Disaster Recovery

Question 1

Acceptance

Answer 1

Level of tolerance specified by an organization. When all security measures are taken to mitigate a risk, the remainder of impact will be accepted and tolerated as there is not a way to remove it 100 percent.

Question 2

Avoidance

Answer 2

Removing cause of risk to “avoid” security risks.

Question 3

Business Continuity Plan (BCP)

Answer 3

Decides which services are sensitive for the regular operations to continue.

Question 4

Cold Site

Answer 4

Location owned by the organization but contains nothing. In case of disaster the organization will star to equip the cold site to perform the business operations. Could take weeks or months

Question 5

Disaster Relief Plan (DRP)

Answer 5

Policy that defines how an org will recover from a disaster. The DRP should protect both people and assets of a given organization.

Question 6

Electronic Vaulting

Answer 6

An alternate location to preserve backed up data. When the backup is complete, it is copied over to a different location. When a disaster occurs the electronic vault is used and the backup is ready to be restored.

Question 7

Hot Site

Answer 7

Identical site of Primary, equipped with systems and services just like the primary. Data is duplicated here.

Question 8

Human Threats

Answer 8

Insiders who have access to systems and Hackers

Question 9

Internal Users

Answer 9

Employees or visitors who could introduce a threat by exploiting a vulnerable or weak point.

Question 10

Journaling

Answer 10

Less expensive solution to preserve the data as journaling captures only transactions.

Question 11

Long term

Answer 11

Low Damage recovery, things that affect the daily routine of employees but not productivity, such as having a designated break area.

Question 12

Mid Term

Answer 12

If part of the business is affected, the business should still be able to meet the needs of its customers.

Question 13

Mitigation

Answer 13

Using security controls to protect against a risk until the risk impact is reduced to a level that is tolerated by the organization.

Question 14

Qualitative Analysis

Answer 14

Uses words or ranks to measure the impact of identified risk rather than numbers. Low, medium, and high are usually used to rank the risks.

Question 15

Quantitative Analysis

Answer 15

Numeric numbers and values and is usually base on statistics, historic records, best practices, testing, and experiments. This method can identify which risk has higher loss impact and which risk requires higher budget to mitigate.

Question 16

Risk Analysis

Answer 16

Based on qualitative and quantitative analysis; in some cases we see semi-quantitative analysis.

Question 17

Risk exposure

Answer 17

The impact caused by the risk on the enterprise

Question 18

Short term

Answer 18

when a line of service is fully affected, this is high priority and requires immediate action to recover.

Question 19

Stakeholders

Answer 19

The owners, management team, clients, employees, investors, suppliers, and board management

Question 20

SWOT Analysis

Answer 20

Strength, Weakness, Opportunity, and Threats; Those four points are the main studies in order to manage a given risk

Question 21

Transference

Answer 21

When you transfer the risk to another entity, such as insurance or service provider, where they are accountable 100 percent for the impact in case an attack occurs

Question 22

Warm Site

Answer 22

Location that performs non-critical functions for the organization, but can be converted to primary location within days.