Chapter 12 - Disaster Recovery and Incident Response Flashcards
What is Business Continuity in a nut shell?
page 431
Having a backup plan when a key component is missing, absent, or failure, and the business continues.
What is the process of implementing policies, controls and procedures to counteract the effects of losses, outages or failures of critical business processes?
page 431
Business Continuity Planning (BCP)
What are the two key components of BCP?
page 431
Business Impact Analysis (BIA)
Rick Assessment
What are some good reasons to have backups?
page 432
Accidental deletion Application errors
Natural disasters Physical attacks
Server failure Virus infection
Workstation failure
What are sometimes referred to as shadows?
page 432
Working copies
AT what temperature does paper catch fire?
page 433
451 degrees Fahrenheit
What is an ideal medium for on-site storage?
page 433
tape
What is the major component of a disaster recovery plan?
page 434
access and storage information
What are the different types of Backups
page 436 Full backup Differential backup Incremental backup Hierachical Storage Management (HSM)
Describe the Grandfather, Father and Son Backup
page 438
The most recent backup after a full backup is SON
As newer backup are made, the SON becomes the FATHER, in turn becomes the GRANDFATHER
- Annual Backup is referred to as GRANDFATHER
- Monthly Backup is referred to as FATHER
- Weekly Backup is referred to as SON
What is a backout?
page 443
Is a reversion from a change that had negative consequences.
What is a Hot-Site?
page 443
Is a location that can provide operations within hours of failure.
Often referred to as an active Active Backup Model
What is a Warm SIte?
page 444
Provides some of the capabilities of a hot site, but it requires the customer to do more work to become operational
What is a Reciprocal Agreement?
page 444
An agreement between 2 companies to provide services in the event of an emergency
What is a Cold Site?
page 444
Is a facility that isn’t ready for use, the organization using it must bring along its equipment and network.
What important items should an Incident Response Policy establish?
page 446
- Outside agencies that should be contacted or notified in case of an incident.
- Resources used to deal with an incident.
- List of information that should be collected about an incident.
- Policies and guidelines regarding how to handle an incident.
What can be formalized or an Ad Hoc team?
page 446
Computer Security Incident Response Team (CSIRT)
What are the 5 Steps Incident Response?
page 448
- Identifying the Incident
- Investigating the Incident
- Repairing the Damage
- Documenting and Repairing the Response
- Adjusting Procedures
What is OOV?
page 453
Order of Volatility
The amount of time that you have to collect certain data before a window of opportunity is gone.
What is “Capture System Image”?
page 453
Capturing an image of the operating system in its exploited state can be helpful in revisiting the issue after the fact to learn more about it.
Why is Documenting Network Traffic and logs valuable in forensics?
page 453
This information can be useful in identifying trends associated with repeated attacks
Why would you want to capture video in forensics?
page 453
Video can latter be analyzed manually in individual frames as well as run through a number of programs that can create indices of the contents.
Why is important to record the time offset during forensics?
page 453
To able to follow events in the correct time sequence.
What are the 5 levels of testing during a Tabletop exercise simulation of a disater?
page 454
- Document Review
- Simulation
- Parallel Text
- Cutover Test
What is Penetration Testing?
page 458
Using the same techniques a hacker would use to penetrate your system.
