***** Cyber Threat Levels Response Handbook. By James P. Litchko, Ron Lander, CPP, and Lew Wagner, CPP. Published by Know Book Publishing, www.knowbookpublishing.com (Web); 72 pages; $19.95.
More than four years after the Homeland Security Advisory System was unveiled by the U.S. government, many organizations still lack a program of security measures pegged to specific alert levels. In the information systems sphere, this book can help. It is a highly effective handbook designed for both public and private organizations and all levels of law enforcement. It gives guidance on how they should modify their respective security postures to meet a declared alert condition.
The handbook provides a list of actions that IT and security managers can implement for the security of their computer systems depending on the threat level. Actions address 17 basic security components, such as antivirus software, intrusion-detection software, and patch-management software. Color-coded tabs help the reader match threat levels to action items. In addition, the guide explains who should be responsible for implementing each action.
Surprisingly, the authors fail to mention the Department of Defense’s Information Operations Conditions (INFOCONS), which are similar to what the authors present. The INFOCONS program, in operation for years at DoD, uses a similar type of action list, which should be referenced and compared in future editions of this book.
As a quick reference, this is a solid guide for coordinating response to cyber incidents. Clear and concise, it makes an oft-intimidating process manageable.
Reviewer: David O. Best, CPP, CBM (Certified Business Manager), is a principal security analyst with ManTech Security and Mission Assurance at the Los Angeles Air Force Base in El Segundo, California. He is a member of ASIS International.