6. System Disruption/Resolution

Question 1

What kind of disasters are there?

Answer 1

• Natural: earthquakes, floods, tornados, fire
• Unintentional human: loss of power, telecommunications, delivery, gas leak
• Intentional human: terrorist attacks, hackers, viruses, vengeful employees

Question 2

What are example of vendors for data back up and recovery?

Answer 2

• DEVSource
• Rackspace Hosting
• Kaufman/Rossin

Question 3

Disaster recovery planing: what must be determined beforehand and how is it determined?

Answer 3

• If disruption - recovery point objective - acceptable data loss recovery time objective - acceptable does time.
• Determined by; criticality of application, cost, time to recover, security
• Contracting - complex and important

Question 4

Disaster recovery: what are back up facility types?

Answer 4

• Cold site: no computers ($)
• Warm site: computer no data ($$)
• Hot site: everything ($$$)
• Mirrored site: fully redundant ($$$$)
• Reciprocal agreement ($?$)

Question 5

Disaster recovery: what is cold site?

Answer 5

• Off-site location with electrical and other physical requirements for processing
• No equipment or files (added when needed)
• 1-3 days start-up
• Cheaper

Question 6

Disaster recovery: what is warm site?

Answer 6

• Off-site location with similar computer hardware
• Does not include backed-up data (delivered when needed)
• More $

Question 7

Disaster recovery: what is hot site?

Answer 7

• Completely equipped including data
• Near-immediate (within hours) operation
• Big $$$ (e.g. medical, credit card systems)

Question 8

Disaster recovery: what is mirrored site?

Answer 8

• Fully redundant, fully staffed, fully equipped
• Real-time replication of mission critical system,s
• e.g. credit card processing

Question 9

Disaster recovery: what is reciprocal agreement?

Answer 9

• Mutual aid pact
• Agreement between 2 or more organizations to aid each other with data processing if disaster strikes
• May be cold, warm, or hot

Question 10

What are the purposes of organizational continuity planning (OCP)?

Answer 10

• Identify and plan for disruptions
• Integrate into business culture
• Recall risk management lesson/discussion (CGIC) - Interate OCP into risk management

Question 11

What is BRM or ORM?

Answer 11

Business risk management / Organizational risk management

Question 12

What is BCP or OCP?

Answer 12

Business continuity planning / Organizational continuity plan
*Process of risk assessment, contingency planning, and long-term continuity maintenance

Question 13

What is BIA?

Answer 13

Business impact analysis: Risk analysis portion of BCP.
*Identifies maximum tolerable interruption periods of an organization by function and activity to assess risk importance and consequences.

Question 14

What are 6 steps of OCP and BCP?

Answer 14

1. Create a OCP policy and program
2. Determine critical functions/business risks
3. Determine continuity strategies
4. Develop and implement BCM response
5. Exercise, maintain, and update plan
6. Embed BCP plan into the culture

Question 15

What is incident management?

Answer 15

Map level of incidents to events to responses.

• E.g. 0=negligible event (e.g. power spike), 7=crisis (pandemic virus and World Trade Center attack)
• Responses mapped to level of incidents

Question 16

What are 3 important functions of an organization?

Answer 16

1. Mission critical: customer facing services, manufacturing, financials
2. Business critical: ERP systems, payroll, order entry
3. Task critical: print service, file service

Question 17

Backup plans: What does an organization want to recover from?

Answer 17

From equipment failures, power failures and errors.

Question 18

Backup plans: what should be done?

Answer 18

• Maintain at least one remote archive off-site

* Use redundant (multiple) backups (the “Whack-a-Mole” plan)

Question 19

Backup plans: what are 8 control principles?

Answer 19

1. At least one off-site archive
2. Controls over storage libraries mirror those for data processing sites
3. Many organizations outsource - choosing a vendor, consider availability, standardization, capacity, speed, and price
4. Backup procedures may be full (all data), increment (data changed from a certain time) or differential (data changed since the last full backup)
5. Maintain inventory of backups that identifies data set name, volume serial number, data created, accounting period, and storage location (e.g. bin)
6. Consider privacy, security and confidentiality of the data (e.g. HIPPA)
7. Restoration procedures integrated into organization’s continuity plan (OCP)
8. Backup and restoration procedures regularly tested and reviewed

Question 20

What is a backup procedure: archive procedures - old school?

Answer 20

“Grandfather, father, son” system:

• son - newest
• father - one generation
• grandfather - two generations
• Mostly related to batch processing

Question 21

What is checkpoint and restart?

Answer 21

A backup procedure - Common in batch processing.
Checkpoint;
*Point where processing accuracy is verified
*Periodic backups
*If problem, return to most recent checkpoint and restart

Question 22

What is rollback and recovery?

Answer 22

A backup procedure - Common to online, real-time processing

• Record processing transactions in log
• Periodically record master file contents
• If problem, return to good master file and reprocess subsequent transactions

Question 23

What is fault tolerant systems?

Answer 23

A network-enabled backup procedure.

• Operate despite component failure (include redundancy and corrections for component failure)
• e.g. space flight, commerce, bank credit card processing

Question 24

What is HACs?

Answer 24

High-availability clusters = a network-enabled backup procedure.

• Computer clusters designed to improve service availability.
• Common in e-commerce

Question 25

What is remote (online) backup by managed provider?

Answer 25

An network-enabled backup procedure.

*Automated, outsourced to experts, off-site, can be continuous

Question 26

What is SANs?

Answer 26

Storage Area Networks = a network-enabled backup procedure.

• Replicate data from multiple sites
• Data immediately available
• Efficient storage for servers

Question 27

What is mirroring?

Answer 27

A network-enabled backup procedure.

• Maintain exact copy of data set
• Files are stored in same format as system (e.g. not zipped)
• Advantage: very fast
• Disadvantage: storage hog, very expensive

Question 28

Who commits cyber-crime?

Answer 28

• Nation-states and spies: some foreign nations
• Industrial spies: seek intellectual property and trade secrets for competitive advantage
• Organized crime: e.g. blackmails
• Hacktivists: social or political statements - anonymous
• Hackers and crackers: for fun and challenge

Question 29

What are 4 categories of computer crime?

Answer 29

• Computer or system as target: e.g. denial of service (DoS) attacks and hacking
• Computer as subject: unlawful access to attack others. e.g. DoS infections
• Computer as tool: access data or resources. e.g. unauthorized access breaches, phishing, key loggers
• Computer as symbol/user as target: variation on computer as tool. Deceive user to obtain access. e.g. social engineering

Question 30

What are 4 ways for preventing and detecting computer crimes?

Answer 30

1. Make crime harder: i.e. less likely
2. Increase the costs (difficulty) of crime
3. Improve detection methods
4. Reduce losses

Question 31

List computer attack methods.

Answer 31

• Back door
• Botnets
• Denial of Service (DoS)
• Eavesdropping
• Email bombing
• Logic bomb
• Malware: e.g. viruses, worms, trojan horse
• Packet sniffing: e.g. Man-in-the Middle
• Password crackers
• Session hijacking and masquerading
• Slami fraud
• Social engineering/spoofing: e.g. phishing
• Spam
• War chalking, driving, walking

Question 32

What is Back door?

Answer 32

• Software allowing unauthorized entry to system by omitting logon procedure
• Once common among programmers to facilitate development

Question 33

What is Denial of Service attacks?

Answer 33

• Prevent legitimate users accessing systems
• By flooding server with incomplete access requests
• Often use botnets (zombi computers)

Question 34

What is Eavesdropping?

Answer 34

Unauthorized interception of private communication.

Question 35

What is email bombing or spamming?

Answer 35

Sending thousands or millions of emails to an address.

Question 36

What is Logic bomb?

Answer 36

Program planted in system dormant until event or time (e.g. date, employee deleted from active status)

Question 37

What is Malware?

Answer 37

Malicious Software: exploit system and user vulnerabilities to gain access or damage computer.
E.g. Virus: unauthorized program that copies itself, may damage data.
Worm: virus that replicates across systems; e.g. by sending email floods

Question 38

What can organizations do to prevent and detect unauthorized access?

Answer 38

Virus and spyware detection software.

• To detect and remove malware
• Essential to networked computing
• Should always be active and up-to-date

Question 39

What is Trojan horse?

Answer 39

Program hidden inside benign file; can insert back door into system.

Question 40

What is packet sniffing?

Answer 40

*Identity and authenticity risk
Packet analyzers, network analyzers, and sniffers = have network control (legitimate) and data capture (nefarious) uses.
Packet = formatted block of data carried by a computer network.
Packet sniffing = capture packets of data as they move across a network

Question 41

What is Man-in-the-Middle attack?

Answer 41

Example of packet sniffing.

• Hacker impersonates sender and receiver
• Relies on attacking mutual authentication

Question 42

What is password crackers?

Answer 42

• Privacy and security risk
• Software that generates potential passwords and test to gain access
• Finds weak password easily

Question 43

What is session hijacking and masquerading?

Answer 43

• Identity and authenticity risk
• Hackers can identify IP address (Internet Protocol - unique identifying number for each device on a networked system) (e.g. via sniffing) and use to access network by masquerading (mimicking) legitimate user

Question 44

What is salami fraud (slicing)?

Answer 44

practice of stealing money repeatedly in extremely small quantities

Question 45

What is social engineering?

Answer 45

Seek access by tricking employees.

Can be physical or logical.

Question 46

What is phishing?

Answer 46

A form of social engineering.

• Fishing for personal information by “spoofed” emails and fraudulent websites
• Fool recipients into divulging personal financial data such as CC numbers, account usernames/passwords, SSN etc.

Question 47

What is Spam?

Answer 47

Irrelevant or inappropriate email (or text or whatever messaging system comes next) messages sent to either;

• A large number of recipients
• The same recipients many times (email bombing)

Question 48

What is war chalking, driving and walking?

Answer 48

• War chalking: draw symbols in public places to indicate available Wi-Fi network access
• War driving: seeking access to Wi-Fi while driving
• War walking: seeking access to Wi-Fi while walking, may lead to war chalking
• War dialing: dialing random phone #s to find network access - old days

Question 49

What should cyber-incident response be based on?

Answer 49

Based on organizational protocol.

Question 50

What are 10 steps of cyber incident response process?

Answer 50

1. Planning for and testing protocol
2. Event detection procedures
3. Event logging procedures
4. Triage and incident analysis
5. Containment and removal of threats
6. Decision and action regarding event announcement or secrecy
7. Incident recovery
8. Closure
9. Event reporting
10. Monitoring and system revisions