ebook download (eBook PDF) Management of Information Security 6th Edition all chapter

(eBook PDF) Management of
Information Security 6th Edition

Go to download the full and correct content document:
https://ebooksecure.com/product/ebook-pdf-management-of-information-security-6th-
edition/
More products digital (pdf, epub, mobi) instant
download maybe you interests ...
Management of Information Security 6th Edition Michael

E. Whitman - eBook PDF
https://ebooksecure.com/download/management-of-information-
security-ebook-pdf/
(eBook PDF) Management of Information Security 5th

Edition
http://ebooksecure.com/product/ebook-pdf-management-of-
information-security-5th-edition/
Principles of Information Security 6th Edition Whitman

- eBook PDF
https://ebooksecure.com/download/principles-of-information-
security-ebook-pdf/
(Original PDF) Principles of Information Security 6th

by Michael E. Whitman
http://ebooksecure.com/product/original-pdf-principles-of-
information-security-6th-by-michael-e-whitman/
(eBook PDF) Principles of Information Security 5th
Edition
http://ebooksecure.com/product/ebook-pdf-principles-of-
information-security-5th-edition/
Elementary Information Security, 3rd Edition (eBook

PDF)
http://ebooksecure.com/product/elementary-information-
security-3rd-edition-ebook-pdf/
Principles of Information Security 7th Edition Michael

E. Whitman - eBook PDF
https://ebooksecure.com/download/principles-of-information-
security-ebook-pdf-2/
Computer and Information Security Handbook - eBook PDF
https://ebooksecure.com/download/computer-and-information-
security-handbook-ebook-pdf/
(eBook PDF) Information Security: Principles and

Practices 2nd Edition
http://ebooksecure.com/product/ebook-pdf-information-security-
principles-and-practices-2nd-edition/
INFORMATION SECURITY
MANAGEMENT OF
INFORMATION SECURITY
Sixth Edition
Michael E. Whitman
Herbert J. Mofford
www.7yec.com
Table of Contents
Ethics in lnfoSec .................................................................................................66

Ethics and Education ...................................................................................... 70
Deterring Unethical and Illegal Behavior ....................................................... 72
Professional Organizations and Their Codes of Conduct ............................. 74
Association for Computing Machinery (ACM) ............................................... 74
International Information Systems Security Certificatio n Consortium,
Inc. (!SC)• ..........................................................................................................75
SANS ................................................................................................................75
Informatio n Systems Audit and Control Associatio n (ISACA) ....................... 76
Informatio n Systems Security Association (ISSA) ......................................... 77
Information Security and Law..........................................................................78
Types of Law ................................................................................................... 78
Relevant U.S. Laws .......................................................................................... 79
International Laws and Legal Bodies ............................................................. 95
State and Local Regulations ............................................................................ 97
Standards Versus Law .................................................................................... 101
Policy Versus Law ......................................................................................... 104
Organizational Liability and the Management of Digital Forensics ......... 104
Key Law Enforcement Agencies ....................................................................105
Managing Digital Forensics .......................................................................... 109
Additional Reading ......................................................................................... 117
Chapter Summary........................................................................................... 117
Review Questions ........................................................................................... 118
Exercises .......................................................................................................... 119
Closing Case ..................................................................................................... 120
Discussion Questions ....................................................................................120
Ethical Decision Making ................................................................................120
Endnotes .......................................................................................................... 120
CHAPTER3
Governance and Strategic Planning for Security ............. 123
The Role of Planning....................................................................................... 125
Precursors to Planning................................................................................... 127
Strategic Planning ........................................................................................... 129
Creating a Strategic Plan .................................................................................131
Planning Levels .............................................................................................. 132
Planning and the CISO ................................................................................... 133
Information Security Governance ................................................................ 135
The ITGI Approach to Information Security Governance ............................. 136
NCSP Industry Framework for Information Security Governance ............... 138
www.7yec.com
Table of Contents vii
CERT Governing for Enterprise Security Implementation ........................... 140

ISO/IEC 27014: 2013 Governance of Information Security .............................. 143
Security Convergence .................................................................................... 145
Planning for Information Security Implementation ................................... 147
Implementing the Security Program using the SecSDLC.............................. 154
Chapter Summary........................................................................................... 164
Exercises .......................................................................................................... 165
Closing Case ..................................................................................................... 166
Discussion Questions .................................................................................... 167
Ethical Decision Making ................................................................................ 167
Endnotes .......................................................................................................... 167
CHAPTER4
Information Security Policy ................................................ 169
Why Policy? ...................................................................................................... 170
Policy, Standards, and Practices .................................................................... 175
Enterprise Information Security Policy ........................................................ 177
Integrating an Organization's Mission and Objectives into the EISP ........... 178
EISP Elements ................................................................................................ 178
Example EISP Elements ................................................................................ 180
Issue-Specific Security Policy ......................................................................... 183
Elements of the ISSP ...................................................................................... 185
Implementing the ISSP .................................................................................. 188
System-Specific Security Policy ..................................................................... 190
Managerial Guidance SysSPs ......................................................................... 191
Technical Specification SysSPs ...................................................................... 192
Guidelines for Effective Policy Development and Implement ation ......... 197
Developing Information Security Policy ....................................................... 197
Policy Distribution .........................................................................................198
Policy Reading ................................................................................................199
Policy Comprehension ...................................................................................199
Policy Compliance ........................................................................................ 200
Policy Enforcement ........................................................................................ 201
Policy Development and Implementation Using the SDLC .......................... 201
Software Support for Policy Administration ................................................ 206
Other Approaches to Information Security Policy Development ................ 207
SP 800-18, Rev. 1: Guide for Developing Security Plans
for Federal Information Systems .................................................................. 209
www.7yec.com
viii Table of Contents
A Final Note on Policy..................................................................................... 212

Add it ional Reading ......................................................................................... 213
Chapter Summary........................................................................................... 214
Exercises .......................................................................................................... 216
Closing Case ..................................................................................................... 217
Ethical Decisio n Making ................................................................................ 217
Endnotes .......................................................................................................... 218
CHAPTER 5
Developing the Security Program ...................................... 219
Organizing fo r Security .................................................................................. 220
Security in Large Organizations .................................................................... 225
Security in Medium-Sized Organizations ..................................................... 228
Security in Small Organizations .................................................................... 229
Placing Information Security Within an Organization ............................... 230
Components of the Security Program .......................................................... 241
Staffing the Security Function ...................................................................... 244
Informatio n Security Professional Credentials ............................................. 254
Entering the Information Security Profession .............................................. 265
Implementing Security Education, Train ing, and Awareness
(SETA) Programs .............................................................................................. 267
Security Education ........................................................................................ 269
Security Training ........................................................................................... 271
Security Awareness ....................................................................................... 278
Proj ect Management in Information Security ............................................ 286
Projects Versus Processes ............................................................................. 286
Organizatio nal Support for Project Management ........................................ 288
PMBOK Knowledge Areas ............................................................................. 289
Project Management Tools ............................................................................ 292
Chapter Summary........................................................................................... 297
Exercises .......................................................................................................... 299
Closing Case ..................................................................................................... 299
Discussion Questions ................................................................................... 299
Ethical Decisio n Making ............................................................................... 300
Endnotes .......................................................................................................... 300
www.7yec.com
Table of Contents
CHAPTER 6
Risk Management: Assessing Risk ..................................... 303
Introduction to the Management of Risk
in Information Security .................................................................................. 304
Knowing Yourself and Knowing the Enemy ................................................ 305
The Information Security Risk Management Framework ........................... 305
Roles of Communities of Interest in Managing Risk ................................... 308
Executive Governance and Support ............................................................. 308
Framework Design ......................................................................................... 312
Framework Implementation ......................................................................... 315
Framework Monitoring and Review ............................................................. 315
Continuous Improvement ............................................................................. 316
The Risk Management Process ..................................................................... 316
RM Process Preparation-Establishing the Context ...................................... 317
Risk Assessment: Risk Identification ............................................................ 319
Risk Assessment: Risk Analysis .................................................................... 343
Risk Evaluation .............................................................................................. 355
Risk Treatment/Risk Control .........................................................................359
Process Communications, Monitoring. and Review .....................................359
Chapter Summary........................................................................................... 360
Exercises .......................................................................................................... 361
Closing Case ..................................................................................................... 362
Ethical Decision Making ................................................................................362
Endnotes .......................................................................................................... 363
CHAPTER 7
Risk Management: Treating Risk ....................................... 365
Introduction to Risk Treatment .................................................................... 366
Risk Treatment Strategies ............................................................................. 368
Managing Risk ................................................................................................. 374
Feasibility and Cost -benefit Analysis ............................................................ 379
Other Methods of Establishing Feasibility ....................................................387
Alternatives to Feasibility Analysis .............................................................. 389
Recommended Alternative Risk Treatment Practices ...................................392
Alternative Risk Management Methodologies............................................ 393
The OCTAVE Methods ....................................................................................393
Microsoft Risk Management Approach ........................................................ 394
www.7yec.com
Table of Contents
FAIR ................................................................................................................ 395

ISO Standards for InfoSec Risk Management ............................................... 397
NIST Risk Management Framework (RMF) .................................................. 399
Other Methods .............................................................................................. 403
Selecting the Best Risk Management Model. ............................................... 404
Chapter Summary........................................................................................... 405
Exercises .......................................................................................................... 407
Closi ng Case ..................................................................................................... 408
Ethical Decision Making ............................................................................... 409
Endnotes .......................................................................................................... 409
CHAPTERS
Security Management Models ............................................ 411
Introduction to Blueprints, Frameworks,
and Security Models ....................................................................................... 412
Secur ity Management Models ...................................................................... 414
The ISO 27000 Series ..................................................................................... 414
NIST Security Publications ........................................................................... 420
Control Objectives for Information and Related Technology ...................... 428
Committee of Sponsoring Organizations ..................................................... 430
Information Technology Infrastructure Library ............................................ 431
Information Security Governance Framework ............................................. 431
Secur ity Architecture Models ........................................................................ 434
TCSEC and the Trusted Computing Base ...................................................... 434
Information Technology System Evaluation Criteria ................................... 437
The Common Criteria .................................................................................... 437
Access Control Models ................................................................................... 438
Categories of Access Controls ....................................................................... 440
Other Forms of Access Control ..................................................................... 446
Academic Access Control Models ................................................................. 447
Bell-LaPadula Confidentiality Mode l ........................................................... 447
Biba Integrity Model ..................................................................................... 448
Clark-Wilson In tegrity Model ....................................................................... 449
Graham-Denning Access Control Model. ..................................................... 450
Harrison-Ruzzo-Ullman Mode l ................................................................... 450
Brewer-Nash Model (Chinese Wall) ............................................................. 450
www.7yec.com
Table of Contents
Add itional Read ing ......................................................................................... 451

Chapter Summary........................................................................................... 451
Exercises .......................................................................................................... 453
Closing Case ..................................................................................................... 453
Endnotes .......................................................................................................... 454
CHAPTER 9
Security Management Practices ........................................ 457
Introduction to Security Practices ................................................................ 458
Security Employment Practices .................................................................... 459
H1nng ............................................................................................................ 459
Contracts and Employment .......................................................................... 462
Security Expectations in the Performance Evaluation ................................ 462
Termination Issues ....................................................................................... 463
Personnel Security Practices ......................................................................... 464
Security of Personnel and Personal Data ..................................................... 466
Security Considerations for Tem porary Employees,
Consultants, and Other Workers .................................................................. 466
Information Security Performance Measurement ..................................... 468
InfoSec Performance Management .............................................................. 469
Building the Performance Measurement Program ....................................... 471
Specifying InfoSec Measurements ................................................................ 473
Collecting lnfoSec Measurements ................................................................. 473
Implementing InfoSec Performance Measurement ..................................... 478
Reporting InfoSec Performance Measurements .......................................... 479
Benchmarking ................................................................................................. 481
Standards of Due Care/Due Diligence .......................................................... 482
Recommended Security Practices ................................................................ 483
Selecting Recommended Practices ............................................................... 484
Limitations to Benchmarking and Recommended Practices ....................... 485
Baselining ..................................................................................................... 486
Support for Benchmarks and Baselines ....................................................... 487
ISO Certification ............................................................................................ 489
Add itional Reading ......................................................................................... 490
Chapter Summary........................................................................................... 491
www.7yec.com
xii Table of Contents
Exercises .......................................................................................................... 493

Closing Case ..................................................................................................... 493
Endnotes .......................................................................................................... 494
CHAPTER 10
Planning for Contingencies ................................................. 497
Introduction to Contingency Planning ......................................................... 498
Fundamentals of Contingency Planning ...................................................... 500
Components of Contingency Planning ........................................................ 504
Business Impact Analysis ............................................................................. 506
Contingency Planning Policies ...................................................................... 513
Incident Response .......................................................................................... 513
Getting Started ............................................................................................... 514
Incident Response Policy ............................................................................... 516
Incident Response Planning .......................................................................... 517
Detecting Incidents ........................................................................................ 522
Reacting to Incidents .................................................................................... 526
Recovering from Incidents ........................................................................... 530
Disaster Recovery ........................................................................................... 538
The Disaster Recovery Process ..................................................................... 540
Disaster Recovery Policy ................................................................................ 541
Disaster Classification.................................................................................... 542
Planning to Recover .......................................................................................545
Responding to the Disaster ........................................................................... 546
Simple Disaster Recovery Plan ..................................................................... 546
Business Continuity ........................................................................................ 549
Business Continuity Policy ........................................................................... 550
Continuity Strategies ..................................................................................... 552
Timing and Sequence of CP Elements .......................................................... 554
Crisis Management ......................................................................................... 556
Business Resumption ..................................................................................... 558
Testing Contingency Plans............................................................................. 558
Final Thoughts on CP.................................................................................... 560
Chapter Summary........................................................................................... 561
www.7yec.com
Table of Contents xiii
Exercises .......................................................................................................... 563

Closing Case ..................................................................................................... 563
Endnotes .......................................................................................................... 564
CHAPTER 11
Security Maintenance ......................................................... 567
Introduction to Security Maintenance ......................................................... 568
Security Management Maintenance Models............................................... 569
NIST SP 800-100, Information Security Handbook:
A Guide for Managers ................................................................................... 569
The Security Maintenance Model ................................................................. 587
Add it ional Read ing ......................................................................................... 614
Chapter Summary........................................................................................... 614
Exercises .......................................................................................................... 616
Closing Case ..................................................................................................... 616
Endnotes .......................................................................................................... 617
CHAPTER 12
Protection Mechanisms ...................................................... 619
Introduction to Protection Mechanisms...................................................... 620
Access Controls and Biometrics .................................................................... 622
Managi ng Network Security .......................................................................... 630
Firewalls ......................................................................................................... 631
Intrusion Detection and Prevention Systems .............................................. 643
Wireless Networking Protection ................................................................... 647
Scanning and Analysis Tools ......................................................................... 651
Managing Server-Based Systems with Logging ............................................ 655
Managing Security for Emerging Technologies ........................................... 660
Cryptography................................................................................................... 662
Encryption Operations ................................................................................. 664
Using Cryptographic Controls ....................................................................... 671
Managing Cryptographic Controls ............................................................... 674
www.7yec.com
xiv Table of Contents

Chapter Summary........................................................................................... 677
Exercises .......................................................................................................... 679
Closi ng Case ..................................................................................................... 680
Endnot es .......................................................................................................... 681
GLOSSARY .................................................................................................. 683

INDE.X .......................................................................................................... 709
www.7yec.com
Preface
As global use of the Internet continues to expand, the demand
for and reliance on Internet-based information creates an
increasing expectation of access. Global commerce is reliant
on the Internet, which creates an increasing threat of attacks
on information assets and a need for greater numbers of
professionals capable of protecting those assets. With billions
of Internet users capable of accessing and attacking online
information from anywhere at any time, the threat of an attack
from individuals, criminals, and government entities grows daily.
To secure commerce and information assets from ever-
increasing threats, organizations demand both breadth and depth
of expertise from the next generation of information security
practitioners. These professionals are expected to have an optimal
mix of skills and experiences to secure diverse information
environments. Students of technology must learn to recognize
the threats and vulnerabilities present in existing systems.
They must also learn how to manage the use of information
assets securely and support the goals and objectives of their
organizations through effective information security governance,
risk management, and regulatory compliance.
Why This Text Was Written

This textbook strives to fulfill the need for a quality academic
textbook in the discipline of information security management.
While there are dozens of quality publications on information
security and assurance for the practitioner, few textbooks
provide the student with an in-depth study of information
security management. Specifically, those in disciplines such as
information systems, information technology, computer science,
criminal justice, political science, and accounting information
systems must understand the foundations of the management
of information security and the development of managerial
strategy for information security. The underlying tenet of this
textbook is that information security in th e modern organization
is a management problem and not one that technology alone
can answer; it is a problem that has important economic
consequences and one for which management is accountable.
www.7yec.com
xvi Preface
Approach
This book provides a managerial approach to information security and a thorough
treatment of the secure administration of information assets. It can be used to support
information security coursework for a variety of technology students, as well as for
technology curricula aimed at business students.
Certified Information Systems Security Professional, Certified Information
Security Manager, and NIST Comm on Bodies of Knowledge- As the authors are
Certified Information Systems Security Professionals {CISSP) and Certified Information
Security Managers {CISM), these knowledge domains have had an influence on the
design of this textbook. With the influence of the extensive library of information
available from the Special Publications collection at the National Institute of Standards
and Technology {NIST, at csrc.nist.gov), the authors have also tapped into additional
government and industry standards for information security management. Although
this textbook is by no means a certification study guide, much of the Common Bodies
of Knowledge for the dominant industry certifications, especially in the area of
management of information security; have been integrated into the text.
Overview
Chapter 1-lntroduction to the Management of Information Security
The opening chapter establishes the foundation for understanding the field of
information security by explaining the importance of information technology and
identifying who is responsible for protecting an organization's information assets.
Students learn the definition and key characteristics of information security, as well as
the differences between information security management and general management.
Chapter 2- Compliance: Law and Ethics

In this chapter, students learn about the legal and regulatory environment and its
relationship to information security. This chapter describes the major national and
international laws that affect the practice of information security, as well as the role of
culture in ethics as it applies to information security professionals. In this edition, the
discussion of digital forensics has been moved to Chapter 2. for better alignment with
the primary subjects being covered.
Chapter 3-Governance and Strategic Planning for Security

This chapter explains the importance of planning and describes the principal
components of organizational planning and the role of information security
governance and planning within the organizational context.
www.7yec.com
Preface xvii
Chapter 4-lnformation Security Policy

This chapter defines information security policy and describes its central role in a
successful information security program. Industry and government best practices
promote three major types of information security policy; this chapter explains what
goes into each type, and demonstrates how to develop, implement, and maintain
various types of information security policies.
Chapter 5- Developing the Security Program

Chapters explores the various organizational approaches to information security and
explains the functional components of an information security program. Students
learn the complexities of planning and staffing for an organization's information
security department based on the size of the organization and other factors, as well
as how to evaluate th e internal and external factors that influence the activities and
organization of an information security program. This chapter also identifies and
describes th e typical job titles and functions performed in the information security
program, and concludes with an exploration of the creation and management of a
security education, training, and awareness program. This chapter also provides an
overview of project management, a necessary skill in any technology or business
professional's portfolio.
Chapter 6-Risk Management Assessing Risk

This chapter defines risk management and its role in the organization, and
demonstrates how to use risk management techniques to identify and prioritize risk
factors for information assets. The risk management model presented here assesses
risk based on the likelihood of adverse events and the effects on information assets
when events occur. This chapter concludes with a brief discussion of how to document
the results of the risk identification process.
Chapter 7-Risk Management: Treating Risk

This chapter presents essential risk mitigation strategy options and opens the
discussion on controlling risk. Students learn how to identify risk control classification
categories, use existing conceptual frameworks to evaluate risk controls, and formulate
a cost-benefit analysis. They also learn how to maintain and perpetuate risk controls.
Chapter 8- Security Management Models

This chapter describes the components of the dominant information security
management models, including U.S. government and internationally sanctioned
models, and discusses how to customize them for a specific organization's needs.
www.7yec.com
xviii Preface
Students learn how to implement the fundamental elements of key information

security management practices. Models include NIST, ISO, and a host of specialized
information security research models that help students understand confidentiality
and integrity applications in modem systems.
Chapter 9-Security Management Practices

This chapter describes the fundamentals and emerging trends in information security
management practices and explains how these practices help organizations meet U.S.
and international compliance standards. The chapter contains an expanded section
on security performance measurement and covers concepts of certification and
accreditation of IT systems.
Chapter 10- Planning for Contingencies

This chapter describes and explores the major components of contingency planning
and the need for them in an organization. The chapter illustrates the planning and
development of contingency plans, beginning with the business impact analysis, and
continues through the implementation and testing of contingency plans.
Chapter 11-Security Maintenance

This chapter describes the ongoing technical and administrative evaluation of the
information security program that an organization must perform to maintain the
security of its information systems. This chapter explores ongoing risk analysis,
risk evaluation, and measurement, all of which are part of risk management. It also
explores special considerations needed for the varieties of vulnerability analysis in
modern organizations, from Internet penetration testing to wireless network risk
assessment.
Chapter 12- Protection Mechanisms

This chapter introduces students to the world of technical controls by exploring access
control approaches, including authentication, auth orization, and biometric access
controls, as well as firewalls and th e common approaches to firewall implementation.
It also covers the technical control approaches for dial-up access, intrusion detection
and prevention systems, and cryptography.
Features
Chapt er Scenarios- Each chapter opens with a short vignette that follows the same
fictional company as it encounters various information security issues. The final part
of each chapter is a conclusion to the scenario that also offers questions to stimulate
www.7yec.com
Pr eface xix
in-class discussion. These questions give the student and the instructor an opportunity
to explore the issues that underlie the content.
View Points- An essay from an information security practitioner or academic is
included in each chapter. These sections provide a range of commentary that illustrate
interesting topics or share personal opinions, giving the student a wider, applied view
on the topics in the text.
Offline Boxes- These highlight interesting topics and detailed technical issues,
allowing the student to delve more deeply into certain topics.
Hands- On Learning- At the end of each chapter, students will find a Chapter
Summary and Review Questions as well as Exercises and Closing Case exercises,
which give them the opportunity to examine the information security arena from an
experiential perspective. Using the Exercises, students can research, analyze, and write
to reinforce learning objectives and deepen their understanding of the text. The Closing
Case exercises require that students use professional judgment, powers of observation,
and elementary research to create solutions for simple information security scenarios.
Additional Reading- Each chapter includes suggestions for reading outside resources
that might augment or extend understanding of one or more aspects of the chapter.
New to This Edition

This sixth edition of Management of Information Security tightens its focus on
the managerial aspects of information security, continues to expand the coverage
of governance and compliance issues, and continues to reduce the coverage of
foundational and technical components. While retaining enough foundational material
to allow reinforcement of key concepts, this edition has fewer technical examples. This
edition also contains updated in -depth discussions and Offline features, and additional
coverage in key managerial areas: risk management, information security governance,
access control models, and information security program assessment and metrics.
The material on personnel management has been consolidated and reorganized.
Personnel placement, staffing, and credentials are now covered in Chapter 5, and
employment practices are discussed in Chapter 9. Digital forensics is now covered
in Chapter 2.
In general, the entire text has been updated and re -organized to reflect changes
in the field, including revisions to sections on national and international laws and
standards, such as the ISO 27000 series, among others. Throughout the text, the
content has been updated, with newer and more relevant examples and discussions.
A complete coverage matrix of the topics in this edition is available to instructors to
enable mapping of the previous coverage to the new structure. Please contact your
sales representative for access to the matrix.
www.7yec.com
Preface
MindTap
MindTap for Management of Information Security is an online learning solution
designed to help students master the skills they need in today's workforce. Research
shows employers need critical thinkers, troubleshooters, and creative problem-solvers
to stay relevant in our fast-paced, technology-driven world. MindTap helps users
achieve this with assignments and activities that provide hands-on practice, real-life
relevance, and mastery of difficult concepts. Students are guided through assignments
that progress from basic knowledge and understanding to more challenging problems.
All MindTap activities and assignments are tied to learning objectives. The hands-on
exercises provide real-life application and practice. Readings and "Whiteboard Shorts"
support the lecture, while "In the News" assignments encourage students to stay current.
Pre- and post-course assessments allow you to measure how much students have
learned, using analytics and reporting that makes it easy to see where the class stands in
terms of progress, engagement, and completion rates. Use the content and learning path
as-is, or pick and choose how the material will wrap around your own. You control what
the students see and when they see it. Learn more at www.cengage.com/ mindtap/.
Instructor Resources
Free to all instructors who adopt Management of Information Security, 6e, for their
courses is a complete package of instructor resources. These resources are available
from the Cengage Web site, www.cengagebrain.com. Go to the product page for this
book in the online catalog and choose "Instructor Downloads:•
Resources include:
• Instructor's Manual: This manual includes course objectives and additional
information to help your instruction.
• Cengage Learning Testing Powered by Cognero: A flexible, online system that allows
you to import, edit, and manipulate content from the text's test bank or elsewhere,
including your own favorite test questions; create multiple test versions in an
instant; and deliver tests from your LMS, your classroom, or wherever you want.
• PowerPoint Presentations: A set of Microsoft PowerPoint slides is included for
each chapter. These slides are meant to be used as a teaching aid for classroom
presentations, to be made available to students for chapter review, or to be printed
for classroom distribution. Instructors are also at liberty to add their own slides.
• Figure Files: Figure files allow instructors to create their own presentations using
figures taken from the text.
• Appendix: The appendix has been relocated from the bound textbook and
is available for instructor use. It describes methods for evaluating security,
including (1) NIST SP 800- 26, Security Self-Assessment Guide for Information
Technology Systems, (2) ISO 17799: 2005 Overview, (3) The OCTAVE Method of Risk
Management, and (4) the Microsoft Risk Management Approach .
• Lab Exercises: Each chapter includes hands-on exercises designed to reinforce
the theoretical concepts of the corresponding materials. Additional exercises and
labs are available in the MindTap enhanced edition of the textbook.
www.7yec.com
Preface xxi
• Readings and Cases: Cengage Leaming also produced two texts - Readings and
Cases in the Management of Information Security (!SBN-13: 9780619216276) and
Readings & Cases in Information Security: Law & Ethics (!SBN-13: 9781435441576)-
by the authors, which make excellent companion texts. Contact your Cengage
Learning sales representative for more information.
• Curriculum Model for Programs of Study in Information Security: In addition
to the texts authored by this team, a curriculum model for programs of study
in Information Security and Assurance is available from the Kennesaw State
University Center for Information Security Education (http://infosec.kennesaw
.edu). This document provides details on designing and implementing security
coursework and curricula in academic institutions, as well as guidance and
lessons learned from the auth ors' perspective.
Author Team
Michael Whitman and Herbert Mattord have jointly developed this textbook to merge
knowledge from the world of academic study with practical experience from the
business world.
Michael Whitman, Ph.D., CISM, CISSP is a Professor of Information Security in
the Information Systems Department, Coles College of Business at Kennesaw
State University, Kennesaw, Georgia, where he is also the Executive Director of
the Center for Information Security Education (infosec.kennesaw.edu). He and
Herbert Mattord are th e authors of Principles of Information Security; Principles of
Incident Response and Disaster Recovery; Readings and Cases in the Management of
Information Security; Readings & Cases in Information Security: Law & Ethics; Guide
to Firewall and VPNs; Guide to Network Security; Roadmap to the Management of
Information Security; and Hands- On Information Security Lab Manual, all from
Cengage Learning. Dr. Whitman is an active researcher in Information Security
policy and planning and in Ethical Computing. He currently teaches graduate and
undergraduate courses in Information Security. He has published articles in the top
journals in his field, including Information Systems Research, the Communications
of the ACM, Information and Management, the Journal of International Business
Studies, and th e Journal of Computer Information Systems. He is an active member
of th e Information Systems Security Association, the Association for Computing
Machinery, ISACA, (!SC)', and the Association for Information Systems. Through
his efforts and those of Dr. Mattord, his institution has been recognized by the
Department of Homeland Security and th e National Security Agency as a National
Center of Academic Excellence in Information Assurance Education four times,
most recently in 2015. Dr. Whitman is also th e Editor-in -Chief of th e Journal
of Cybersecurity Education, Research and Practice, and he continually solicits
relevant and well-written articles of interest to faculty teaching and researching
cybersecurity topics for publication. Prior to his employment at Kennesaw State, he
taught at th e University of Nevada, Las Vegas, and served over 13 years as an officer
and soldier in th e U.S. Army.
www.7yec.com
xxii Pre face
Herbert M atto rd, Ph .D., CISM, CISSP completed years of IT industry experience as
24
an application developer, database administrator, project manager, and information
security practitioner in 2002. He is currently an Associate Professor of Information
Security in the Coles College of Business at Kennesaw State University. He and Michael
Whitman are the authors of Principles of Information Security; Principles of Incident
Response and Disaster Recovery; Readings and Cases in the Management of Information
Security; Guide to Network Security; and Hands -On Information Security Lab Manual,
all from Cengage Learning. During his career as an IT practitioner, Mattord has been an
adjunct professor at Kennesaw State University; Southern Polytechnic State University
in Marietta, Georgia; Austin Community College in Austin, Texas; and Texas State
University, San Marcos. He currently teaches undergraduate courses in Information
Security. He is th e Assistant Chair of the Department of Information Systems and
is also an active member of the Information Systems Security Association and
Information Systems Audit and Control Association. He was formerly the Manager
of Corporate Information Technology Security at Georgia-Pacific Corporation, where
much of the practical knowledge found in this and his earlier textbooks was acquired.
Acknowledgments
The authors would like to thank their families for their support and understanding for
the many hours dedicated to this project- hours taken, in many cases, from family
activities.
Reviewers
We are indebted to the following individuals for their contributions of perceptive
feedback on the initial proposal, the project outline, and the chapter-by-chapter
reviews of the text:
• Paul D. Witman, Ph.D., Associate Professor, Information Technology
Management, California Lutheran University, School of Management, Thousand
Oaks, CA
• Michael Moorman, Ph .D., Professor of Computer Science, Department of
Computer Science and Information Systems, St. Leo University, St. Leo, FL
Special Thanks
The authors wish to thank the Editorial and Production teams at Cengage. Their
diligent and professional efforts greatly enhanced the final product:
Natalie Onderdonk, Learning Designer
Dan Seiter, Developmental Editor
Kristin McNary, Product Team Manager
Amy Savino, Product Manager
Brooke Greenhouse, Senior Content Manager
www.7yec.com
Preface xxiii
In addition, several professional and commercial organizations and individuals have

aided the development of this textbook by providing information and inspiration, and
the authors wish to acknowledge their contributions:
David Rowan
Charles Cresson Wood
Clearwater Compliance
The View Point authors:
• Henry Bonin
• Lee Imrey
• Robert Hayes and Kathleen Kotwicka
• David Lineman
• Paul D. Witman & Scott Mackelprang
• Alison Gunnels
• George V. Hulme
• Tim Callahan
• Mark Reardon
• Martin Lee
• Karen Scarfone
• Donald "Mac" McCarthy
• Todd E. Tucker
Our Commitment
The authors are committed to serving the needs of the adopters and readers. We
would be pleased and honored to receive feedback on the textbook and its supporting
materials. You can contact us at infosec@kennesaw.edu.
Foreword
By David Rowan, retired Senior Vice President and Director
Technology Risk and Compliance, SunTrust Banks, Inc.
If you are reading this, I want to thank you. Your perusal of this text means you are
interested in a career in Information Security or have actually embarked on one. I am
thanking you because we- and by we I mean all of us- need your help.
You and I live in a world completely enabled, supported by, and allowed by
technology. In almost all practical respects, the things you and I take for granted are
created by our technology. There is technology we see and directly interact with, and
technology we don't see or are only peripherally aware of. For example, the temperature
of my home is monitored and maintained based on a smart thermostat's perception
of my daily habits and preferences. I could check it via the app or wait for an alert via
text message, but I don't- I just assume all is well, confident that I will be informed if
something goes amiss. Besides, I am more interested in reading my personal news feed ....
www.7yec.com
Another random document with
no related content on Scribd:
accompanied Mr. Cavendish on his late expedition through
Somaliland to Lake Rudolph. He was a tall, sinewy, well-set-up man
with clean-cut, regular features, extremely intelligent, thoroughly
trustworthy, honourable, polite, and hospitable—a man whom it was
really a pleasure to meet. He was about thirty years of age.
Ismail Robli was a short stout man with a shifty eye, and decidedly
prognathous jaws, very plausible, and, when he had an object in
view, very hospitable; but he hid a craven spirit under a show of
bluster and bullying. Noor Adam was a little slim man, with narrow
eyes and ferret-like features. He was reported to have shot some of
his porters on his journey across West Kenia, for attempted
desertion. He somehow provoked an instinctive feeling of dislike,
and we never got on with him. His two partners, Bhotan and
Abdallah Arahalli, were much of the same kidney. All three were
Ogaden Somalis, a tribe who have not the best of reputations. There
were sundry other lesser lights who are not of sufficient importance
to deserve notice.
When they came into camp we received them with due ceremony,
and asking them to be seated, interchanged greetings in the
Mohammedan manner. For a moment the air resounded with such
remarks as “Sabal Kheir” (God bless you), “Salaam Aliekoum”
(Peace be on you), and “Aliekoum Salaam” (And on you peace),
mingled with the Swahili “Uhali ghani? Habari ghani?” (How are you?
What news?), till etiquette was satisfied. We then got to business,
and discussed the Embe affair in all its bearings. El Hakim cross-
questioned Noor Adam and some of his men very severely, but could
find no discrepancy in their various accounts. We discussed the
matter very fully, and finally, for the good and sufficient reasons I
have already enumerated, we determined to punish the Wa’Embe in
co-operation with the Somalis. We instructed them to provide thirty-
five men carrying Snider rifles, while we undertook to supply twenty-
five men similarly armed, which, with ourselves, made up a strong
force of sixty-three men, a number we considered amply sufficient
for the purpose in hand. We despatched a nephew of N’Dominuki’s
to Embe as a spy, to find out a good road and the position of the
villages, etc., and he started the same evening.
On the following day we held another “shaurie” with the Somalis to
discuss the modus operandi of our projected expedition.
N’Dominuki’s nephew had been instructed to return from Embe
within two days, and we decided to start on the afternoon of the next
day—by which time, bar accidents, he would have returned—and
march immediately on receiving his report. We intended to start just
before dusk, pass through M’thara in the darkness, and be over the
Embe border unperceived at midnight. A short rest and a dash on
the Wa’Embe at dawn would complete the operation. It was a good
plan, and would have answered admirably but for one of those little
accidents that make “the best-laid schemes o’ mice and men gang
aft agley.” As will be seen, it suited the enemy admirably.
Embe on this side (the west) consists of a range of steep
mountains, where it rains nearly all the year round. It has, therefore,
a very moist climate and fertile soil, and its steep slopes and deep
valleys are covered with dense jungle interspersed with banana
plantations, making it a very nasty country to fight in, especially
against natives who know every inch of the ground and every turn of
the paths. We did not tell N’Dominuki of our plans—a very grave
oversight that nearly cost us our lives and those of the whole
expedition.
On the following morning, as we really could not stand the wind
any longer, we shifted our camp to the inside of the forest, and while
we were about it we fortified it as well as we were able by felling
thorn trees, etc. We were much more sheltered in this new position,
though, to be sure, it was rather damp. This wind had a nasty cold
nip with it night and morning, which was the reverse of agreeable.
When we had our camp satisfactorily settled, we made our simple
preparations for the expedition to Embe. We took one tent with us in
case we were away more than a day or two. A loaf of bread and a
hind quarter of boiled mutton were also included; and, of course, a
plentiful supply of ammunition. The men had thirty rounds of Snider
cartridges each, which was all we could spare. The Somalis’ men
had fifty rounds each, and they, in addition, had a reserve chest of
six hundred rounds for emergencies.
At 5 p.m. we started. The natives in our immediate vicinity had,
with their usual unerring instinct in such matters, smelt a row, and
about fifty of them turned up armed with spears and shields. We did
not want them, but could not very well turn them away, and at the
last moment it occurred to us that they might prove useful as scouts,
and we therefore allowed them to remain. When our force had
assembled, it made quite an imposing array with the sixty men with
rifles and the fifty others with spears. Altogether, we commanded
upwards of a hundred men, and had no doubt but that we should
teach the Wa’Embe a severe lesson.
N’Dominuki’s nephew had not returned, and we concluded that he
had been discovered and killed, and were consequently rather
nonplussed for the lack of a guide. At the last moment a Masai
warrior came forward and volunteered to guide us. On the Somalis
saying that he was known to them, we accepted his services. Soon
after we started, N’Dominuki’s nephew unexpectedly returned and
joined us, and he and the Masai took the head of the column.
Darkness had fallen as we marched through M’thara, the road
continually ascending. The path at last grew extremely difficult, and
on several occasions El Hakim expressed doubt as to whether we
were going right. However, we were now committed to whatever the
Fates had in store for us; it was impossible to withdraw.
Onward we stumbled in the darkness, now up steep hillsides, and
anon down deep and gloomy valleys clothed in thick jungle where
the deep booming note of a mountain torrent growled hoarsely from
somewhere out of the pitchy blackness below. Soon the path
became so narrow that we could advance only in Indian file, which
weakened us considerably, as our fighting line was thereby stretched
out for some two hundred yards, being consequently out of our
immediate control, while the jungle, meeting overhead, blotted out
what little light the stars provided. It was impossible, on account of
the denseness of the vegetation, to place men out on our flanks, and
in addition we were counting on taking the Wa’Embe by surprise,
and so did not wish to make too much noise. At 10 p.m. we were
well within the Embe border, and we then looked for a place to rest
awhile and prepare for our rush at dawn. We could not find a suitable
spot, however, and eventually decided to halt on the path. A drizzling
rain came on, which did not improve matters. One of our men found
a place a little distance from and below the path, that did not slope at
such an acute angle as the rest of the landscape, and we as
noiselessly as possible pitched the tent. El Hakim, George, and I
partook of a frugal meal, but we were without water, and naturally we
felt ever so much thirstier than we would otherwise have done. We
placed sentries, Jamah Mahomet doing the same where he had
halted on the path. We three Wasungu then dropped off to sleep.
Somewhere about midnight we awoke with a start, reaching for
our rifles as the sound of a shot floated down to us from where
Jamah Mahomet’s sentries were posted. It was followed by a
second, and then a third. Then all was silent again, except for the
subdued hum of suddenly wakened men. On sending for
explanations, we found that some Wa’Embe, coming down the path,
had stumbled right on to the sentries, and were instantly fired upon.
All hope of a surprise was thus abolished, but on consultation we
decided that if we started an hour or so earlier, possibly 3 a.m., we
might take the enemy at a disadvantage. Accordingly, at that time we
once more set out.
It was dark as Erebus. As we noiselessly formed up on the path, a
sort of half sense of impending disaster seemed to have fallen on the
men. We did our best to dissipate it, and apparently succeeded. The
Masai guide and N’Dominuki’s nephew led the way; next came four
of the Somalis as advance-guard; then Jamah Mahomet, who was
wearing a waterproof coat over his khaki costume; finally George, El
Hakim, and myself. A few yards farther on we found a spear in the
path, probably dropped by one of the Wa’Embe in their flight, when
fired at by the sentries. If possible, the path grew worse as we
advanced, and presently we reached a deep ravine with a swift
torrent roaring and tumbling at the bottom. It was spanned by a
single tree-trunk, which served as a bridge. Beyond the ravine the
path sloped upwards with many twists and turns. On each side the
jungle prevented anything being seen more than a yard or two away.
We advanced slowly and cautiously in the order described, when a
shot rang out almost under our feet; another followed; and then a
volley from the advance-guard showed that something serious was
toward. A terrific howl and the long repeated U-u-u-i (the A’kikuyu
war-cry) showed us that we were very skilfully ambushed, and the
realization was not pleasant. The firing at once became general all
along the line. It was a very fierce fusillade while it lasted; the reports
of the rifles and the cheers of our men, mingled with the war-cries of
the enemy, sounding weird and ghastly in the dense blackness of the
early morning (it was then 4 a.m.).
For a few moments pandemonium reigned supreme. Neither El
Hakim nor I could see a single native. George, though only a yard or
so away, was hidden from us, both by the darkness and by a turn in
the path. El Hakim clutched my arm and dragged me into a sitting
position on the ground as the whirring, hissing rush and plaintive
whine of bullets in unpleasant proximity to our ears warned us that
we were in considerable danger of being shot by our own men.
Owing to the serpentine winding of the path, they were firing towards
every point of the compass, and we were therefore much safer on
the ground. In a few moments the war-cries of the enemy died away
as suddenly as they came, and the spiteful crackle of the rifles
lessened a little. As soon as we were able to make ourselves heard,
we gave the order “Cease fire,” and endeavoured to find out what
damage had been done. I called to George, and, to my great relief,
he answered me.
El Hakim and I then advanced, and turned the corner. We could
then dimly discern George amid the gloom. He came towards us
saying that Jamah Mahomet was wounded, and was lying on the
path a yard or so away. Hastening to the spot, we saw Jamah
stretched upon the ground, moaning pitifully. He had a great spear
driven right through him. A native had concealed himself in a pit dug
on the side of the path and lain in wait, letting both the guides and
the advance-guard go past him in the hope of bagging one of the
Wasungu. In the darkness he mistook Jamah Mahomet’s tall form,
clad in European clothes, for George, and as Jamah passed he
thrust upwards with all his strength. Jamah instantly fell. George,
who was only a yard behind, saw the thrust, and, raising his rifle, he
shot the native through the stomach, but did not drop him. This was
the shot which gave us the first alarm.
El Hakim made a hasty examination of the stricken man, and
pronounced the wound fatal. The broad spear-blade, over two feet in
length, had entered the right side just below the ribs, and, passing
through the body, emerged just under the left arm, protruding several
inches. Jamah was semi-conscious, and apparently in great pain.
Grouped round him, on the alert, were the four Somalis who formed
the advance-guard. As El Hakim concluded his examination, Ismail
Robli, Noor Adam, and others of the Somalis, came up. When they
learnt what had happened to Jamah, such a wail of grief and dismay
went up as I hope never to hear again. Ismail behaved like one
demented. He wept and cried upon “Allah” in the most frenzied
accents.
As we were crowded together in the path over the dying Jamah,
N’Dominuki’s nephew crept out of the bush, and, with shaking limbs
and horror-stricken countenance, approached El Hakim, attempting
to say something which his trembling lips refused to utter. The other
guide had disappeared. El Hakim seized him, and was trying to
understand what he was saying, when Ismail Robli caught sight of
the palsied wretch. His face changed instantly from an appearance
of pious supplication to one of demoniacal fury, and, crying “This
man is a false guide; he has caused Jamah’s death,” placed his rifle,
a ·577 express, against the other’s side, and, before I could raise a
hand to interfere, pulled both triggers, literally blowing the poor
wretch to pieces.
It was a hideous and revolting exhibition of savage ferocity. Ismail
did not even put the rifle to his shoulder—we were too crowded for
that—he simply pushed the barrels past me and fired from his hip.
The murdered man collapsed in a writhing, moaning heap on the
ground. Ismail turned away and reloaded his rifle.
It was no time for recrimination, as at the report of Ismail’s rifle, a
fresh burst of firing broke from our men in the rear, which we
instantly quelled. It was a dastardly act on Ismail’s part, even though
at the time he was almost frenzied with grief at Jamah’s injury, as we
had no reason to believe that the unfortunate guide had played us
false. As we found out afterwards, the real culprit was the Masai
volunteer, who, it appeared, was a native of Embe, who had been
sent for the purpose of betraying us. At the same time, N’Dominuki’s
nephew had neglected to warn us, or point out that we were going by
a bad road. A great deal remained to be explained, but his untimely
end put further explanation out of his power for ever.
However, there we were in the dark, stuck on a path eighteen
inches wide, with a wounded man and no guides. The question now
was how to get out without further loss. We called a council of war,
first posting the Somali advance-guide a few yards up the path. We
decided to wait till daylight, as we could not move while Jamah was
living, and he was too far gone to be carried. It was a ghastly wait.
After the firing and shouting, the silence could almost be felt; it
seemed absolutely deathlike. We strained our ears to the utmost at
the slightest rustle of a leaf, as, for all we knew, the bush might be
swarming with natives waiting their opportunity for a rush.
A curious sight we should have presented to a spectator. The
Somalis, led by Ismail, were grouped, praying, round the dying
Jamah, who was sinking fast and moaning softly at intervals. El
Hakim, revolver in hand, stood bolt upright, and intensely on the
alert, his face showing faintly white through the gloom. Beside him
stood George, drumming with his fingers on his rifle—a habit of his—
softly humming an air from “Cavalleria Rusticana.” Crouched down
on the path were the men, motionless as bronze statues, conversing
in low whispers now and then, while they strained their eyes in the
endeavour to pierce the surrounding bush. A yard or so away lay the
dead body of N’Dominuki’s nephew; his dirty cotton waist-cloth
smouldering where it had caught fire from the explosion of Ismail’s
rifle, nearly choking us with the smell of singed flesh and the pungent
odour of burning cloth. We tried several times to put out the cloth,
but we had no water, and it was in vain we attempted to smother it;
so it smouldered all night, and uncommonly unpleasant we found it.
We were parched with thirst, having had no water since the
previous afternoon. Once in a while the flash of a sentry’s rifle would
momentarily light up the surrounding jungle, and the sharp report
stabbed the silence. I laid down on the path and slept—fighting
sometimes affects me that way—and woke up at dawn, just as
Jamah died. We were exceedingly sorry, as he was one of the best
of his race we ever had to do with. At the first glimmer of daylight we
dug a grave on the side of the path, and he was buried with all the
ordinances proclaimed by Mohammedan law that were possible
under the circumstances. Prayers and lamentations in Arabic
resounded on all sides from the deceased’s assembled compatriots.
There being now no signs of the enemy, El Hakim, George, and I
were for continuing the advance and pulling the fat out of the fire
somehow, but Ismail and the other Somalis would not hear of it.
They said that the enemy were now fully prepared for us, and
instanced the numerous freshly dug pits that had been found on
each side of the path when digging Jamah’s grave. Another
argument they employed was that our respective camps were almost
entirely unprotected, and it was more than likely that the Wa’M’thara
or the Wa’Chanjai would attack and loot them in our absence, more
especially as they (the Somalis) had a large number of cattle, which
are particularly tempting to a native. In addition, we were now
entirely without guides, while the path ahead seemed worse than
ever.
We saw the force of this reasoning, and common prudence
directed that, for the present at any rate, we must abandon the
attack; which decision, though gall and wormwood to we
Englishmen, we were reluctantly compelled to admit was the wisest
possible under the circumstances. We made up our minds, however,
that we would return under more favourable auspices, and wipe out
the disgrace of our defeat, for defeat it was, and so with that
understanding we acquiesced in the retreat, and gave the necessary
orders to retire.
It was with very mixed feelings that we travelled back over the
difficult path we had trodden a few hours before with such
confidence. We found out afterwards that our sudden retreat
disconcerted the Wa’Embe, who were massed in force further along
the path at a place where they had dug a large number of pits, in
which they had kindly placed sharpened spikes for our reception.
At eight o’clock we were met on the road by an M’thara man
named Koromo, who handed us a jar of honey as a present. When
we got within a mile or two of our camp large numbers of fully armed
natives slunk past us, going towards Chanjai. They were coming
from the direction of our camp. Hurrying on with sinking hearts, we
soon arrived at the camp, and to our great relief found all safe,
though Jumbi was full of some report or other about armed natives
who had been round the camp during the night. We said he could tell
us about it afterwards, as at present we wished to eat. It was then
one o’clock in the afternoon, so we set to and made a hearty meal,
and afterwards retired to our blankets and slept the sleep of the just
until dinner-time.
FOOTNOTES:
[3] “Through Jungle and Desert,” by William Astor Chanler,
A.M. (Harv.), F.R.G.S., pp. 168-177.
[4] “Elephant Hunting in East Equatorial Africa,” by Arthur H.
Neumann, pp. 42, 43.
CHAPTER VI.
OUR MOVEMENTS IN M’THARA AND MUNITHU.
Attempt of the Wa’M’thara to loot our camp—“Shauri” with Ismail—

The Somalis accuse N’Dominuki of treachery—He vindicates
himself—That wicked little boy!—Explanation of the Embe
reverse—Somalis lose heart—Attacked by ants—El Hakim’s visit
to Munithu—Robbery of his goods by the Wa’Gnainu—I join him
—We endeavour to recover the stolen property from the
Wa’Gnainu—The result.
Ismail’s apprehensions for the safety of our respective camps
seemed to have been well founded. Jumbi, whom we had left in
charge of our boma, reported that on the evening of our departure
for Embe he had noticed that large numbers of armed natives were
concealed in the surrounding bush. He unostentatiously put the
camp in as good a state of defence as possible, and kept his few
men moving about inside the boma to give an appearance of
numbers. He then noticed that the long grass in the clearing was
also crowded with concealed warriors, to the number of several
hundred. Presently some of them showed themselves. He shouted
to them, asking what they wanted. They answered by inquiring if the
“Wasungu” were in camp. He, with ready wit, shouted back that one
of the Wasungu had gone away somewhere, but the other two were
in camp. Did they wish to see them? They apparently did not, and he
saw no more of them, though they still remained within easy
distance; and consequently he passed a very anxious night. Our
unexpected return next morning disconcerted the warriors, who
hastily retreated. They were the fighting men we had passed on our
way back. Jumbi said they were Wa’M’thara, which, if true, was a
very serious matter.
The men in charge of the Somalis’ camp made a similar report.
Without doubt the natives’ plan was to wait till news arrived of our
defeat and massacre in Embe, and then to rush and loot the camps,
after spearing the few defenders. These preparations seemed to
indicate a deep-laid plan on the part of some one, and some one,
also, who was sure of success.
Ismail Robli, with several of the other Somalis, came into our camp
in the afternoon showing every sign of terror, which they
endeavoured, unsuccessfully, to conceal. They asked for a “shaurie,”
and when we granted their request, they came out with a ridiculous
story of treachery on the part of N’Dominuki. They declared he was a
traitor, ignoring the fact, which we pointed out to them, that
N’Dominuki had been kept in ignorance of our plans. They further
stated that he was even now preparing to attack us at the head of
the Wa’M’thara, reinforced by a strong body of Wa’Embe. We
refused point-blank to believe a word of it. On questioning them as to
their source of information, they said that a man from Chanjei, who
had come into their camp to sell food, had told them. We were
disgusted with their credulity, and said as much. El Hakim told them
that he had known N’Dominuki for years as the most trustworthy of
natives, and so had other Englishmen before him, and he would not
believe that he had turned traitor, on the more than doubtful word of
a casual native, whom nobody knew, and who was of no
consequence or position.
Ismail was obstinate. He persisted in his assertion that N’Dominuki
was a traitor, and instanced the armed Wa’M’thara who had
concealed themselves round about our camps the night before, as
proof of his words. We were a little troubled, as, though we would not
for a moment believe N’Dominuki to be the traitor, we did not know
what his people might do without his knowledge, or in spite of him. At
all events, the presence of armed men round our camp needed
explanation. As we did not quite understand matters, we sent for
N’Dominuki, asking him to come to our camp, as we wished
particularly to see him. Our messenger returned in the course of the
day with a message to the effect that N’Dominuki was suffering from
fever, and was unable to come. We sent up again, with some
medicine, asking him to come if possible. He again returned an
answer that he was ill, but would come to-morrow.
His non-appearance seemed proof positive to Ismail and his
following that N’Dominuki was actively hostile. They were, in
consequence, in a perfectly frantic state. Of course, had N’Dominuki
turned traitor we should have been in a very bad fix, though it was
only what could have been expected after the double reverse in
Embe. However, we were very loth to believe it of him in the absence
of direct and conclusive evidence.
Ismail returned to his own camp, but visited us an hour or so later
with a fresh budget of news to the effect that N’Dominuki had
received the Embe chief in his house, and had killed a sheep in his
honour. Once more we sent to N’Dominuki, this time detailing the
charges alleged against him, and saying that, although we did not
believe them, we should be obliged if he would visit us as soon as
possible. He sent back to say that he would come to-morrow without
fail.
All these conflicting accounts caused us considerable anxiety. As
for the Somalis, they were in a most pitiable state; that is, it would
have been pitiable had it not been so thoroughly contemptible. They
appeared panic-stricken, and worked with feverish energy in
strengthening their boma, felling huge trees and cutting thorn bush
till long after sundown. We ourselves did not neglect obvious
precautions, and strengthened our boma a little, more especially for
the purpose of reassuring our men, amongst whom the Somalis’
stories had created something like alarm. We then sent a
peremptory message to the Somali camp, warning them that if their
frightened sentries, through a false alarm or any such cause, fired in
the direction of our camp, we should not hesitate to return the fire
with interest. This message had the effect of calming their nerves a
little.
Next morning they again came over to our camp, still with the
same old tale of N’Dominuki’s treachery. These repeated allegations
against N’Dominuki caused us to suspect some ulterior motive. Still
another urgent message was sent to N’Dominuki, and this time he
sent back word that he was coming with his people, bringing food.
He arrived an hour or so after the message, and sending for Ismail
and the other Somalis, we held a big “shaurie.”
First we asked N’Dominuki why he had not appeared in answer to
our frequent messages the day before. He replied that he and his
people had fled to the hills with all their cattle and goods, under the
impression that we were going to attack them!
We inquired who gave him that idea, and he said that a boy from
the Somali camp had told him so.
Then we began to see daylight. We inquired where the boy was.
N’Dominuki replied that as far as he knew he was still in the Somali
camp, so we ordered Ismail to produce him. In a few minutes he was
delivered, bound, at our feet. A cross-examination of the Somalis
elicited the fact that the boy had deserted from their camp, taking
with him one of their sheep. On being again questioned, N’Dominuki
stated that the boy had come to him for shelter. He had told the boy
that he would not allow him to stop there, but would send him back
to his masters, but the artful little boy said, “I have done it for your
sake, N’Dominuki. I wished to warn you that the Wasungu and the
Wa’Somali are about to attack you.” N’Dominuki believed him, and
fled forthwith.
In a little while the boy, not liking the life with the natives, and
yearning for the flesh-pots of the camp, returned to the Somalis, after
having concocted a satisfactory explanation of his absence. He
made out to the Somalis that he had gone as a spy on N’Dominuki,
who was an “el moruo torono” (a wicked old man), as he had heard
that he was hostile to his dear masters, and that at great risk and
personal inconvenience he had carried out his plan successfully. He
then solemnly warned them that N’Dominuki was preparing to attack
them. He counted on the gravity of his announcement averting any
unpleasant inquiries about the stolen sheep—a ruse which was
completely successful.
Now we had got hold of the truth. Small boys will be small boys all
the world over, whether white or black, and this little untutored
specimen of his genus had kept a hundred and fifty armed men, in
two camps, in a state of intense anxiety for two days, and had driven
a tribe with all its cattle and goods in mortal terror into the hills for the
same period, in order to cover his impish escapade. He was treated
in the same way as from time immemorial other small boys have
been—for equally reprehensible escapades, and forthwith received
the thrashing he so richly deserved.
We gently chided N’Dominuki for believing “that little vulgar boy,”
and asked him why he had not come into camp and found out the
truth for himself. He was afraid, he said, that we should bind him and
kill him at our leisure! El Hakim represented that it was very unkind
to think that of him, who was such an old and proved friend.
N’Dominuki’s only reply was “The boy told me so!” That is a savage
all over! They believe the first story that comes to hand, even against
their better judgment. In N’Dominuki’s case, although his experience
of white men had always been of the best and pleasantest, he had
met them late in life, and had never quite lost the savage’s innate
distrust of strangers.
We dismissed the crestfallen Somalis, and advised them to give
less credence to casual reports in future. They seemed very sulky,
and were, we were beginning to believe, rather sorry that
N’Dominuki had successfully vindicated himself.
From that old savage we afterwards gathered a great deal of
information, which threw considerable light on the recent events in
Embe. It was now shown beyond the shadow of a doubt that the
Masai volunteer guide was an Embe native who, while spying round,
had seized the opportunity offered him of serving us to our
disadvantage. The Somalis were greatly to blame for saying that
they knew him. So they did, but in the hurry of the moment they had
neglected to tell us that they had merely seen him knocking about
their camp for a day or two.
When we passed through M’thara in the darkness we were
observed by some of the Wa’M’thara, who were friendly to the
Wa’Embe, and who immediately sent off a runner with the news of
our advance, thus giving the enemy time to skilfully prepare the nice
little trap into which we all walked. Our escape throughout was due
more to good luck than good management, as the party who
ambushed us and killed Jamah Mahomet were only an advanced
post of the Wa’Embe, the main body being posted a mile further on,
where they had dug numbers of pits in the path, in which they, with
great forethought, had placed sharp-pointed stakes. It was their
intention to attack us when we were floundering about in these pits.
We had sadly underrated the skill and courage of the enemy, and
altogether had had a very narrow escape from irretrievable disaster.
If we had underestimated their capabilities, however, they had also
paid us the same compliment. The terrific fire which instantly greeted
their first onslaught must have surprised them greatly. It certainly
daunted them, and probably considerably disarranged their plans,
preventing them from bringing their main body up and surrounding
us. Before they had formed any fresh plan we had made good our
retreat, which, in the light of subsequent knowledge, proved to be a
wise, if somewhat humiliating step.
N’Dominuki said we should have told him of our plans. He only
heard of our intention to attack Embe after we had passed his
village, and it was then too late to warn us. He offered, if we wished
to renew the attack, to personally guide us into Embe by a much
better path, with open country on either side; the road we had
followed being the very worst one we could have chosen. His
proffered assistance was gladly accepted, and we communicated
with the Somalis, expecting they would jump at this opportunity of
avenging the death of their leader. To our intense surprise, they did
nothing of the kind, but replied that they only wished to buy food
peaceably, and go their way northward. We were simply astounded,
and could not at first believe that Somalis, above all people, could be
so craven-spirited; besides, a successful punitive expedition had
now become a vital necessity if we were to preserve the lives of our
party, and render the country safe for those travellers who might
come after us.
Already there were ominous mutterings among the surrounding
tribes, begotten of our reverse in Embe, but we could not get Ismail
to see the matter in the same light, argue as we would. Jamah’s
death seemed to have thoroughly discouraged him. We reasoned,
we begged, but to no purpose. George and I went over to his camp
in the evening in order to make a final effort to rouse a little spirit in
him. George has a wonderful knowledge of Arabic, and he used it
then with vigour and fluency. I also possess a rudimentary
knowledge of vituperation in that language, and employed it to the
utmost; but in vain. We argued, threatened, cajoled, and insulted, but
could get no response, beyond the statement from Ismail that he
was a man of peace, and wished to go his way and trade. I pointed
out to him with some emphasis that it was not because he was a
“man of peace” that he did not fall in with our views, as I had had
ocular demonstration of the fact that he was the very reverse when
he felt inclined. The reason, I told him, that he did not wish to avenge
the blood of Jamah, which was crying aloud for vengeance, was a
cowardly fear of a few naked savages, who were not even
Mohammedans. I called Allah to witness that he was a traitor to his
blood and his religion, and that Jamah, from among the “houris” in
Paradise would look down and curse him for “an unclean dog without
religion.”[5] He smiled a sickly smile, and repeated that he was a
peaceful trader, not a man of war. I then spat upon the ground to
show my utter contempt for him, and left him.
The following day we bought a large quantity of food from
N’Dominuki’s people, and packed it in loads in preparation for our
march to the Waso Nyiro. In the afternoon Koromo, the man who met
us with the honey when we were returning from Embe, came into
camp with N’Dominuki and requested the honour of blood-
brotherhood with El Hakim, and that interesting though disgusting
ceremony was accordingly performed. That night George and I had a
very disagreeable experience. We and the puppy had gone to our
tent for a good night’s sleep after the worry and trouble of the last
three days. The pup was very restless, and ran whining about the
tent in a most annoying manner. At first we thought it was only his
“cussedness,” and scolded him well; but he got worse instead of
better, and finally rolled frantically on the ground, yelping most
dismally. Suddenly George said “D——n!” in a loud voice, and
sprang up from his bed, which was on the ground, and after a little
searching pulled a black insect from some part of his anatomy. He at
once examined his blankets, and found that they were literally
covered with tiny black ants, which, in spite of their small size, bit
most ferociously. I also turned out and found the ground under my
bed was a seething black mass of ants, which instantly attacked the
unprotected portions of my person with an earnestness and attention
to business which, under other circumstances, would have
commanded my highest admiration. Mine was a camp-bed standing
a foot off the ground, and consequently there were comparatively
few on my blankets. We turned our attention to the agonized puppy,
and found that the poor little brute was black underneath with the tiny
pests, who had bitten into his flesh and held on like limpets. We
brushed him free and put him out of harm’s way, swept out the floor
of the tent, getting innumerable bites on our naked feet and legs in
the process, and sent for some ashes, with which we liberally
sprinkled the ground, and also spread them in a circle round the tent,
which to some extent mitigated the nuisance. I did not suffer so
much, as my bed, as already explained, was some inches above the
ground, and consequently George, who slept on a heap of rushes,
bore the brunt of the attack. I was aroused several times during the
night by a muttered exclamation from the darkness on his side of the
tent, followed by the slap which signalled the hurried exit of another
of our tiny enemies from this world of woe. We found in the morning
that we had not been the only sufferers. Round all the men’s tents a
broad band of ashes testified to the defensive measures they had
been compelled to adopt. The cry of “siafu” (ants) in camp is at all
times a signal for instant action. Red-hot ashes are hastily gathered
and sprinkled in the path of the advancing horde, and the greatest
excitement prevails till the foe is finally vanquished. I was compelled
to shift our tent during the day to another spot some distance away.
By first beating down the earth into a hard concrete-like floor and
then strewing it with ashes, we hoped to prevent a recurrence of the
attack of the previous night, an arrangement we found to answer
admirably.
ELDERS OF M’THARA.
DIRITO AND VISELI (on the right) AND TWO FOLLOWERS. (See
page 132.)
The same day the Somalis left M’thara for Chanjai, where they
desired to purchase food. They promised that on their return in four
days’ time they would accompany us on another expedition into
Embe—a result I should have attributed to my eloquence of the night
before had we not been perfectly aware of the unreliability of their
promises. El Hakim, however, decided to wait on the off-chance of
their returning, and resolved to fill in a day or two by a journey back
to Munithu to collect food, and also to try to get news as to how far
our Embe reverse had affected native feeling towards us in those
districts. He took eight men with rifles with him. I amused myself all
the morning trying to make toffee from native honey and butter. The
resulting compound, though palatable enough, could not be induced
to harden, so we were compelled to devour it with a spoon. George
gave in at midday to a nasty touch of fever. I administered a couple
of phenacetin tabloids, and sweated him well, which towards evening
reduced his temperature. Next morning he was decidedly better, and
together we made a tour of inspection round the camp. We saw a
peculiar striped rat in the boma, which we nicknamed the zebra rat. It
was mouse-coloured with black stripes, but as we had not a trap we
could not secure a specimen. At midday George was down again
with the fever, and I dosed him once more. At 12.30 two men came
back from El Hakim with a note for me. He asked for some fresh
bread and a bottle of milk, also for six more men with rifles. It
seemed that the Wa’G’nainu, the people of a district west of Munithu,
on hearing of our Embe reverse, had come down and looted some of
the trade goods which El Hakim had left in Bei-Munithu’s charge,
and that he intended to try to recover them. He also asked for my
company if I could leave camp. As George was so queer I did not
feel justified in leaving him, but on his assurance that he was quite
able to look after himself while I was away, I decided to go.
I took no baggage or blankets, and with six men and four donkeys,
which were required to bring back the balance of El Hakim’s goods
still remaining with Bei-Munithu, started at one o’clock, intending to
try to reach Munithu the same evening, though it had taken the safari
two days to reach M’thara from Munithu on the outward journey. At
sundown, after a toilsome and seemingly interminable march, my
party and I arrived at El Hakim’s camp outside Bei-Munithu’s village,
where El Hakim, pleased at our rapid journey, forthwith ministered to
my material wants in the way of towels, soap, and supper. After our
meal he summoned Bei-Munithu, and bade him recapitulate for my
benefit the story of the pillaged goods. Briefly it amounted to this: A
large party of the Wa’G’nainu had come on a friendly visit to Bei-
Munithu. During their sojourn with him a report came to hand that the
Wasungu had been driven out of Embe with great loss, and one of
them had been killed. The news caused some excitement, and, as
was only natural, the assembled natives discussed in what way the
Wasungu’s supposed misfortunes could be turned to profitable
account. It was already well known that Bei-Munithu had one of his
huts filled from floor to roof with the trade goods and equipment of
the chief Wasungu, and it did not require much persuasion to induce

ebook download (eBook PDF) Management of Information Security 6th Edition all chapter

Uploaded by

Copyright:

Available Formats

You might also like

ebook download (eBook PDF) Management of Information Security 6th Edition all chapter

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

ebook download (eBook PDF) Management of Information Security 6th Edition all chapter

Uploaded by

Copyright:

Available Formats

(eBook PDF) Management of

Information Security 6th Edition

Management of Information Security 6th Edition Michael

(eBook PDF) Management of Information Security 5th

Principles of Information Security 6th Edition Whitman

(Original PDF) Principles of Information Security 6th

Elementary Information Security, 3rd Edition (eBook

Principles of Information Security 7th Edition Michael

Computer and Information Security Handbook - eBook PDF

(eBook PDF) Information Security: Principles and

Ethics in lnfoSec .................................................................................................66

CERT Governing for Enterprise Security Implementation ........................... 140

A Final Note on Policy..................................................................................... 212

FAIR ................................................................................................................ 395

Add itional Read ing ......................................................................................... 451

Exercises .......................................................................................................... 493

Exercises .......................................................................................................... 563

Additional Reading ......................................................................................... 677

GLOSSARY .................................................................................................. 683

Why This Text Was Written

Chapter 2- Compliance: Law and Ethics

Chapter 3-Governance and Strategic Planning for Security

Chapter 4-lnformation Security Policy

Chapter 5- Developing the Security Program

Chapter 6-Risk Management Assessing Risk

Chapter 7-Risk Management: Treating Risk

Chapter 8- Security Management Models

Students learn how to implement the fundamental elements of key information

Chapter 9-Security Management Practices

Chapter 10- Planning for Contingencies

Chapter 11-Security Maintenance

Chapter 12- Protection Mechanisms

New to This Edition

In addition, several professional and commercial organizations and individuals have

Attempt of the Wa’M’thara to loot our camp—“Shauri” with Ismail—

You might also like