Lecture 6 Flashcards

1
Q

?

Everyone in an organization needs to be trained and aware of information security; not every member needs formal degree or certificate in information security

Identify

1/3 ?

A

Security Education

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

?

When formal education for individuals in security is needed, an employee can identify curriculum available from local institutions of higher learning or continuing education

Identify

2/3 ?

A

Security Education

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

?

A number of universities have formal coursework in information security

Identify

3/3 ?

A

Security Education

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

?

Involves providing members of organization with detailed information and hands-on instruction designed to prepare them to perform their duties securely

Identify

1/2 ?

A

Security Training

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

?

Management of information security can develop customized in-house training or outsource the training program

Identify

2/2 ?

A

Security Training

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

?

One of least frequently implemented but most beneficial programs is the ? program

Identify

1/4 ?

A

Security Awareness

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

?

Designed to keep information security at the forefront of users’ minds

Identify

2/4 ?

A

Security Awareness

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

?

Need not be complicated or expensive

Identify

3/4 ?

A

Security Awareness

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

?

If the program is not actively implemented, employees begin to “tune out” and risk of employee accidents and failures increases

Identify

4/4 ?

A

Security Awareness

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

?

Continuous availability of info systems

Identify

1/3 ?

A

Continuity Strategies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

?

Probability high for attack

Identify

2/3 ?

A

Continuity Strategies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

?

Managers must be ready to act

Identify

3/3 ?

A

Continuity Strategies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

?

Prepared by organization

Identify

Continuity Strategies - 1/3 ?

A

Contingency Plan (CP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

?

Anticipate, react to, & recover from attacks

Identify

Continuity Strategies - 2/3 ?

A

Contingency Plan (CP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

?

Restore organization to normal operations

Identify

Continuity Strategies - 3/3 ?

A

Contingency Plan (CP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

3 Components of Contingency Plan

Enumerate

Continuity Strategies - 3 Components of Contingency Plan

A
  • Incident Response (IRPs)
  • Disaster Recovery (DRPs)
  • Business Continuity (BCPs)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

?

Focus on immediate response

Identify

Continuity Strategies - 1/3 Components of Contingency Plan

A

Incident Response (IRPs)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

?

Focus on restoring system

Identify

Continuity Strategies - 2/3 Components of Contingency Plan

A

Disaster Recovery (DRPs)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

?

Focus establish business functions at alternate site

Identify

Continuity Strategies - 3/3 Components of Contingency Plan

A

Business Continuity (BCPs)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

?

Before planning can begin, a team has to plan effort and prepare resulting documents

Identify

1/4 ? (continued)

A

Continuity Strategies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

?

??: high-level manager to support, promote, and endorse findings of project

Identify

2/4 ? (continued)

A
  • Continuity Strategies
  • Champion
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

?

??: leads project and makes sure sound project planning process is used, a complete and useful project plan is developed, and project resources are prudently managed

Identify

3/4 ? (continued)

A
  • Continuity Strategies
  • Project Manager
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

?

??: should be managers or their representatives from various communities of interest: business, IT, and information security

Identify

4/4 ? (continued)

A
  • Continuity Strategies
  • Team members
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

?

Investigate & assess impact of various attack

Identify

1/5 ?

A

Business Impact Analysis (BIA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
# **?** First risk assessment – then **?** | Identify ## Footnote 2/5 ?
Business Impact Analysis (BIA)
26
# **?** Prioritized list of threats & critical info | Identify ## Footnote 3/5 ?
Business Impact Analysis (BIA)
27
# **?** Detailed scenarios of potential impact of each attack | Identify ## Footnote 4/5 ?
Business Impact Analysis (BIA)
28
# **?** Answers question: "if the attack succeeds, what do you do then?" | Identify ## Footnote 5/5 ?
Business Impact Analysis (BIA)
29
5 BIA (Business Impact Analysis) Sections | Enumerate ## Footnote 5 BIA Sections
* Threat attack identification & prioritization * Business Unit analysis * Attack success scenario development * Potential damage assessment * Subordinate Plan Classification
30
# 5 BIA (Business Impact Analysis) Sections **?** * Attack profile – detailed description of activities that occur during an attack * Determine the extent of resulting damage | Identify ## Footnote 1/5 BIA Sections
Threat attack identification & prioritization
31
# 5 BIA (Business Impact Analysis) Sections Threat attack identification & prioritization * **?** - detailed **description of activities** that occur during an attack * Determine the extent of resulting damage | Identify ## Footnote 1/5 BIA Sections
Attack Profile
32
# 5 BIA (Business Impact Analysis) Sections **?** * Analysis & prioritization-business functions * Identify & prioritize functions within orgs units | Identify ## Footnote 2/5 BIA Sections
Business Unit analysis
33
# 5 BIA (Business Impact Analysis) Sections **?** * Series of scenarios showing impact * Each treat on prioritized list * Alternate outcomes (Best, worst, probable cases) | Identify ## Footnote 3/5 BIA Sections
Attack success scenario development
34
# 5 BIA (Business Impact Analysis) Sections **?** * Estimate cost of best, worst, probable * What must be done under each * Not how much to spend | Identify ## Footnote 4/5 BIA Sections
Potential damage assessment
35
# 5 BIA (Business Impact Analysis) Sections **?** * Basis for classification as disastrous not disastrous | Identify ## Footnote 5/5 BIA Sections
Subordinate Plan Classification
36
# **?** covers identification of, classification of, and response to an incident | Identify ## Footnote 1/3 ?
Incident Response Planning (IRPs)
37
# **?** Attacks classified as incidents if they: * Are directed against information assets * Have a realistic chance of success * Could threaten confidentiality, integrity, or availability of information resources | Identify ## Footnote 2/3 ?
Incident Response Planning (IRPs)
38
# **?** **??** is more reactive, than proactive, with the exception of planning that must occur to prepare IR teams to be ready to react to an incident | Identify ## Footnote 3/3 ?
* Incident Response Planning (IRPs) * Incident Response (IR)
39
# **?** Set of activities taken to plan for, detect, and correct the impact | Identify ## Footnote 1/3 ?
Incident Response
40
# **?** **??** * Requires understanding BIA scenarios * Develop series of predefined responses * Enables org to react quickly | Identify ## Footnote 2/3 ?
* Incident Response * Incident Planning
41
# **?** **??** **???** – intrusion detection systems, virus detection, system administrators, end users | Identify ## Footnote 3/3 ?
* Incident Response * Incident Detection * Mechanisms
42
# Incident Detection 4 Possible Indicators | Enumerate ## Footnote Incident Response - Incident Detection - 4 Possible Indicators
* Presence of unfamiliar files * Execution of unknown programs or processes * Unusual consumption of computing resources * Unusual system crashes
43
# Incident Detection 4 Probable Indicators | Enumerate ## Footnote Incident Response - Incident Detection - 4 Probable Indicators
* Activities at unexpected times * Presence of new accounts * Reported attacks * Notification form IDS
44
# Incident Detection 4 Definite Indicators | Enumerate ## Footnote Incident Response - Incident Detection - 4 Definite Indicators
* Use of dormant accounts * Changes to logs * Presence of hacker tools * Notification by partner or peer * Notification by hackers
45
# Incident Detection 4 Predefined Situation | Enumerate ## Footnote Incident Response - Incident Detection - 4 Predefined Situation
* Loss of availability * Loss of integrity * Loss of confidentiality * Violation of policy * Violation of law
46
# **?** * Actions outlined in the IRP * Guide the organization \- Stop the incident \- Mitigate the impact \- Provide information recovery * Notify key personnel * Document incident | Identify ## Footnote ?
Incident Reaction
47
# **?** * Sever affected communication circuits * Disable accounts * Reconfigure firewall * Disable process or service * Take down email * Stop all computers and network devices * Isolate affected channels, processes, services, or computers | Identify ## Footnote ?
Incident Containment Strategies
48
# **?** * Get everyone moving and focused * Assess Damage * Recovery \- Identify and resolve vulnerabilities \- Address safeguards \- Evaluate monitoring capabilities \- Restore data from backups \- Restore process and services \- Continuously monitor system \- Restore confidence | Identify ## Footnote ?
Incident Recovery
49
# **?** * Provide guidance in the event of a disaster * Clear establishment of priorities * Clear delegation of roles & responsibilities * Alert key personnel * Document disaster * Mitigate impact * Evacuation of physical assets | Identify ## Footnote ?
Disaster Recovery Plan (DRPs)
50
# **?** Disaster recovery personnel must know their responses without any supporting documentation | Identify ## Footnote 1/3 ?
Crisis Management
51
# **?** Actions taken during and after a disaster focusing on people involved and addressing viability of business | Identify ## Footnote 2/3 ?
Crisis Management
52
# **?** **??** responsible for managing event from an enterprise perspective and covers: * Support personnel and loved ones * Determine impact on normal operations * Keep public informed * Communicate with major players such as major customers, suppliers, partners, regulatory agencies, industry organizations, the media, and other interested parties | Identify ## Footnote 3/3 ?
* Crisis Management * Crisis Management Team
53
# **?** Outlines **reestablishment of critical business operations** during a disaster that impacts operations | Identify ## Footnote 1/3 ?
Business Continuity Planning (BCPs)
54
# **?** If disaster has rendered the business unusable for continued operations, there must be a **plan to allow business to continue functioning** | Identify ## Footnote 2/3 ?
Business Continuity Planning (BCPs)
55
# **?** Development of **?** somewhat **simpler than IRP or DRP**; consists primarily of selecting a continuity strategy and integrating off-site data storage and recovery functions into this strategy | Identify ## Footnote 3/3 ?
Business Continuity Planning (BCPs)
56
# **?** There are a number of strategies for planning for business continuity | Identify ## Footnote 1/4 ?
Continuity Strategies
57
# **?** Determining factor in selecting between options usually cost | Identify ## Footnote 2/4 ?
Continuity Strategies
58
# **?** In general there are three exclusive options: **hot sites**; **warm sites**; and **cold sites** | Identify ## Footnote 3/4 ?
Continuity Strategies
59
# **?** Three shared functions: **time-share**; **service bureaus**; and **mutual agreements** | Identify ## Footnote 4/4 ?
Continuity Strategies
60
# **?** **??** * Fully configured computer facilities * All services & communication links * Physical plant operations | Identify ## Footnote 1/6 ?
* Alternative Site Configurations * Hot Sites
61
# **?** **??** * Does not include actual applications * Application may not be installed and configured * Required hours to days to become operational | Identify ## Footnote 2/6 ?
* Alternative Site Configurations * Warm Sites
62
# **?** **??** * Rudimentary services and facilities * No hardware or peripherals * Empty room | Identify ## Footnote 3/6 ?
* Alternative Site Configurations * Cold Sites
63
# **?** **??** * Hot, warm, or cold * Leased with other orgs | Identify ## Footnote 4/6 ?
* Alternative Site Configurations * Time-shares
64
# **?** **??** * Provides service for a fee | Identify ## Footnote 5/6 ?
* Alternative Site Configurations * Service bureau
65
# **?** **??** * A contract between two or more organizations that specifies how each will assist the other in the event of a disaster. | Identify ## Footnote 6/6 ?
* Alternative Site Configurations * Mutual agreements
66
# **?** To get sites up and running quickly, organization must have ability to port data into new site’s systems | Identify ## Footnote 1/4 ?
Off-Site Disaster Data Storage
67
# **?** **??** * Transfer of large batches of data * Receiving server archives data * Fee | Identify ## Footnote 2/4 ?
* Off-Site Disaster Data Storage * Electronic vaulting
68
# **?** **??** * Transfer of live transactions to off-site * Only transactions are transferred * Transfer is real time | Identify ## Footnote 3/4 ?
* Off-Site Disaster Data Storage * Journaling
69
# **?** **??** * Duplicated databases * Multiple servers * Processes duplicated * 3 or more copies simultaneously | Identify ## Footnote 4/4 ?
* Off-Site Disaster Data Storage * Shadowing
70
# Model for a Consolidated Contingency Plan **?** supports concise planning and encourages smaller organizations to develop, test, and use IR and DR plans | Identify ## Footnote 1/2 Model for a Consolidated Contingency Plan
Single document set
71
# Model for a Consolidated Contingency Plan **?** is based on analyses of disaster recovery and incident response plans of dozens of organizations | Identify ## Footnote 2/2 Model for a Consolidated Contingency Plan
Model
72
# The Planning Document 6 steps in contingency planning process | Enumerate ## Footnote The Planning Document - 6 Steps in Contingency Planning Process
* Identifying mission- or business-critical functions * Identifying resources that support critical functions * Anticipating potential contingencies or disasters * Selecting contingency planning strategies * Implementing contingency strategies * Testing and revising strategy
73
# **?** * When incident at hand constitutes a **violation of law**, organization may determine involving law enforcement is necessary * Questions: \- When should organization get law enforcement involved? \- What level of law enforcement agency should be involved (local, state, federal)? \- What happens when law enforcement agency is involved? * Some questions are best answered by **organization’s legal department** | Identify ## Footnote ?
Law Enforcement Involvement
74
# Benefits and Drawbacks of Law Enforcement Involvement Involving law enforcement agencies has **?**: * Agencies may be better equipped at processing evidence * Organization may be less effective in convicting suspects * Law enforcement agencies prepared to handle warrants and subpoenas needed * Law enforcement skilled at obtaining witness statements and other information collection | Identify ## Footnote ?
Advantages (of Law Enforcement Involvement)
75
# Benefits and Drawbacks of Law Enforcement Involvement Involving law enforcement agencies has ?: * Once a law enforcement agency takes over case, organization loses complete control over chain of events * Organization may not hear about case for weeks or months * Equipment vital to the organization’s business may be tagged evidence * If organization detects a criminal act, it is legally obligated to involve appropriate law enforcement officials | Identify ## Footnote ?
Disadvantages (of Law Enforcement Involvement)
76
# Summary **?** is control measure that reduces accidental security breaches and increases organizational resistance to many other forms of attack | Identify ## Footnote 1/2 Summary
Information security education, training, and awareness (SETA)
77
# Summary **?** made up of 3 components: * Incident Response Planning (IRP) * Disaster Recovery Planning (DRP) * Business Continuity Planning (BCP) | Identify ## Footnote 2/2 Summary
Contigency Planning (CP)