7.1 Sec Ops Tech Flashcards
change management
request review approve/reject schedule and implement document
patch management
evaluate test approve deploy approved verify
transitive/ non-transitive trust
transitive: trust relation between two domains and all of their subdomains
non-transitive: trust between domains, subdomains excluded
incident response
de re mi re re re le
- detection
- response (CIRT, investigation, evidence) -EINDÄMMUNG
- mitigation (contain, limit the effect) EINDÄMMUNG
- reporting (upper management, gov)
- recovery (rebuild)
- remediation (root cause analysis) SANIERUNG
lessons learned
darknet
unused IPs monitored by IDS
few false positives because any traffic is illegitimate
sampling
clipping
statistical
non-stat
service burau
leases computer time in case of a disaster
MAA
mutual assistance agreement, reciprocal agreement
drp testing
- read though: paperwork only
- structured walk-trough: role play
- simulation: role play with live testing
- parallel
- full interruption
types of incident
scanning (indicates that illegal activity may follow)
compromise
malicious code
dos
drp process
response
actoivate team
assess
reconstitution
developing drp
initiation project scope BIA identify preventive controls develop recovery strategies develop contingency plan implement, training, test maintenance
RPO
Recovery point objective
maximum tolerable loss of data/work/availability an organization can withstand
RTO
recovery time objective
system recovery time, until it is running
MTD
RTO+WRT
WRT
work recovery time
time needed to configure a recovered system
MTBF
generated by vendor, hardware
MOR
minimal operating requirements
BCP
business/IT- focused
sustaining essential business processes while recovering
DRP
IT-focused
recovery of capabilities at an alternate site
COOP
not IT-focused
30 day uptime for STRATEGIC functions at alternate site
OEP
Occupant Emergency Plan
minimizing loss of life, injury and damage
forensic ediscovery
legal counsel gaining access to electronic information during civil legal proceedings. gather evidence
lots of electronic data is stored by organizations, so logistically and financially relevant
DATA RETENTION POLICY should claim to purge data when no longer needed to minimize impact of ediscovery
RAID
3 byte level striping with dedicated parity
4 block level striping with dedicated parity
5 block level striping with distributed parity
6 block level striping with double distributed parity