Chapter 5

Question 1

Explain disaster planning
(A method to discover and document the following:)

Answer 1

What needs to be done
How it will be done
When it will be done
Who will get it done
Emergency plan

Question 2

Business interruption planning addresses what two related processes?

Answer 2

Disaster recovery takes place during and after a catastrophic event to minimize business interruption and return the organization as quickly as possible to its prior operating state

Business continuity ensures the survival of the organization by providing an acceptable level of service throughout the disruption

Question 3

What are the 5 key considerations for contingency planning?

Answer 3

Emergency team
Alternative premises
Public relations and communications
Insurance policies
Testing and review of the plan

Question 4

Explain the emergency teams part of contingency planning

Answer 4

The team should include senior management, the owner or a partner, the office manager, and other staff members as required

Question 5

In the case of an emergency, who should be included on the emergency list?

Answer 5

The operations manager and specific administrative staff who can set up temporary location

Individual customer service representatives who can each be assigned an insurer to make sure manuals, application forms, and other items are replaced so that business can continue

Question 6

Explain the public relations and communications part of contingency planning

Answer 6

The team will need to select an internal spokesperson or hire a public relations firm to advise clients, insurers, and major suppliers during an emergency

Question 7

Explain the insurance policies part of contingency planning

Answer 7

The company’s insurance policies should be reviewed, including all limitations and exclusions, to ensure that terms and limits of coverage are adequate for all identifiable exposures

Question 8

Explain the testing and review part in contingency planning

Answer 8

Before finalizing the plan, it should be tested in a simulated emergency situation involving staff without prior warning and under realistic conditions. This will show if the plan is feasible and whether aspects need changing

Question 9

Explain cyber incident

Answer 9

Can be a single event or a series of events that are unwanted or unexpected and likely to compromise business operations and threaten information security

Question 10

Explain cyber incident response plan

Answer 10

Detailed instructions to help a business detect, respond to, and recover from a cyber incident

Question 11

What stages are included in a cyber incident response plan?

Answer 11

Preparation
Identification
Containment
Eradication
Recovery
Lessons learned

Question 12

Explain “preparation” stage in a cyber incident response plan

Answer 12

Includes:
-training employees on security policies and their responsibilities in a data breach
-having security policies and plans approved by management
-creating an incident response team and training members on their roles
-having incident response team members participate in practice drills

Question 13

Explain “identification” stage in a cyber incident response plan

Answer 13

Includes:
-determining the timeline (when it was discovered and when it happened)
-the scope of the breach and operations effected
-if source of the event has been discovered
-how it was discovered and who discovered it

Question 14

Explain “containment” stage in a cyber incident response plan

Answer 14

The business tries to contain the breach so it doesn’t spread any further and cause more damage to the business

Question 15

Explain “eradication” stage in a cyber incident response plan

Answer 15

The business looks for the root cause of the breach so that it can be eliminated

Question 16

Explain “recovery” stage in a cyber incident response plan

Answer 16

This stage is where the affected computer systems can be put back in use and may be plans to further monitor the system after function is restored

Question 17

Explain “lesson learned” stage in a cyber incident response plan

Answer 17

This phase will feed back into the planning and preparation phase because lessons learned following an incident will show how a business can strengthen its system

Question 18

Explain the International Standard for Information Security Incident Management (ISO)

Answer 18

Develops and publishes 22,923 international standards that define essential elements for products and services across business sectors

Question 19

Under the ISO, define cyber security event

Answer 19

An identified occurrence of a system, service, or network state indicating a possible breach of information security, failure of controls, or a previously unknown situation that maybe security relevant

Question 20

Under the ISO, define cyber security incident

Answer 20

A single or a series of unwanted or unexpected information security events that have a significant probability of compromising business operations and threading information security

Question 21

Under the ISO, define cyber security incident management

Answer 21

The processes for detecting, reporting, assessing, responding to, dealing with, and learning from cyber security incidents

Question 22

Under the ISO, define incident response

Answer 22

The actions taken to protect and restore the normal operational conditions of an information system and the information stored in it when a cyber security incident occur

Question 23

Under the ISO, define incident response team

Answer 23

A team of appropriately skilled and trusted members of the organization that handles incidents during their life cycle

Question 24

What are the three parts of ISO?

Answer 24

Part 1 Principles of incident management- presents basis concepts and phases of information security incident management
Part 2 Guidelines to Plan and Prepare for Incident Response- outlines how to plan and prepare for responding to cyber incident
Part 3 Guidelines for Incident Response Operations