Lecture 6 Flashcards
1
Q
?
Everyone in an organization needs to be trained and aware of information security; not every member needs formal degree or certificate in information security
Identify
1/3 ?
A
Security Education
2
Q
?
When formal education for individuals in security is needed, an employee can identify curriculum available from local institutions of higher learning or continuing education
Identify
2/3 ?
A
Security Education
3
Q
?
A number of universities have formal coursework in information security
Identify
3/3 ?
A
Security Education
4
Q
?
Involves providing members of organization with detailed information and hands-on instruction designed to prepare them to perform their duties securely
Identify
1/2 ?
A
Security Training
5
Q
?
Management of information security can develop customized in-house training or outsource the training program
Identify
2/2 ?
A
Security Training
6
Q
?
One of least frequently implemented but most beneficial programs is the ? program
Identify
1/4 ?
A
Security Awareness
7
Q
?
Designed to keep information security at the forefront of users’ minds
Identify
2/4 ?
A
Security Awareness
8
Q
?
Need not be complicated or expensive
Identify
3/4 ?
A
Security Awareness
9
Q
?
If the program is not actively implemented, employees begin to “tune out” and risk of employee accidents and failures increases
Identify
4/4 ?
A
Security Awareness
10
Q
?
Continuous availability of info systems
Identify
1/3 ?
A
Continuity Strategies
11
Q
?
Probability high for attack
Identify
2/3 ?
A
Continuity Strategies
12
Q
?
Managers must be ready to act
Identify
3/3 ?
A
Continuity Strategies
13
Q
?
Prepared by organization
Identify
Continuity Strategies - 1/3 ?
A
Contingency Plan (CP)
14
Q
?
Anticipate, react to, & recover from attacks
Identify
Continuity Strategies - 2/3 ?
A
Contingency Plan (CP)
15
Q
?
Restore organization to normal operations
Identify
Continuity Strategies - 3/3 ?
A
Contingency Plan (CP)
16
Q
3 Components of Contingency Plan
Enumerate
Continuity Strategies - 3 Components of Contingency Plan
A
- Incident Response (IRPs)
- Disaster Recovery (DRPs)
- Business Continuity (BCPs)
17
Q
?
Focus on immediate response
Identify
Continuity Strategies - 1/3 Components of Contingency Plan
A
Incident Response (IRPs)
18
Q
?
Focus on restoring system
Identify
Continuity Strategies - 2/3 Components of Contingency Plan
A
Disaster Recovery (DRPs)
19
Q
?
Focus establish business functions at alternate site
Identify
Continuity Strategies - 3/3 Components of Contingency Plan
A
Business Continuity (BCPs)
20
Q
?
Before planning can begin, a team has to plan effort and prepare resulting documents
Identify
1/4 ? (continued)
A
Continuity Strategies
21
Q
?
??: high-level manager to support, promote, and endorse findings of project
Identify
2/4 ? (continued)
A
- Continuity Strategies
- Champion
22
Q
?
??: leads project and makes sure sound project planning process is used, a complete and useful project plan is developed, and project resources are prudently managed
Identify
3/4 ? (continued)
A
- Continuity Strategies
- Project Manager
23
Q
?
??: should be managers or their representatives from various communities of interest: business, IT, and information security
Identify
4/4 ? (continued)
A
- Continuity Strategies
- Team members
24
Q
?
Investigate & assess impact of various attack
Identify
1/5 ?
A
Business Impact Analysis (BIA)
25
# **?**
First risk assessment – then **?**
| Identify
## Footnote
2/5 ?
Business Impact Analysis (BIA)
26
# **?**
Prioritized list of threats & critical info
| Identify
## Footnote
3/5 ?
Business Impact Analysis (BIA)
27
# **?**
Detailed scenarios of potential impact of each attack
| Identify
## Footnote
4/5 ?
Business Impact Analysis (BIA)
28
# **?**
Answers question: "if the attack succeeds, what do you do then?"
| Identify
## Footnote
5/5 ?
Business Impact Analysis (BIA)
29
5 BIA (Business Impact Analysis) Sections
| Enumerate
## Footnote
5 BIA Sections
* Threat attack identification & prioritization
* Business Unit analysis
* Attack success scenario development
* Potential damage assessment
* Subordinate Plan Classification
30
# 5 BIA (Business Impact Analysis) Sections
**?**
* Attack profile – detailed description of activities that occur during an attack
* Determine the extent of resulting damage
| Identify
## Footnote
1/5 BIA Sections
Threat attack identification & prioritization
31
# 5 BIA (Business Impact Analysis) Sections
Threat attack identification & prioritization
* **?** - detailed **description of activities** that occur during an attack
* Determine the extent of resulting damage
| Identify
## Footnote
1/5 BIA Sections
Attack Profile
32
# 5 BIA (Business Impact Analysis) Sections
**?**
* Analysis & prioritization-business functions
* Identify & prioritize functions within orgs units
| Identify
## Footnote
2/5 BIA Sections
Business Unit analysis
33
# 5 BIA (Business Impact Analysis) Sections
**?**
* Series of scenarios showing impact
* Each treat on prioritized list
* Alternate outcomes (Best, worst, probable cases)
| Identify
## Footnote
3/5 BIA Sections
Attack success scenario development
34
# 5 BIA (Business Impact Analysis) Sections
**?**
* Estimate cost of best, worst, probable
* What must be done under each
* Not how much to spend
| Identify
## Footnote
4/5 BIA Sections
Potential damage assessment
35
# 5 BIA (Business Impact Analysis) Sections
**?**
* Basis for classification as disastrous not disastrous
| Identify
## Footnote
5/5 BIA Sections
Subordinate Plan Classification
36
# **?**
covers identification of,
classification of, and response to an incident
| Identify
## Footnote
1/3 ?
Incident Response Planning (IRPs)
37
# **?**
Attacks classified as incidents if they:
* Are directed against information assets
* Have a realistic chance of success
* Could threaten confidentiality, integrity, or availability of information resources
| Identify
## Footnote
2/3 ?
Incident Response Planning (IRPs)
38
# **?**
**??** is more reactive, than proactive, with the exception of planning that must occur to prepare IR teams to be ready to react to an incident
| Identify
## Footnote
3/3 ?
* Incident Response Planning (IRPs)
* Incident Response (IR)
39
# **?**
Set of activities taken to plan for, detect, and correct the impact
| Identify
## Footnote
1/3 ?
Incident Response
40
# **?**
**??**
* Requires understanding BIA scenarios
* Develop series of predefined responses
* Enables org to react quickly
| Identify
## Footnote
2/3 ?
* Incident Response
* Incident Planning
41
# **?**
**??**
**???** – intrusion detection systems, virus detection, system
administrators, end users
| Identify
## Footnote
3/3 ?
* Incident Response
* Incident Detection
* Mechanisms
42
# Incident Detection
4 Possible Indicators
| Enumerate
## Footnote
Incident Response - Incident Detection - 4 Possible Indicators
* Presence of unfamiliar files
* Execution of unknown programs or processes
* Unusual consumption of computing resources
* Unusual system crashes
43
# Incident Detection
4 Probable Indicators
| Enumerate
## Footnote
Incident Response - Incident Detection - 4 Probable Indicators
* Activities at unexpected times
* Presence of new accounts
* Reported attacks
* Notification form IDS
44
# Incident Detection
4 Definite Indicators
| Enumerate
## Footnote
Incident Response - Incident Detection - 4 Definite Indicators
* Use of dormant accounts
* Changes to logs
* Presence of hacker tools
* Notification by partner or peer
* Notification by hackers
45
# Incident Detection
4 Predefined Situation
| Enumerate
## Footnote
Incident Response - Incident Detection - 4 Predefined Situation
* Loss of availability
* Loss of integrity
* Loss of confidentiality
* Violation of policy
* Violation of law
46
# **?**
* Actions outlined in the IRP
* Guide the organization
\- Stop the incident
\- Mitigate the impact
\- Provide information recovery
* Notify key personnel
* Document incident
| Identify
## Footnote
?
Incident Reaction
47
# **?**
* Sever affected communication circuits
* Disable accounts
* Reconfigure firewall
* Disable process or service
* Take down email
* Stop all computers and network devices
* Isolate affected channels, processes, services, or computers
| Identify
## Footnote
?
Incident Containment Strategies
48
# **?**
* Get everyone moving and focused
* Assess Damage
* Recovery
\- Identify and resolve vulnerabilities
\- Address safeguards
\- Evaluate monitoring capabilities
\- Restore data from backups
\- Restore process and services
\- Continuously monitor system
\- Restore confidence
| Identify
## Footnote
?
Incident Recovery
49
# **?**
* Provide guidance in the event of a disaster
* Clear establishment of priorities
* Clear delegation of roles & responsibilities
* Alert key personnel
* Document disaster
* Mitigate impact
* Evacuation of physical assets
| Identify
## Footnote
?
Disaster Recovery Plan (DRPs)
50
# **?**
Disaster recovery personnel must know their responses without any supporting documentation
| Identify
## Footnote
1/3 ?
Crisis Management
51
# **?**
Actions taken during and after a disaster focusing on people involved and addressing viability of business
| Identify
## Footnote
2/3 ?
Crisis Management
52
# **?**
**??** responsible for managing event from an enterprise perspective and covers:
* Support personnel and loved ones
* Determine impact on normal operations
* Keep public informed
* Communicate with major players such as major customers, suppliers, partners, regulatory agencies, industry organizations, the media, and other interested parties
| Identify
## Footnote
3/3 ?
* Crisis Management
* Crisis Management Team
53
# **?**
Outlines **reestablishment of critical business operations** during a disaster that impacts operations
| Identify
## Footnote
1/3 ?
Business Continuity Planning (BCPs)
54
# **?**
If disaster has rendered the business unusable for continued operations, there must be a **plan to allow business to continue functioning**
| Identify
## Footnote
2/3 ?
Business Continuity Planning (BCPs)
55
# **?**
Development of **?** somewhat **simpler than IRP or DRP**; consists primarily of selecting a continuity strategy and integrating off-site data storage and recovery functions into this strategy
| Identify
## Footnote
3/3 ?
Business Continuity Planning (BCPs)
56
# **?**
There are a number of strategies for planning for business continuity
| Identify
## Footnote
1/4 ?
Continuity Strategies
57
# **?**
Determining factor in selecting between options usually cost
| Identify
## Footnote
2/4 ?
Continuity Strategies
58
# **?**
In general there are three exclusive options: **hot sites**; **warm sites**; and **cold sites**
| Identify
## Footnote
3/4 ?
Continuity Strategies
59
# **?**
Three shared functions: **time-share**; **service bureaus**; and **mutual agreements**
| Identify
## Footnote
4/4 ?
Continuity Strategies
60
# **?**
**??**
* Fully configured computer facilities
* All services & communication links
* Physical plant operations
| Identify
## Footnote
1/6 ?
* Alternative Site Configurations
* Hot Sites
61
# **?**
**??**
* Does not include actual applications
* Application may not be installed and configured
* Required hours to days to become operational
| Identify
## Footnote
2/6 ?
* Alternative Site Configurations
* Warm Sites
62
# **?**
**??**
* Rudimentary services and facilities
* No hardware or peripherals
* Empty room
| Identify
## Footnote
3/6 ?
* Alternative Site Configurations
* Cold Sites
63
# **?**
**??**
* Hot, warm, or cold
* Leased with other orgs
| Identify
## Footnote
4/6 ?
* Alternative Site Configurations
* Time-shares
64
# **?**
**??**
* Provides service for a fee
| Identify
## Footnote
5/6 ?
* Alternative Site Configurations
* Service bureau
65
# **?**
**??**
* A contract between two or more organizations that specifies how each will assist the other in the event of a disaster.
| Identify
## Footnote
6/6 ?
* Alternative Site Configurations
* Mutual agreements
66
# **?**
To get sites up and running quickly, organization must have ability to port data into new site’s systems
| Identify
## Footnote
1/4 ?
Off-Site Disaster Data Storage
67
# **?**
**??**
* Transfer of large batches of data
* Receiving server archives data
* Fee
| Identify
## Footnote
2/4 ?
* Off-Site Disaster Data Storage
* Electronic vaulting
68
# **?**
**??**
* Transfer of live transactions to off-site
* Only transactions are transferred
* Transfer is real time
| Identify
## Footnote
3/4 ?
* Off-Site Disaster Data Storage
* Journaling
69
# **?**
**??**
* Duplicated databases
* Multiple servers
* Processes duplicated
* 3 or more copies simultaneously
| Identify
## Footnote
4/4 ?
* Off-Site Disaster Data Storage
* Shadowing
70
# Model for a Consolidated Contingency Plan
**?** supports concise planning and encourages smaller organizations to develop, test, and use IR and DR plans
| Identify
## Footnote
1/2 Model for a Consolidated Contingency Plan
Single document set
71
# Model for a Consolidated Contingency Plan
**?** is based on analyses of disaster recovery and incident response plans of dozens of organizations
| Identify
## Footnote
2/2 Model for a Consolidated Contingency Plan
Model
72
# The Planning Document
6 steps in contingency planning process
| Enumerate
## Footnote
The Planning Document - 6 Steps in Contingency Planning Process
* Identifying mission- or business-critical functions
* Identifying resources that support critical functions
* Anticipating potential contingencies or disasters
* Selecting contingency planning strategies
* Implementing contingency strategies
* Testing and revising strategy
73
# **?**
* When incident at hand constitutes a **violation of law**, organization may determine involving law enforcement is necessary
* Questions:
\- When should organization get law enforcement involved?
\- What level of law enforcement agency should be involved (local, state, federal)?
\- What happens when law enforcement agency is involved?
* Some questions are best answered by **organization’s legal department**
| Identify
## Footnote
?
Law Enforcement Involvement
74
# Benefits and Drawbacks of Law Enforcement Involvement
Involving law enforcement agencies has **?**:
* Agencies may be better equipped at processing evidence
* Organization may be less effective in convicting suspects
* Law enforcement agencies prepared to handle warrants and subpoenas needed
* Law enforcement skilled at obtaining witness statements and other information collection
| Identify
## Footnote
?
Advantages (of Law Enforcement Involvement)
75
# Benefits and Drawbacks of Law Enforcement Involvement
Involving law enforcement agencies has ?:
* Once a law enforcement agency takes over case, organization loses complete control over chain of events
* Organization may not hear about case for weeks or months
* Equipment vital to the organization’s business may be tagged evidence
* If organization detects a criminal act, it is legally obligated to involve appropriate law enforcement officials
| Identify
## Footnote
?
Disadvantages (of Law Enforcement Involvement)
76
# Summary
**?** is control measure that reduces accidental security breaches and increases organizational resistance to many other forms of attack
| Identify
## Footnote
1/2 Summary
Information security education, training, and awareness (SETA)
77
# Summary
**?** made up of 3 components:
* Incident Response Planning (IRP)
* Disaster Recovery Planning (DRP)
* Business Continuity Planning (BCP)
| Identify
## Footnote
2/2 Summary
Contigency Planning (CP)
