Module 10: Incident Recovery Flashcards
What is Incident Recovery
A process of restoring and rebuilding operations that are affected due to security incidents such as malicious code attacks, hacking attacks, etc.
What does recovery of systems involve
Validating the systems and monitoring them for any further infection
TRUE or FALSE: Incident recovery is part of business continuity
TRUE
TRUE or FALSE: Incident recovery helps users to determine the root cause of an incident
TRUE
How does incident recovery help with future incidents
Helps in preventing or avoiding the similar incidents in future
After the system has recovered from the incident what is the next suggested step
To perform a vulnerability assessment or pen test in order to identify the possible existing vulnerabilities
Would it be possible to have incident recovery without the support of the higher management
No, they are an essential first step cause they can make it an official policy
It is important to to assess the organization on a regular basis but what are some factors that should be taken into consideration when performing this analysis
- Environmental
- Economic
- Social
- Political condition
TRUE or FALSE: Incident recovery plan enforces policies in order to achieve the vital needs of the business operation with confined rules and regulations
FALSE
Incident recovery plan enforces LAW and policies
TRUE or FALSE: Incident recovery planning documentation defines what only the managers responsible for declaring, responding, and recovering from an incident
FALSE
You also need to include the roles of internal and external departments
Who is in charge of implementation and monitoring of all the policies and procedures regarding incident recovery
Senior managers and incident recovery staff
TRUE or FALSE: Employees in the organization must be trained to identify and locate unexpected problems
TRUE
What are the Incident Recovery steps
- System Restoration (restore through backups)
- System Validation (System needs to be connected to the LAN and tested)
- System Operations (Updating and patching the system regularly)
- System Monitoring (Use alerts and tools to monitor the system and its traffic to help identify intruders and attackers)
How does a contingency plan help
Enables organizations to develop and maintain effective methods to handle emergencies
Why is Starting Point important in a contingency planning
Helps to develop and maintenance of the contingency plan in advance.
Why is a impact analysis and risk assessment important in contingency planning
It helps to answer the questions of what incidents can occur, the probability of occurrence, and the severity
TRUE or FALSE: For developing a contingency plan, the first step is to act upon the threat immediately
TRUE
When a contingency plan is ready for testing who should test the contingency plan
The personnel who would take the charge of the plan in real time
Why do personnel need training for the contingency training
To get familiar about the plan and perform their tasks and responsibilities effectively
How soon must the contingency plan be updated and maintained
As soon as a new process is added or deleted from the organization
What are the five major components of the IT contingency plan
- Supporting Information (Detailed concept of the plan)
- Notification/Activation (Section where it details when to activate the plan)
- Recovery (Section for recovery activities)
- Reconstitution (Section detailing how to restore original site, prevent incident, and terminate operations)
- Plan Appendices (SOMs, point of sales list, system requirements, etc.)
What does the Supporting Information and Plan Appendices phases have in common
They both are important components that provide essential information of the plan
What does the Notification/Activation, Recovery, and Reconstitution phase have in common
They detail the action information that is necessary for the plan
What is a Continuity of Operations plan
Provides an alternative site to the organization for period of time so as to recover from the incident and perform normal organizational operations
What is Business Continuity
The ability of an organization to continue to function even after a disastrous event.
What other plans make up a business continuity plan
- Incident/disaster recovery
- Business recovery plan
- Business resumption plan
- Contingency plan
What is an incident recovery plan
Provides procedures for recovering from a computer incident after it occurs
What does a business recovery plan address
How business functions will resume after a disaster at an alternate site
What does a business resumption plan address
How critical systems and key functions of a business will be maintained
What steps are in the planning process for an incident recovery plan
- Establish a team
- Assess risk with a BIA
- Assign responsibilities in the departments and organization
- Develop policies and procedures
- Document Incident Recovery procedures
- Organize to handle incident
- Implement testing of the plan
- Maintain management of the plan
What is a business impact analysis (BIA)
An analytical study that identifies the impact of uncontrolled and non-specific events on the business process
After completion of the incident recover plan what three important steps need to be addressed
Implementation, training, testing of the plan
TRUE or FALSE: Scenario testing establishes a mock disaster like fire to identify the reaction of the procedures they must handle in such situations
TRUE
What is the main purpose of a reconstitution plan
To restore the original site, tests systems to prevent the incident, and terminates operations
