Domain 2: Business Continuity, Disaster Recovery, and Incident Response Flashcards
What is the priority of any incident response?
To protect life, health, and safety.
What is the primary goal of incident management?
To be prepared
What is the other term for incident management?
Crisis Management
Every organization must have a _____ that will help preserve business viability and survival.
Incident Response Plan
The loss of control, compromise, unauthorized disclosure, unauthorized acquisition, or any similar occurrence where: a person other than an authorized user accesses or potentially accesses personally identifiable information; or an authorized user accesses personally identifiable information for other than an authorized purpose.
Breach
Any measurable occurence
Event
An event that actually or potentially jeopardizes the confidentiality, integrity or availability of an information system or the information the system processes, stores or transmits.
Incident
A security event, or combination of events, that constitutes a deliberate security incident in which an intruder gains, or attempts to gain, access to a system or system resource without authorization
Intrusion
Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image or reputation), organizational assets, individuals, other organizations or the nation through an information system via unauthorized access, destruction, disclosure, modification of information and/or denial of service.
Threat
Weakness in an information system, system security procedures, internal controls or implementation that could be exploited by a threat
Vulnerability
An unknown vulnerability because it doesn’t fit previously recognizable patterns or method, therefore it doesn’t have risk of detection
Zero Day
What shapes the incident response process?
The vision, mission and strategy of the organization
What are the components of the incident response plan?
- Preparation
- Detection and Analysis
- Containment, Eradication, and Recovery
- Post-Incident Activity
What is the first response in the preparation component?
Identification of Incident
What should we look out for in the preparation component with regards to data and systems?
Single points of failure
What must be taken into account when choosing the communication between stakeholders?
That the primary method of communication may not always be available
In the detection and analysis component, documentation must be?
Standardized
What is the primary goal of the third component of an incident response plan?
Identify and Isolate the attacker.
In the post-incident activity, lessons learned must be documented, especially in what cases?
When the information compromised is under the protection of the law.
Along with the organizational need to establish a _______is the need to create a suitable ______
Security Operations Center (SOC);incident response team
Many organizations now have a dedicated team responsible for investigating any computer security incidents that take place. They are called?
Computer Incident Response Teams or Computer Security Incident Respons Teams
When an incident occurs, the response team has four primary responsibilities?
- Amount and Scope of Damage
- Confidential information compromised?
- Recovery and Restore Security
- Supervises implementation of additional security measures
What do you call the list of persons to contact in case of disruption of operations?
Phone tree
Organizational Support must be given by?
Executive Management or Sponsor
is the proactive development of procedures to restore business operations after a disaster or other significant disruption to the organization
Business Continuity Planning
What do you call the hard copy document of the business continuity plan?
The Red Book
How often should an organization test its business continuity plan
Routinely
What is the goal of Business Continuity?
Maintaining Critical Business functions of the Organization
When an organization’s critical business functions cannot be performed at an acceptable level within a predetermined time frame
Disaster
What are the main things that Disaster recovery focuses on restoring?
IT and Communication Services
True or False: Organizations follow one disaster recovery plan to maintain consistent procedures in case of disasters.
False. Depending on the size of the organization and the number of people involved in the DRP effort, organizations often maintain multiple types of plan documents, intended for different audiences
What are the documents worth considering in the Disaster Recovery Plan?
- Executive Summary
- Department-specific Plans
- IT technical guidelines
- Full copies of the plan for critical members
- Checklists for certain individuals
A centralized organizational function fulfilled by an information security team that monitors, detects and analyzes events on the network or system to prevent and resolve issues before they result in business disruptions.
Security Operations Center
What are the common components of a Business Continuity Plan?
- BCP Members and contact methods
- Checklists
- Call Tree and Notification Systems
- Guidance for Management
- How and when to enact the plan
- Contacts for Critical Members of the Supply Chain