List of Exhibits

Chapter 1: Risk Management

Exhibit 1: Laws Affecting Industries

Exhibit 2: Example of Simple Gantt Chart

Exhibit 3: Example of Simple Critical Path Method Chart

Exhibit 4: Sample Questionnaire

Exhibit 5: Risk Assessment Schedule

Exhibit 6: Information Classification Schedule

Exhibit 7: Asset Protection Schedule

Exhibit 8: Risk Assessment Report

Chapter 2: Policies and Procedures

Exhibit 1: Policy Format

Exhibit 2: Sample Acceptable E-Mail Use Policy Language

Exhibit 3: Sample E-Mail Retention Policy

Exhibit 4: Expectation of Privacy

Exhibit 5: Waiver of Privacy Rights

Exhibit 6: No User Privacy in Communications

Exhibit 7: Automated User Monitoring

Exhibit 8: Privacy Statement

Exhibit 9: Electronic Privacy Statement

Exhibit 10: Language Use in Communications

Exhibit 11: Copyright Sample

Exhibit 12: Software Copyright Sample

Exhibit 13: Proprietary and Sensitive Information Sample

Exhibit 14: Employee Responsibility Statement

Exhibit 15: Sending Unsolicited E-Mail or Spam

Exhibit 16: Attorney-Client E-Mail Footer Sample

Exhibit 17: Attorney-Client E-Mail

Exhibit 18: Employee Responsibility for Entry Methods

Exhibit 19: Password Maintenance

Exhibit 20: Employee-Installed Software and Storage Media Use

Exhibit 21: Entry Notice Banner

Exhibit 22: Log-In Banner Policy

Exhibit 23: System Development Policy

Exhibit 24: Workplace Safety Policy

Exhibit 25: Forensics Examination Policy

Exhibit 26: Protecting Employee Personal Information Policy

Exhibit 27: Multiple or Dual-Homed Firewall Policy

Exhibit 28: Screened Sub-Network Policy

Exhibit 29: Firewall Administration Policy

Exhibit 30: Firewall Administrator Policy

Exhibit 31: Firewall Administration Policy

Exhibit 32: Firewall Backup Policy

Chapter 3: Auditing

Exhibit 1: Management Functions

Exhibit 2: Application Functions

Exhibit 3: Document Flowchart

Exhibit 4: Data Flowchart

Exhibit 5: System Flowchart

Exhibit 6: Program Flowchart

Exhibit 7: Audit Management Plan for Firewall Administration Unit

Exhibit 8: Backup and Data Recovery Audit Program

Exhibit 9: Audit Report for XYZ Corporation Backup and Recovery Unit

Exhibit 10: General Controls Review for IT Department

Exhibit 11: Packet Filtering Security Table

Exhibit 12: Domain Registration Queries

Exhibit 13: SamSpade

Exhibit 14: SuperScan

Exhibit 15: Sample Output of Nmap

Exhibit 16: Sample of Nmap Results

Exhibit 17: C:\ netstat -na

Exhibit 18: Localhost #nmap -O -sS

Exhibit 19: [bash] $ nslookup

Exhibit 20

Exhibit 21: Vulnerability Scanners

Exhibit 22: Nessus Plugins

Exhibit 23: Nessus Preferences

Exhibit 24: Nessus Plugin Families

Exhibit 25: Nessus Report Sample

Exhibit 26: Nessus Scan Options

Exhibit 27: Automated Vulnerability Sample Finding Report

Exhibit 28: Firewall Policy Sample

Exhibit 29: Typical Wireless System

Exhibit 30: Wilbur Configuration

Exhibit 31: Wilbur Options

Chapter 4: Critical Incident Response and CIRT Development

Exhibit 1: IP Address Blocks

Exhibit 2: CIDR Addressing Blocks

Exhibit 3: Chain of Custody Schedule

Exhibit 4: BIOS Access Information

Exhibit 5: Typical Disk Geometry

Exhibit 6: Relative Addressing

Exhibit 7: Typical Floppy Disk Geometry

Exhibit 8: Partitions and Cluster Sizes

Exhibit 9: Boot Utilities

Exhibit 10: Netstat Connections

Exhibit 11: Common Activity Codes

Exhibit 12: IP Resolution in SamSpade

Exhibit 13: SamSpade Tools

Exhibit 14

Chapter 5: Legal Matters

Exhibit 1

Exhibit 2

Chapter 6: Privacy

Exhibit 1: Sample Web Site Privacy Statement