DM4: IS Business Resilience and Maintenance Management Flashcards
What is the purpose of using separate conduits for data and electrical cables?
To reduce data corruption due to magnetics fields created by electrical currents.
What are the primary operating system access control functions?
log user activities and log events (think Event Viewer on PC)
Which types of cabling are insecure?
Coaxial and copper wire
Which type of cabling is most secure?
Fiber optic cable
What are the risks involved in spooling printed reports for offline printing?
Additional report copies can be printed by unauthorized individuals
What is a common gateway interface (CGI)?
it’s the standard way for a web server to pass a user’s request to an application and move data back and forth
What are the common types of enterprise back-end devices?
print servers, file servers, application servers, web servers, proxy servers, database servers, and appliances
What are enterprise appliances (specialized devices)?
devices that provide a specific services such as firewalls, IDS’s, IPS’s, switches, routers, VPNs, and load balancers
What is the purpose of a proxy server?
the provide a link between users and resources and access resources on behalf of the user, sometimes providing more secure and faster response
What are the common risks related to USBs?
viruses and malicious software;
data thefts;
data/media loss;
corruption of data;
loss of confidentiality
What are some security controls for use of USBs?
encryption;
granular control;
security personnel education;
locked desktop policies;
antivirus policy
What are areas to review when auditing a hardware maitenance program?
hardware acquisition plan;
actual acquisition;
IT asset management;
capacity management;
preventative maintenance schedule;
problem logs
What information do you need for each asset in an IT asset management system?
Owner, designated custodian, ID of asset, value of asset, loss implication/priority, location, security classification, asset group
What does a job scheduling software provide?
control over scheduling jobs, tape backups, and other maintenance activities
What should be done for high-priority jobs in a job scheduler?
they should be given optimal resources and be performed in nonpeak times
In regards to system interfaces, what is a critical area that should be verified?
data residing on sending systems are precisely the same data being recorded in the receiving system; encryption is being used
What is the goal of data governance?
stakeholder needs can be managed;
direction for data management;
performance management;
What are the three types of data quality?
intrinsic, contextual, and security/accessibility
What is intrinsic data quality?
the extent to which data values are in conformance with actual or true values
What is contextual data quality?
the extent to which information is applicable to the task of the information user and is presented in an intelligible and clear manner, recognizing that information quality depends on the context of use
What is accessibility data quality?
the extent to which information is available or obtainable
What are the five phases of the data life cycle?
- Plan
- Design
- Build/Acquire
- Use/Operate
- Monitor
- Dispose
What are the FIRST 3 phases of the data life cycle and their purpose?
- Plan - creation, acquisition, and use of the information resource is prepared. (E.g., understanding information, value of information, identifying objectives)
2 - Design - how the information will look and how the systems processing the information will have to work (e.g., standards, data definitions)
- Build/acquire - when the information resource is actually acquired (e.g., creation of data, purchase of data, loading of data)
What are the LAST 3 phases of the data life cycle and their purpose?
- Use/operate - storing/sharing/use of information resources
- Monitor - ensuring that information resources continue to work properly
- Dispose - information is transferred or retained for a specified period, destroyed, or archived
What is the significance of Operating System (OS) integrity?
protects itself from deliberate and inadvertent modification;
ensures that privileged programs cannot be interfered with by user programs;
provides process isolation to ensure that concurrent processes wont interfere with each other and least privilege is enforced for processes
What is one way to protect system logs from being altered by intruders?
Using a security information and event management (SIEM) software
What are the three components of a data communication system?
- transmitter (source)
- transmission patch (channel or line)
- receiver
What is a utility program?
system software used to perform maintenance and routines that frequently are required during normal processing operations.
What is the primary functional uses of a utility programs?
understanding application systems; assessing or testing data quality; testing a programs ability to function correctly; assisting in faster program development; improving operational efficiency
What are the two types of licensing?
free and paid
What are example of free licensing?
open source, freeware, shareware
What are examples of paid licensing?
licensing per: CPU, seat, concurrent user, utilization, workstation, enterprise
If reviewing licensing for an organization, what should an IS auditor look for?
list of all standard, used, and licensed software;
all contracts;
network scans of software;
compare contracts to installed software
What is capacity management?
the planning and monitoring of computing and network resources to ensure that the available resources are used efficiently and effectively
What are the benefits and drawbacks of application stacking?
benefits:
allows the organization to make better use of resources as apps are consolidated to large servers
drawbacks:
increases the impact of a server outage and affects more applications when a server needs to be shut down
What is the first step of a capacity management plan?
understanding of current and future requirements for IT resources
What is the difference between problem and incident management?
problem management focuses on resolving issuing through investigation and analysis of a major incident or several incidents that a similar to find a root cause; incident management focuses on providing increased continuity of service by reducing disturbances to IT services
What is an essential step of incident handling?
determining impact and urgency then prioritizing based on these values
What is the goal of service-level management?
maintain and improve customer satisfaction and to imporve the service delivered
What are major considerations for SLA delivery?
accuracy, completeness, timeliness, security
Why is a data definition language (DDL) implemented in on a DBMS?
creates a schema representation used to interpret and respond to users request.
What is a data dictionary/directory system (DD/DS) used for?
to define and store source and object forms of all data definitions for external schemas, conceptual schemas, the internal schema, and all associated mappings
What functions does a data dictionary/directory system (DD/DS) serve?
data definition language (DDL) processor;
validation of defintions;
prevention of unauthorized access to metadata;
interrogation and reporting facilities for DBAs
What are the three types of DBMS structures?
network, hierarchical, relational
What is a network DBMS structure?
data modeling is based on “sets” created by owner and member record types.
What is a hierarchical DBMS structure?
data is structured in parent and child segments and typically 1:N relationships. child segments can have only one parent segment so duplication is necessary for multiple relationships
What is a relational DBMS structure?
you know what a relational DBMS is… tables, views, keys, etc.
What does normalization of a relational DBMS accomplish?
minimizes the amount of information needed in tables to satisfy queries
What is the most important thing to consider when reviewing databases?
integrity
What are the main considerations of when performing a BIA?
the importance and criticality of each process;
what are the critical information resources;
what is the critical recovery time period
What are the four classifications of systems in a BIA?
critical, vital, sensitive, noncritical
What is the difference between the four classifications of systems?
Critical - functions cant be performed unless completely replaced (non-manual methods). Very low interruption tolerance and very high cost of interruption.
Vital - functions that can be performed manually but only for a short period. High tolerance to interruption and lower costs of interruption if corrected within 5 days.
Sensitive - can be performed manually at a tolerable cost for an extended period of time, though may be difficult.
Nonsensitive - can be interrupted for an extended period of time at little to no cost
What is a cluster (clustering)?
protects from single point of failure; type of software/agent that is installed on every server/node in which the application runs and includes management software that permits control of and tuning the cluster behavior,
What is an active-active cluster?
The application runs on every node in a cluster and information processing is coordinated between all the nodes, providing load balancing and concurrent data access.
This also has impacts on network latency
What is an active-passive cluster?
The application runs on only one node and other nodes are used if the application fails on the active node and is viable for application availability
What is alternate routing?
method of routing information via an alternate medium using different networks, circuits, and end points in case the primary network is not available
What is diverse routing?
method of routing traffic through split cable facilities or duplicate cable facilities, either in separate or the same conduits.
What are the four types of disk-based backup systems?
virtual tape libraries; host-based replication; disk-array-based replication; snapshots
How do virtual tape libraries (VTL) function?
Consist of disk storage and software that control backup and recovery data sets. Data is stored on a disk array and VTL disks are replicated from a primary site to a backup site using hardware based replication
How does host-based replication work?
executed at the server level, this replication occurs in real-time or with some delay. Data is not written to the primary site until confirmation is received that the data was successfully written to the backup site
What is the first step of preparing a BCP?
identifying the business processes of strategic importance
What is the first step of the risk management process?
a risk assessment
What should a risk assessment consider?
resources (HR, data, infrastructure); potential vulnerabilities; existing risk mitigation controls; probability of impact
What should be considered when establishing a BCP?
critical operations for the survival of an organization;
human/material resources needed to support them
In a BCP, the value of an application is proportional to what?
the role of the system in supporting the strategy of the organization
Steps should always be taken to reduce the likelihood of disruption, what are possible methods of doing this?
considering location (environmental risks); use resilient network topographies (alternative routing, etc.)
What is one KEY output of a risk assessment when examining an organization with multiple systems?
a dependencies map of critical business processes and applications with documented threats and vulnerabilities to these dependencies
Why is a business continuity POLICY important?
it is a communication to internal stakeholders regarding the efforts and expectations;
its a communication to external stakeholders to show the organization is taking it seriously;
it states and empowers those who have responsibility;
includes guiding principles
What are the four levels of incidents?
negligible, minor, major, crisis
What plan documents SHOULD a BCP include?
continuity of operations plan;
disaster recovery plan;
business resumption plan
What plan documents MIGHT, though dependent on the organization, a BCP include?
continuity of support plan;
IT contingency plan;
incident response plan;
transportation plan;
occupant emergency plan;
evacuation plan;
relocation plan
When test a BCP, what should be accomplished?
verify the completeness and precision of BCP;
evaluate the performance of the personnel in the test;
evaluate training and awareness of employees not on BCP team
What should be done following the completion of a BCP test?
Results analysis; considering elapsed time, amount of work, total vital records secured, and accuracy
Who is responsible for maintaining a BCP?
BCP coordinator (most often)
What are some of the responsibilities of a BCP coordinator when maintaining a BCP?
scheduling periodic reviews,
call for revisions;
coordinate tests;
develop training;
maintain records of training
When reviewing the BCP, what are the major steps an IS Auditor should take?
- review the document
- review the applications covered by the plan
- review the established teams
- review plan testing procedures
- evaluate prior results
- evaluate offsite storage and offsite security
What should be considered when evaluating an organizations offsite storage facility?
the presence, synchronization, and curreny of critical media and documentation (e.g., data files, application software, application documentation, operations documentation)
What should an IS auditor look for when reviewing the contract with the alternative processing facility?
to ensure reliability and that all agreeements are documented; ensure that insurance covers aligns with disaster expenses; ensure that tests are done at hot sites regularly; recourse of breach of contract
What is an RTO and what is it used for?
Recovery time objectives (RTO) are used to determine the acceptable downtime of a system and is the earliest point in time in which operations must resume
What is an RPO and what is it used for?
Recovery point objectives (RPO) are used to determine the acceptable data loss and is the earliest point in time in which data can be recovered
If an application has a low RPO, what type of recovery strategy would be useful? A high RPO?
LOW - means that it cannot handle much data loss and needs near real-time data strategy (e.g., mirroring, replication, disk backups, snapshots)
HIGH: means it can accept loss of data. tape backups, log shipping
If an application has a low RTO, what type of recovery strategy would be useful? A high RTO?
LOW - means that is must be re-initialized quickly (e.g., active-active clusters, active-passive clusters,, hot standby)
HIGH - less quick recovery (e.g., cold standby)
What are some examples of incidents where a DRP may need to be invoked?
loss of network connection;
loss of key IT system;
loss of a processing site;
loss of critical data;
loss of an office;
loss of key service provider
