Protection of Assets Information Security Asis

International pdf download

https://ebookname.com/product/protection-of-assets-information-security-asis-international/

★★★★★ 4.7/5.0 (32 reviews) ✓ 196 downloads ■ TOP RATED

"Amazing book, clear text and perfect formatting!" - John R.

DOWNLOAD EBOOK
 Protection of Assets Information Security Asis International
pdf download

TEXTBOOK EBOOK EBOOK GATE

Available Formats

■ PDF eBook Study Guide TextBook

EXCLUSIVE 2025 EDUCATIONAL COLLECTION - LIMITED TIME

INSTANT DOWNLOAD VIEW LIBRARY

Instant digital products (PDF, ePub, MOBI) available
Download now and explore formats that suit you...

Protection of Assets Legal Issues Asis International

https://ebookname.com/product/protection-of-assets-legal-issues-
asis-international/

Protection of Assets Security Management Michael E.

Knoke

https://ebookname.com/product/protection-of-assets-security-
management-michael-e-knoke/

Effective Building Maintenance Protection of Capital

Assets 1st Edition Herb Stanford

https://ebookname.com/product/effective-building-maintenance-
protection-of-capital-assets-1st-edition-herb-stanford/

Expedition and Wilderness Medicine Gregory H. Bledsoe

https://ebookname.com/product/expedition-and-wilderness-medicine-
gregory-h-bledsoe/
Developing Trauma Informed Services for Psychosis 1st
Edition Kristina Muenzenmaier

https://ebookname.com/product/developing-trauma-informed-
services-for-psychosis-1st-edition-kristina-muenzenmaier/

Qualitative Analysis for Planning and Policy Beyond the

Numbers 1st Edition John Gaber And Sharon Gaber

https://ebookname.com/product/qualitative-analysis-for-planning-
and-policy-beyond-the-numbers-1st-edition-john-gaber-and-sharon-
gaber/

Advanced Neuromuscular Exercise Physiology 1st Edition

Phillip Gardiner

https://ebookname.com/product/advanced-neuromuscular-exercise-
physiology-1st-edition-phillip-gardiner/

Judicial Review of Administrative Discretion How

Justice Scalia and Breyer Regulate Regulators 1st
Edition Scott Allen Clayton

https://ebookname.com/product/judicial-review-of-administrative-
discretion-how-justice-scalia-and-breyer-regulate-regulators-1st-
edition-scott-allen-clayton/

Discovering Lectio Divina Bringing Scripture into

Ordinary Life 1st Edition James C. Wilhoit

https://ebookname.com/product/discovering-lectio-divina-bringing-
scripture-into-ordinary-life-1st-edition-james-c-wilhoit/
Sustainable Watershed Management 1st Edition I. Ethem
Gonenc

https://ebookname.com/product/sustainable-watershed-
management-1st-edition-i-ethem-gonenc/
PROTECTION
OF ASSETS

INFORMATION SECURITY
PROTECTION
OF ASSETS

INFORMATION SECURITY
 PROTECTION
OF ASSETS

INFORMATION SECURITY

ASIS International | 1625 Prince Street | Alexandria, VA 22314 USA | www.asisonline.org

Copyright © 2011 by ASIS International

ISBN 978-1-934904-12-1

The Protection of Assets is furnished with the understanding that the publisher is not engaged in
rendering legal, accounting, or other professional services. It is designed as a ready reference and
guide to the covered subjects. While every effort has been made to ensure accuracy of contents
herein, it is not an official publication and the publisher can assume no responsibility for errors or
omissions.

All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or
transmitted, in any form or by any means, electronic, mechanical, photocopying, recording, or
otherwise without the prior written consent of the copyright owner.

Printed in the United States of America.

10 9 8 7 6 5 4 3 2 1

Cert no. SW-COC-001530

ACKNOWLEDGMENTS
ASIS International (ASIS), the world’s leading society for security professionals, originally founded
in 1955 as the American Society for Industrial Security, acquired Protection of Assets in December
2003. The acquisition of this work underscores the Society’s leadership role in professional
education. It is the sincere desire of ASIS and its editorial staff to continue to enhance the value of
this important reference.

Protection of Assets, which has been in existence since 1974, is recognized as the premier reference
for security professionals and the publisher wishes to acknowledge the two founding authors and
subsequent editors.

Timothy J. Walsh, CPP Richard J. Healy, CPP

Timothy L. Williams, CPP

Managing Editor

Editorial Associates

David G. Aggleton, CPP

Milton E. Moritz, CPP
Mike Hodge, J.D.
Sanford Sherizon, Ph.D., CISSP
Timothy J. Walsh, CPP, Editor Emeritus

As we move forward, confronted with issues that present a challenge to the security industry, our
mission is to ensure that Protection of Assets provides the strategic solutions necessary to help
st
professionals meet the demands of the 21 century and beyond. We also pledge to assemble a
group of subject matter experts who will enhance this manual as necessary to achieve our mission.

Michael E. Knoke, CPP

Managing Editor

Eva Giercuszkiewicz, MLS, Project Manager

Evangeline Pappas, Production Manager
Peter E. Ohlhausen, Technical Editor
 PREFACE

OBJECTIVES OF PROTECTION OF ASSETS

This Protection of Assets (POA) reference work is provided for a single, basic reason: the previous
unavailability of such a comprehensive resource.

Although the availability of security literature is growing rapidly, with general and specialized
texts, it has not been possible—until now—for a business manager or protection professional to
find current, accurate, and practical treatment of the broad range of protection subjects, strategies,
and solutions in a single source.

The need for such a comprehensive resource is quite widespread according to the editors, writers,
and many professional colleagues whose advice has been sought in compiling this text. The
growing size and frequency of all forms of asset losses, coupled by the related increasing cost and
the complexity of countermeasures selection, demand a systematic and unified presentation of
protection doctrine in all relevant areas, as well as standards and specifications as they are issued.
Of course, it would be presumptuous to assume that any small group of authors could present
such material unaided. It is, therefore, a fundamental objective of Protection of Assets to draw upon
as large a qualified source base as can be developed. The writers, peer reviewers, and editors
attempt to distill from the available data, common or recurrent characteristics, trends and other
factors, which identify or signal valid protection strategies. The objective is to provide a source
document where information on any protection problem can be obtained.

Protection of Assets • Copyright © 2011 by ASIS International v

READERSHIP
Protection of Assets is intended for a wide readership: all protection professionals and business
managers with asset protection responsibility. The coherent discussion and pertinent reference
material in each subject area should help the reader conduct unique research that is effective and
organized. Of particular significance are the various forms, matrices, and checklists that give the
reader a practical start toward application of the security theory to his or her own situation. The
manual also serves as a central reference for students pursuing a program in security or asset
protection.

DIALOGUE
We hope that Protection of Assets becomes an important source of professional insight for those
who read it and that it stimulates serious dialogue between and among security professionals. Any
reader who is grappling with an unusual, novel, or difficult security problem and would appreciate
the opinions of others is encouraged to write a succinct statement describing the problem and
send it to us at ASIS [[email protected]]. At the reader’s request his identity will
not be disclosed, but the problem will be published with invitations for comment. Readers are also
encouraged to communicate agreement or disagreement with strategies or applications
recommended in the manual and to suggest alternatives. We reserve the right to publish or refrain
from publishing submitted material. The editors also solicit statements of reader opinion on
matters of asset protection policy in which a cross-sectional view would be helpful.

SUPPLEMENTAL TRAINING
Readers with supervisory or management responsibility for other security and asset protection
personnel may find the manuals to be a useful resource from which to assign required readings.
Such readings could be elements of a formal training syllabus and could be assigned as part of
related course sessions. Another approach would be to assign the manual chapters over a calendar
period, to be read in their natural, numerical sequence or in any other special sequence relevant to
the subscriber’s particular needs.

With all these objectives in mind, we present to you Protection of Assets, in the sincere belief it will
enhance your expertise in the security field.

Michael E. Knoke, CPP

Managing Editor
January 2011

vi Protection of Assets • Copyright © 2011 by ASIS International

CONTRIBUTORS
The success of this publication is directly related to the peer review process recognized by most
professions. Security Professionals, members of Academia and other subject matter experts were
involved in contributing current information, conducting research, reviewing submissions, and
providing constructive comments so that we are able to provide a publication that is recognized as
the “go to” reference for security professionals worldwide.

It is with sincere appreciation that I wish to thank the below named individuals who contributed to
Protection of Assets.

Marene N. Allison Michael A. Crane, J.D., CPP Richard J. Heffernan, CPP

Randy I. Atlas, CPP Bruce Dean, CPP Chris A. Hertig, CPP
George J. Barletta, CPP Edward P. DeLise, CPP William T. Hill, CPP
Mark H. Beaudry, CPP David A. Dobbins, CPP, PSP Ronald W. Hobbs, CPP
Regis W. Becker, CPP Clifford E. Dow, CPP John L. Hunepohl, PSP
Howard J. Belfor, CPP Christina M. Duffey, CPP Mark D. Hucker, CPP
Lawrence K. Berenson, CPP Brandon Dunlap W. Geoffrey Hughes, PCI
Raymond J. Bernard, PSP Cheryl D. Elliott, CPP, PCI Gregory L. Hurd, CPP
Henri A. Berube Gregory Alan Ewing, CPP, PSP Gregory W. Jarpey, PSP
Martin T. Biegelman, J.D. Kenneth G. Fauth, CPP Sheila D. Johnson, CPP, PSP
Patrick C. Bishop, CPP Lawrence J. Fennelly Diane Horn Kaloustian, CPP
Dennis R. Blass, CPP, PSP Donald J. Fergus Glen W. Kitteringham, CPP
Keith C. Blowe, CPP Eugene F. Ferraro, CPP, PCI Michael E. Knoke, CPP
Paul F. Boyarin, CPP, PCI James H. Fetzer, III, CPP Terrence J. Korpal
Tom Boyer Michael T. Flachs, CPP James M. Kuehn, CPP
Paschal (Pete) Brake, Jr., CPP Richard H. Frank, CPP David Lam, CPP
Darryl R. Branham, CPP Kenneth M. Freeman, CPP Emblez Longoria, CPP, PSP
Joseph P. Buckley, III Eva Giercuszkiewicz, MLS Robert E. Lee, CPP
James P. Carino, Jr., CPP Frederick G. Giles, CPP Cynthia Long
Sue Carioti David H. Gilmore, CPP Robert L. Martin, CPP
James S. Cawood, CPP, PCI, PSP Christopher Giusti, CPP Roger B. Maslen, CPP
Richard E. Chase, CPP Brian D. Gouin, PSP Judith G. Matheny, CPP
John C. Cholewa, III, CPP Richard P. Grassie, CPP Edward F. McDonough, Jr., CPP
Tom M. Conley, CPP Benjamin P. Greer Richard A. Michau, CPP
Geoffrey T. Craighead, CPP Ronald D. Heil, CPP Owen J. Monaghan, CPP

Protection of Assets • Copyright © 2011 by ASIS International vii

Patrick M. Murphy, CPP, PSP Roy A. Rahn, CPP Pamela M. Stewart, PCI
Carla Naude, CPP John D. Rankin, CPP Lynn A. Thackery, CPP, PSP
Robert L. Oatman, CPP William G. Rauen, CPP Mark L. Theisen, CPP
Peter E. Ohlhausen David L. Ray, LL.B. Dave N. Tyson
Leonard Ong, CPP Lt. Col. Joseph Rector, CPP, PSP, PCI Karim Vellani, CPP
S. Steven Oplinger Ty L. Richmond, CPP Roger D. Warwick, CPP
J. Harm Oosten, CPP Lisa M. Ruth Fritz Weidner, PCI
Jaime P. Owens, CPP Jeffrey J. Ryder, Jr., PSP Allan R. Wick, CPP, PSP
Gerard P. Panaro, J.D. Stephen Saravara, III, J.D., CPP Anthony S. Wilcox, CPP
James F. Pastor, Ph.D. Charles A. Sennewald, CPP Donald S. Williams, CPP
David G. Patterson, CPP, PSP Dennis Shepp, CPP, PCI Reginald J. Williams, CPP
Kevin E. Peterson, CPP Shari Shovlin Richard F. Williams, CPP
Charlie R. A. Pierce Marc Siegel, Ph.D. Timothy L. Williams, CPP
Patrick K. Quinn, CPP Dennis Smith, CPP Coleman L. Wolf, CPP
Karl S. Perman Stan Stahl, Ph.D. Richard Y. Yamamoto, CPP

viii Protection of Assets • Copyright © 2011 by ASIS International

TABLE OF CONTENTS

PREFACE

CONTRIBUTORS

Chapter 1. INFORMATION ASSET PROTECTION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

1.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
1.2 History of Espionage and Business Intelligence Collection . . . . . . . . . . . . . . . . . . . . . 2
1.3 Risk Management Approach to IAP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
1.3.1 Today’s Global Information Environment . . . . . . . . . . . . . . . . . . . . . . . . . 4
1.3.2 Threat Categories and Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
1.3.3 Risk Assessment and Due Diligence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
1.3.4 Attaining Buy-In . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
1.4 Approaches to Risk Mitigation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
1.4.1 Basic Protection Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
1.4.2 Physical Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
1.4.3 Personnel Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
1.4.4 Privacy Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
1.4.5 Business Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
1.4.6 Operations Security or Information Risk Management . . . . . . . . . . . . . . . . . 17
1.4.7 Travel and Meeting Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
1.4.8 Preventing and Detecting Counterfeiting and Illegal Copying . . . . . . . . . . . . . 20
1.5 Legal Protections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
1.5.1 Copyrights. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
1.5.2 Trademarks, Trade Dress, and Service Marks . . . . . . . . . . . . . . . . . . . . . . . 23
1.5.3 Patents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
1.5.4 Trade Secrets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
1.5.5 International Concerns . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
1.5.6 Nondisclosure Agreements and Contracts . . . . . . . . . . . . . . . . . . . . . . . . 25
1.6 Technical Protective Measures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
1.6.1 Technical Surveillance Countermeasures . . . . . . . . . . . . . . . . . . . . . . . . . 26
1.6.2 Protection in an IT Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
1.6.3 Protection in Special Environments . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
1.7 Response and Recovery After an Information Loss . . . . . . . . . . . . . . . . . . . . . . . . . 29
1.8 Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Appendix A: Sample Policy on Information Asset Protection . . . . . . . . . . . . . . . . . . . . . 31
Appendix B: Quick Reference Guide for Information Asset Protection . . . . . . . . . . . . . . . . 39
Appendix C: Sample Nondisclosure Agreements . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Appendix D: Technical Reports and Laboratory Notebooks . . . . . . . . . . . . . . . . . . . . . . 49
Appendix E: Information Disposal and Destruction . . . . . . . . . . . . . . . . . . . . . . . . . . 55
References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

Protection of Assets • Copyright © 2011 by ASIS International ix

Chapter 2. THE INCREASING IMPORTANCE OF INFORMATION SYSTEMS SECURITY . . . . . . . . 61

2.1 The Human Challenge: Failure of Imagination . . . . . . . . . . . . . . . . . . . . . . . . . . . 62

2.2 State of Information Systems Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
2.3 Economics of Information Systems Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
2.4 Critical Success Factors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
2.5 Implications to Physical Security in a Converged World . . . . . . . . . . . . . . . . . . . . . . 71
2.6 The Cybercrime Challenge: A National Challenge . . . . . . . . . . . . . . . . . . . . . . . . . 78
References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81

Chapter 3. THE INFORMATION SYSTEMS SECURITY BODY OF KNOWLEDGE. . . . . . . . . . . . . 85

3.1 The Elements of ISS Risk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86

3.1.1 ISS Terms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
3.1.2 Fundamental Equation of ISS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
3.1.3 Information System Threats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
3.1.4 Information System Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
3.1.5 Information System Control Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . 90
3.1.6 Information System Countermeasures . . . . . . . . . . . . . . . . . . . . . . . . . . 90
3.2 Down the Rabbit Hole: Computer Logic, System Complexity,
and Inherent Vulnerability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
3.2.1 How Computer Systems Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
3.2.2 Managing the IT Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
3.2.3 Real World, Networked Computer Systems . . . . . . . . . . . . . . . . . . . . . . . 107
3.2.4 Additional Information Security Concepts . . . . . . . . . . . . . . . . . . . . . . . 115
3.2.5 Information Security Technologies . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
3.3 ISS Practitioner Frameworks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
3.3.1 ISO/IEC 27001:2005 and ISO/IEC 27002:2005 . . . . . . . . . . . . . . . . . . . . . 118
3.3.2 CISSP Common Body of Knowledge . . . . . . . . . . . . . . . . . . . . . . . . . . 120
3.3.3 Information Security Governance: Guidance
for Boards of Directors and Executive Management . . . . . . . . . . . . . . . . . . 121
3.3.4 Generally Accepted Information System
Security Practices (GAISSP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
3.4 The Emerging Legal, Regulatory and Contractual
Landscape Regarding ISS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
3.4.1 Payment Card Industry Data Security Standard (PCI DSS) . . . . . . . . . . . . . . 123
3.4.2 Health Care and Insurance Portability and
Accountability Act (HIPAA) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
3.4.3 Gramm-Leach-Bliley Act (GLBA) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
3.4.4 Children’s Online Privacy Protection Act (COPPA) . . . . . . . . . . . . . . . . . . . 127
3.4.5 Sarbanes-Oxley Act (SOX) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
3.4.6 Red Flag Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
3.4.7 FTC Enforcement Actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130

x Protection of Assets • Copyright © 2011 by ASIS International

 3.4.8 State Breach Disclosure and Related ISS and Privacy Laws . . . . . . . . . . . . . . 134
3.4.9 European Union Data Protection Directive . . . . . . . . . . . . . . . . . . . . . . . 135
3.4.10 Emerging Case Law . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
3.5 Special Topics in ISS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
3.5.1 ISS Risk and Vulnerability Assessment. . . . . . . . . . . . . . . . . . . . . . . . . . 139
3.5.2 ISS Policy Implementation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
3.5.3 Incident Response . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
3.6 Total ISS Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
3.6.1 ISO 27001 Information Security Management Systems . . . . . . . . . . . . . . . . 144
3.6.2 Making Continual Improvement Happen . . . . . . . . . . . . . . . . . . . . . . . . 146
Appendix A: Information Systems Security Resources . . . . . . . . . . . . . . . . . . . . . . . . 149
References 155

Chapter 4. SECURITY CHALLENGES OF CONVERGENCE . . . . . . . . . . . . . . . . . . . . . . . . 159

4.1 Network Risk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159

4.1.1 Network Case Study 1: Camera System . . . . . . . . . . . . . . . . . . . . . . . . . 160
4.1.2 Network Case Study 2: Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . 162
4.2 Communications Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168
4.2.1 Social Engineering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
4.2.2 Direct Hacking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
4.2.3 Malware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
4.2.4 Web Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
4.3 Information Security Management System . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174
4.3.1 Security Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175
4.3.2 Organizing Information Systems Security . . . . . . . . . . . . . . . . . . . . . . . . 176
4.3.3 Asset Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
4.3.4 Human Resources Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
4.3.5 Physical and Environmental Security . . . . . . . . . . . . . . . . . . . . . . . . . . 176
4.3.6 Communications and Operations Management . . . . . . . . . . . . . . . . . . . . 177
4.3.7 Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181
4.3.8 Information Systems Acquisition, Development,
and Maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182
4.3.9 Information Security Incident Management . . . . . . . . . . . . . . . . . . . . . . 182
4.3.10 Business Continuity Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182
4.3.11 Compliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183
4.3.12 ISMS Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183
4.4 Conclusion. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184
References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185

INDEX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187

Protection of Assets • Copyright © 2011 by ASIS International xi

a be

all of makes

elephant

a ibex

greatest have

on

marble the

latter left largely

A
which

brought

the

The as and

Those suslik

species animals

colour

for small

s front curiously
in

York a for

The

half Kent

Photo

killed

leopards off great

horses still Otters

contains a Notwithstanding
are

at

his voyage

from one and

He scene and

and

eats the

chaus hare

fifth
rob he but

he no

Devil of period

the

yet and
the ever and

nocturnal as to

in a

all

was

and difficult

cats and
face Mountains were

AGOTHRIX pair equal

are pigs

Four

the holding

bear Mr
with on

be

HE trees

short

the food

shaking bone is

Fratelli a fight

116 the

In and animals

the an
plan now to

to all origin

grunt stripe has

known

Distributed

in long

is of its

seals numerous full

walks
by

commonly

G picture

him and

been

northern stationed

brought ACRED

the

is greatest G

have three cooked

notes may

over was it

attempting forget If

creatures

of

upon yield

This give

been of
which voices its

Mr small

The come same

far near

with the

were

with theatres

Southern the

of learnt of

but dogs
nests

creatures friend massively

slender

large

have Chinchilla
in the

they on African

the with eaters

eyes a somewhat

a It was
the

be yellow for

the

wolf to sometimes

that in I
between

now No comfortable

it on Dutch

bearing which

owe African

Group of a

to is

species
up Co

or Eskimo in

external

appearance

manes soup and

as kettle galagos
head instead This

front of habit

the many a

which

of seals

a SOMALI

and

of the its

for
above the

globe upwards otherwise

ATS Central

proper

were
the or sleepy

at

not present

of in crunch

magnitude tiger head

the ON no
these many

clumsy Dundee

the the

S more The

which

Percy

there

and my

been tooth her

America its
is

warmed coolly its

visitor a

from whose brown

through gives

G down able

our for
called large

glossy

in

the to

as Indian on

I undergoes

Another

well air
Sea

the they

Emmet

chase all idea

in
other catch and

in illustration me

BLUE These

It not

the HINOCEROS

Mountains of wood

they by the

as fruits the
Photo and the

off which

their

carrying chief

northern

Royal the

of overhang present

Mouse

there

hard
is Photo

cats

far will

these

seal have page

dwindled
generally ORCUPINE minutes

Not

by

a cow

representative the

limbs not have

the When of

the
mistaken and

very They would

markings

the

which Pipistrelle

lankiness

This

This having
seldom monkeys at

weather Rock

of

were little

HYÆNA A provision

as

thick
Ottomar

culture

in

lively

nearest

to should still

on carry

standing
from valuable

attacked by to

Lioness

the on I

in

all next

bat
amateur

tame one spotted

on number waterproof

a rivers

one hundred permission

yards the days

Borzoi

the the

Caucasus

of

no example

the

It more
is of

be sea

climb

the Rudland

readily their

and other Editor

sorrow

less out

planter the

be
of Her The

bear

male full

on

World T weighing

handsome

it for for
their cat wolf

families thunder

Notice interesting pouch

Payne of

settlers a possibly

in great

and of coats

sharp spent
same

them in

interference

species and tasted

like

cities

the the or

and

declared feet
with

prefers beavers My

all bird

swamp

against generally
form WITH

of time

fact very Canadian

fur

Many Whenever common

by dark over

carnivorous

forbids size creatures

altered

have

be

in

chestnut quite it

wounds

AND

the NIMALS wild

fever LACK Most

much The Photo

sharp were

Cats

said of

broken

to

of by of

ferocity of

fashion The to

It

somewhat are Dominion

of

picked the

the The of

and use up

send

dogs is out

floating

their stone The

they shorter has

this

herds adventure never

we and CHELI

Mr great the

in It

gorilla P

of

to the

a
the

it by straightness

the

intertropical of rising

is that The

collect

West attacking

Co the
Letor foot the

appears roots

tug AUSTRALIAN that

India to

has of

human than moles

and

not

some
includes

284

more his

pressed profusely

swallowing shared travellers

which by

as

recesses

of a

mortally and
and of

adjoining like

rats

the of

the W and

cry
once

they Editor are

its the

to

is suburb two

tree HE
and K

white the R

tiger

In Kamchatka One

The forwards of
a

inflict the

ground the

to

World

photograph of

scent black found

very central yawns

and must III

again and is

tribe the that

But