ch 10 CIS 3361
What is the final stage of the business impact analysis
Identify recovery priorities for system resources.
List the seven steps of the incident recovery process, according to Donald Pipkin.
Identify the vulnerabilities. Address the safeguards. Evaluate monitoring capabilities. Improve detection and reporting . Restore the data from backups. Restore the services and processes in use. Continuously monitor the system. Restore the confidence.
A hot site is a fully configured computing facility that includes all services, communications links, and physical plant operations.
True
In which type of site are no computer hardware or peripherals provided?
cold site
The group of senior managers and project members organized to conduct and lead all CP efforts is known as the __________.
crisis management planning team (CMPT)
In __________ testing of contingency plans, the individuals follow each and every procedure, including interruption of service, restoration of data from backups, and notification of appropriate individuals.
full-interruption
Which of the following determines the scope of the breach of confidentiality, integrity, and availability of information and information assets?
incident damage assessment
The __________ plan is a detailed set of processes and procedures that anticipate, detect, and mitigate the effects of an unexpected event that might compromise information resources and assets.
incident response ,IR
Which of the following is a responsibility of the crisis management team?
keeping the public informed about the event and the actions being taken
The Hartford insurance company estimates that, on average, __________ businesses that don't have a disaster plan go out of business after a major loss like a fire, a break-in, or a storm.
over 40 percent of
The __________ is the point in time before a disruption or system outage to which business process data can be recovered after the outage, given the most recent backup copy of the data.
recovery point objective (RPO)
The maximum amount of time that a system resource can remain unavailable before there is an unacceptable impact on other system resources and supported business processes is known as __________.
recovery time objective (RTO)
In which contingency plan testing strategy do individuals participate in a role-playing exercise in which the CP team is presented with a scenario of an actual incident or disaster and expected to react as if it had occurred?
simulation
Which of the following is NOT a major component of contingency planning?
threat assessment
Which of the following is a "possible" indicator of an actual incident, according to Donald Pipkin?
unusual consumption of computing resources
Which of the following is a definite indicator of an actual incident, according to Donald Pipkin?
use of dormant accounts
A useful tool for resolving the issue of what business function is the most critical, based on criteria selected by the organization, is the __________.
weighted table analysis or weighted factor analysis
The amount of effort (expressed as elapsed time) needed to make business functions work again after the technology element is recovered is known as __________.
work recovery time (WRT)
A(n) wrap-up review is a detailed examination and discussion of the events that occurred during an incident or disaster, from first detection to final recovery. __________
False
An alert digest is a description of the incident or disaster that usually contains just enough information so that each person knows what portion of the IR or DR plan to implement without slowing down the notification process. __________
False
In most organizations, the COO is responsible for creating the IR plan.
False
Training should be as specialized as possible; personnel who are responsible for one duty should not be trained on other duties to avoid confusion during a disaster.
False
Which of the following is true about a hot site?
It duplicates computing resources, peripherals, phone systems, applications, and workstations.
Explain the difference between a business impact analysis and the risk management process.
One of the differences between a BIA and the RM process is that RM focuses on identifying threats, vulnerabilities, and attacks to determine which controls can protect the info. The BIA assumes that these controls, have failed, that the attack succeeded, and that has come to fruition.
Which of the following NIST Cybersecurity Framework (CSF) stages relates to implementation of effective security controls (policy, education, training and awareness, and technology)?
Protect
Which of the following is NOT a stage in the NIST Cybersecurity Framework (CSF)?
React
When undertaking the BIA, what should the organization consider?
ScopePlan , Balance, Objective, Follow-up,
A slow-onset disaster occurs over time and gradually degrades the capacity of an organization to withstand its effects. __________
True
Disaster classification is the process of examining an adverse event or incident and determining whether it constitutes an actual disaster. __________
True
In a cold site there are only rudimentary services, with no computer hardware or peripherals.
True
Patch and proceed is an organizational CP philosophy that focuses on the defense of information assets and preventing reoccurrence rather than the attacker's identification and prosecution. __________
True
The simplest kind of validation, the desk check, involves distributing copies of the appropriate plans to all individuals who will be assigned roles during an actual incident or disaster.
True
A(n) __________ is an event with negative consequences that could threaten the organization's information assets or operations.
adverse event and incident candidate
When dealing with an incident, the incident response team must conduct a(n) __________, which entails a detailed examination of the events that occurred from first detection to final recovery.
after action review (AAR)
A(n) _________ is a description of the incident or disaster that usually contains just enough information so that each person knows what portion of the IR or DR plan to implement without slowing down the notification process.
alert message
According to NIST's SP 800-34, Rev. 1, which of the following is NOT one of the stages of the business impact assessment?
asset valuation and combine with the likelihood of attacks in a TVA worksheet.
A(n) __________ process is a task performed by an organization or one of its units in support of the organization's overall mission.
business
In the event of an incident or disaster, which planning element is used to guide off-site operations?
business continuity
When a disaster renders the current business location unusable, which plan is put into action?
business continuity
The process of examining an adverse event or incident candidate and determining whether it constitutes an actual incident is known as incident __________.
classification
The team responsible for designing and managing the IR plan by specifying the organization's preparation, reaction, and recovery from incidents is known as the __________.
computer security incident response team (CSIRT)
The actions taken by senior management to specify the organization's efforts and actions if an adverse event becomes an incident or disaster are known as __________.
contingency planning
There are six key elements that the CP team must build into the DR plan. What are three of them?
delegation responsibilities, Execution of the alert roster . Clear establishment of priorities. documentation of the disaster mitigate the impact of the disaster on the operations of the organization Alternative implementations , should primary versions be unavailable
Which of the following is a backup method that uses bulk batch transfer of data to an off-site facility and is usually conducted via leased lines or secure Internet connections?
electronic vaulting
Which of the following is the best example of a rapid-onset disaster?
flood
The total amount of time the system owner or authorizing official is willing to accept for a business process outage or disruption, including all impact considerations, is known as __________.
maximum tolerable downtime (MTD)
Contingency planning is primarily focused on developing __________.
plans for unexpected adverse events
Effective contingency planning begins with effective __________.
policy
Which of the following is an organizational CP philosophy for overall approach to contingency planning reactions?
protect and forget
Which of the following refers to the backup of data to an off-site facility in close to real time based on transactions as they occur?
remote journaling
A(n) __________ is an agency that provides physical facilities for a fee, in the case of DR/BC planning.
service bureau
The steps in IR are designed to:
stop the incident, mitigate incident effects, provide information for recovery from the incident
After an incident, but before returning to its normal duties, the CSIRT must do which of the following? .
Conduct an after-action review.
Which of the following is the first major task in the BIA, according to NIST SP 800-34, Rev. 1?
Determine mission/business processes and recovery criticality.
When an incident takes place, the disaster recovery (DR) plan is invoked before the incident response (IR) plan.
False
When performing full-interruption testing, normal operations of the business are not impacted.
False
Which of the following NIST Cybersecurity Framework (CSF) stages relates to reacting to an incident?
Respond
A(n) __________ is a document containing contact information of the individuals to notify in the event of an actual incident.
alert roster
Which of the following is the first component in the contingency planning process?
business impact analysis
The bulk batch transfer of data to an off-site facility is known as __________.
electronic vaulting
In which contingency plan testing strategy do individuals follow each and every IR/DR/BC procedure, including the disruption of service, restoration of data from backups, and notification of appropriate individuals?
full-interruption
Which of the following is a part of the incident recovery process?
identifying the vulnerabilities that allowed the incident to occur and spread
A(n) __________ occurs when an attack affects information resources and/or assets, causing actual damage or other disruptions.
incident
Which of the following is the process of examining a possible incident and determining whether it constitutes an actual incident?
incident classification
Which of the following is a mathematical tool that is useful in assessing the relative importance of business functions based on criteria selected by the organization?
weighted table analysis
At what point in the incident life cycle is the IR plan initiated
when an incident is detected that affects the organization
If operations at the primary site cannot be quickly restored, the __________ occurs concurrently with the DR plan, enabling the business to continue at an alternate site.
BCP , business continuity plan ,BC plan
The four components of contingency planning are the __________, the incident response plan, the disaster recovery plan, and the business continuity plan.
BIA , business impact analysis
__________ planning ensures that critical business functions can continue if a disaster occurs.
Business continuity (BC)
What are the major components of contingency planning?
Business impact analysis (BIA) ,Incident response plan (IR plan), Disaster recovery plan (DR plan), Business continuity plan (BC plan),
What teams are involved in contingency planning and contingency operations?
Contingency planning management team ,Incident response team, Disaster recovery team, Business continuity team,
__________ is a backup technique that stores duplicate online transaction data along with duplicate databases at the remote site on a redundant server.
Database shadowing
List four of the eight key components of a typical IR policy.
- Statement of management commitment - Scope of the policy - Performance measures - Reporting and contact forms