Chapter 2: IR, BC and DR Concepts Flashcards
Adverse Events
Events with a negative consequence, such as system crashes, network packet floods, unauthorised use of system privileges, defacement of a web page or execution of malicious code that destroys data.
Breach
The loss of control, compromise, unauthorised disclosure, unauthorised acquisition or any similar occurrence where: a person other than an authorised user accesses or potentially accesses personally identifiable information; or an authorised user accesses personally identifiable information for other than an authorised purpose.
BC
Business Continuity
Actions, processes and tools for ensuring an organisation can continue critical operations during a contingency.
BCP
Business Continuity Plan
The documentation of a predetermined set of instructions or procedures that describe how an organisation’s mission/business processes will be sustained during and after a significant disruption.
BIA
Business Impact Analysis
An analysis of an information system’s requirements, functions, and interdependencies used to characterise system contingency requirements and priorities in the event of a significant disruption.
DR
Disaster Recovery
In information systems terms, the activities necessary to restore IT and communications services to an organisation during and after an outage, disruption or disturbance of any kind or scale.
DRP
A Disaster Recovery Plan (DRP) is a plan for processing and restoring operations in the event of a significant hardware or software failure, or of the destruction of the organisation’s facilities. The primary goal of a DRP is to restore the business to the last-known reliable state of operations.
Exploit
Type of attack that exploits a system’s vulnerabilities.
Incident
An event that actually or potentially jeopardises the confidentiality, integrity or availability of an information system or the information the system processes, stores or transmits.
IR
incident Response
The mitigation of violations of security policies and recommended practices.
IRP
Incident Response Plan
This documentation of a predetermined set of instructions or procedures to detect, respond and limit the consequences of a malicious cyberattack against an organisation’s information systems.
Intrusion
A security event, or combination of security events, that constitutes a security incident in which an intruder gains , or attempts to gain access to a system or system resource without authorisation.
SOC
Security Operation Center
A centralised Organisational function fulfilled by an information security team that monitors, detects and analyses events on the network or system to prevent and resolve issues before they result in business disruptions.
Hot site
A location that is fully equipped to immediately resume operations in the event of a disaster.
Warm site
Partially equipped with hardware and connectivity solutions but may not have up-to-date data and systems.
