02- Disaster Recovery and Risk Management Flashcards
Acceptance
the level of tolerance specified by an organization. When all security measures are taken to mitigate a risk, the remainder of impact will be accepted and tolerated as there is not a way to remove it 100 percent
Attack
occurs when a system is compromised based on a vulnerability by an unknown exploit
Avoidance
the risk is reduced to 0 or eliminated completely. It is almost impossible to achieve this level by taking security measures. The only way to do it is to remove the cause of the risk, i.e. if allowing access to social media is a threat, the only way to avoid it is by blocking access to social media for all the organization.
Business continuity plan (BCP)
decides which services are sensitive for the regular operations to continue
Cold site
a location owned by the organization but contains nothing. In case of disaster the organization will start to equip the cold site to perform the business operations. This process might take weeks or months to be done
DRP (Disaster Recovery Plan)
a policy that defines how an organization will recover from a disaster, whether it’s a natural or man-made disaster. The DRP should protect both people and assets of a given organization. It includes a list of responsible people who will perform the steps for recovery, inventory for the hardware and software, and steps to recover from a disaster.
Electronic vaulting
an alternate location to preserve backed up data. When the backup is complete, it is copied over to a different location. When a disaster occurs the electronic vault is used and the backup is ready to be restored.
hot site
an identical site of the primary one, equipped with systems and services just like the primary. Data is duplicated here
Human threats
insiders who have authorization to access systems, and hackers who use exploits to attack
Internal Users
employees or visitors who could introduce a threat by exploiting a vulnerable or weak point
Journaling
a less expensive solution to preserve the data as journaling captures only transactions. In case of a disaster the full backup tape is used and the journaling is used to write the transactions again that were not included in the full backup
Long term
some services can affect the daily routine of employees but not the production, for example a smoking area or cafeteria, this is to be considered as low damage or long-term recovery
Mid term
if part of the business is affected, the business should still be able to receive customer’s needs and requests through online services
Mitigation
using security controls to protect against a risk until the risk impact is reduced to a level that is tolerated by the organization
Natural threats
can be a flood causing areas to be waterlogged, or a hurricane or a tornado causing a lot of damage.; often impact the availability of systems
Qualitative analysis
uses words or ranks to measure the impact of identified risk rather than numbers. Low, medium, and high are usually used to rank the risks.
Quantitative analysis
numeric numbers and values and is usually based on statistics, historic records, best practices, testing, and experiments. This method can identify which risk has higher loss impact and which risk requires higher budget to mitigate.
Risk Analysis
based on qualitative and quantitative analysis; in some cases we see semi-quantitative analysis
Risk exposure
the impact caused by the risk on the enterprise
Short term
when a line of service is fully affected, this is high priority and requires immediate action to recover.
Stakeholders
the owners, management team, clients, employees, investors, suppliers, and board management
SWOT analysis
Strength, weakness, opportunity, and threats; Those four points are the main studies in order to manage a given risk
Technology threats
caused by malware, zero-day attacks, exploits, or web attacks
threat
In terms of computer security, a threat is any real or perceived threat to one of three key areas: physical and personnel security, environmental security or information security. Mitigating threats is the key job of any disaster recovery or risk management plan
Transference
when you transfer the risk to another entity, such as insurance or service provider, where they are accountable 100 percent for the impact in case an attack occurs
Vulnerability
a weak link in the software, settings, etc., through which, if not fixed early, someone can get access to the computer, application, and/or network and can cause damage
Warm site
a location that performs non-critical functions for the organization, but can be converted to primary location within days. Warm sites can include key systems and database, but not all the systems
