Domain 2 Flashcards
What is Business Continuity (BC)?
The ability of an organization to maintain essential functions during and after a disaster.
What is Disaster Recovery (DR)?
The process of restoring IT systems and operations after a disruption.
What is Incident Response?
A structured approach to handling and managing a cybersecurity incident.
What is a Business Continuity Plan (BCP)?
A documented plan that outlines how an organization will continue operating during an unplanned disruption.
What is a Disaster Recovery Plan (DRP)?
A documented, structured approach with instructions for responding to unplanned incidents.
What is a Critical Business Function?
A business activity that is essential to the survival and operations of an organization.
What is a Recovery Time Objective (RTO)?
The maximum acceptable amount of time to restore a function after a disruption.
What is a Recovery Point Objective (RPO)?
The maximum acceptable amount of data loss measured in time.
What is a Tabletop Exercise?
A discussion-based exercise where participants talk through their roles during an incident without actual execution.
What is an After Action Report (AAR)?
A document that reviews actions taken during an incident to identify strengths and areas for improvement.
What is a Hot Site?
A fully equipped alternate location where operations can be moved immediately after a disruption.
What is a Warm Site?
An alternate location that is partially equipped and requires additional setup before operations can resume.
What is a Cold Site?
An alternate location that has infrastructure but no active equipment or data, requiring setup before use.
What is an Incident Response Plan (IRP)?
A formal document detailing how an organization detects, responds to, and recovers from incidents.
What is an Incident Response Team (IRT)?
A group of individuals assigned to prepare for and respond to incidents.
What is Business Impact Analysis (BIA)?
A process that identifies critical functions and evaluates the impact of a disruption.
What is Contingency Planning?
Preparations made in advance to deal with potential future incidents or disasters.
What is Crisis Communication?
The process of informing stakeholders during and after a disruptive incident.
What is a Service-Level Agreement (SLA)?
A contract that defines the level of service expected from a service provider.
What is Chain of Custody?
The documentation and handling process that maintains the integrity of evidence.
What is the main goal of Business Continuity Planning?
To ensure critical operations continue during and after a disruption.
What is the first step in creating a Business Continuity Plan?
Conduct a Business Impact Analysis (BIA).
Who typically leads the Incident Response Team (IRT)?
The Incident Response Manager or Coordinator.
What is the goal of an Incident Response Plan?
To minimize the impact of security incidents and restore normal operations quickly.
What does an After Action Report (AAR) help improve?
Future incident response effectiveness.
What type of alternate site requires the most setup time?
Cold site.
What is the main difference between a hot site and a cold site?
A hot site is fully operational, while a cold site requires setup.
What is a communication plan in business continuity?
A strategy for notifying stakeholders during an incident.
What are the typical phases of the Incident Response process?
Preparation, Detection and Analysis, Containment, Eradication, Recovery, and Lessons Learned.
What is the purpose of containment during an incident?
To limit the damage caused by an incident and prevent its spread.
Why is Business Impact Analysis (BIA) critical to BCP and DRP?
It identifies critical functions and prioritizes recovery efforts.
What is the primary goal of Disaster Recovery?
To restore IT services and operations as quickly as possible after a disruption.
How does an SLA relate to disaster recovery?
It defines the service levels that must be maintained or recovered after an incident.
What is an example of a tabletop exercise in incident response?
A scenario where participants walk through a simulated cyberattack without actual system disruption.
What should be included in an Incident Response Plan?
Roles and responsibilities, communication procedures, escalation paths, and technical steps.
What are the benefits of a warm site over a cold site?
Faster recovery times because systems and data are partially pre-configured.
Why is maintaining chain of custody important during an incident investigation?
To ensure evidence is legally admissible and credible.
What is a crisis communication team responsible for?
Managing information released to internal and external stakeholders during an incident.
How is a BCP different from an IRP?
BCP focuses on maintaining operations; IRP focuses on responding to security incidents.
Why are tabletop exercises important?
They help test and refine plans without disrupting actual operations.
Describe the steps to create a Business Continuity Plan.
Conduct BIA, identify recovery strategies, develop plans, train employees, test and maintain plans.
Explain how RTO and RPO affect disaster recovery planning.
They define recovery goals for downtime and data loss, influencing backup strategies and resources.
Give an example of containment during a cyber incident.
Disconnecting an infected server from the network to stop malware spread.
How can poor crisis communication worsen a disaster?
It can lead to misinformation, panic, legal issues, and reputational damage.
Why should disaster recovery sites be geographically separated?
To reduce the risk that the same event (e.g., earthquake) affects both primary and backup locations.
What could be a drawback of using a cold site for disaster recovery?
Longer recovery times due to the need to install and configure systems and data.
How does a Business Impact Analysis support risk management decisions?
By identifying the most critical operations and systems to prioritize protection and recovery efforts.
What are two important outputs of a BIA?
Critical business processes and the associated RTO and RPO for each.
How do legal and regulatory requirements impact Incident Response?
They may dictate how incidents are handled, reported, and documented.
Why must the Incident Response Plan be tested regularly?
To ensure the team is prepared and the plan is effective in real incidents.
