Computer Security Reference Book

The Computer Security Reference Book provides an in-depth treatment of the whole field including computer crimne; data protection; EFTPOS schemes; evaluation of security products; hacking; public key cryptography; risk analysis; telecommunications; unix and security; viruses; as well as many other important and topical aspects of computer security.

Written by a team of 36 expert contributors the Computer Security Reference Book is an invaluable source of information for computer security professionals as well as those needing to improve their knowledge of this important but neglected area.

1. Basic Techniques
10. Identity Verification and Biometrics
    David Everrett
1. Introduction
2. Identity Verification Principles
3. Passwords and Pins
1. Password Creation
2. Password Storage
3. Password Distribution
4. Password Usage
5. Password Change
6. Password Destruction
7. Password Sets
8. Convoluted Passwords
4. Identity Tokens
1. Passive Tokens
2. Active Tokens
3. Integrated Circuit Cards
4. Challenge Devices
5. Requirements for a Biometric
6. Biometric Identity Verification Technologies
1. Voice (Speaker) Verification
2. Dynamic Signature Verification
3. Fingerprint Identity Verification
4. Retina Scan
5. Hand Geometry
6. Other Biometric Technologies
7. Comparison of Biometric Methods
1. Dynamic Signature Verification
2. Voice Verification
3. Fingerprint Recognition
4. Retina Prints
5. Hand Geometry
6. Summary of Biometric Devices
8. Conclusions
11. Electromagnetic Radiation
    Peter Swinbank
1. Introduction
1. The Problem
2. The Source of the Problem
3. Reception or Interception
2. The Solution
1. Distance
2. Confusion
3. Special Equipment
4. Installation
3. The Threat
1. Assessment
4. The Present Data Security Regime in the UK
1. Government Control
2. Limitation of Market
3. Control of Exports
4. The Present Industry/Government Relationship
5. Certification of Equipment
12. Encryption Algorithms
    Michael Ganley & Fred Piper
1. Introduction
1. Attacks
2. Encryption
3. Cryptanalysis
2. Some Examples
1. The Caesar Cipher
2. Simple Substitution Cipher
3. Polyalphabetic Ciphers
4. Other Comments
3. Some Basic Design Principles
4. Stream Ciphers
5. Block Ciphers
1. Some Design Principles for Block Ciphers
2. An Example of a Simple Block Cipher
3. Codebook Attack
4. Error Propagation
5. Modes of Operation of a Block Cipher
6. The Data Encryption Algorithm
7. Other Public Algorithms
6. The Use of Encryption Algorithms
13. Public Key Cryptography
    D. James Bidzos
1. Introduction
2. History
3. Exponential Key Exchange
4. Knapsacks and Other Public Key Cryptosystems
5. RSA Public Key Cryptosystem
6. Zero-Knowledge Proofs
7. Digital Signatures
1. Certificates
2. Factoring
8. Applications
1. Key Management
2. Paper Document Authentication
3. Virus Detection
4. Port Access Control
5. Network Access Control and Authentication
6. Electronic Mail
7. Smart Cards
9. Standards
10. Public Key in the Future
14. Management of Cryptographic Keys
    Wyn Price
1. Introduction
2. Selection of Keys
1. Keys for Symmetric Algorithms
2. Keys for Asymmetric Algorithms
3. Secure Transport
1. Data Enciphering Keys
2. IBM Key Management Scheme
3. Notarization
4. Centralized Key Management Facilities
1. Key Distribution Centre
2. Key Translation Facility
5. Key Management in an OSI Environment
6. Design of Key Management Systems
7. Protection of Cryptographic Keys
8. Handling of Expired Keys
9. Summary
15. Copy Protection
    Derrick Grover
1. Introduction
2. Prevention of Copying
1. Access Control
2. Disk Copy Prevention
3. Shielded Data
3. Prevention of Use of Copied Material
1. Passwords and Information Transducers
2. Environmental Checks
3. Special Hardware
4. Functional changes
5. Cryptography
4. Conclusions
16. Security Tokens
    Chris Stanford
1. Introduction
2. Memory Only Tokens
1. Cost versus Combinations
2. Difficulty of Forgery
3. Change of Lock
4. Anonymity
5. Commonly Used Memory-Type Keys
3. Memory Tokens Holding Passwords
4. Tokens with Logic
1. Accessing the Next Key Code
2. Cyclical Codes
3. Prescribed Number of Uses
6. Intelligent Tokens
1. Using the Arithmetic and Logical Functions
7. Authentication
1. Simple Authentication of a Token
2. Simple Authentication of a Terminal Device (Electronic Lock)
3. Verification of a User
4. One-Time Logon Procedure (Complex Authentication)
8. Encryption/Decryption of Data
9. Certification
10. Tamper Resistance
1. Electronic Attack
2. Physical Attack
3. Smart Card Protection
11. Intelligent Tokens with User Input/Output
12. Tokens with Real-Time Clock
13. Summary
2. Methods
20. Formal Methods
    Garry Smith
1. General Considerations
1. Introduction
2. What is a Formal Method?
3. Benefits
4. Problems
5. Current Uses
2. Overview of Current Methods
1. Z
2. VDM
3. OBJ
4. CSP and CCS
5. LOTOS and Estelle
6. Gypsy
7. FDM and HDM
3. Use of Formal Methods in Security
1. Formalizing the Development Path
2. Security Models
3. Verification
4. Relationships with Programming Languages
5. Static Analysis
4. Formal Methods in Products and Systems
1. Standards and Guidelines
2. Products
3. Projects
5. Future Trends and Developments
1. Examples of Formal Methods
1. VDM
2. CSP
3. Z
21. Risk Analysis and Management
    Robin Moses
1. Introduction
2. Why Risk Analysis and Management?
3. What is Information Technology Security Risk Analysis and Management?
1. Risk Analysis and Management Components and Relationships, and the Process Flow
2. Components and Relationships
3. Process Flow
4. Selecting a Method
5. Existing Methods
1. Quantitative
2. Qualitative
3. Conclusion
6. Current Research
22. Contingency Planning
    John Sherwood
1. The Meaning of Contingency Planning
1. Business Continuity Planning
2. Do Disasters Really Happen?
3. Effects of Fire
4. Telecommunications
5. Other Types of Disaster
6. What does a Disaster Actually Cost?
2. Basic Concepts
1. Issues to Consider
3. Managing the Recovery Process
1. Planning Responsibilities
2. Planning Scenarios
3. Capacity Planning and fault Tolerance
4. Backup Strategies
5. Standby Facilities
4. Recovery Planning Methodology
5. Activation Procedures
6. Testing the Plans
7. Project Management
8. Conclusions
23. Software Methods
    David Martin
1. Introduction
2. Development of Secure Software
1. Security Policy
2. Risk Analysis
3. System Specific Security Policy
4. Assurance Levels
5. Requirement Specification
6. Formal Methods
3. Development Environment
1. Development Methods
2. Structured Design and Programming
3. Defensive Programming
4. Walk-throughs
5. Change Control
6. Maintenance Log
7. Languages
8. Testing
4. Run-Time Requirements
1. Secure Kernel
5. Object Reuse
6. Covert Channels
7. Integrity
1. Logic Bombs
2. Software
3. Checksums
4. Encryption
5. Viruses
6. Copy Protection
8. Summary
24. Physical Security
    Randle Cowcher
1. Introduction
2. Threat Assessment
3. Design
4. Techniques
1. Doors and Locks
5. Alarm Systems
6. Fire Detection and Suppression Systems
7. Personnel
1. Permanent Staff
2. Security Staff and Goards
8. Special Services
9. Exercises, Procedures and Training
10. Summary and Conclusions
25. Document Security
    Martin Smith
1. Introduction
2. The Nature of Computer Documents
1. Magnetic Media
2. Hardware
3. Data Transmission
4. Paper Documents
3. The Weaknesses of Computer Documents
1. Retention of Information
2. Aggregation
3. Clear Desk Policy
4. Treat as Plaintext
5. Accounting for Magnetic Media
6. Accounting for Associated Documents
4. Marking Computer Documents
1. On the Screen
2. Within the Computer
3. On the Documents
4. Paper
5. Punched Cards and Paper Tapes
6. Magnetic Tapes
7. Magnetic Disks
5. Clearing Magnetic Documents
6. Backing up Magnetic Media
7. Destruction of Computer Documents
8. The Importance of Good Document Security
3. Standards, Legislation and Human Involvement
30. Standards
    Terry Knowles
1. Introduction
1. Needs
2. History
3. Objectives
2. Financial Security Standards
1. Message Authentication Standards
2. Key Management Standards
3. Message Encipherment Standards
4. Others
3. Generic Mechanisms
1. Modes of Use of Encipherment
2. Integrity Mechanisms
3. Authentication
4. Non-Repudiation
5. Encipherment
4. Open System Interconnection
1. Architecture
2. Physical Layer
3. Data Link Layer
4. Network Layer
5. Transport Layer
6. Application Layer
5. Other Standards
1. Data Structure Standards
2. Operating Systems
3. Risk Assessment
31. Legal Aspects of Computer Security in the UK
    Owen Keane
1. Introduction
2. Rights of Computer Owners against Third Parties
3. Evidential Considerations
1. Computer Evidence in Criminal Proceedings
2. Computer Evidence in Civil Proceedings
4. Relations Between Computer Owners, User and Outsiders
1. EFT, POS & EDI
2. 'Umbrella' and Interchange Agreements
5. Remedies — Liabilities and Exclusions of Liability
6. Communications and Interceptions
7. Data Protection and Confidentiality
8. Current Legislation
9. Digital Signatures
10. Relationship of English Law with Other Countries
11. Summary
1. Statutory Provisions
1. Computer Misuse Act 1990
2. Civil Evidence Act 1968
3. Rules of the Supreme Court 1965
4. Police and Criminal Evidence Act 1984
5. Wireless Telegraphy Act 1949
32. Selected Legal Aspects of Computer Security in the US
    Susan Nycum
1. Introduction
2. Criminal Law
1. Additional Criminal Exposures from Computer Crimes
2. Accessory after the Fact
3. Misprision of Felony
4. Securities Fraud
5. Foreign Corrupt Practices Act
3. Civil Legislation Directed Toward Computer Security Financial Institutions
1. Electronic Fund Transfer Act
2. Proposed Article 4A of the Uniform Commercial Code
3. Expedited Funds Availability Act
4. Right to Financial Privacy Act 1978
5. Fair Credit Reporting Act
4. Corporate Securities Legislation Applicable to Computer Security
1. Disclosures Requirements
2. Anti-Fraud Provisions of Federal and State Securities Laws
3. Insider Trading Prohibitions
4. Contractual Obligations
5. Civil Case Law
1. Liability for Computerized that Injures Consumers
2. Liability for Libelous Information
3. Liability for Faulty Products
4. Liability to Employees and Others in the Investigation of Computer Abuse
6. Suggested Preventative and Recovery Measures
1. Preventive Measures
2. Security Precautions
3. Legal Precautions
4. Recovery Measures
7. Conclusions
33. Personnel Security
    Martin Smith
1. Introduction
2. The 'Insider' factor
3. The Motivation for Crime
4. Aims
5. Principles
1. The Need-to-Know Principle
2. Dual Control
3. Rotation of Duties
6. Practices
1. Concentration and Direction of Limited Resources
2. Screen Personnel
3. Award Security Clearances
4. Contractual Arrangements
5. Allocation of Responsibilities
6. Training and Awareness
7. Supervision
7. Computers Do Not Commit Crime
34. Computer Crime
    Donn Parker
1. Introduction
1. Definition of Computer Crime
2. Classification of Computer Crime
3. History of Computer Crime
4. News Media Reporting of Computer Vulnerabilities
5. Investigation and Prosecution Experience
6. Computer Abuse Methods and Detection
1. Eavesdropping and Spying
2. Scanning
3. Masquerading
4. Piggybacking and Tailgating
5. False Data Entry (Data Diddling)
6. Superzapping
7. Scavenging and Reuse
8. Trojan Horses
9. Computer Viruses
10. Salami Techniques
11. Trapdoors
12. Logic Bombs
13. Asynchronous Attacks
14. Data Leakage
15. Computer Program Piracy
16. Computer and Computer Components Larceny
17. Use of Computers for Criminal Enterprise
7. Conclusion
35. Data Protection
    T. Lawrence Early
1. Introduction
2. Data Protection — Topical and Controversial
3. Beyond Privacy
4. Freedom of Information
5. The Role of International Organizations in Promoting Data Protection Policy
1. The Council of Europe
2. The OECD
3. The United Nations
4. The Commission of the European Communities
6. Facts and Figures
7. Summary and Conclusions
1. Basic Data Principles Laid Down in the Data Protection Convention and the OECD Privacy Guidelines
1. The Convention
2. The Guidelines
36. Computer Crime Insurance
    Richard Sheehan
1. How Fraud Loss Arises
2. Historical Picture
3. The First Computer Crime Policy: 1981
4. Non-Employee Risk
5. The Computer Crime Policy
1. Insuring Agreement 1 — Computer Systems Cover
2. Insuring Agreement 2 — The Insured's Service Bureau Operations Cover
3. Insuring Agreement 3 — Electronic Computer Instructions Cover
4. Insuring Agreement 4 — Electronic Data and Media Cover
5. Insuring Agreement 5 — Computer Virus Cover
6. Insuring Agreement 6 — Electronic Communications Cover
7. Insuring Agreement 7 — Electronic Transmissions Cover
8. Insuring Agreement 8 — Electronic Securities Cover
9. Insuring Agreement 9 — Forged Telefacsimile Cover
10. Insuring Agreement 10 — Voice Initiated Transfers Cover
6. Some Important Policy Terms
1. Definitions
2. Exclusions
3. Conditions
7. Arranging Cover
1. Proposal From
2. Survey
1. Glossary of Terms
37. Investigation of Computer Fraud
    Mark Tantam
1. Introduction
1. Input Fraud
2. Output Fraud
3. Program Manipulation
4. Unauthorized Copying of Confidential Information/Software
2. Preparatory Work
1. Quick Reaction
2. Training
3. Focussed Training
4. The Fraud Team
5. Decisions to be Made
3. The Investigation
1. Following the Money Trail
2. Identifying the Source
3. Chasing the Audit Trail
4. Tracing Over a Network
5. Conducting Interviews
4. The Evidence
1. The Common Law System
2. The Civil Law System
3. Recovery of Evidence
4. Reconstructions
5. Conclusion
38. Hacking
    Martin Samociuk
1. Introduction
1. Objectives
2. Cases
2. Method of Entry
1. General Research
2. Pretext Calls
3. Bulletin Boards
4. Scanning
5. User ID and Password Breaking
6. Exploiting System Weaknesses
7. Interception of Communications
8. Theft, Bribery and Extortion
3. Prevention
1. Global Security Strategy
2. Telephones
3. X.25 Security
4. Encryption
5. Password Control
6. Personal Identification Devices
4. Detection
5. Investigation
6. Contingency Plans
7. Conclusions
4. Personal Computer Security
40. Personal Computers
    Peter Pearson
1. Introduction
1. The Nature of Microcomputers
2. Common Microcomputer Families
3. Why is Security an Issue with Microcomputers?
4. Microcomputer Security Issues
5. The Structure of a Microcomputer
6. Microcomputer Operating Systems
2. The Personality Problem
1. Logical Access Control for Microcomputers
2. The Security Administrator
3. Access Audit Log
4. Access Control Problems
3. Protecting Internal Data
1. Uninterruptible Power Supply
2. Secure Deletion
3. Data Backup
4. Physical Protection
5. Encryption
6. Copy Protection
4. Threats from Software
1. Software Integrity
2. Ensuring Software Integrity
3. Software Sources
4. Viruses
5. Microcomputer Links to External Data
1. Local Area Network
2. Communications Security
3. Electronic Mail
4. Downloading
5. Bulletin Boards
6. Securing a Microcomputer Environment
1. Assessing a Need
2. Formulating a Microcomputer Security Strategy
3. Staff Education and the Change of Attitude
4. Installation of New Procedures, Software and Hardware
5. Auditing
7. The Future of Microcomputer Security
41. MS-DOS, an Insecure Operating System
    William Hugh Murray
1. MS-DOS
2. Security in Operating Systems
1. Properties
2. Functions
3. Capabilities
4. Microcomputer Security Requirements
3. DOS and Security
1. DOS and the Computer Virus
2. Using DOS Safely
3. DOS Access Control
4. Hardware Lockwords
5. Access Control Extensions
6. Other Security Extensions for DOS
4. Recommendations
5. Conclusion
6. The Future
42. Access Control for Personal Computers
    Jan Hruska
1. Introduction
2. The Need for PC Access Control
3. Access Control Requirements
1. User Identification
2. Data Separation
4. Implementing PC Access Control
1. Request Filtering at the Hardware Level
2. Request Filtering by Interrupt Redirection
3. Boot Protection
5. Security of PC Access Control Products
6. Choosing PC Access Control Products
7. Conclusions
43. Backup for Personal Computers
    Keith Jackson
1. Introduction
2. Historical Transition
3. Secure Backup Provision
1. Planning
2. Data Protection Act
3. Development Systems
4. Teaching Good Habits
4. Methods
1. Backup Software Features
2. Backup Devices
3. Data Compression Techniques
4. Encryption
5. Error Correction
5. Reliability
1. Media Problems
2. Copy Protection
3. Restoration Capability
4. Computer Viruses
5. Secure Erasure
6. Passwords
6. Hardware
1. Data Recovery
7. Software
1. New Software Installations
2. MS-DOS Backup/Restore
3. Backup Products for PCs
8. Backup Procedures
1. Data versus Program
2. Types of Backup
3. Off-Site Store
4. Backup Plans
9. Conclusions
44. Computer Viruses
    Frederick Cohen
1. Definition
2. Social History
3. Early Scientific Work
4. Unique Security Implications
1. Models of Viral Spread
2. Potential Damage
3. Experimental Attacks
4. Accidental Releases
5. Intentional Releases
5. Viral Defences
1. Major Flaws
2. Computer Virus Defences
3. Legal Issues in Integrity Protection
4. Social Issues in Integrity Maintenance
6. Summary
5. Financial Systems & Telecommunications
50. Schemes for Electronic Funds Transfer at the Point of Sale
    Donald Davies
1. Introduction
2. The Parties to an EFT/POS Transaction
3. Security Requirements
4. The Key Management Problem
5. Derived Unique Key Per Transaction
6. The Transaction Key Scheme
7. EFT/POS with Public Key Cryptography
8. Smart Cards in EFT/POS
9. Conclusions
51. Security in Banking
    Brian Pugh
1. Introduction
2. Banking Networks
1. SWIFT
2. Regional Banking Networks
3. Clearing Houses Automated Payments System
4. Private Electronic Banking Networks
5. Corporate Banking Networks
6. Personal Customer Banking Networks
3. Security for Bank Host Systems
1. Control Systems
2. Security Policy
3. Physical Security
4. Security Hardware
5. Network Security
4. Future Trends and Directions
1. Non-Repudiation
2. Smart Disks
3. Security Architectures for Cryptographic Services
4. Contactless Cards and DSV Techniques
5. Super Smart Tokens
6. Magnetic Stripe Cards
7. Electronic Data Interchange
8. Integrated Services Digital Network
52. Automated Teller Machines
    Alfred Hutcheon
1. Introduction
2. Safes
3. Alarm Systems
4. Security Cameras
5. Container Security
6. User Security
7. Magnetic Cards
8. PIN Management
1. Identity Verification with Cards and PINs
9. Transaction Request/Response
10. ATM Security Modules
1. Security Module Authentication
2. Initial Key Loading
3. Key Exchange
4. Key Partitioning
5. PIN Confidentiality
11. Future Trends
• References
• ISO Standards
• Card Standards
53. Telecommunications Security
    Dennis Willetts
1. Introduction
2. The Role of Telecommunications in Computer Security
3. Providers of Telecommunications Services
4. Threats to Telecommunications Security
1. Passive Attacks
2. Active Attacks
5. Transmission Media
1. Optical Fibre
6. Security Architecture
1. Analogue Networks
2. X.25 Networks
3. Digital Networks
4. Leased Lines
5. Message Handling
7. Telecommunications System Management
8. Rigorous Security Evaluation
9. Future Trends
6. Other Aspects of Computing
60. UNIX System Security
    David Ferbrache & Gavin Shearer
1. Introduction
1. Preamble
2. Philosophy of UNIX Security
2. File System Security
1. File Permissions
2. Encryption
3. Integrity
4. File Systems
5. Special Devices
3. Process Security
1. Process Control
2. Trojan Horses and Viruses
3. System Initialization
4. Batch Execution
5. Denial of Service
4. Account Security
1. Login Security Control
2. Password Security
3. Password Utilities
5. Network Security
1. Internet Protocols
2. UNIX-specific Protocols
3. NFS
4. UUCP
5. Network Interface Tap
6. Monitoring Security
1. File Monitoring
2. Log Monitoring
7. Security Enhancements
1. High Security Systems
2. Orange Book
3. Hardware Implementation
4. Kerberos
• References
1. Security Summary
2. Berkeley Bug Fixes
3. CERT Advisories
61. Networks — LAN Security
    Gordon Douglas
1. Introduction
2. Data Integrity
3. Viruses
4. Data Access
5. LAN Topology
1. Token Passing Ring
2. Carrier Sense Multiple Access with Collision Detect on a Bus
3. Token Passing on a Bus
4. Practicalities
6. LAN Operating Systems
7. Physical Aspects
1. Connecting LANs
2. Cable Topology
3. Structured Cabling
4. Wiring Centre Intelligence
8. Future Trends
9. Conclusions
62. Distributed Systems
    John Sherwood
1. What is a Distributed System?
1. Definition
2. Open Systems Interconnection
3. Geographical Distribution
2. Applications of Distributed System
1. File Transfer and Message Handling
2. Electronic Funds Transfer
3. Electronic Data Interchange
3. Risks in Distributed Systems
1. What is Risk?
2. Loss of Availability
3. Loss of Integrity
4. Loss of Confidentiality
4. Design Goals in Distributed Systems
1. Balancing the Requirements
2. Usability
3. System Management
5. Security Policy for Distributed System Management
1. What a Security Policy Statement Contains
2. Access Control
3. Identity Verification
4. Change Control
5. System Management
6. Architectural Approaches to Security
1. Network Architectures
2. Layered Application Architectures
3. The User Interface
4. The Applications Interface
7. Applying Cryptography for Distributed System Security
1. Cryptography and Message Security
2. Digital Signatures and Digital Envelopes
3. Improvements to the Scheme
4. Applying Cryptography for Identity Verification
8. International Standards for Distributed System Security
9. Case Study
1. System Description
2. The Solution Implementation
10. Integrating Security into Distributed Systems
11. Conclusions
63. Building Secure Systems
    John Checkley
1. Introduction
2. Computer Crime
3. Secure Systems
1. Getting The Basics Right
2. Assessing the Risk
3. Dangers of 'Bolt-on' Security Products
4. Resource Management Security
5. Building Security into the Application
1. Modularity
2. Security Services
3. Security Management Modules
4. Security Hardware
5. Decoupling Hardware and Software
6. Using Security Architectures
7. Securing the Total Environment
6. Security Management
1. Audit Log
2. Key Management
7. Conclusions
64. Trusted Systems
    Peter G. Neumann
1. Introduction
1. Access Controls Revisited
2. Multi-level Controls
3. Problems with Access Controls
2. Vulnerabilities and Their Misuse
3. Security Risks
4. Security Requirements
5. Trusted System Criteria
1. TCSEC
2. ITSEC
3. Comparison of TCSEC and ITSEC
4. Implications
6. Trusted Systems
1. Trusted Computing Base
2. Trusted Guards
3. Trusted Distributed Systems
7. Layered Requirements and TCBs
1. Layer 2: Airline reservation system
2. Layer 1: Database security
3. Layer 0: Operating system security
8. Trusted System Development
9. Conclusions
65. Fault-Tolerant Computing
    Carl Weber & Alan Goodman
1. Availability
2. History
3. Confidentiality
1. Banking System
2. Manufacturing
4. Fail-Safe Systems
1. Lockstep Systems
2. Loosely Coupled Systems
3. Inflight Systems
4. Comparison of Fail-Safe Systems
5. Threats to Availability
1. Other Problems
6. Integrity
7. Conclusions
66. Backup Procedures, Large Computers
    Jerome Lobel
1. Introduction
2. Background
3. Backup and Recovery
4. Backup and Disaster Recovery Questionnaire
5. Computer Hardware Recovery and Site Selection
6. Software and Data File Backups
7. Backup Power Supply
8. Off-Site Storage
9. Departmental and Minicomputer Backup
10. Recovery Plans and Procedures
11. Recovery Reliability and Testing
1. Simulation
2. Remote Testing
12. Telecommunications Recovery
13. Conclusions
1. Distributed System Network Backup Questionnaire
1. Part 1 — Network Organisation (Physical)
2. Part 2 — Network Organisation (Logical)
3. Part 3 — Network Criticality
2. Backup and Disaster Recovery Questionnaire
3. Disaster Recovery Plan Checklist
1. Overview
2. Emergency Phase
3. Backup Operation Phase
4. Data Centre Restoration Phase
5. Check List Addendum

An attempt to create the absolute book about IT-security (etc.). Every professional should have at least tried to read it.