Unit 2a Flashcards
Processes of backup and restoral
Contingency
Formal policy provides authority and guidance necessary to develop effective plan
Develop Contingency Planning Policy Statement
Helps identify and prioritize info systems and components critical to supporting organization’s mission/business processes
Conduct Business Impact Analysis (BIA)
Measures taken to reduce effects of system disruptions can increase system availability and reduce contingency life cycle costs
Identify Preventive Controls
Thorough recovery strategies ensure system can be recovered quickly and effectively following disruption
Create Contingency Strategies
Plan should contain detailed guidance and procedures for restoring damaged system unique to system’s security impact level and recovery requirements
Develop Information System Contingency Plan
Exercising plan identifies planning gaps; combined, activities improve plan effectiveness and overall organization preparedness
Ensure Plan Testing, Training, and Exercises
Plan is a living document and should be updated regularly to remain current with system enhancements and organizational changes
Ensure Plan Maintenance
Preserves authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information
Confidentiality
Guards against improper information modification or destruction, and
includes ensuring information nonrepudiation and authenticity
Integrity
Ensures timely and reliable access to and use of information
Availability
Provide means to restore local IT operations quickly and effectively following service disruption
Recovery Strategies
Focuses on restoring an organization’s mission essential functions (MEF) at an alternate site and performing those functions for up to 30 days before returning to normal operations at original location
COOP (Continuity of Operations)
Continuity of Operations Plan must include strategy to recover and perform system operations at alternate facility for extended period
Alternate Sites
Consist of facility with adequate space/infrastructure to support IT
Cold Sites
Partially equipped office spaces containing some or all system hardware, software, telecommunications, and power sources
Warm Sites
Office spaces appropriately sized to support system requirements and fully configured and ready to operate within a few hours
Hot Sites
One site equipped and configured exactly like primary site
Mirrored Sites
Back of large truck or trailer turned into data processing or working area
Mobile Hot Sites
Normally applies to mission/business itself. It is concerned with ability to continue critical functions and processes during and after an emergency event.
Continuity Planning
Normally applies to information systems and provides steps needed to recover operation of all or part of designated information systems at existing or new location in an emergency.
Contingency Planning
Provides procedures for sustaining mission/business operations while recovering from significant disruption
Business Continuity Plan
Provides key information needed for system recovery including roles and responsibilities, inventory information, assessment procedures, detailed recovery procedures, and testing of system
Information System Contingency Plan
Provides procedures for mitigating and correcting from cyber-attack (virus, worm, or Trojan horse)
Cyber Incident Response Plan