Contents ◾ xiii
Lessons Learned............................................................................................212
Transition Control Objec tive s ................................................................................212
Rapid Response...............................................................................................................214
Incident Response Procedures ................................................................................215
Automated Respons e s ............................................................................................217
Nonincident-Related Response Procedures (Reporting) .........................................218
Reporting as a Response .........................................................................................218
Rapid Response Drivers and Benefi ts .....................................................................219
Response Challenges ..............................................................................................221
Response Success Factors and Lessons Learned ......................................................221
Response Control Objectives ................................................................................ 223
Conclusion .....................................................................................................................223
12 Keep Your Enemies Closer........................................................................................225
Introduction................................................................................................................... 225
Hire a Hacker Objectives ............................................................................................... 227
Off ensive Objectives ............................................................................................. 227
How to Use is Tactic for Off ense ...................................................................... 228
Defensive Objectives ............................................................................................. 229
How to Use is Tactic for Defense ...................................................................... 230
Summary ...............................................................................................................231
e Hire a Hacker Controversy ......................................................................................231
Success Factors and Lessons Learned ..............................................................................233
Control Objectives ..........................................................................................................233
Countering Insider reats (Malicious Insider)..................................................... 234
Competent Supervision .........................................................................................235
Supervisor Attributes ................................................................................... 236
Supervisory Attributes ................................................................................. 238
Employee Screening ......................................................................................241
Target Retaliation ..................................................................................................245
Target Deception ...................................................................................................247
Malicious Code Implantation ...................................................................... 248
Conclusion ......................................................................................................................251
13 Hire a Hessian (Outsourcing)...................................................................................253
Introduction....................................................................................................................253
Security in the Outsourcing of IT Services ..................................................................... 254
Outsourcing Pros—Benefi ts ...................................................................................255
Outsource Cons—Challenges................................................................................255
Success Factors and Lessons Learned......................................................................256
Outsourcing Control Objectives ............................................................................257
Security in the Outsourcing of Security Services .............................................................261
Commonly Outsourced Services ............................................................................261
Security Auditing..........................................................................................261
Penetration Testing, Vulnerability Assessment ............................................. 262
Systems Monitoring ..................................................................................... 262
Incident Support .......................................................................................... 263
TAF-K11348-10-0301-C000toc.indd xiiiTAF-K11348-10-0301-C000toc.indd xiii 8/18/10 3:20:00 PM8/18/10 3:20:00 PM