Week 6

Question 1

When did Business Continuity Management become important?

Answer 1

Mainframe era because if one part of the business that was connected to the mainframe was compromised, it could threaten other parts of the business.
Periodic backups of the mainframe were needed.

Question 2

Where did disaster recovery come from?

Answer 2

Bringing systems back.

Question 3

Why is a business impact analysis conducted?

Answer 3

To identify the critical processes. These need to be back up and running ASAP. It should be the actual impact on the business if a process is down.

Question 4

What are 5 recovery requirements?

Answer 4

1) Time - what sort of time window do you have in terms of permitted loss? is it okay to lose 2 days of customer transactions or is it okay to lose 12 days? Is this a compliance issue or how do we determine this?
2) Utilisation of occupancy of redundant resources- we may invest in infrastructure or additional resources to support recovery and business continuity. But this costs money.
3) Geography - if we have a call centre in Spain and we have to have a backup in another country, we have to assume that we have the sufficient resources to support this (are there enough trained staff to transport stuff to this country?)
4) Facilities - what’s required to complete and conduct critical business processes?
5) Assets - what are the important assets to the organisation?

Question 5

What are the four types of Contingencies?

Answer 5

1) Internal contingencies - least riskiest option since you can see what you’re investing in.
2) External contingencies - redundant resources that can be sold several times over. Good at keeping the cost down. Bad if lots of companies are facing the same problem at the same time (because lack of supply from the provider).
3) Mutually assured - you might agree with a similar provider in a particular situation. Agreements should be formalised by both parties.
4) Displaced activity - staff could be distracted from their day job which is supporting important or critical processes and focusing on redundant resources.
5) Reactive contingencies - this may be a cost you’re going to incur

Question 6

What are two types of alternatives to contingencies?

Answer 6

Restoration and salvage

Question 7

What is business impact analysis?

Answer 7

It is not the motivation for BCP but should happen before BCP happens. Benchmark for financial and non-financial losses that justify contingency plans. What processes need to be up and running ASAP for the organisation?

Question 8

What does a business impact analysis comprise of?

Answer 8

1) Scope - determining the scope fo the business impact analysis. What is the period of disruption? What’s the impact?
2) Data collection - often every process is important in the business. Trying to understand effectively what are the critical processes. You need to be careful as you don’t want to disgruntle any employees if they feel their processes are not as important.
Processes that ensure compliance are likely to become of prime focus because you can’t break the law in the enterprise. Prioritise critical business processes during a period of disruption, but secondary processes will end up being a backlog of processes.
Metrics to do with time are very important in data collection.
3) Moderate - Information gathered needs to be considered and analysed. Determine the validity of claims made by various business units in terms of op requirements
4) Report - report back to the management team the business impact analysis.

Question 9

What is the recovery time objective (RTO)?

Answer 9

The window of time from failure to recovery before business units are considerably impaired. Works in conjunction with the MTPOD. We don’t want to RTO to be greater than the MTPOD.

Question 10

What is the maximum tolerable period of downtime (MTPOD)?

Answer 10

The period of time from failure to recovery before an enterprise is enduringly damaged.

Question 11

What is the recovery point objective (RPO)?

Answer 11

The period of time of permitted loss

Question 12

What is data deduplication?

Answer 12

A process of reducing redundant data at rest and in transit. Can be considered in terms of files or blocks.

Question 13

What is the challenge with compression?

Answer 13

We can choose a compression algorithm to fit more on the device (makes the file smaller) but this reduces the quality as we remove redundant or less important data. Need to choose what to make redundant without reducing too much the quality.

Question 14

How do we consider data deduplication in terms of files?

Answer 14

Two files may have different names but the same content (i.e. the same binary data). We should store just one file of binary data rather than multiple files, and point to it.

Question 15

How do we consider data deduplication in terms of blocks?

Answer 15

If we have different versions of eg a film, a large part of these films will be the same and have the same blocks of binary data. We can consider the files as blocks of binary data that you identify and store one copy of the binary data and you point all the other duplicates to this original block.

Question 16

How do we determine whether a file or block of data is already in storage?

Answer 16

Fingerprint the block of data or file with a one way hash function. The fingerprint is fixed size. We can then determine whether we already have this file or block in storage.

Question 17

What is source-based and target-base deduplication?

Answer 17

Source-based deduplication occurs on the client or source device before transmission.
Target-based deduplication occurs on the actual server coordinating storage. Here the deduplication can happen much faster. It is much easier to have control over security or compliance concerns.

Question 18

What are the privacy and security concerns with data deduplication?

Answer 18

Potential attackers can steal the fingerprint.
Individuals can see whether a specific file exists on a server. A malicious person could e.g. put keywords such as a test result and a name to find out insider confidential info. If the fingerprint is not outputted, it means the result already exists.

Question 19

What are some solutions to data deduplication privacy and safety concerns?

Answer 19

encrypt data.
ignore small files and instead focus on larger files.
keep rare files private.

Question 20

How can we secure deduplication?

Answer 20

1) Encryption - it’s an effective control to ensure confidentiality. Traditional encryption approaches can undermine deduplication. It’s difficult to deduplicate binary data when duplicates all have different keys after they’ve been encrypted.
2) Proof of ownership - the fingerprint is your authorisation to download the data from a cloud service.
3) Obfuscation - deduplication processes can potentially leak info when binary data is not uploaded after binary data is confirmed. An attacker can analyse the traffic and see that a piece of info is already on the infrastructure.
4) Dispersal - we may have multiple cloud infrastructures. This can be challenging. An alternative solution is to use secret sharing techniques instead of encryption solutions to disperse info across infrastructures.

Question 21

What is encryption?

Answer 21

A process to ensure confidentiality of data, ensuring only those that are authorised can consume data. Turns plain text or binary data into cypher text.

Question 22

What is a symmetric-key crypto-system?

Answer 22

When the sender sends a message and it gets encrypted, it must be decrypted on the other end. In order for the receiver to be able to decrypt the message, it needs to have a key sent with the cypher text.

Question 23

What is Kerckhoff’s principal?

Answer 23

A crypto-system should be secure, even if every spect of it is public, except the key.

Question 24

What is asymmetric-key crypto-system?

Answer 24

We try to deal with the challenge of keeping the key private when sending encrypted messages.
Sender to receiver:
f_ae (M,K_public) = E_d
where E_d is encrypted data
f_ae is the encryption function
M is the plain text message
K_public is the receiver's public key.

Receiver to Sender:
f_ad (E_d, K_private) = M
where K_private is the receiver's private key that only the receiver will know.
E_d is the encrypted message
f_ad is the function decryption.
M is the plain text

Question 25

What is the difference between probabilistic and deterministic encryption?

Answer 25

Probabilistic encryption incorporates randomness into the encryption process. It maintains confidentiality to prevent info from being leaked.

Deterministic encryption effectively leaks info about the plain text. It outputs the same cipher text from the same inputs

Question 26

What is convergent encryption?

Answer 26

It’s an approach that produces the same output for a given output. Sometimes referred to as content hash keying and is viable for secure deduplication.

K = H(M)
Where K is the key and is generated by H(M) where H is the hash function and M is the message. The hash becomes our key.

C = E(K,M)
where E is the encryption function, K is the key, M is the message. C is the cypher text (gibberish)

We get some of the benefits of encryption and some of the benefits of deduplication