- ホーム
- > 洋書
- > 英文書
- > Computer / General
基本説明
Embraces a new "all-hazards approach" to homeland security, critical infrastructure protection and assurance, and emergency management.
Full Description
Since the initial inception of this book, there have been significant strides to safeguard the operations of our world's infrastructures. In recent years, there has also been a shift to more fluid postures associated with resilience and the establishment of redundant infrastructure. In keeping with the fast-changing nature of this field, Critical Infrastructure: Homeland Security and Emergency Preparedness, Third Edition has been revised and updated to reflect this shift in focus and to incorporate the latest developments. The book begins with the historical background of critical infrastructure and why it is important to society. It then explores the current trend in understanding the infrastructure's sensitivity to impacts that flow through its networked environment. Embracing an "all-hazards approach" to homeland security, critical infrastructure protection and assurance, and emergency management, the authors examine:The National Response Framework (NRF) and how it can be applied globallyThe relationships between the public and private sectors, and the growing concept of public-private partnershipsThe shift from the need-to-know paradigm to one based on information sharing, and the nature of necessary controls as this shift continuesThe need for organizations to adopt resilient planning, implementation, and decision-making processes in order to respond to changes within the threat environmentWhat, where, why, and how risk assessments are to be performed, and why they are neededThe impact of new regulation, individually applied self-regulation, industry and government regulation, and law enforcementIn the final chapters, the book discusses current information sharing and analysis centers (ISACs), distributed control systems, and supervisory control and data acquisition (SCADA) systems and their challenges. It concludes by exploring current challenges associated with establishing a trusted network across various sectors-demonstrating how models of information can be categorized and communicated within trusted communities to better assure the public-private relationship.
Contents
Introduction to Critical Infrastructure Assurance and Protection What Is Critical Infrastructure? What Is the Private Sector? What Is the Public Sector? What Is CIP? What Is CIA? What Are Public-Private Partnerships? Critical Infrastructure Functions Evolution of Critical Infrastructure Demand, Capacity, Fragility, and the Emergence of Networks What Are We Trying to Protect? The Concept of Capacity Demand: The Reason for Capacity At the Regional (Small System) Level Cyberterrorism Dissolution and Convergence: An Emerging Risk Marking the JourneyBeyond National FrameworksMeeting the Dragons on the MapWho Owns the Treasure?What Value?Target AudiencesApplying the NRF to National Response EffortsHow Does the NRF Tie in with Local Activities?Areas of Potential Risk or ConcernPublic-Private PartnershipsWhat Is a Public-Private Partnership (P)?The P SpectrumEstablishment of New CapacityMaintenance of Existing CapacityNetworked User Fees and the Need for OversightOther Forms of Public-Private Cooperation and the Erosion of GovernanceBalancing PointsThe Reinvention of Information Sharing and IntelligenceData vs Information vs IntelligenceThe Importance of Background to ContextContext Affecting SensitivityEnter the CloudThe Cloud as an AmplifierClouds and Concealed Conduits Linking the Trusted Computing Base and User CommunitiesBarriers to Information SharingThe Rise of Open SourcesOpen-Source Information and IntelligenceAn Approach to Information Sharing-The Consequence-Benefit RatioEmergency Preparedness and ReadinessThe Rise of Core OfficesFirst ResponderFirst Responder ClassificationsGuideline ClassificationsExample: North American Emergency Response GuidebookAwareness-Level GuidelinesPerformance-Level GuidelinesOperational Levels DefinedLevel A: Operations LevelLevel B: Technician LevelKnow Protocols to Secure, Mitigate, and Remove HAZMAT Additional Protective MeasuresUnderstand the Development of the IAPKnow and Follow Procedures for Protecting a Potential Crime SceneKnow Department Protocols for Medical Response PersonnelNational Fire Prevention Association OSHA Hazardous Waste Operations and Emergency ResponseSkilled Support PersonnelSpecialist EmployeeDOT HAZMAT ClassificationsImportance of Implementing an Emergency Response PlanSecurity Vulnerability AssessmentWhat Is a Risk Assessment?Methods of Assessing RiskThreat Risk EquationsComparison of Quantitative vs Qualitative Risk AssessmentsChallenges Associated with Assessing RiskOther Factors to Consider When Assessing RiskWhat Is an SVA?Reasons for Having an SVAWhat Is a Threat?What Is Vulnerability?CountermeasuresVulnerability Assessment FrameworkReasons for Using the VAFFederal Information Systems Control Auditing ManualGeneral Methodologies of FISCAM AuditingWhat Are General Controls?What Are Application Controls?Caveats with Using an SVAHow the SVA Is UsedAudience of an SVAInitial SVA PlanNecessary Steps of an SVACritical Success FactorsVAF MethodologyInitial Steps of the VAFVAF Step 1: Establish the Organization MEIVAF Step 2: Gather Data to Identify MEI VulnerabilitiesVAF Step 3: Analyze, Classify, and Prioritize VulnerabilitiesRegulationsThe Role of Oversight The Effect of GlobalizationConventions, Laws, and RegulationsGuidance and Best PracticesPrescriptive vs Performance BasedImpact on Criminal, Administrative, and Civil LawPotential Abuses of Authority and CredibilityGovernment vs Industry Self-RegulationKnowledge Gaps Arising from Performance-Based RegulationPredictability in Prescriptive Systems: A Systemic VulnerabilityInformation Sharing and Analysis CentersWhat Is a Critical Infrastructure Asset?What Is an ISAC?Advantages of Belonging to an ISACAccess to ISAC InformationExpanded ISAC ServicesSurface Transportation ISACSupply Chain ISACPublic Transit ISACAmerican Public Transportation AssociationAssociation of American RailroadsTransportation Technology Center, IncRailincWater ISACAssociation of State Drinking Water AdministratorsWater Environment Research FoundationAssociation of Metropolitan Water AgenciesAssociation of Metropolitan Sewage AgenciesNational Association of Water CompaniesAmerican Water Works AssociationAWWA Research FoundationFinancial Services ISACScience Applications International CorporationElectricity Sector ISACEmergency Management and Response ISACInformation Technology ISACNational Coordinating Center for TelecommunicationsCommunications Resource Information SharingGovernment Emergency Telecommunications ServiceTelecommunications Service Priority Shared Resources High Frequency Radio ProgramNetwork Reliability and Interoperability CouncilNational Security Telecommunications Advisory CommitteeWireless Priority ServicesAlerting and Coordination NetworkEnergy ISACEnergy Sector Security ConsortiumChemical Sector ISACChemical Transportation Emergency Center (CHEMTREC (R))Healthcare Services ISACHighway ISACCargo Theft Information Processing SystemAmerican Trucking AssociationsHighwayWatch (R)Food and Agriculture ISACFoodSHIELDFood Marketing InstituteMultistate ISACISAC CouncilWorldwide ISACReal Estate ISACThe Real Estate RoundtableResearch and Educational Networking ISACBiotechnology and Pharmaceutical ISACMaritime ISACMaritime Security CouncilMarine Transportation System National Advisory CouncilSupervisory Control and Data AcquisitionWhat Are Control Systems?Types of Control SystemsComponents of Control SystemsVulnerability Concerns about Control SystemsAdoption of Standardized Technologies with Known VulnerabilitiesConnectivity of Control Systems to Unsecured NetworksImplementation Constraints of Existing Security TechnologiesInsecure Connectivity to Control Systems Publicly Available Information about Control SystemsControl Systems May Be Vulnerable to AttackConsequences Resulting from Control System CompromisesWardialingWardrivingWarwalkingThreats Resulting from Control System AttacksIssues in Securing Control SystemsMethods of Securing Control SystemsTechnology Research Initiatives of Control SystemsSecurity Awareness and Information Sharing InitiativesProcess and Security Control InitiativesSecuring Control SystemsImplement Auditing ControlsDevelop Policy Management and Control MechanismsControl Systems Architecture DevelopmentSegment Networks between Control Systems and Corporate EnterpriseDevelop Methodologies for Exception TrackingDefine an Incident Response PlanSimilarities between SectorsUS Computer Emergency Readiness Team CSSPControl Systems Cyber Security Evaluation Tool (CSET)SCADA Community ChallengesThe Future of SCADASCADA ResourcesCritical Infrastructure InformationWhat Is Critical Infrastructure Information?How Does the Government Interpret CII?Exemption 3 of the FOIAExemption 4 of the FOIASection 214 of the Homeland Security ActEnforcement of Section 214 of the Homeland Security ActWhat Does "Sensitive but Unclassified" Mean?Information Handling ProceduresFreedom of Information ActNeed to Know"For Official Use Only"Enforcement of FOUO InformationReviewing Web Site ContentExport-Controlled InformationEnforcement of Export-Controlled InformationSource Selection DataEnforcement of Source Selection DataPrivacy InformationEnforcement of Privacy InformationUnclassified Controlled Nuclear InformationEnforcement of UCNICritical Energy Infrastructure InformationEnforcement of CEIIControlled Unclassified InformationLessons Learned ProgramsInfraGardSensitive Unclassified Nonsafeguards Information (SUNSI)Safeguards Information (SGI)GlossaryAppendixIndex
