Topic 9 Flashcards

Planning for contingencies

1
Q

What is the name for the broad process of planning for the unexpected? What are its primary components?

A

The broad process of planning for the unexpected is called contingency planning. Its major
components are business impact analysis, incident response planning, disaster recovery
planning, and business continuity planning.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which two communities of interest are usually associated with contingency planning? Which community must give authority to ensure broad support for the plans?

A

Most often, the information technology and information security communities are involved in
contingency planning. The general business community must give authority to ensure broad
support for the plans.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

List the seven-step CP process recommended by NIST.

A

The seven steps recommended by NIST are:
1. Develop the contingency planning policy statement.
2. Conduct the business impact analysis.
3. Identify preventive controls.
4. Develop recovery strategies.
5. Develop an IT contingency plan.
6. Plan testing, training, and exercises.
7. Plan maintenance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Describe the teams that perform the planning and execution of the CP plans and processes.

A
  • The contingency planning management team collects information about information
    systems and the threats they face. The team then conducts the BIA and creates the
    contingency plans for incident response, disaster recovery, and business continuity.
  • The incident response team manages and executes the IR plan by detecting, evaluating,
    and responding to incidents.
  • The disaster recovery team manages and executes the DR plan by detecting, evaluating,
    and responding to disasters and by reestablishing operations at the primary business site.
  • The business continuity team manages and executes the BC plan by setting up and
    starting off-site operations in the event of an incident or disaster.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Define the term incident as used in the context of IRP. How is it related to the concept of incident response?

A

An incident, either natural or man-made, is an attack on information or an accident. An
incident triggers the incident response plan.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Explain the criteria used to determine whether an actual incident is occurring.

A

An actual incident is occurring if information assets are the targets of attack, if there is a
good chance that the attack will succeed, and if the attack threatens the confidentiality,
integrity, or availability of information resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Discuss the sets of procedures used to detect, contain, and resolve an incident.

A

The CP team creates three sets of procedures for incident handling. The first set of
procedures are those that must be performed during the incident. These procedures are
function-specific, and they are grouped and assigned to individuals. The second set of
procedures are those that must be performed after the incident. These procedures also may be
function-specific. The third set of procedures are those that must be performed to prepare for
the incident. These procedures include the details of data backup schedules, disaster recovery
preparation, training schedules, testing plans, copies of service agreements, and business
continuity plans.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is incident classification?

A

Incident classification is the process of examining an adverse event that has the potential to
escalate into an incident and determining whether it constitutes an actual incident.
Classifying an incident is the responsibility of the IR team.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Discuss the actions that should be taken during the reaction to an incident.

A

The steps involved in the reaction to an incident are incident detection using incident
classification, notification of key personnel, documentation of the incident, implementation
of required containment strategies, and then either escalation of the incident to a disaster or
beginning the incident recovery process.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Discuss some containment strategies.

A

Containment strategies include:
* Disconnecting affected sources of communication in order to cut off an attack from
outside the company network; this strategy can only be used if the designated
communications channel is not business-critical
* Dynamically applying filtering rules to limit certain types of network access, which
targets the specific vulnerability being exploited by the threat agent
* Monitoring the incident while developing a more specific strategy
All these containment strategies focus on stopping the incident and recovering control of the
systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly