Security Architecture Domain 5 Flashcards
BCP is defined as:
- Preparation that facilitates the rapid recovery of mission-critical
business operations - The reduction of the impact of a disaster
- The continuation of critical business functions
DRP is defined as:
A subset of BCP that emphasizes the procedures for emergency
response relating to the information infrastructure of the
organization
DRP includes:
- Extended backup operations
- Post-disaster recovery for data center, network, and
computer resources
While performing the BIA, security architects should avoid using the term critical or essential in defining the processes or people during this phase of the planning. Instead, use the term __________
Time sensitive
All applications, and the business functions that they support, need to be classified as to their time sensitivity for recovery even if they do not support business functions that are time sensitive. For applications, this is commonly referred to as
Recovery Time Objective (RTO).
This is the amount of time the business can function without that application before significant business impact occurs.
Recovery Time Objective (RTO).
Decisions need to be made about all types of data because data is what is needed to run the business. How much data is it acceptable to lose? A minutes worth? An hour’s worth? A whole business day’s worth? The answers to these questions are used to determine the
Recovery Point Objective (RPO).
The RTO is determined during the …
Business Impact Analysis
BS 25999-2 was a British standard issued in 2007, which quickly became the main standard for business continuity management - although it is a British national standard, it was used in many other countries; on May 15, 2012 BS25999-2 was replaced by international standard
ISO 22301.
In addition to BS 25999-2, BS 25999-1 is an “auxiliary” standard which provides more details on
how to implement specific parts of BS 25999-2.
ISO 22301
is the new de-facto standard for Business Continuity Management.
ISO/IEC 27031
- Guidelines for information and communication
technology readiness for business continuity
PAS 200
Crisis management - Guidance and good practice
PD 25666
- Guidance on exercising and testing for continuity and
contingency programmes
PD 25111
- Guidance on human aspects of business continuity
ISO/IEC 24762
- Guidelines for information and communications
technology disaster recovery services
ISO/PAS 22399
- Guideline for incident preparedness and
operational continuity management 32
ISO/IEC 27001
- Information security management systems-
Requirements 33
NIST Special Publication 800-34 Rev 1 -
Contingency Planning
Guide for Federal Information Systems 34
Incremental backups take copies of only the files that are new or have changed since
the last full OR incremental backup was taken, and then set the
archive bit to “0.”
Differential backups copy only the files that are new or have changed since
the last full backup and do not change the archive bit value.
If an organization wants the backup and recovery strategy to be as simple as possible, then they should only use ______ backups.
full
In how many steps can a differential backup be restored
2
Which backup takes the longest to restore
Incremental
What is a synthetic full backup
the backup server actually produces full backups. It does this by combining the existing full backup with the data from the incremental backups.
What is an incremental-forever backup
The basic idea is that like an incremental backup, the incremental-
forever backup begins by taking a full backup of the data set. After that point, only incremental backups are taken.
A Mirror backup
A mirror backup is a straight copy of the selected folders and files at a given instant in time.
This type of backup is often described as a “bare metal backup” because it backs up physical disks at the volume level.
Disk Imaging
The main difference between file synchronization and backup solutions is that
a backup will copy files in one direction, while
synchronization copies files (or changes) in two directions.
One-way synchronisation differs from traditional backups when
the propagation of deletions or renames is performed, because backups do not generally delete files, and a renamed file is usually copied again.
The most common recovery strategies
Dual Data Center
Internal Hot Site
External Hot Site
Warm Site
Cold Site
Reciprocal Agreement
Mobile Unit
Outsourcing/Cloud
A business impact analysis identifies what would happen to the organization if a risk occurred, despite whatever controls were in place.
The term disaster recovery commonly refers to:
A. The recovery of the business operations.
B. The recovery of the technology environment.
C. The recovery of the manufacturing environment.
D. The recovery of the business and technology environments.
The correct option is B
Disaster recovery has been commonly used to define the process and procedures used to recover the technology supporting the business operations.
Wassenaar Arrangement (WA) -
is a multilateral export control regime established in 1996 to regulate the transfer of conventional arms and dual-use goods and technologies to enhance global security and prevent their proliferation to unauthorized destinations. It includes 42 participating countries that voluntarily agree to its guidelines.
The Center for Information on Security Trade Control (CISTEC), is the
Government of Japan’s clearing house for information pertaining to export activities and regime compliance’.
What are the different types of cards used in an ACS
Magnetic Stripe (mag stripe) cards
Proximity Cards (prox cards)
Smart Cards are credential cards with a microchip embedded
inside.
PIV
PIV (Personal Identity Verification) is a smart card-based authentication system used primarily by U.S. federal agencies. It is designed to provide strong, multi-factor authentication for access to secure government systems and facilities.
The design process of a security plan for a new facility should begin with ________ then the ________ and finally the _______________
the interior,
then the exterior,
and finally the outer
perimeter.
What is SCIF
Sensitive Compartmental Information Facilities (SCIF)
______________ are/is the most important consideration for any security plan
people
Security is a dynamic process, and for it to be effective, it must be ______________
procedural
How would you validate a physical security design
Penetration testing
- How must classified material and sensitive information be disposed of?
A. Torn in half and thrown in the trash can.
B. It should be shredded.
C. Removed to a decontamination room.
D. Marked declassified and thrown in a trash can.
The correct option is B
There are several methods for proper destruction of information. An organisation can contract with a licensed and bonded shredding company, which will come to the site with a mobile shredding truck and dispose of classified material and
sensitive information.
One can watch the process and verify the destruction, or the documents can be shredded on site, depending on the volume of information that needs to be destroyed. Shredding services can also destroy hard drives and physical components.
