Chapter 12: Disaster Recovery and Incident Response Flashcards
Business Continuity
What a company does to minimize the impact of the failure of a key component needed for operation
Critical Business Functions (CBF)
Things that must be made operational immediately when an outage occurs
BIA
Business Impact Analysis
Working Copy Backups
Partial or full backups that are kept at the computer center for immediate recovery
Journaled File System (JFS)
Includes a log file of all changes and transactions within a set period of time
Onsite Storage
A location on the site of the computer center that is used to store info locally
Offsite Storage
A place away from the computer center where you store backups and stuff
Grandfather, Father, Son Method
Annual backups are grandfather, monthly are Father, and weekly are son.
The last full backup of the year is retained.
Full Archival Method
All backups of any type are kept forever
Backup Server Method
Establishes a server with large amounts of disk space to back up data.
Backout
A reversion from a change that had negative consequences
Reciprocal Agreement
An agreement between two companies to provide services in the event of an emergency
Computer Security Incident Response Team (CSIRT)
The team that is in charge of responding to an incident, can be formalized or ad hoc
IRP
Incident Response Plan
Post-Mortem
Process of reviewing the successes and failures of your incident response
OOV
Order Of Volatility
Volatility
In this scenario, you can think of it as the amount of time that you have to collect certain data before the window of opportunity is gone
System Image
A snapshot of what exists when the system is infected
National Software Reference Library (NSRL)
An organization with the purpose of col- lecting “known, traceable software applications” through their hash values and storing them in a Reference Data Set (RDS) for law enforcement.
Tabletop Exercise
Simulation of a disaster
Document Review
A review of recovery, operations, resumption plans, and procedures
Walkthrough
A group discussion of recovery, operations, resumption plans, and procedures
Simulation
A fake staging of an incident for practice
Parallel Test
You start up all backup systems but leave the main systems functioning
Cutover Test
Shuts down the main systems and has everything fail over to backup systems
Big Data Analysis
Should only be tested with document review, walkthrough, and simulation
Maintenance Contracts
SLAs when they refer to hardware or software
Code Escrow
Storage and conditions of release of source code provided by a vendor
Orphanware
Software without support of any type because the company went out of business
Credentialed vs. Uncredentialed Vulnerability Scanning
Credentialed scanning is done with network credentials so that it is actually in the system when it does the scan, making things just all around better usually.
