ch 14 Flashcards
An organization’s ability to maintain operations after a disruptive event
• Business Continuity
• (B C P)
Business Continuity Planning
Identifying exposure to threats
Creating preventative and recovery procedures
Testing them to determine if they are sufficient
• (B C P) Business Continuity Planning
• (B I A)
Business Impact Analysis
Identifies business functions and quantifies the impact a loss of these functions may have on business operations
• (B I A) Business Impact Analysis
A (B I A) will help determine
the mission-essential function
Activity that serves as the core purpose of the enterprise
mission-essential function
That support the mission-essential function
The identification of critical system
Which is a component or entity in a system which will disable the entire system, should it no longer function
Single-point-of-failure (SPOF)
(SPOF)
Single-point-of-failure
- Used to identify and mitigate privacy risks
Privacy impact assessment
Can determine if a system contains personally identifiable information (P I I)
Privacy threshold assessment
• (D R P)
Disaster Recovery Plan
Focuses on protecting and restoring information technology functions
• (D R P) Disaster Recovery Plan
Intended to be a detailed document that is updated regularly
Comprehensive in scope
what is the typical outline of a DRP
Unit 1: Purpose and Scope Unit 2: Recovery Team Unit 3: Preparing for a Disaster Unit 4: Emergency Procedures Unit 5: Restoration Procedures
Sequence in restoring systems
(order of restoration)
the process of resynchronizing data back to the primary location
Failback
Disaster exercise objectives
Test efficiency of interdepartmental planning and coordination in managing a disaster
Test current D R P procedures
Determine response strengths and weaknesses
Simulate an emergency situation but in an informal and stress-free environment
Tabletop exercises
To analyze the exercise results to identify strengths to be maintained and weaknesses to improve upon
An after-action report
Refers to a system’s ability to deal with malfunctions
Fault tolerance
Which is the use of duplicated equipment to improve the availability of a system
A goal is to reduce a variable known as the mean time to recovery (M T T R)
Redundancy
(M T T R)
Mean time to recovery
The average amount of time that it will take a device to recover from a failure that is not a terminal failure
Mean time to recovery (M T T R)
Play a key role in network infrastructure
Failure can have significant business impact
• Servers
Combining two or more devices to appear as a single unit
Clustering
Multiple servers that appear as a single server
Connected through public and private cluster connections
Server cluster
one server is doing all the work, the other server is on stand-by)
Asymmetric
(both servers are working the same amount of work)
Symmetric
(M T B F)
Mean time between failures
Measures average time until a component fails and must be replaced
Can be used to determine number of spare hard drives an organization should keep
Mean time between failures (M T B F)
(R A I D)
Redundant Array of Independent Devices
Uses multiple hard disk drives to increase reliability and performance
Can be implemented through software or hardware
Redundant Array of Independent Devices (R A I D)
Striping partitions hard drive into smaller sections
Data written to the stripes is alternated across the drives
If one drive fails, all data on that drive is lost
R A I D Level 0 (striped disk array without fault tolerance)
Disk mirroring used to connect multiple drives to the same disk controller card
Action on primary drive is duplicated on other drive
Primary drive can fail and data will not be lost
RAID Level 1 (mirroring)
Variation of RAID Level 1
Separate cards used for each disk
Protects against controller card failures
Disk duplexing
Distributes parity (error checking) across all drives Data stored on one drive and its parity information stored on another drive
RAID Level 5 (independent disks with distributed parity)
Nested-level R A I D
Mirrored array whose segments are RAID 0 arrays
Can achieve high data transfer rates
RAID 0+1 (high data transfer)
May be necessary due to critical nature of connectivity today
Wait in the background during normal operations
Use a replication scheme to keep live network information current
Launch automatically in the event of a disaster
Hardware components are duplicated
Redundant networks
(S D N s)
Software defined networks
what controller can increase network reliability and may lessen the need for redundant equipment
Software defined networks (S D N s)
(U P S)
Uninterruptible power supply
Maintains power to equipment in the event of an interruption in primary electrical power source
Uninterruptible power supply (U P S)
Least expensive, simplest solution
Charged by main power supply
Begins supplying power quickly when primary power is interrupted
Switches back to standby mode when primary power is restored
Off-line U P S
Always running off its battery while main power runs battery charger
Not affected by dips or sags in voltage
Can serve as a surge protector
On-line U P S
Powered by diesel, natural gas, or propane
Backup generator
Backup sites may be necessary if flood, hurricane, or other major disaster damages buildings
• Recovery Sites
Generally run by a commercial disaster recovery service
Duplicate of the production site
Has all needed equipment
Data backups can be moved quickly to the hot site
Hot site
Provides office space Customer must provide and install all equipment needed to continue operations No backups immediately available Less expensive than a hot site Takes longer to resume full operation
Cold site
All equipment is installed
No active Internet or telecommunications facilities
No current data backups
Less expensive than a hot site
Time to turn on connections and install backups can be half a day or more
Warm site
copying information to a different medium and storing it at an off-site location
So that it can be used in the event of a disaster
Data backup
(R P O)
Recovery point objective
(R T O)
Recovery time objective
startup point for all backups
full backup
back ups any data that has changed since last full backup
differential backup
backs up any data that has changed since last full backup or last incremental backup
incremental backup
(C D P)
continuous data protection
Performs continuous backups that can be restored immediately
Maintains a historical record of all changes made to data
Creates a snapshot of the data (like a reference marker)
continuous data protection (C D P)
Methods to prevent disruption through environmental controls
Fire suppression
Electromagnetic disruption protection
Proper configuration of H V A C systems
FM200 system
the attempts to reduce the impact of a fire
• Fire Suppression
(E M I)
Electromagnetic interference
(E M P)
electromagnetic pulse
Caused by a short-duration burst of energy by the source called
electromagnetic pulse (E M P)
(E M C)
Electromagnetic compatibility
Reducing or eliminating the unintentional generation, spread, and reception of electromagnetic energy
Electromagnetic compatibility (E M C)
Metal enclosure that prevents entry or escape of electromagnetic fields
Often used for testing in electronic labs
Faraday cage
(H V A C)
Heating, ventilating, and air conditioning
Maintain temperature and relative humidity at required levels
Heating, ventilating, and air conditioning (H V A C) systems
Used to reduce heat by managing air flow
Servers lined up in alternating rows with cold air intakes facing one direction and hot air exhausts facing other direction
Hot aisle/cold aisle layout
Involves using forensics and following proper incident response procedures
Incident response
Applying science to legal questions
Analyzing evidence and can be applied to technology
• Forensic Science
Uses technology to search for computer evidence of a crime
Computer forensics
(I R P)
Incident response plan
A set of written instructions for reacting to a security incident
Incident response plan (I R P)
Incident response process
Preparation Identification Containment Eradication Recovery Lessons learned
what is the first order of volatility
register, cache, peripheral memory
what is the second order of volatility
random access memory (RAM)
what is the third order of volatility
network state
what is the fourth order of volatility
running processes
to guarantee accuracy of a backup what would you do to backup programs rely upon hashing algorithms as part of the validation process
Mirror image backup
Documents that the evidence was maintained under strict control at all times
No unauthorized person was given opportunity to corrupt the evidence
Chain of custody
The collection, processing, analysis, and dissemination of intelligence for forming policy changes
Strategic intelligence
Involves gaining information about the attacker’s intelligence collection capabilities
Strategic counterintelligence
Maintaining active logs regarding the reconnaissance activities conducted by the attacker
Active logging
