................................... 446
Academic Access Control Models ................................................................. 447
Bell-LaPadula Confidentiality Mode l ........................................................... 447
Biba Integrity Model ..................................................................................... 448
Clark-Wilson In tegrity Model ....................................................................... 449
Graham-Denning Access Control Model. ..................................................... 450
Harrison-Ruzzo-Ullman Mode l ................................................................... 450
Brewer-Nash Model (Chinese Wall) ............................................................. 450
Table of Contents
Add itional Read ing ......................................................................................... 451

Chapter Summary........................................................................................... 451
Exercises .......................................................................................................... 453
Closing Case ..................................................................................................... 453
Endnotes .......................................................................................................... 454
CHAPTER 9
Security Management Practices ........................................ 457
Introduction to Security Practices ................................................................ 458
Security Employment Practices .................................................................... 459
H1nng ............................................................................................................ 459
Contracts and Employment .......................................................................... 462
Security Expectations in the Performance Evaluation ................................ 462
Termination Issues ....................................................................................... 463
Personnel Security Practices ......................................................................... 464
Security of Personnel and Personal Data ..................................................... 466
Security Considerations for Tem porary Employees,
Consultants, and Other Workers .................................................................. 466
Information Security Performance Measurement ..................................... 468
InfoSec Performance Management .............................................................. 469
Building the Performance Measurement Program ....................................... 471
Specifying InfoSec Measurements ................................................................ 473
Collecting lnfoSec Measurements ................................................................. 473
Implementing InfoSec Performance Measurement ..................................... 478
Reporting InfoSec Performance Measurements .......................................... 479
Benchmarking ................................................................................................. 481
Standards of Due Care/Due Diligence .......................................................... 482
Recommended Security Practices ................................................................ 483
Selecting Recommended Practices ............................................................... 484
Limitations to Benchmarking and Recommended Practices ....................... 485
Baselining ..................................................................................................... 486
Support for Benchmarks and Baselines ....................................................... 487
ISO Certification ............................................................................................ 489
Add itional Reading ......................................................................................... 490
Chapter Summary........................................................................................... 491
xii Table of Contents
Exercises .......................................................................................................... 493

Closing Case ..................................................................................................... 493
Endnotes .......................................................................................................... 494
CHAPTER 10
Planning for Contingencies ................................................. 497
Introduction to Contingency Planning ......................................................... 498
Fundamentals of Contingency Planning ...................................................... 500
Components of Contingency Planning ........................................................ 504
Business Impact Analysis ............................................................................. 506
Contingency Planning Policies ...................................................................... 513
Incident Response .......................................................................................... 513
Getting Started ............................................................................................... 514
Incident Response Policy ............................................................................... 516
Incident Response Planning .......................................................................... 517
Detecting Incidents ........................................................................................ 522
Reacting to Incidents .................................................................................... 526
Recovering from Incidents ........................................................................... 530
Disaster Recovery ........................................................................................... 538
The Disaster Recovery Process ..................................................................... 540
Disaster Recovery Policy ................................................................................ 541
Disaster Classification.................................................................................... 542
Planning to Recover .......................................................................................545
Responding to the Disaster ........................................................................... 546
Simple Disaster Recovery Plan ..................................................................... 546
Business Continuity ........................................................................................ 549
Business Continuity Policy ........................................................................... 550
Continuity Strategies ..................................................................................... 552
Timing and Sequence of CP Elements .......................................................... 554
Crisis Management ......................................................................................... 556
Business Resumption ..................................................................................... 558
Testing Contingency Plans............................................................................. 558
Final Thoughts on CP.................................................................................... 560
Chapter Summary........................................................................................... 561
Table of Contents xiii
Exercises .......................................................................................................... 563

Closing Case ..................................................................................................... 563
Endnotes .......................................................................................................... 564
CHAPTER 11
Security Maintenance ......................................................... 567
Introduction to Security Maintenance ......................................................... 568
Security Management Maintenance Models............................................... 569
NIST SP 800-100, Information Security Handbook:
A Guide for Managers ................................................................................... 569
The Security Maintenance Model ................................................................. 587
Add it ional Read ing ......................................................................................... 614
Chapter Summary........................................................................................... 614
Exercises .......................................................................................................... 616
Closing Case ..................................................................................................... 616
Endnotes .......................................................................................................... 617
CHAPTER 12
Protection Mechanisms ...................................................... 619
Introduction to Protection Mechanisms...................................................... 620
Access Controls and Biometrics .................................................................... 622
Managi ng Network Security .......................................................................... 630
Firewalls ......................................................................................................... 631
Intrusion Detection and Prevention Systems .............................................. 643
Wireless Networking Protection ................................................................... 647
Scanning and Analysis Tools ......................................................................... 651
Managing Server-Based Systems with Logging ............................................ 655
Managing Security for Emerging Technologies ........................................... 660
Cryptography................................................................................................... 662
Encryption Operations ................................................................................. 664
Using Cryptographic Controls ....................................................................... 671
Managing Cryptographic Controls ............................................................... 674
xiv Table of Contents

Chapter Summary........................................................................................... 677
Exercises .......................................................................................................... 679
Closi ng Case ..................................................................................................... 680
Endnot es .......................................................................................................... 681
GLOSSARY .................................................................................................. 683

INDE.X .......................................................................................................... 709
Preface
As global use of the Internet continues to expand, the demand
for and reliance on Internet-based information creates an
increasing expectation of access. Global commerce is reliant
on the Internet, which creates an increasing threat of attacks
on information assets and a need for greater numbers of
professionals capable of protecting those assets. With billions
of Internet users capable of accessing and attacking online
information from anywhere at any time, the threat of an attack
from individuals, criminals, and government entities grows daily.
To secure commerce and information assets from ever-
increasing threats, organizations demand both breadth and depth
of expertise from the next generation of information security
practitioners. These professionals are expected to have an optimal
mix of skills and experiences to secure diverse information
environments. Students of technology must learn to recognize
the threats and vulnerabilities present in existing systems.
They must also learn how to manage the use of information
assets securely and support the goals and objectives of their
organizations through effective information security governance,
risk management, and regulatory compliance.
Why This Text Was Written

This textbook strives to fulfill the need for a quality academic
textbook in the discipline of information security management.
While there are dozens of quality publications on information
security and assurance for the practitioner, few textbooks
provide the student with an in-depth study of information
security management. Specifically, those in disciplines such as
information systems, information technology, computer science,
criminal justice, political science, and accounting information
systems must understand the foundations of the management
of information security and the development of managerial
strategy for information security. The underlying tenet of this
textbook is that information security in th e modern organization
is a management problem and not one that technology alone
can answer; it is a problem that has important economic
consequences and one for which management is accountable.
xvi Preface
Approach
This book provides a managerial approach to information security and a thorough
treatment of the secure administration of information assets. It can be used to support
information security coursework for a variety of technology students, as well as for
technology curricula aimed at business students.
Certified Information Systems Security Professional, Certified Information
Security Manager, and NIST Comm on Bodies of Knowledge- As the authors are
Certified Information Systems Security Professionals {CISSP) and Certified Information
Security Managers {CISM), these knowledge domains have had an influence on the
design of this textbook. With the influence of the extensive library of information
available from the Special Publications collection at the National Institute of Standards
and Technology {NIST, at csrc.nist.gov), the authors have also tapped into additional
government and industry standards for information security management. Although
this textbook is by no means a certification study guide, much of the Common Bodies
of Knowledge for the dominant industry certifications, especially in the area of
management of information security; have been integrated into the text.
Overview
Chapter 1-lntroduction to the Management of Information Security
The opening chapter establishes the foundation for understanding the field of
information security by explaining the importance of information technology and
identifying who is responsible for protecting an organization's information assets.
Students learn the definition and key characteristics of information security, as well as
the differences between information security management and general management.
Chapter 2- Compliance: Law and Ethics

In this chapter, students learn about the legal and regulatory environment and its
relationship to information security. This chapter describes the major national and
international laws that affect the practice of information security, as well as the role of
culture in ethics as it applies to information security professionals. In this edition, the
discussion of digital forensics has been moved to Chapter 2. for better alignment with
the primary subjects being covered.
Chapter 3-Governance and Strategic Planning for Security

This chapter explains the importance of planning and describes the principal
components of organizational planning and the role of information security
governance and planning within the organizational context.
Preface xvii
Chapter 4-lnformation Security Policy

This chapter defines information security policy and describes its central role in a
successful information security program. Industry and government best practices
promote three major types of information security policy; this chapter explains what
goes into each type, and demonstrates how to develop, implement, and maintain
various types of information security policies.
Chapter 5- Developing the Security Program

Chapters explores the various organizational approaches to information security and
explains the functional components of an information security program. Students
learn the complexities of planning and staffing for an organization's information
security department based on the size of the organization and other factors, as well
as how to evaluate th e internal and external factors that influence the activities and
organization of an information security program. This chapter also identifies and
describes th e typical job titles and functions performed in the information security
program, and concludes with an exploration of the creation and management of a
security education, training, and awareness program. This chapter also provides an
overview of project management, a necessary skill in any technology or business
professional's portfolio.
Chapter 6-Risk Management Assessing Risk

This chapter defines risk management and its role in the organization, and
demonstrates how to use risk management techniques to identify and prioritize risk
factors for information assets. The risk management model presented here assesses
risk based on the likelihood of adverse events and the effects on information assets
when events occur. This chapter concludes with a brief discussion of how to document
the results of the risk identification process.
Chapter 7-Risk Management: Treating Risk

This chapter presents essential risk mitigation strategy options and opens the
discussion on controlling risk. Students learn how to identify risk control classification
categories, use existing conceptual frameworks to evaluate risk controls, and formulate
a cost-benefit analysis. They also learn how to maintain and perpetuate risk controls.
Chapter 8- Security Management Models

This chapter describes the components of the dominant information security
management models, including U.S. government and internationally sanctioned
models, and discusses how to customize them for a specific organization's needs.
xviii Preface
Students learn how to implement the fundamental elements of key information

security management practices. Models include NIST, ISO, and a host of specialized
information security research models that help students understand confidentiality
and integrity applications in modem systems.
Chapter 9-Security Management Practices

This chapter describes the fundamentals and emerging trends in information security
management practices and explains how these practices help organizations meet U.S.
and international compliance standards. The chapter contains an expanded section
on security performance measurement and covers concepts of certification and
accreditation of IT systems.
Chapter 10- Planning for Contingencies

This chapter describes and explores the major components of contingency planning
and the need for them in an organization. The chapter illustrates the planning and
development of contingency plans, beginning with the business impact analysis, and
continues through the implementation and testing of contingency plans.
Chapter 11-Security Maintenance

This chapter describes the ongoing technical and administrative evaluation of the
information security program that an organization must perform to maintain the
security of its information systems. This chapter explores ongoing risk analysis,
risk evaluation, and measurement, all of which are part of risk management. It also
explores special considerations needed for the varieties of vulnerability analysis in
modern organizations, from Internet penetration testing to wireless network risk
assessment.
Chapter 12- Protection Mechanisms

This chapter introduces students to the world of technical controls by exploring access
control approaches, including authentication, auth orization, and biometric access
controls, as well as firewalls and th e common approaches to firewall implementation.
It also covers the technical control approaches for dial-up access, intrusion detection
and prevention systems, and cryptography.
Features
Chapt er Scenarios- Each chapter opens with a short vignette that follows the same
fictional company as it encounters various information security issues. The final part
of each chapter is a conclusion to the scenario that also offers questions to stimulate
Pr eface xix
in-class discussion. These questions give the student and the instructor an opportunity
to explore the issues that underlie the content.
View Points- An essay from an information security practitioner or academic is
included in each chapter. These sections provide a range of commentary that illustrate
interesting topics or share personal opinions, giving the student a wider, applied view
on the topics in the text.
Offline Boxes- These highlight interesting topics and detailed technical issues,
allowing the student to delve more deeply into certain topics.
Hands- On Learning- At the end of each chapter, students will find a Chapter
Summary and Review Questions as well as Exercises and Closing Case exercises,
which give them the opportunity to examine the information security arena from an
experiential perspective. Using the Exercises, students can research, analyze, and write
to reinforce learning objectives and deepen their understanding of the text. The Closing
Case exercises require that students use professional judgment, powers of observation,
and elementary research to create solutions for simple information security scenarios.
Additional Reading- Each chapter includes suggestions for reading outside resources
that might augment or extend understanding of one or more aspects of the chapter.
New to This Edition

This sixth edition of Management of Information Security tightens its focus on
the managerial aspects of information security, continues to expand the coverage
of governance and compliance issues, and continues to reduce the coverage of
foundational and technical components. While retaining enough foundational material
to allow reinforcement of key concepts, this edition has fewer technical examples. This
edition also contains updated in -depth discussions and Offline features, and additional
coverage in key managerial areas: risk management, information security governance,
access control models, and information security program assessment and metrics.
The material on personnel management has been consolidated and reorganized.
Personnel placement, staffing, and credentials are now covered in Chapter 5, and
employment practices are discussed in Chapter 9. Digital forensics is now covered
in Chapter 2.
In general, the entire text has been updated and re -organized to reflect changes
in the field, including revisions to sections on national and international laws and
standards, such as the ISO 27000 series, among others. Throughout the text, the
content has been updated, with newer and more relevant examples and discussions.
A complete coverage matrix of the topics in this edition is available to instructors to
enable mapping of the previous coverage to the new structure. Please contact your
sales representative for access to the matrix.
Preface
MindTap
MindTap for Management of Information Security is an online learning solution
designed to help students master the skills they need in today's workforce. Research
shows employers need critical thinkers, troubleshooters, and creative problem-solvers
to stay relevant in our fast-paced, technology-driven world. MindTap helps users
achieve this with assignments and activities that provide hands-on practice, real-life
relevance, and mastery of difficult concepts. Students are guided through assignments
that progress from basic knowledge and understanding to more challenging problems.
All MindTap activities and assignments are tied to learning objectives. The hands-on
exercises provide real-life application and practice. Readings and "Whiteboard Shorts"
support the lecture, while "In the News" assignments encourage students to stay current.
Pre- and post-course assessments allow you to measure how much students have
learned, using analytics and reporting that makes it easy to see where the class stands in
terms of progress, engagement, and completion rates. Use the content and learning path
as-is, or pick and choose how the material will wrap around your own. You control what
the students see and when they see it. Learn more at www.cengage.com/ mindtap/.
Instructor Resources
Free to all instructors who adopt Management of Information Security, 6e, for their
courses is a complete package of instructor resources. These resources are available
from the Cengage Web site, www.cengagebrain.com. Go to the product page for this
book in the online catalog and choose "Instructor Downloads:•
Resources include:
• Instructor's Manual: This manual includes course objectives and additional
information to help your instruction.
• Cengage Learning Testing Powered by Cognero: A flexible, online system that allows
you to import, edit, and manipulate content from the text's test bank or elsewhere,
including your own favorite test questions; create multiple test versions in an
instant; and deliver tests from your LMS, your classroom, or wherever you want.
• PowerPoint Presentations: A set of Microsoft PowerPoint slides is included for
each chapter. These slides are meant to be used as a teaching aid for classroom
presentations, to be made available to students for chapter review, or to be printed
for classroom distribution. Instructors are also at liberty to add their own slides.
• Figure Files: Figure files allow instructors to create their own presentations using
figures taken from the text.
• Appendix: The appendix has been relocated from the bound textbook and
is available for instructor use. It describes methods for evaluating security,
including (1) NIST SP 800- 26, Security Self-Assessment Guide for Information
Technology Systems, (2) ISO 17799: 2005 Overview, (3) The OCTAVE Method of Risk
Management, and (4) the Microsoft Risk Management Approach .
• Lab Exercises: Each chapter includes hands-on exercises designed to reinforce
the theoretical concepts of the corresponding materials. Additional exercises and
labs are available in the MindTap enhanced edition of the textbook.
Preface xxi
• Readings and Cases: Cengage Leaming also produced two texts - Readings and
Cases in the Management of Information Security (!SBN-13: 9780619216276) and
Readings & Cases in Information Security: Law & Ethics (!SBN-13: 9781435441576)-
by the authors, which make excellent companion texts. Contact your Cengage
Learning sales representative for more information.
• Curriculum Model for Programs of Study in Information Security: In addition
to the texts authored by this team, a curriculum model for programs of study
in Information Security and Assurance is available from the Kennesaw State
University Center for Information Security Education (http://infosec.kennesaw
.edu). This document provides details on designing and implementing security
coursework and curricula in academic institutions, as well as guidance and
lessons learned from the auth ors' perspective.
Author Team
Michael Whitman and Herbert Mattord have jointly developed this textbook to merge
knowledge from the world of academic study with practical experience from the
business world.
Michael Whitman, Ph.D., CISM, CISSP is a Professor of Information Security in
the Information Systems Department, Coles College of Business at Kennesaw
State University, Kennesaw, Georgia, where he is also the Executive Director of
the Center for Information Security Education (infosec.kennesaw.edu). He and
Herbert Mattord are th e authors of Principles of Information Security; Principles of
Incident Response and Disaster Recovery; Readings and Cases in the Management of
Information Security; Readings & Cases in Information Security: Law & Ethics; Guide
to Firewall and VPNs; Guide to Network Security; Roadmap to the Management of
Information Security; and Hands- On Information Security Lab Manual, all from
Cengage Learning. Dr. Whitman is an active researcher in Information Security
policy and planning and in Ethical Computing. He currently teaches graduate and
undergraduate courses in Information Security. He has published articles in the top
journals in his field, including Information Systems Research, the Communications
of the ACM, Information and Management, the Journal of International Business
Studies, and th e Journal of Computer Information Systems. He is an active member
of th e Information Systems Security Association, the Association for Computing
Machinery, ISACA, (!SC)', and the Association for Information Systems. Through
his efforts and those of Dr. Mattord, his institution has been recognized by the
Department of Homeland Security and th e National Security Agency as a National
Center of Academic Excellence in Information Assurance Education four times,
most recently in 2015. Dr. Whitman is also th e Editor-in -Chief of th e Journal
of Cybersecurity Education, Research and Practice, and he continually solicits
relevant and well-written articles of interest to faculty teaching and researching
cybersecurity topics for publication. Prior to his employment at Kennesaw State, he
taught at th e University of Nevada, Las Vegas, and served over 13 years as an officer
and soldier in th e U.S. Army.
xxii Pre face
Herbert M atto rd, Ph .D., CISM, CISSP completed years of IT industry experience as
24
an application developer, database administrator, project manager, and information
security practitioner in 2002. He is currently an Associate Professor of Information
Security in the Coles College of Business at Kennesaw State University. He and Michael
Whitman are the authors of Principles of Information Security; Principles of Incident
Response and Disaster Recovery; Readings and Cases in the Management of Information
Security; Guide to Network Security; and Hands -On Information Security Lab Manual,
all from Cengage Learning. During his career as an IT practitioner, Mattord has been an
adjunct professor at Kennesaw State University; Southern Polytechnic State University
in Marietta, Georgia; Austin Community College in Austin, Texas; and Texas State
University, San Marcos. He currently teaches undergraduate courses in Information
Security. He is th e Assistant Chair of the Department of Information Systems and
is also an active member of the Information Systems Security Association and
Information Systems Audit and Control Association. He was formerly the Manager
of Corporate Information Technology Security at Georgia-Pacific Corporation, where
much of the practical knowledge found in this and his earlier textbooks was acquired.
Acknowledgments
The authors would like to thank their families for their support and understanding for
the many hours dedicated to this project- hours taken, in many cases, from family
activities.
Reviewers
We are indebted to the following individuals for their contributions of perceptive
feedback on the initial proposal, the project outline, and the chapter-by-chapter
reviews of the text:
• Paul D. Witman, Ph.D., Associate Professor, Information Technology
Management, California Lutheran University, School of Management, Thousand
Oaks, CA
• Michael Moorman, Ph .D., Professor of Computer Science, Department of
Computer Science and Information Systems, St. Leo University, St. Leo, FL
Special Thanks
The authors wish to thank the Editorial and Production teams at Cengage. Their
diligent and professional efforts greatly enhanced the final product:
Natalie Onderdonk, Learning Designer
Dan Seiter, Developmental Editor
Kristin McNary, Product Team Manager
Amy Savino, Product Manager
Brooke Greenhouse, Senior Content Manager
Preface xxiii
In addition, several professional and commercial organizations and individuals have

aided the development of this textbook by providing information and inspiration, and
the authors wish to acknowledge their contributions:
David Rowan
Charles Cresson Wood
Clearwater Compliance
The View Point authors:
• Henry Bonin
• Lee Imrey
• Robert Hayes and Kathleen Kotwicka
• David Lineman
• Paul D. Witman & Scott Mackelprang
• Alison Gunnels
• George V. Hulme
• Tim Callahan
• Mark Reardon
• Martin Lee
• Karen Scarfone
• Donald "Mac" McCarthy
• Todd E. Tucker
Our Commitment
The authors are committed to serving the needs of the adopters and readers. We
would be pleased and honored to receive feedback on the textbook and its supporting
materials. You can contact us at infosec@kennesaw.edu.
Foreword
By David Rowan, retired Senior Vice President and Director
Technology Risk and Compliance, SunTrust Banks, Inc.
If you are reading this, I want to thank you. Your perusal of this text means you are
interested in a career in Information Security or have actually embarked on one. I am
thanking you because we- and by we I mean all of us- need your help.
You and I live in a world completely enabled, supported by, and allowed by
technology. In almost all practical respects, the things you and I take for granted are
created by our technology. There is technology we see and directly interact with, and
technology we don't see or are only peripherally aware of. For example, the temperature
of my home is monitored and maintained based on a smart thermostat's perception
of my daily habits and preferences. I could check it via the app or wait for an alert via
text message, but I don't- I just assume all is well, confident that I will be informed if
something goes amiss. Besides, I am more interested in reading my personal news feed ....
xxiv Pre face
With respect to technology, we occupy two worlds, one of intent and realized
actions and another of services that simply seem to occur on their own. Both these
worlds are necessary, desirable, growing, and evolving. Also, both these worlds are
profoundly underpinned by one thing: our trust in them to work.
We trust that our phones will work, we trust that we will have electricity, we trust
that our purchases are recorded accurately, we trust th at our streaming services will
have enough bandwidth, we trust that our stock trades and bank transactions are
secure, we trust that our cars will run safely, and I trust that my home will be at the
right temperature when I walk in the door.
The benefits of our trust in technology are immeasurable and hard won. The fact
that we can delegate tasks, share infrastructure, exchange ideas and information, and
buy goods and services almost seamlessly benefits us all. It is good ground worth
defending. However, the inevitable and unfortunate fact is that some among us prey
upon our trust; they will work tirelessly to disrupt, divert, or destroy our intents,
actions, comfort, well-being, information, and whatever else our technology and the
free flow of information offers.
The motives of these actors matter, but regardless of why they threaten what
technology gives us, the actions we take to safeguard it is up to us. That's why I am
glad you are reading this. We need guardians of the trust we place in technology and
the information flow it enables.
I have been in the financial industry for 35 years, and have spent the latter half of it
focused on information security and th e related fields of fraud management, business
continuity, physical security, and legal and regulatory compliance. I have seen the
evolution of technology risk management from a necessary back-office function to a
board-level imperative with global implications. The bound interrelationships among
commerce, infrastructure, basic utilities, safety, and even culture exist to the extent
that providing security is now dominantly a matter of strategy and management, and
less a matter of the tools or technology dejure. There's an old saying that it's not the
tools that make a good cabinet, but the skill of the carpenter. Our tools will change and
evolve; it's how we use them that really matter.
This edition of Management of Information Security is a foundational source that
embodies the current best thinking on how to plan, govern, implement, and manage
an information security program. It is holistic and comprehensive, and provides a
path to consider all aspects of information security and to integrate security into the
fabric of the things we depend on and use. It provides specific guidance on strategy,
policy development, risk identification, personal management, organization, and
legal matters, and places them in the context of a broader ecosystem. Strategy and
management are not merely aspects of information security; they are its essence- and
this text informs the what, why, and how of it.
Management of Information Security is a vital resource in the guardianship of our
world of modern conveniences. I hope you will become a part of this community.
- Atlanta, Georgia, February 2018
CHAPTER 1
INTRODUCTION TO
THE MANAGEMENT OF
Management is, above all, a practice where art, science,
and craft meet.
-HENRY MINTZBERG
Upon completion of this material, you should be able to:

List and discuss the key characteristics of information security
List and describe the dominant categories of threats to information security
Discuss the key characteristics of leadership and management
Describe the importance of the manager's role in securing an

organization's information assets
Differentiate information security management from general business

management
One month into her new position at Random Widget Works, Inc. (RWW), Iris Majwubu left
her office early one afternoon to attend a meeting of the local chapter of the Information
Systems Security Association (ISSA). She had recently been promoted from her previous
assignment at RWW as manager of informa tion risk to become the first chief information
security officer (CISO) to be named at RWW.
This occasion marked Iris's first ISSA meeting. Wit h a mountain of pressing matters
on her cluttered desk, Iris wasn't exactly certain why she was m aking it a priority to
attend this meeting. She sighed. Since her early morning wake-up, she had spent many
CHAPTER 1 Introduction to t he Management of Information Secur ity
hours in business m eetings, foll owed by lo ng hours at her desk wo rki ng towa rd d efi ning
her new pos it ion at th e company.
At the ISSA meeting, Iris saw Charl ie Moody, her supervisor from Sequential Label
and Supply (SLS), the company she used to work for. Charlie had been promoted to chief
information officer (CIO) of SLS almost a year ago.
"Hi, Charl ie," she said.
"Hello, Iris," Cha rl ie said, shaking her hand. "Congratulations on your promot ion. How are
things going in your new position?"
"So far," she replied, "t hings are going well- I think."
Charlie noticed Iris's hesitancy. "You t hink?" he said. "Okay, tell me what's going on."
'Well, I'm struggling to get a consensus from t he senior management tea m about
the problems we have," Iris explained. "I'm told t ha t informat ion security is a priority, but
everything is in disarray. Any ideas t ha t I bring up are chopped t o bits before they're even
taken up by senio r managem ent . There's no established policy covering our informatio n
security needs, and it seems t hat we have little hope of gett ing one approved anytime soon.
The informatio n security budget covers my salary plus a litt le bit of f und ing that goes t owa rd
part of one position for a technician in the network departm ent. The IT managers act like I'm
wasting their t ime, and they don't seem to take our security issues as seriously as I do. It's like
trying to d rive a herd of cats!"
Charlie t hought for a moment and then said, "I've got some ideas t hat may help. We
shou ld talk more, but not now; the meet ing is about to start. Here's my new num ber- call me
tomorrow and we'll get toget her for coffee."
Introduction to Security
Key Terms
asset An organizatio nal resou rce that is being protected. An asset can be logica l, such as
a Web site, software information, or data; or an asset can be physical, such as a perso n,
computer system, hardware, or other tangible object . Assets, pa rticularly informat ion assets,
are t he focus of what security effo rts are attempting t o prot ect .
information asset The focus of information security; in formatio n that has va lue to the
organization, and the systems t hat st ore, process, and t ransmit the information.
information security (lnfoSec) Protect ion of t he confidentiality, integrity, and ava ilability
of information assets, w hether in storage, processing, o r transm ission, via the application of
policy, education, training and awareness, and technology.
security A stat e of being secure and free from danger or harm . In addition, t he act ions taken
to make someone o r som et hing secure.
CHAPTER 1 Int roduction to the Ma nagement of I nformation Security
In today's global markets, business operations are enabled by technology. From

the boardroom to the mailroom, businesses make deals, ship goods, track client
accounts, and inventory company assets, all through the implementation of systems
based upon information technology (IT). IT enables the storage and transportation
of information- often a company's most valuable resource - from one business unit
to another. But what happens if the vehicle breaks down, even for a little while?
Business deals fall through, shipments are lost, and company assets become more
vulnerable to threats from both inside and outside the firm. In the past, th e business
manager's response to this possibility was to proclaim, "We have technology people
to handle technology problems." This statement might have been valid in the days
when technology was confined to the climate-controlled rooms of the data center
and when information processing was centralized. In the last 30 years, however,
technology has moved out from the data center to permeate every facet of the
business environment. The business place is no longer static; it moves whenever
employees travel from office to office, from city to city, or even from office to
home. As businesses have become more fluid, "computer security" has evolved
into "information security," or "InfoSec," which covers a broader range of issues,
from the protection of computer-based data to th e protection of human knowledge.
Information security is no longer the sole responsibility of a small, dedicated group of
professionals in th e company. It is now th e responsibility of all employees, especially
managers.
Astute managers increasingly recognize the critical nature of information
security as the vehicle by which the organization's information assets are secured. In
response to this growing awareness, businesses are creating new positions to solve
the newly perceived problems. The emergence of executive-level information security
managers- like Iris in the opening scenario of this chapter- allows for the creation of
professionally managed information security teams that have a primary objective to
protect information asset s, wherever and whatever they may be.
Organizations must realize that information security planning and funding
decisions involve more than managers of information, the members of the information
security team, or the managers of information systems. Altogether, they must involve
the entire organization, as represented by three distinct groups of managers and
professionals, or communities of interest:
• Those in the field of information security
• Those in the field of IT
• Those from the rest of the organization
These three groups should engage in a constructive effort to reach consensus on an
overall plan to protect the organization's information assets.
The communities of interest and the roles they fulfill include the following:
• The information security community protects the organization's information
assets from the many threats they face .
Another random document with
no related content on Scribd:
The Rebels for a while concealed their loss, but ’tis now generally
allowed they had at least ten or twelve killed, several of these
French, but all common men. It is indeed generally believed that one
of them was a French Officer, as he was put in a grave by himself
with several Popish Ceremonies, though not certain. But the Rebels
still refuse that it was an Officer. They had also a good many
wounded, among whom was Mr Gordon of Birkenbuss, a gentleman
of a small estate, very dangerously.
The McLeods again had only five killed dead on the spot, which
was well known, as their bodies were left exposed for some days or
they allowed them to be buried. One also died of his wounds in the
retreat, as did another that was taken prisoner, but they were all
common men. About thirty were taken prisoners (many of which
were wounded) including ten or twelve Humlys (Colones)[362] that
they had picked up. Among the prisoners were Mr. Gordon, Ardvach,
Lieutenant of Culkairn’s Company, Mr. Chalmers, Principal of the
King’s College, and Mr. Forbes of Echt; McLeod’s own piper,
McGrimman,[363] happened also to be taken, and the piper is always
looked on as a person of importance in a Highland Chief’s retinue,
but McGrimman especially was a respectable person being
esteemed the best piper in the Highlands, having had most of the
Clan pipers as his scholars, and being looked on by them as a kind
of chief, and the veneration they had for him appeared when he was
carried prisoner to their army at Stirling, for it is said not a Highland
piper would play a tune till McGrimman was allowed to be on his
parole, and he himself behaved with so much state that he would
play to none of them till their prince himself desired him. Mr.
Maitland, Pitrichy, escaped to Keithhall, the house of the Earl of
Kintore, the night of the engagement, where he concealed himself all
next day, but unluckily venturing to show himself to Petry, the Sherriff
Depute, who intruded himself that night on the Earl, and Mr.
Maitland, and he squabbling over drink, Petry not only in violation of
the laws of hospitality, and of many obligations he was under to the
Earl of Kintore, but also of his own promise to the contrary, basely
went off next morning and sent a party of the Rebels who seized
him.
The Rebels do not venture to pursue
The McLeods passed the Ury about a quarter of a mile from the
town and refreshed themselves at Rayne and Strathboggy, but
stopped not a night till they got over Spey, where McLeod waited the
coming up of such of his men as had gone other roads, and
continued guarding the passes for some while after. But the Rebels
were so apprehensive what might be the consequences when for
ought they knew, they were joined by the Monroes, etc., that they
would not venture to pursue them over the Ury. McLeod lost most of
his baggage, but the greater part came not into the Rebels custody
but was secreted and pilfered by the townsfolks.
Mr. Horn stress’d
As the Rebels were informed of Mr. Horn’s design of joining the
McLeods, they were exceeding keen in their resentment against him,
and immediately sent a party to seize him, but he luckily had gone
out of the way. The party lived a good while at his house at free
quarters and made very free with everything, demanding the arms
he had made, and the Cess Levy money, but Mr. Horn had left
positive orders though they should burn the house to give them
neither, and as their Officers had by this time got pretty certain
information that their affairs were wrong in England and their Prince
retreating, they did not choose in these circumstances to do such a
shocking thing. And it was certainly a lucky thing that they got this
intelligence to calm them after the flush of their Inverury victory, or
then the Fire Order had undoubtedly been put in execution in these
counties.
Quartering for Levy Money
The towns of Aberdeen having now no relief were obliged to pay
their Quota of Levy money, that of the New town amounted to about
£500 Sterling. A party of the Clan Chattan (Mclntoshes, Shaws and
McGilavrys) under McGilavry of Dunmaglass, being now come up
from Dundee to support their friends in Aberdeen in case of a
straight, these for the greater terror were employed as far as
possible for quartering in the gentlemen’s houses in the country for
the Levy money. But the Rebels finding it would take longer time to
get people forced to give the whole of their exorbitant demands than
they could bestow, as they foresaw that in a week or so they must
march to reinforce their friends in the South, they were therefore
willing to compound the matter and take half in hand, and a bill for
the other half payable at Candlemass, and in this way they gathered
in a good deal of money. But still there were several gentlemen
stood out for a good while under all the hardships they imposed,
especially Mr. Leith of Freefield (whom they also kept a while
Prisoner), Mr. Patan of Grandsam, and Mr. Burnet of Kemnay. Mr.
Burnet’s zeal for our constitution, and the endeavours he used to
awaken the British spirit among his neighbours, had rendered him
excessively obnoxious to the Rebels, they hunted him for some
weeks from place to place, to seize him, but he at length got to
Edinburgh, where he was obliged to stay till his Royal Highness
marched for Aberdeen.
Rebels called up
The resolute delays of some few gentlemen, and the great
number they had to quarter upon, made it impracticable for the
Rebels to collect their Levy money from much more than one half of
these counties, before they were called up and obliged to march and
reinforce their friends in the South, so that almost all Buchan, and
most of the more remote estates in both Banff and Aberdeenshire
escaped at this time.
Elsick’s Men, and McGregors come to Aberdeen
Soon after Lord Lewis marched up with the whole of the Rebels
from this country, there arrived a Spanish ship at Peterhead with
arms and money, which brought a party of Elsick’s[364] men from the
Mearns to possess Aberdeen and bring up this loading; but they
being looked on as weak, a party of the McGregors joined them.
None of these parties however ventured to the country but only while
they were bringing up their cargo from Peterhead. Lord Lewis had
been abundantly arbitrary in his Government, Horses and Arms had
been everywhere seized throughout the counties, under the pretence
of searching for arms; in houses both in town and country many
things had been pilfered with impunity, and he himself treated
everybody with a great deal of insolence, but all this was but a jest in
comparison with these McGregors. They went to people’s houses
through the town and always behaved so very rudely as to make
them forced to give them money to go away. They would stop
gentlemen on the streets openly, and either take their silver buckles
and buttons from them, or oblige them to give so much to redeem
them. Without the least provocation they would beat and abuse
people; and whenever they took it into their heads to enquire about
any gentlemen’s principles they met with, they came up with their
broadswords drawn and asked what King they were for? If they
hesitated the least in answering ‘King James,’ they were sure of a
slap, and never got away till they sat down on their knees and swore
to the Pretender, and cursed King George in any terms the ruffians
pleased. But happily they soon went off with the arms and left
Elsick’s men only to guard the town. These continued mostly till the
retreat of their army and behaved pretty civilly; indeed though they
had inclined to do otherwise, yet the town’s people not being under
so much restraint as formerly, began to show themselves so keenly,
that they made them glad to be peaceable, for fear of their being
mobbed.
Rebels retreat from Stirling
The whole Rebel Army, except the Clans that went the Highland
road with their Prince, passed through Aberdeenshire on their retreat
from Stirling. They marched in two columns (the clans making a
third), Lord Lewis Gordon’s men, the Deeside men, Glenbucket’s
men and some other body’s forming one column and marching in the
high road to Strathboggy. The rest of their army formed another
column and marched with such baggages as they had got off from
Stirling, or the Clans had left them, through the town of Aberdeen.
They were commanded by Lord George Murray and consisted
mostly of the Athole Brigade, French, Lord Ogilvies men,[365]
Cromarty’s, Kilmarnock’s, Kelly’s,[366] Elsick’s, Lifeguards, Hussars,
and all their other Lowland Corps. They stayed but short while in
Aberdeen and so had not great opportunity of doing much mischief,
though they seemed not at all averse to do it. For the ill situation of
their affairs and their marching in such cold stormy weather, put
them in a great fret. They threatened dreadful things against they
should return Conquerors, particularly against the Clergy of the
Church of Scotland, on which subject none was more violent than
Lord John Drummond, who once and again proposed the hanging of
some of them for examples; and indeed the Clergy were so sensible
of their danger, that if the Duke had been obliged to retreat again,
most of them had resolved to prepare to leave the country. They
divided at Aberdeen and marched to Spey, some by Old Meldrum
and Banff and some by Inverury and Strathboggy. At Speyside they
all joined and met there with the other column. There was a good
deal of pilfering by their stragglers in this march, but when the
country people had the resolution to oppose them, they behaved
very cowardly. The minister of Clate[367] in particular and a few of his
parishioners unarmed, took the guns and bayonets from two
Strathboggy men who fired on the people for finding fault with their
robbing a dyeing woman of her bedclothes.
Hussars and Stonnywood’s men left in Aberdeen
Stonnywood’s men though they had marched so far in the
Highroad, yet came off from the rest of their corps and marched
down by Deeside to Aberdeen, where they remained after the main
body had left it, along with the Hussars under one Colonel Baggot,
[368] a French Officer, and a very rough sort of man and so
exceeding well fitted to command the Banditti of which that Corps
was composed, and to distress a country. The Lord Lieutenant was
along with their Prince, so Lonmay, the Depute Governor, had the
chief direction, though both he and Stonnywood pretended that most
of the extravagant things done by the Hussars, was owing to Baggot.
They immediately fell to work to collect the remains of the Levy
money. And now they had a new contrivance to force it. These
fellows, the Hussars, went galloping about, and seized the
gentlemen that were refractory, or their factor, or then the principal
tenants, if none of the former could be found, and brought them in
prisoners to Stonnywood and Baggot, the last of whom was sure to
use them very roughly. But most of the gentlemen absconded, and
some of the few they got stood out against all their bad usage, as
particularly Mr. Innes, Factor to the Earl of Kintore. The Tenants
which they seized had not the money to give so they were obliged at
length to let them go and made but very little of this method. The
Hussars were vastly rude and expensive wherever they went, and
failed not to pick up any horses as they come along that were
remaining. But for all their roughness, people that would venture to
stand their ground, would sometimes get the better of them. One
instance of which was at New Dear when two of them armed with
pistols were taking a gentleman’s horse and money, the minister of
the place[369] being only with the gentleman, and both of them only
with staves in their hands; the minister first knocked down one of the
fellows and the gentleman the other, and disarmed them both and
set them off.
Some of Fitzjames Dragoons land
The Saturday before his Royal Highness came to town, a French
ship landed some of the Dragoons of Fitzjames’ Regiment at
Aberdeen with their riding furniture.[370] There had come afore about
the same time another French ship with the money for the
Pretender’s use, but the Master thought it dangerous to land it at
Aberdeen as the Duke was so near, and so sailed about for
Peterhead where it was received by Lonmay.[371] Fitzjames’
Dragoons marched off next day, as did also Stonnywood and his
men with the Hussars, and thus the town of Aberdeen at length got
free of the Rebel Government, after it had been about five months
subject to it.
Duke of Cumberland comes to Aberdeen
The Tuesday thereafter General Bland arrived in town with the
van of the Army under the Duke of Cumberland, and his Royal
Highness on the Thursday thereafter. The Burgesses lined the
streets all the way from the Duke’s entry into the town to his
lodgings. He was immediately waited on by the nobility and gentry of
town and county, and next day by the Colleges and Clergy who had
assembled in a Synod pro re nata and had all the honour to kiss his
hand. Mr. Osborne, Principal of the Marischal College, made a short
congratulary speech to his Highness in name of the colleges, as did
Mr. Theodore Gordon, Moderator of the Synod in name of the
Clergy, and both had gracious returns.
More of Fitzjames’ Dragoons land in Buchan
Soon after this another of the Transports with Fitzjames’
Dragoons having got information on the coast, of the Duke’s being at
Aberdeen, landed in Buchan[372] and then very narrowly escaped
from the Duke’s Picquets who were ordered out to intercept them.
Lord Ancrum[373] marches to Curgaff
As to Lord Ancrum’s expedition to Curgaff, a house belonging to
Forbes of Skeleter in Strathdon (vid. London Gazette, March 11th),
Glenbucket was then with a few men within a few miles of Strathdon.
But his numbers were greatly magnified, and his being actually at
hand was so artfully insinuated to a minister’s wife in the
neighbourhood, that with the honestest intention in the world, she
gave a false alarm which made his Lordship in such a hurry that
though he destroyed the powder, yet he only scattered the ball,
broke a few of the arms, and carried off a very few, the rest falling all
into the hands of the country people. And yet one might imagine that,
as his dragoons were not to gallop off and leave the Foot, there had
been no miss in making them dismount and walk for a few miles and
loading their horses with the Arms, till they should come to some
place where country horses might have been got.
Bland[374] at Old Meldrum
When part of the army under General Bland advanced to Old
Meldrum, Barrels and Price’s under Lieutenant Rich[375] lay at
Inverury which is on the ordinary Post Road to Strathboggy (where
about 3000 of the Rebels under Roy Stuart were with the Hussars)
and about 100 Grants that came to escort their Laird to
Aberdeen[376] formed an advance guard on this road, as the
Campbells did from Old Meldrum, where they were very alert and
watchful, so that the Rebels never once offered to disturb either the
Generals or Lieut. Rich’s Quarters. And indeed if they had, all
possible care was taken to give them a warm reception. There was a
bridge of boats thrown over the Ury on the road from Inverury to Old
Meldrum, and a Guard midway betwixt the two Garrisons who could
observe a blaze in the night time at either of them or anything
happening extraordinary, and by a blaze could give information of it
to the other, and the Light Horse, too, were quartered betwixt so as
to form a line of communication.
Rebels attempt to surprise the Grants
The night before General Bland marched for Strathboggy, the
Grants came first to the Kirk Town of Clate, which is about six miles
south of Strathboggy and off from the high road to Aberdeen. As
there were many disaffected people thereabouts, the Rebels at
Huntly had notice of it that night, though it was late before they came
there, and they immediately formed a scheme of surprising him next
morning. But Grant, suspecting such a thing might be done, wisely
advanced a mile further the same night to Castle Forbes, a house
belonging to Lord Forbes, and by the strength of its old walls alone
not easily to be taken without cannon, so that next morning when the
Rebels under Roy Stuart missed them at Clate, they returned without
meddling with the Castle.
Bland marches to Huntly
Meantime General Bland had kept his orders for marching that
morning so very closely that the Rebels had not got the least
intelligence of it. The two corps from Inverury and Old Meldrum met
at Rayne, and had it not been for a small accident, had intercepted
the Rebels who were on the Clate Expedition and got to Strathboggy
before them. For they, dreaming of no such thing, breakfasted very
leisurely at Clate and stopped also at a public house betwixt it and
Huntly. There was an exceeding great fog on the Hill of the Foudline,
so that some senseless, idle people that were running up before the
army, imagined that a plough that was going in the midst among
some houses on the side of the hill, was a party of men; on which
they gave the alarm that the Rebels were at hand, this was
immediately forwarded by the liger Ladys[377] with a deal of
consternation, so that some people of better sense gave credit to it
and came up to the General with this false alarm. Whatever might be
in it, he judged it safest for the men to halt and form, while proper
persons were sent up to see what the matter was, who soon found
out the mistake. But this trifle occasioned a stop for near half an hour
or three quarters, and the Rebels were scarce so long in
Strathboggy before the General came there.
The Enemy knew nothing of them till they came within sight of
Strathboggy. They had but just come there, and ordered dinner, but
they thought proper to leave it in a great hurry on Bland’s approach.
Their Hussars and some gentlemen on horseback brought up the
rear. Among these last, was Hunter of Burnside,[378] who for a good
way kept within speech of the party under Major Crawford and the
volunteers that pursued them; but managed his horse with so much
dexterity, turning so oft and so nimbly, that they could not aim at him
rightly; at length one of the Campbells shot so near him as made him
start aside and gallop off, and as the forces took him for Roy Stuart,
this gave occasion to the story of that gentleman being either killed
or wounded. The soldiers were incensed, and not unjustly with a
notion that Strathboggy was extremely disaffected: coming in to it
therefore under this impression after a long march in a bitter bad
rainy day, it was no surprise that they used some freedom with a few
peoples houses, who, conscious of their own demerit, had locked
their doors and run off, leaving nobody to care for the soldiers that
were to quarter in them.
Captain Campbell surprised at Keith[379]
Next day the General sent up seventy Campbells, and 30 Light
Horse to Keith, a little town six miles from Huntly, and half way
betwixt it and Fochabers where the Rebels had retired. One
Alexander Campbell, a Lieutenant, had the command, who had been
all along very alert on the advanced guard and had met with no
check, though oft in as dangerous a situation, but next night had the
misfortune to have his party surprised. This was chiefly owing to the
dissaffection of the inhabitants, who conducted the Rebels at dead of
night, not by any set road, but through the fields so as not to meet
with the Patroles, and then having fetched a compass about, and
entering the town on the south, by the way from Huntly, were
mistaken by the Sentrys, to whose calls they answered in a friendly
way, for a reinforcement they had some expectation of. The Guard
was conveniently posted in the Church and church yard which was
very fencible, and the Lieutenant, who had not thrown off his clothes,
on the first alarm ran out and fought his way into them, and behaved
very gallantly with his guard for a while. But the rest of his men,
being mostly all taken asleep, and having himself received several
wounds, he was at last obliged to surrender. The enemy suffered
considerably, but carried off their slain, so that their numbers were
not known. The Lieutenant was left a while with only one Sentry to
guard him, on which he very resolutely grappled with him, disarmed
him and got off; but being retarded by his wounds he was soon
retaken and then they hashed him miserably and left him for dead;
yet he afterwards recovered.
Popish and Nonjurant Meetings destroyed
His Royal Highness on coming to Aberdeen immediately stopped
all the Nonjurant Ministers, and soon after ordered their Meeting
Houses and the Mass Houses to be destroyed, which was
accordingly executed both in town and country as the Army marched
along, and indeed none were surprised at this piece of discipline, as
these houses were not only illegal, but had in fact proved such
Nurseries of Rebellion. The Priests had mostly gone off, and such as
could be got were seized and confined, but neither ministers nor
people of the Nonjurants met with any other disturbance unless they
were otherways concerned in the Rebellion. The Army also had
orders to seize the Corn, Horses, and cattle and Arms belonging to
those in the Rebellion, but to touch none of their other effects, and
the generality of the Rebels had foreseen this and either sold or sent
off these things, so that there were but few that suffered much in this
way. If any parties of soldiers used further freedom in these houses,
which was not oft, the Duke, on complaint made, not only obliged the
Officers to be at pains to recover the plundered effects from the
soldiers, but generally gave a compliment himself to make up the
loss; as particularly to Mrs. Gordon, Cupbairdy,[380] he ordered £100
Sterling. His protections were easily obtained till a piece of the
Rebels extravagance not only made this more difficult, but also
obliged his Royal Highness to recall some protections he had
granted, and gave up some houses to be plundered.
Cullon House plundered by the Rebels
The Earl of Findlater was at Aberdeen attending his Royal
Highness, when his factor gave him notice that the Rebels who were
thereabouts had intimated, that if the Cess and Levy money for his
Lordships Estate was not paid against such a day, his house at
Cullon would peremptorily be plundered. This intimation the Earl
showed to his Royal Highness, who ordered him in return to certify
them that if they took such a step, it would oblige him to alter his
conduct, recall his protections and give up their houses to be
plundered. Notwithstanding this threat, the Rebels actually pillaged
Cullon House[381] at the time appointed, and his Royal Highness
was in consequence obliged to withdraw his protections from Lady
Gordon of Park,[380] and Lady Dunbar of Durn,[380] for their houses;
and indeed the last of these suffered considerably, but most of the
effects were carried off from Park that were of any value.
Thornton Disgusted
The famous Squire Thornton[382] who had raised the Yorkshire
Company, his Lieutenant Mr. Crofts, and Ensign Mr. Symson,
Minister at Fala (who had been both taken prisoners at Falkirk), had
come as volunteers with the Army to Aberdeen, though they had
never met with very civil usage from the regular officers who seemed
not at all to affect volunteers. When Pultney’s Regiment was ordered
from Old Meldrum to Buchan on a command one day, these
gentlemen who declined no fatigue, and had usually joined that
corps, marched along. But coming the first night to a little village
called Ellon, the Quarter Master would not assign Quarters to the
volunteers as Officers, and none of the Officers would give orders for
it, which and some other things of this kind effectually disgusted
them, so that they immediately left the army and returned home. His
Royal Highness in order to preserve the town of Aberdeen from any
surprise after he should leave it caused fortify Gordon’s Hospital and
placed a garrison in it under Captain Crosby, and in honour of the
Duke it was called Fort Cumberland.
Duke marches from Aberdeen on Foot
When the Duke marched from Aberdeen[383] he endeared
himself exceedingly to the soldiers (if it was possible to increase their
affection for him) by walking most of the way with them on foot,
generally using one of the soldiers Tenttrees for a staff and never
going a yard out of the way for a bridge or any burn they met with,
but wading through at the nearest.
On a long march of near 20 miles from Old Meldrum to Banff the
following little accident much delighted the spectators. A soldiers
wife carrying a young child, grew quite faint and entreated her
husband, who was near with the Duke, to carry the child for a little
way; the fellow said he could not as he was burdened with his arms.
The Duke overheard, took the soldier’s gun and carried it himself for
some way and ordered him to ease the poor woman of the child for a
while.
Rebels not expecting his March
The Duke being stopped so long at Aberdeen, made his march at
length as great a surprise on the Rebels as if he had not halted a
day, for by this time they were grown very secure. The Duke of
Perth, Lord John Drummond, Roy Stuart, etc., were all lodged in the
minister’s house of Speymouth, and had more than 2000 men along
with them. They were sitting very securely after breakfast, when a
country man came over the River in great haste and told them that
the Enzie was all in a ‘vermine of Red Quites.’[384] But they were so
averse to believe it, that when they ran to an eminence and
observed them at a great distance they swore it was only muck
heaps: the man said it might be so, but he never saw Muck heaps
moving before. And after they were convinced it was a body of men,
still they would only have it to be some of Bland’s parties, till their
Hussars, whom they had sent over to reconnoitre, returned and
assured them the whole Army under his Royal Highness was coming
up.
Duke crosses the Spey
As to the Duke’s passing the Spey (vid. London Gazette, April
19th):—The Soldiers had got a notion that all on the other side Spey
were rank Rebels, and so immediately seized a number of the sheep
and other cattle as soon as they got over. But as the case was quite
otherways and the people of that Parish had been longing for the
Army as their deliverers, on the minister’s representing this, and
what had happened, to his Royal Highness, he immediately ordered
all to be restored that could be got unkilled, and gave the minister
£50 Ster. to divide among the people for their loss, and if that did not
do it directed him to demand whatever would, and it should be
ordered. His Royal Highness took up his quarters in the minister’s,
where the Duke of Perth, etc., had been but a few hours before.
Aberdeen Militia
Immediately after the Duke’s leaving Aberdeen the two towns
raised several companies of Militia to prevent their meeting with
disturbance from any flying parties. His Royal Highness named their
Officers and gave them authority to act. He also named twelve
Governors to have the direction of the N. Town, till they should be
allowed to choose regular Magistrates. There was also a proposal
for raising a County Militia, but the Duke’s victory at Culloden made it
to be dropped as useless.
Ancrum, Commander in Chief
The Earl of Ancrum came to Aberdeen soon after the defeat of
the Rebels as Commander in chief between Tey and Spey. Mark
Kerr’s Dragoons were along the coast, Fleeming’s Regiment at
Aberdeen, and garrisons detached from it to several places on
Deeside, and Loudon’s under Major McKenzie at Strathboggy, with
garrisons at Glenbucket, etc.
Houses burnt and plundered
Parties were immediately sent out through the country in search
of Rebels, with orders also to plunder and burn their houses.[385]
This severe order was not at all agreeable to Friends of the
Government, who could in no shape relish Military execution,
especially after the enemy was so effectually subdued. But it was not
universally executed; most of the Rebel Gentlemen’s houses on
Deeside were plundered, and some burnt, but these last were
houses of little value and really no considerable loss to the
proprietors. There was very little plundered in Buchan, some things
only picked up by the soldiers in their searches unknown to the
Officers. No Gentlemen’s houses were burnt, and only one or two
farmers’ by a worthless fellow not concerned with the army, who by
mighty pretences of zeal, had been employed by Ancrum to go with
five or six of Loudon’s Regiment, in quest of Rebels. There were no
houses burnt or plundered in or about the towns of Aberdeen; but a
Tenant’s house in the land of Stonnywood, who had been very
insolent. Glenbucket’s house was burnt in Strathdawn, as were also
a tenant’s house or two about Strathboggy.
Order for Arms
Lord Ancrum’s orders for bringing in of arms were very
extraordinary, and indeed cannot be better exposed than by giving
them and Lord Loudon’s in the same place, vid. Scots Mag. for July,
p. 339.[386]
Ill Conduct of the Soldiers
Most of the Officers of Fleeming’s Regiment were but young men,
and did not at all behave in an agreeable manner. They seemed too
much to look on the Army as a community of separate interests from
that of the Nation, and it was the common axiom of those even in
highest command in Aberdeen, that no laws but the Military were to
be regarded. They took it in their heads to despise all in civil
capacity, and especially as much as possible to thwart the
Governors of the town in every thing. They had no manner of
confidence either in the gentlemen of town or country, not even in
those who had merited so well for their zeal for the Establishment;
such as Mr. Middleton of Seaton, Mr. Burnet of Kemnay, etc., nay,
some of them were on many occasions ill used by them. The Clergy
of the Church of Scotland, for as much as they courted and
applauded them in time of danger, were now their common subject
for ridicule; and a deal of spleen was shown against them, that it
should be thought they had in the least merited well of their country,
and thus should have a title to some regard as well as the Military,
and not the least pendicle of the Army, a Commissary of foraging
Clerks, etc., but would have more regard paid to their representative
than any Clergyman.
People Disgusted
Such was the injudicious conduct of the Lord Ancrum and most of
the officers of this Corps, which soon raised great disgust and
heartburning. The Officers only, associated with one another, were
seldom troubled with any advice from anybody of consequence
acquainted with the country; or if they were, were sure to slight it.
This gave infinite satisfaction to the Jacobites who rejoiced in these
dissensions. It was this mutual disgust which on the one hand
provoked the soldiers in so riotous a manner to break almost the
whole windows in the town for not being illuminated on the first of
August,[387] when the towns people had no reason to think
Illuminations would be expected of them; and on the other hand
provoked the townsfolks to resent it so highly, for had there been a
good understanding betwixt the Corps and them, such an outrage
would probably not have been committed, or if some illegal things
had been done they’d as probably have been overlooked, or at least
easily atoned for.
Immediately after this, Ancrum was removed and Lord
Sempile[388] succeeded him.
A TRUE ACCOUNT OF MR. JOHN
DANIEL’S PROGRESS WITH PRINCE
CHARLES EDWARD IN THE YEARS
1745 AND 1746 WRITTEN BY
HIMSELF
The manuscript preserved at Drummond Castle from which this
Narrative is printed bears the following docquet:—
This is to certify, that I believe the aforegoing Narrative
to be a correct Copy of the Original, written by my late
Friend, Captain John Daniel, which I have frequently seen
and read, and conversed with him, on the subject of its
contents: more particularly as to the facts of the Duke of
Perth’s death, on his passage from Scotland to France, on
board the ship in which the said Captain Daniel was also a
passenger. To which conversations, I can conscientiously
depose if required.
Witness my hand at Exmouth Devon. This 25th day of
September 1830.
R. B. Gibson.
Signed in the presence of
Herbert Mends Gibson,
Atty. at Law.
[Note.—The notes in this narrative which are indicated

by asterisks are written on the Drummond Castle
manuscript in a later hand.]
A TRUE ACCOUNT OF MR. JOHN
DANIEL’S PROGRESS WITH PRINCE
CHARLES
As Fortune, or rather Providence, has screened, conducted and
brought me safe out of so many miseries and dangers; gratitude
obliges me to be ever-thankful to that Omniscient Power, by whose
particular bounty and goodness I now live, and survive a Cause,
which, though it be now a little sunk, will, I doubt not, one day or
other, rise again, and shine forth in its true colours, make its Hero
famous to after-ages, and the Actors esteemed and their memory
venerable. But since it is not permitted to pry into futurity, we may at
least take a retrospective view of our own or others’ actions, and
draw from them what may amuse, instruct or benefit human Society,
and by that means fulfill in some measure the end for which we were
sent into this world. Conceiving it therefore to be the best method of
shewing my gratitude to Divine Providence, I shall give a short but
true account of what happened to me during the time I had the
honour of being a soldier under the banner of a most beloved Prince;
hoping that the indulgent reader, whom curiosity may induce to
peruse the following pages, will pardon the simplicity and
ruggedness of my style, which, I am afraid, will be the more strikingly
conspicuous, as, in order to preserve the thread of my History
unbroken, I have occasionally been obliged to interweave with my
narrative some extracts from the Memoirs of another, whose
excellence totally eclipses my humble attempt.
The lessons of loyalty, which had been instilled into me from my
infant years, had made a deep and indelible impression upon my
mind; and as I advanced towards maturity, and my reasoning
faculties were developed, I became so firmly convinced of the
solidity of the principles which I had been taught, that, when arrived
at the age of Twenty-two, I resolved never to deviate from them, but
to act to the best of my power the part of a good and faithful subject,
notwithstanding the customs of an unhappy kingdom to the contrary.
Nor was it long before an opportunity presented itself of proving my
fidelity to my lawful Sovereign; viz., when the Prince entered
triumphantly into Lancashire on the 24th of November 1745,[389]
attended by about four thousand armed men. The first time I saw this
loyal army was betwixt Lancaster and Garstang; the brave Prince
marching on foot at their head like a Cyrus or a Trojan Hero, drawing
admiration and love from all those who beheld him, raising their long-
dejected hearts, and solacing their minds with the happy prospect of
another Golden Age. Struck with this charming sight and seeming
invitation ‘Leave your nets and follow me,’ I felt a paternal ardor
pervade my veins, and having before my eyes the admonition ‘Serve
God and then your King,’ I immediately became one of his followers.
How, and in what manner, I am now going to relate.
The brave and illustrious Duke of Perth (whose merits it would
require the pen of an angel properly to celebrate, being a true
epitomé of all that is good) halting to refresh himself at a Public-
House upon the road, where with some friends of mine I then
happened to be; His Grace, being truly zealous in the cause, asked
of them the disposition of the place and people. They replied, that
they believed it to be much in the Prince’s favour. After some
conversation on one thing and another, the Duke did me the honour
to invite me to join; which request being nowise contrary to my
inclination, I immediately answered His Grace, that I was exceeding
willing to do anything that lay in my power for promoting the Prince’s
interests, in any situation he might judge most proper. Upon this, the
Duke honoured me with a most sincere promise of his particular
patronage; and not a little proud I was of acquiring such a friend on
my first joining the Prince’s army, in which I had not before a single
acquaintance. After some questions, the Duke desired me to get in
readiness and to meet him on horse-back at Garstang; which in
about two or three hours I accordingly did. The army being then in
full march for Preston, the Duke desired me to go with forty men
round that part of the country which I best knew; which forty men
being accordingly put under my command, I went to Eccleston and
Singleton in the Fyld Country, where I delivered some commissions,
and caused the King to be proclaimed, the bailiffs, constables and
burgesses of the place attending at the ceremony. I dispersed
several of the Prince’s Manifestoes; and Exhortations were made, in
order to shew the people the misery and oppressions of tyranny and
usurpation, which like oxen yoked down to the plough, they seem to
labour under; and calling upon them to rise up and, like lions to
shake off the infamous yoke which too long had galled the necks of
free-born Englishmen;—to assert their liberties honourably both
before God and Man, and to prove to the world, that they remained
true English hearts, equal to their fore-fathers’, who once had given
laws to foreign States;—to exert their liberties under a Prince, who
was come for their sakes, and for their sakes only, and with their
concurrence would make them most happy. But alas!
notwithstanding all our proposals and exhortations, few of them
consented to join the Prince’s army. Therefore, having assembled
those who did come in, orders were given for them to give up all their
arms; which being reluctantly complied with, search was made in
several houses, where we found a few; and amongst the rest we
entered the house of an honest Quaker, whom I had seen about ten
days before at a Public-house, where he accidentally came in whilst I
was there, bringing with him a gun and a pair of pistols, which he
had bought. Calling for his pot of ale, he began to harangue the host
and the others present, telling what an honest man the Justice of the
Parish said he was, and that he could keep all the Papists quiet. And
with these, said he (meaning the pistols) I can bid defiance to half a
hundred of Rebels. I then heard him with great pleasure, thinking I
should have the satisfaction of trying the honest Quaker’s courage;
which accordingly happened. For, meeting with him at his own
house, I demanded of him, if he had any arms. Not knowing me
directly, he said he had none, and that he was not a man of blood.
Vexed at this evasive answer, I replied: ‘Hark thee, my honest friend,
since nothing but an action with thy own weapons will get thy arms
from thee, rememberest thou in such a place to have boasted much
of thy courage, with a gun and a pair of pistols?’ At which being
much struck and hanging down his head he seemed greatly terrified.
‘How now,’ said I, ‘honest Friend, thou that wast so lately so pot-

Textbook Management of Information Security 6Th Edition Michael E Whitman Ebook All Chapter PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Textbook Management of Information Security 6Th Edition Michael E Whitman Ebook All Chapter PDF

Uploaded by

Copyright:

Available Formats

Management of Information Security

6th Edition Michael E. Whitman

Principles of Information Security 6th Edition Whitman

Quantitative analysis for management Thirteenth Edition

New Techniques for Management of Inoperable Gliomas 1st

Open Source Intelligence Techniques: Resources For

Enterprise Content Management, Records Management and

Armstrong s Handbook of Performance Management An

Psychological Science 6th Edition Michael Gazzaniga

Fundamentals of information systems security 3rd

Learning Designer: Natalie Onderdonk

Assoc. Marketing Manager: ISBN: 978·1·337-40571·3

Production Service/Composition: (engage products are represented in Canada by Nelson

To register or access your online learning solution or purchase

Notice to the Reade r

Printed in the United States of America

GLOSSARY .................................................................................................. 683

IND E.X.......................................................................................................... 709

Ethics in lnfoSec .................................................................................................66

CERT Governing for Enterprise Security Implementation ........................... 140

A Final Note on Policy..................................................................................... 212

FAIR ................................................................................................................ 395

Add itional Read ing ......................................................................................... 451

Exercises .......................................................................................................... 493

Exercises .......................................................................................................... 563

Additional Reading ......................................................................................... 677

GLOSSARY .................................................................................................. 683

Why This Text Was Written

Chapter 2- Compliance: Law and Ethics

Chapter 3-Governance and Strategic Planning for Security

Chapter 4-lnformation Security Policy

Chapter 5- Developing the Security Program

Chapter 6-Risk Management Assessing Risk

Chapter 7-Risk Management: Treating Risk

Chapter 8- Security Management Models

Students learn how to implement the fundamental elements of key information

Chapter 9-Security Management Practices

Chapter 10- Planning for Contingencies

Chapter 11-Security Maintenance

Chapter 12- Protection Mechanisms

New to This Edition

In addition, several professional and commercial organizations and individuals have

Upon completion of this material, you should be able to:

List and describe the dominant categories of threats to information security

Discuss the key characteristics of leadership and management

Describe the importance of the manager's role in securing an

Differentiate information security management from general business

In today's global markets, business operations are enabled by technology. From

[Note.—The notes in this narrative which are indicated

You might also like