Chapter 5 Flashcards
Explain disaster planning
(A method to discover and document the following:)
What needs to be done
How it will be done
When it will be done
Who will get it done
Emergency plan
Business interruption planning addresses what two related processes?
Disaster recovery takes place during and after a catastrophic event to minimize business interruption and return the organization as quickly as possible to its prior operating state
Business continuity ensures the survival of the organization by providing an acceptable level of service throughout the disruption
What are the 5 key considerations for contingency planning?
Emergency team
Alternative premises
Public relations and communications
Insurance policies
Testing and review of the plan
Explain the emergency teams part of contingency planning
The team should include senior management, the owner or a partner, the office manager, and other staff members as required
In the case of an emergency, who should be included on the emergency list?
The operations manager and specific administrative staff who can set up temporary location
Individual customer service representatives who can each be assigned an insurer to make sure manuals, application forms, and other items are replaced so that business can continue
Explain the public relations and communications part of contingency planning
The team will need to select an internal spokesperson or hire a public relations firm to advise clients, insurers, and major suppliers during an emergency
Explain the insurance policies part of contingency planning
The company’s insurance policies should be reviewed, including all limitations and exclusions, to ensure that terms and limits of coverage are adequate for all identifiable exposures
Explain the testing and review part in contingency planning
Before finalizing the plan, it should be tested in a simulated emergency situation involving staff without prior warning and under realistic conditions. This will show if the plan is feasible and whether aspects need changing
Explain cyber incident
Can be a single event or a series of events that are unwanted or unexpected and likely to compromise business operations and threaten information security
Explain cyber incident response plan
Detailed instructions to help a business detect, respond to, and recover from a cyber incident
What stages are included in a cyber incident response plan?
Preparation
Identification
Containment
Eradication
Recovery
Lessons learned
Explain “preparation” stage in a cyber incident response plan
Includes:
-training employees on security policies and their responsibilities in a data breach
-having security policies and plans approved by management
-creating an incident response team and training members on their roles
-having incident response team members participate in practice drills
Explain “identification” stage in a cyber incident response plan
Includes:
-determining the timeline (when it was discovered and when it happened)
-the scope of the breach and operations effected
-if source of the event has been discovered
-how it was discovered and who discovered it
Explain “containment” stage in a cyber incident response plan
The business tries to contain the breach so it doesn’t spread any further and cause more damage to the business
Explain “eradication” stage in a cyber incident response plan
The business looks for the root cause of the breach so that it can be eliminated
Explain “recovery” stage in a cyber incident response plan
This stage is where the affected computer systems can be put back in use and may be plans to further monitor the system after function is restored
Explain “lesson learned” stage in a cyber incident response plan
This phase will feed back into the planning and preparation phase because lessons learned following an incident will show how a business can strengthen its system
Explain the International Standard for Information Security Incident Management (ISO)
Develops and publishes 22,923 international standards that define essential elements for products and services across business sectors
Under the ISO, define cyber security event
An identified occurrence of a system, service, or network state indicating a possible breach of information security, failure of controls, or a previously unknown situation that maybe security relevant
Under the ISO, define cyber security incident
A single or a series of unwanted or unexpected information security events that have a significant probability of compromising business operations and threading information security
Under the ISO, define cyber security incident management
The processes for detecting, reporting, assessing, responding to, dealing with, and learning from cyber security incidents
Under the ISO, define incident response
The actions taken to protect and restore the normal operational conditions of an information system and the information stored in it when a cyber security incident occur
Under the ISO, define incident response team
A team of appropriately skilled and trusted members of the organization that handles incidents during their life cycle
What are the three parts of ISO?
Part 1 Principles of incident management- presents basis concepts and phases of information security incident management
Part 2 Guidelines to Plan and Prepare for Incident Response- outlines how to plan and prepare for responding to cyber incident
Part 3 Guidelines for Incident Response Operations
