Lecture 6

Question 1

?

Everyone in an organization needs to be trained and aware of information security; not every member needs formal degree or certificate in information security

Identify

1/3 ?

Answer 1

Security Education

Question 2

?

When formal education for individuals in security is needed, an employee can identify curriculum available from local institutions of higher learning or continuing education

Identify

2/3 ?

Answer 2

Security Education

Question 3

?

A number of universities have formal coursework in information security

Identify

3/3 ?

Answer 3

Security Education

Question 4

?

Involves providing members of organization with detailed information and hands-on instruction designed to prepare them to perform their duties securely

Identify

1/2 ?

Answer 4

Security Training

Question 5

?

Management of information security can develop customized in-house training or outsource the training program

Identify

2/2 ?

Answer 5

Security Training

Question 6

?

One of least frequently implemented but most beneficial programs is the ? program

Identify

1/4 ?

Answer 6

Security Awareness

Question 7

?

Designed to keep information security at the forefront of users’ minds

Identify

2/4 ?

Answer 7

Security Awareness

Question 8

?

Need not be complicated or expensive

Identify

3/4 ?

Answer 8

Security Awareness

Question 9

?

If the program is not actively implemented, employees begin to “tune out” and risk of employee accidents and failures increases

Identify

4/4 ?

Answer 9

Security Awareness

Question 10

?

Continuous availability of info systems

Identify

1/3 ?

Answer 10

Continuity Strategies

Question 11

?

Probability high for attack

Identify

2/3 ?

Answer 11

Continuity Strategies

Question 12

?

Managers must be ready to act

Identify

3/3 ?

Answer 12

Continuity Strategies

Question 13

?

Prepared by organization

Identify

Continuity Strategies - 1/3 ?

Answer 13

Contingency Plan (CP)

Question 14

?

Anticipate, react to, & recover from attacks

Identify

Continuity Strategies - 2/3 ?

Answer 14

Contingency Plan (CP)

Question 15

?

Restore organization to normal operations

Identify

Continuity Strategies - 3/3 ?

Answer 15

Contingency Plan (CP)

Question 16

3 Components of Contingency Plan

Enumerate

Continuity Strategies - 3 Components of Contingency Plan

Answer 16

• Incident Response (IRPs)
• Disaster Recovery (DRPs)
• Business Continuity (BCPs)

Question 17

?

Focus on immediate response

Identify

Continuity Strategies - 1/3 Components of Contingency Plan

Answer 17

Incident Response (IRPs)

Question 18

?

Focus on restoring system

Identify

Continuity Strategies - 2/3 Components of Contingency Plan

Answer 18

Disaster Recovery (DRPs)

Question 19

?

Focus establish business functions at alternate site

Identify

Continuity Strategies - 3/3 Components of Contingency Plan

Answer 19

Business Continuity (BCPs)

Question 20

?

Before planning can begin, a team has to plan effort and prepare resulting documents

Identify

1/4 ? (continued)

Answer 20

Continuity Strategies

Question 21

?

??: high-level manager to support, promote, and endorse findings of project

Identify

2/4 ? (continued)

Answer 21

• Continuity Strategies
• Champion

Question 22

?

??: leads project and makes sure sound project planning process is used, a complete and useful project plan is developed, and project resources are prudently managed

Identify

3/4 ? (continued)

Answer 22

• Continuity Strategies
• Project Manager

Question 23

?

??: should be managers or their representatives from various communities of interest: business, IT, and information security

Identify

4/4 ? (continued)

Answer 23

• Continuity Strategies
• Team members

Question 24

?

Investigate & assess impact of various attack

Identify

1/5 ?

Answer 24

Business Impact Analysis (BIA)

Question 25

?

First risk assessment – then ?

Identify

2/5 ?

Answer 25

Business Impact Analysis (BIA)

Question 26

?

Prioritized list of threats & critical info

Identify

3/5 ?

Answer 26

Business Impact Analysis (BIA)

Question 27

?

Detailed scenarios of potential impact of each attack

Identify

4/5 ?

Answer 27

Business Impact Analysis (BIA)

Question 28

?

Answers question: “if the attack succeeds, what do you do then?”

Identify

5/5 ?

Answer 28

Business Impact Analysis (BIA)

Question 29

5 BIA (Business Impact Analysis) Sections

Enumerate

5 BIA Sections

Answer 29

• Threat attack identification & prioritization
• Business Unit analysis
• Attack success scenario development
• Potential damage assessment
• Subordinate Plan Classification

Question 30

5 BIA (Business Impact Analysis) Sections

?

• Attack profile – detailed description of activities that occur during an attack
• Determine the extent of resulting damage

Identify

1/5 BIA Sections

Answer 30

Threat attack identification & prioritization

Question 31

5 BIA (Business Impact Analysis) Sections

Threat attack identification & prioritization

• ? - detailed description of activities that occur during an attack
• Determine the extent of resulting damage

Identify

1/5 BIA Sections

Answer 31

Attack Profile

Question 32

5 BIA (Business Impact Analysis) Sections

?

• Analysis & prioritization-business functions
• Identify & prioritize functions within orgs units

Identify

2/5 BIA Sections

Answer 32

Business Unit analysis

Question 33

5 BIA (Business Impact Analysis) Sections

?

• Series of scenarios showing impact
• Each treat on prioritized list
• Alternate outcomes (Best, worst, probable cases)

Identify

3/5 BIA Sections

Answer 33

Attack success scenario development

Question 34

5 BIA (Business Impact Analysis) Sections

?

• Estimate cost of best, worst, probable
• What must be done under each
• Not how much to spend

Identify

4/5 BIA Sections

Answer 34

Potential damage assessment

Question 35

5 BIA (Business Impact Analysis) Sections

?

• Basis for classification as disastrous not disastrous

Identify

5/5 BIA Sections

Answer 35

Subordinate Plan Classification

Question 36

?

covers identification of,
classification of, and response to an incident

Identify

1/3 ?

Answer 36

Incident Response Planning (IRPs)

Question 37

?

Attacks classified as incidents if they:
* Are directed against information assets
* Have a realistic chance of success
* Could threaten confidentiality, integrity, or availability of information resources

Identify

2/3 ?

Answer 37

Incident Response Planning (IRPs)

Question 38

?

?? is more reactive, than proactive, with the exception of planning that must occur to prepare IR teams to be ready to react to an incident

Identify

3/3 ?

Answer 38

• Incident Response Planning (IRPs)
• Incident Response (IR)

Question 39

?

Set of activities taken to plan for, detect, and correct the impact

Identify

1/3 ?

Answer 39

Incident Response

Question 40

?

??
* Requires understanding BIA scenarios
* Develop series of predefined responses
* Enables org to react quickly

Identify

2/3 ?

Answer 40

• Incident Response
• Incident Planning

Question 41

?

??
??? – intrusion detection systems, virus detection, system
administrators, end users

Identify

3/3 ?

Answer 41

• Incident Response
• Incident Detection
• Mechanisms

Question 42

Incident Detection

4 Possible Indicators

Enumerate

Incident Response - Incident Detection - 4 Possible Indicators

Answer 42

• Presence of unfamiliar files
• Execution of unknown programs or processes
• Unusual consumption of computing resources
• Unusual system crashes

Question 43

Incident Detection

4 Probable Indicators

Enumerate

Incident Response - Incident Detection - 4 Probable Indicators

Answer 43

• Activities at unexpected times
• Presence of new accounts
• Reported attacks
• Notification form IDS

Question 44

Incident Detection

4 Definite Indicators

Enumerate

Incident Response - Incident Detection - 4 Definite Indicators

Answer 44

• Use of dormant accounts
• Changes to logs
• Presence of hacker tools
• Notification by partner or peer
• Notification by hackers

Question 45

Incident Detection

4 Predefined Situation

Enumerate

Incident Response - Incident Detection - 4 Predefined Situation

Answer 45

• Loss of availability
• Loss of integrity
• Loss of confidentiality
• Violation of policy
• Violation of law

Question 46

?

• Actions outlined in the IRP
• Guide the organization
  - Stop the incident
  - Mitigate the impact
  - Provide information recovery
• Notify key personnel
• Document incident

Identify

?

Answer 46

Incident Reaction

Question 47

?

• Sever affected communication circuits
• Disable accounts
• Reconfigure firewall
• Disable process or service
• Take down email
• Stop all computers and network devices
• Isolate affected channels, processes, services, or computers

Identify

?

Answer 47

Incident Containment Strategies

Question 48

?

• Get everyone moving and focused
• Assess Damage
• Recovery
  - Identify and resolve vulnerabilities
  - Address safeguards
  - Evaluate monitoring capabilities
  - Restore data from backups
  - Restore process and services
  - Continuously monitor system
  - Restore confidence

Identify

?

Answer 48

Incident Recovery

Question 49

?

• Provide guidance in the event of a disaster
• Clear establishment of priorities
• Clear delegation of roles & responsibilities
• Alert key personnel
• Document disaster
• Mitigate impact
• Evacuation of physical assets

Identify

?

Answer 49

Disaster Recovery Plan (DRPs)

Question 50

?

Disaster recovery personnel must know their responses without any supporting documentation

Identify

1/3 ?

Answer 50

Crisis Management

Question 51

?

Actions taken during and after a disaster focusing on people involved and addressing viability of business

Identify

2/3 ?

Answer 51

Crisis Management

Question 52

?

?? responsible for managing event from an enterprise perspective and covers:
* Support personnel and loved ones
* Determine impact on normal operations
* Keep public informed
* Communicate with major players such as major customers, suppliers, partners, regulatory agencies, industry organizations, the media, and other interested parties

Identify

3/3 ?

Answer 52

• Crisis Management
• Crisis Management Team

Question 53

?

Outlines reestablishment of critical business operations during a disaster that impacts operations

Identify

1/3 ?

Answer 53

Business Continuity Planning (BCPs)

Question 54

?

If disaster has rendered the business unusable for continued operations, there must be a plan to allow business to continue functioning

Identify

2/3 ?

Answer 54

Business Continuity Planning (BCPs)

Question 55

?

Development of ? somewhat simpler than IRP or DRP; consists primarily of selecting a continuity strategy and integrating off-site data storage and recovery functions into this strategy

Identify

3/3 ?

Answer 55

Business Continuity Planning (BCPs)

Question 56

?

There are a number of strategies for planning for business continuity

Identify

1/4 ?

Answer 56

Continuity Strategies

Question 57

?

Determining factor in selecting between options usually cost

Identify

2/4 ?

Answer 57

Continuity Strategies

Question 58

?

In general there are three exclusive options: hot sites; warm sites; and cold sites

Identify

3/4 ?

Answer 58

Continuity Strategies

Question 59

?

Three shared functions: time-share; service bureaus; and mutual agreements

Identify

4/4 ?

Answer 59

Continuity Strategies

Question 60

?

??

• Fully configured computer facilities
• All services & communication links
• Physical plant operations

Identify

1/6 ?

Answer 60

• Alternative Site Configurations
• Hot Sites

Question 61

?

??

• Does not include actual applications
• Application may not be installed and configured
• Required hours to days to become operational

Identify

2/6 ?

Answer 61

• Alternative Site Configurations
• Warm Sites

Question 62

?

??

• Rudimentary services and facilities
• No hardware or peripherals
• Empty room

Identify

3/6 ?

Answer 62

• Alternative Site Configurations
• Cold Sites

Question 63

?

??

• Hot, warm, or cold
• Leased with other orgs

Identify

4/6 ?

Answer 63

• Alternative Site Configurations
• Time-shares

Question 64

?

??

• Provides service for a fee

Identify

5/6 ?

Answer 64

• Alternative Site Configurations
• Service bureau

Question 65

?

??

• A contract between two or more organizations that specifies how each will assist the other in the event of a disaster.

Identify

6/6 ?

Answer 65

• Alternative Site Configurations
• Mutual agreements

Question 66

?

To get sites up and running quickly, organization must have ability to port data into new site’s systems

Identify

1/4 ?

Answer 66

Off-Site Disaster Data Storage

Question 67

?

??
* Transfer of large batches of data
* Receiving server archives data
* Fee

Identify

2/4 ?

Answer 67

• Off-Site Disaster Data Storage
• Electronic vaulting

Question 68

?

??

• Transfer of live transactions to off-site
• Only transactions are transferred
• Transfer is real time

Identify

3/4 ?

Answer 68

• Off-Site Disaster Data Storage
• Journaling

Question 69

?

??

• Duplicated databases
• Multiple servers
• Processes duplicated
• 3 or more copies simultaneously

Identify

4/4 ?

Answer 69

• Off-Site Disaster Data Storage
• Shadowing

Question 70

Model for a Consolidated Contingency Plan

? supports concise planning and encourages smaller organizations to develop, test, and use IR and DR plans

Identify

1/2 Model for a Consolidated Contingency Plan

Answer 70

Single document set

Question 71

Model for a Consolidated Contingency Plan

? is based on analyses of disaster recovery and incident response plans of dozens of organizations

Identify

2/2 Model for a Consolidated Contingency Plan

Answer 71

Model

Question 72

The Planning Document

6 steps in contingency planning process

Enumerate

The Planning Document - 6 Steps in Contingency Planning Process

Answer 72

• Identifying mission- or business-critical functions
• Identifying resources that support critical functions
• Anticipating potential contingencies or disasters
• Selecting contingency planning strategies
• Implementing contingency strategies
• Testing and revising strategy

Question 73

?

• When incident at hand constitutes a violation of law, organization may determine involving law enforcement is necessary
• Questions:
  - When should organization get law enforcement involved?
  - What level of law enforcement agency should be involved (local, state, federal)?
  - What happens when law enforcement agency is involved?
• Some questions are best answered by organization’s legal department

Identify

?

Answer 73

Law Enforcement Involvement

Question 74

Benefits and Drawbacks of Law Enforcement Involvement

Involving law enforcement agencies has ?:
* Agencies may be better equipped at processing evidence
* Organization may be less effective in convicting suspects
* Law enforcement agencies prepared to handle warrants and subpoenas needed
* Law enforcement skilled at obtaining witness statements and other information collection

Identify

?

Answer 74

Advantages (of Law Enforcement Involvement)

Question 75

Benefits and Drawbacks of Law Enforcement Involvement

Involving law enforcement agencies has ?:
* Once a law enforcement agency takes over case, organization loses complete control over chain of events
* Organization may not hear about case for weeks or months
* Equipment vital to the organization’s business may be tagged evidence
* If organization detects a criminal act, it is legally obligated to involve appropriate law enforcement officials

Identify

?

Answer 75

Disadvantages (of Law Enforcement Involvement)

Question 76

Summary

? is control measure that reduces accidental security breaches and increases organizational resistance to many other forms of attack

Identify

1/2 Summary

Answer 76

Information security education, training, and awareness (SETA)

Question 77

Summary

? made up of 3 components:
* Incident Response Planning (IRP)
* Disaster Recovery Planning (DRP)
* Business Continuity Planning (BCP)

Identify

2/2 Summary

Answer 77

Contigency Planning (CP)