02- Disaster Recovery and Risk Management Flashcards

1
Q

Acceptance

A

the level of tolerance specified by an organization. When all security measures are taken to mitigate a risk, the remainder of impact will be accepted and tolerated as there is not a way to remove it 100 percent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Attack

A

occurs when a system is compromised based on a vulnerability by an unknown exploit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Avoidance

A

the risk is reduced to 0 or eliminated completely. It is almost impossible to achieve this level by taking security measures. The only way to do it is to remove the cause of the risk, i.e. if allowing access to social media is a threat, the only way to avoid it is by blocking access to social media for all the organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Business continuity plan (BCP)

A

decides which services are sensitive for the regular operations to continue

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Cold site

A

a location owned by the organization but contains nothing. In case of disaster the organization will start to equip the cold site to perform the business operations. This process might take weeks or months to be done

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

DRP (Disaster Recovery Plan)

A

a policy that defines how an organization will recover from a disaster, whether it’s a natural or man-made disaster. The DRP should protect both people and assets of a given organization. It includes a list of responsible people who will perform the steps for recovery, inventory for the hardware and software, and steps to recover from a disaster.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Electronic vaulting

A

an alternate location to preserve backed up data. When the backup is complete, it is copied over to a different location. When a disaster occurs the electronic vault is used and the backup is ready to be restored.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

hot site

A

an identical site of the primary one, equipped with systems and services just like the primary. Data is duplicated here

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Human threats

A

insiders who have authorization to access systems, and hackers who use exploits to attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Internal Users

A

employees or visitors who could introduce a threat by exploiting a vulnerable or weak point

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Journaling

A

a less expensive solution to preserve the data as journaling captures only transactions. In case of a disaster the full backup tape is used and the journaling is used to write the transactions again that were not included in the full backup

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Long term

A

some services can affect the daily routine of employees but not the production, for example a smoking area or cafeteria, this is to be considered as low damage or long-term recovery

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Mid term

A

if part of the business is affected, the business should still be able to receive customer’s needs and requests through online services

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Mitigation

A

using security controls to protect against a risk until the risk impact is reduced to a level that is tolerated by the organization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Natural threats

A

can be a flood causing areas to be waterlogged, or a hurricane or a tornado causing a lot of damage.; often impact the availability of systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Qualitative analysis

A

uses words or ranks to measure the impact of identified risk rather than numbers. Low, medium, and high are usually used to rank the risks.

17
Q

Quantitative analysis

A

numeric numbers and values and is usually based on statistics, historic records, best practices, testing, and experiments. This method can identify which risk has higher loss impact and which risk requires higher budget to mitigate.

18
Q

Risk Analysis

A

based on qualitative and quantitative analysis; in some cases we see semi-quantitative analysis

19
Q

Risk exposure

A

the impact caused by the risk on the enterprise

20
Q

Short term

A

when a line of service is fully affected, this is high priority and requires immediate action to recover.

21
Q

Stakeholders

A

the owners, management team, clients, employees, investors, suppliers, and board management

22
Q

SWOT analysis

A

Strength, weakness, opportunity, and threats; Those four points are the main studies in order to manage a given risk

23
Q

Technology threats

A

caused by malware, zero-day attacks, exploits, or web attacks

24
Q

threat

A

In terms of computer security, a threat is any real or perceived threat to one of three key areas: physical and personnel security, environmental security or information security. Mitigating threats is the key job of any disaster recovery or risk management plan

25
Q

Transference

A

when you transfer the risk to another entity, such as insurance or service provider, where they are accountable 100 percent for the impact in case an attack occurs

26
Q

Vulnerability

A

a weak link in the software, settings, etc., through which, if not fixed early, someone can get access to the computer, application, and/or network and can cause damage

27
Q

Warm site

A

a location that performs non-critical functions for the organization, but can be converted to primary location within days. Warm sites can include key systems and database, but not all the systems