Compliance and Operational Security Flashcards
EF
Exposure Factor
% of loss experienced by a realized risk
SLE (formula)
Single Loss Expectancy
AV x EF
ARO
Annualized Rate of Occurrence
Frequency of occurrence per year
ALE (formula)
Annualized Loss Expectancy
Max amount that should be spent on the countermeasure
SLE x ARO
AV
Asset Value
Risk Avoidance
If it’s too expensive or risky don’t do it.
Risk Transference
Giving risk to someone else to do.
Eg. Contracting electricity out.
Risk Acceptance
Cost of countermeasure outweighs the loss.
Change Management
Documenting CHANGES in the system.
Steps to Incident Response (6)
Preparation Identification (Detection) Containment Eradication Recovery Follow-up/Document
BCP
Business Continuity Plan
DRP
Disaster Recovery Plan
BIA (5 steps)
Business Impact Analysis
Full Backup
Backs up everything
Changes archive bit
Incremental Backup
Backs up things changed since last backup of any kind.
Changes archive bit
Fastest
Differential Backup
Backs up things changed since last FULL backup.
Does NOT change archive bit
Copy
Backs up everything
Does NOT change archive bit
Grandfather, Father, Son
Monthly, Weekly, Daily
RTO
Recovery Time Objective
RAID 0
Highest Performance
No Redundancy
Info distributed across drives
RAID 3
Dedicated Parity Drive
Info distributed across drives, dedicated parity on a different drive
RAID 5
Distributed Parity Drive
Info distributed with parity across drives
RAID 1
Mirroring: Exact copy
RAID 0+1
Original and Copy of distributed data
SLA
Service Level Agreement
MTBF
Mean Time Between Failures
How often does it fail?
MTTR
Mean Time to Repair
How quick is it to fix?
MTD
Maximum Tolerable Downtime
RPO
Recovery Point Objectives
Point to which we will restore
Eg. Restore to Wednesday’s backup
Fuzzing
Computer version of Black Box.
DLP
Data Loss Prevention
TPM
Trusted Platform Module
Microprocessor that stores keys, passwords and digital certificates
HSM
Hardware Security Module