Chapter 4 Response and Recovery

Cram Quiz 3: If an organization takes a full backup every Sunday morning and a daily differential backup each morning, what is the fewest number of backups that must be restored following a disaster on Friday? A. 1 B. 2 C. 5 D. 6

2. With a differential backup scheme, only the last differential backup needs to be restored.

Cram Quiz 3: The ASHRAE recommends humidity levels in which range? A. 25% to 40% B. 40% to 55% C. 55% to 70% D. 70% to 85%

40% to 55%.

Cram Saver 2: How much time can a service be unavailable to meet a "five nines" uptime requirement?

5.3 minutes per year. Service level agreements (SLAs) have thresholds for acceptable levels of downtime, based on the overall percentage of operational time. Five nines refers to 99.999% of total operational potential. So, for a 24x7 service such as an online auction site available to global consumers, across a year that translates to less than 5.3 minutes of downtime combined.

EXAMCRAM

A clean desk policy can be a vital tool in protecting sensitive and confidential materials in the hands of end users. A clean desk policy requires that users remove sensitive and confidential materials from workspaces and items that are not in use are locked when employees leave their workstation.

Video surveillance

Closed-circuit television (CCTV) is the most common method of surveillance.

Compensating

Compensating controls are internal controls that are intended to reduce the risk of an existing or potential control weakness. Compensating controls are used when a business or technical constraint exits and an alternative control is used that is effective in the current security threat landscape.

Information classification: Confidential

Confidential information is internal information that defines the way in which the organization operates. Security should be high. This is information that, if made available to unauthorized parties, may adversely affect individuals or the organization.

C-I-A triad

Confidentiality, integrity, availability of data and services.

Cram Saver 1: Which element of the C-I-A triad is addressed by biometric controls?

Confidentiality. Access control mechanisms such as biometric authentication systems ensure that data confidentiality is maintained.

Warm site

A warm site is a scaled-down version of a hot site. The site is generally configured with power, phone, and network jacks. The site might have computers and other resources, but they are not configured and ready to go. In a warm site, the data is replicated elsewhere for easy retrieval. However, you can still have to do something to be able to access the data. The time and cost for getting a warm site operational is somewhere between a hot and cold site.

Cram Saver 2: What type of threat is most challenging for a network?

A zero-day threat takes advantage of a previously unaddressed vulnerability so that there is no time to properly protect the network before its resulting threats can come to bear.

EXAMALERT

Although all the previously mentioned practices are part of a security-awareness training program, security training during employee orientation combines with yearly seminars is the best method of user security-awareness. Email and posters are passive and tend to be less effective.

EXAMALERT

An incremental backup includes all data that has changed since the last incremental backup, and it resets the archive bit.

Incremental backup

An incremental backup is incomplete for full recovery without a valid full backup and all incremental backups since the last full backup.

Clustering

Another way to increase availability is server clustering. A server cluster is the combination of two or more servers so that they appear as one. Clustering increases availability by ensuring that if a server is out of commission because of failure, or planned downtime, another server in the cluster takes over the workload.

EXAMALERT

Any disaster recovery or business continuity plan including contingencies, backup and recovery, or succession must include regular testing of restoration and recovery processes to ensure that personnel are able to transition and that backup media and procedures are adequate to restore lost functionality.

Personally identifiable information (PII)

Any information that identifies or can be used to identify, contact, or locate a person to whom such information pertains.

Cram Quiz 1: Which of the principles of security is supported by redundancy? A. Confidentiality B. Integrity C. Availability D. Sanitization

Availability. Availability is concerned with ensuring that access to services and data is protected against disruption including disasters and other events that could require redundancy. Confidentiality involves protecting against unauthorized access, while integrity is concerned with unauthorized modification.

Cram Saver 2: Offsite backup tapes ensure which element of the C-I-A triad?

Availability. Backup media si used to restore data lost, corrupt, or otherwise at risk of becoming unavailable.

Cram Saver 3: Battery backup power supplies (UPSs) support which element of the C-I-A triad?

Availability. Loss of power prevents services from remaining available to authorized access requests.

Cram Quiz 1: Which type of fire extinguisher would be best for putting out burning wires? A. Foam B. Carbon dioxide C. Sodium chloride D. Copper powder

Carbon dioxide. Extinguisher replaces the halon extinguisher for putting out electrical (class C) fires.

Cram Saver 3: Which type of fire extinguisher should be used for burning magnesium fires?

Class D extinguishers are used for burning combustible metals such as magnesium and sodium.

Cram Quiz 2: Which of the following requires that users remove sensitive and confidential materials from workspaces and items that are not in use are locked when employees leave their workstations? A. Data handling policy B. Clean desk policy C. Tailgating policy D. Phishing attack training

Clean desk policy.

EXAMALERT

Personally identifiable information is information about a person that contains some unique identifier which the identity of the person can be determined. Examples of PII include name, address, phone number, fax number, email address, financial profiles, social security number, and credit card information. PII is not limited to these examples and includes any other personal information that is linked to linkable to an individual.

Steganography

Purposes include watermarking images for copyright protection. Digital watermarks are similar to steganography in that they are overlaid in files, which appear to be part of the original file and are thus not easily detectable by the average person. Can also be used to make a substitute for a one-way hash value. Finally, can be used to maintain the confidentiality of valuable information, to protect the data from possible sabotage, theft, or unauthorized viewing.

RAID level 0 - Striped disk array without fault tolerance

RAID 0 implements a striped disk array, the data is broken into blocks, and each block is written to a separate disk drive. This requires a minimum of two disks to implement.

Which form of RAID would be best if single-user performance were the sole consideration?

RAID 0 is the best form a performance-only perspective. All other varieties trade additional time calculating and storing parity data to protect redundancy and gain fault tolerance in the event of hardware failure in one or more drives, or to share access loads across multiple drives for high throughput requirements.

Access list

Restrictions specifically align a person's access to information with his or her role or function in the organization.

Guards

Security guards and dogs cab be great deterrents to intruders.

Ten-tape rotation

Simpler and more cost-effective method for small businesses. It provides a data history of up to 2 weeks. Friday backups are full backups. Monday through Thursday backups are incremental.

Cram quiz 1: Which of the following individual items are examples of PII? (Choose all the correct answers.) A. Social security number B. Home address C. Gender D. State of residence

Social security number and home address.

EXAMALERT

Some controls can be both detection controls and preventive controls. A camera (if visible or advertised) or guard, as examples, not only serves as a detection control (if actively monitored) but also serves as a deterrent, to a would-be attacker, thus being preventive. Although cameras can serve as a deterrent, without active monitoring by a security guard they are likely only useful for later analysis to identify the actor and means following an incident. Security guards, however, easily serve as both a preventive and detective control. In addition, a security guard can initiate an immediate response to an incident and potentially alert others about the identified threat.

Cram Saver 5: When a user switches between organizational sections, what type of security training does he or she need to cover encryption and USB thumb drives?

Data handling. Because the policies, procedures, and types of data managed in each organizational section can vary widely, it is important to provide a transferring organizational member with data handling training to ensure her compliance with appropriate protocols and procedures.

Transient Electromagnetic Pulse Emanation Standard (TEMPEST)

Describes standards used to limit or block electromagnetic emanation (radiation) from electronic equipment.

Detective

Detective physical controls warn that physical security measures are being violated. Detective controls attempt to identify unwanted events after they have occurred. Common technical detective controls include audit trails, intrusion-detection methods, and checksums.

Control types

Deterrent, preventive, detective, compensating, technical , and administrative.

Cram Quiz 3: Which of the following are sued to ensure employees are kept as safe as possible during potentially disastrous events? A. Lighting B. Fencing C. Control testing D. Drill scenarios

Drill scenarios. Drill scenarios are used to ensure employees are kept as safe as possible during potentially dangerous situations.

EXAMALERT

Drills are the most helpful when they ensure management and staff communicates well with one another and take measures to keep track if and account for everyone in the building.

Temperature and humidity controls

Electrostatic discharge (ESD) American Society and Heating, Refrigerating and Air-Conditioning Engineers (ASHRAE).

New viruses

Emergent viruses, worms, trojans, rootkits, phishing attacks and other threats should be identified and conveyed to users as rapidly as possible before dozens are affected.

Access controls

Enforcing file permissions and access control lists to restrict access to sensitive information is a way to ensure information confidentiality. An ACL defines who can access an object.

Continuity of operations

Ensures that government departments and agencies are able to continue operation of their essential functions under circumstances involving natural, manmade, and technological threats and national security emergencies.

RAID level 4 - Independent data disks with shared parity disk

Entire blocks are written onto a data disk. RAID 4 requires a minimum of three drives to implement. RAID 4 is similar to RAID 3 except that data is interleaved across disks of arbitrary size rather than in bits.

Cram Saver 1: What is the most important asset that must be protected by physical and environmental security controls?

Human life is always the most important asset when planning for physical and environmental safety controls.

Risk assessment

Identify potential vulnerabilities and analyze what could happen if an accident occurs. Risk assessments are conducted to plan recovery appropriately, determining the scope and criticality of organization services and data.

Proper lighting

If areas are brightly lit and have cameras, they are less likely to have unauthorized access attempts.

RAID level 2 - Hamming code error correcting code (ECC)

In RAID 2, each bit of data word is written to a disk. RAID 2 requires the use of extra disks to store an error-correcting code. A typical setup requires 10 disks and 4 ECC disks. Because all modern disk drives incorporate ECC, this offers little additional protection. No commercial implementations exist today. The controller required is complex, specialized, and expensive, and the performance is not very good.

RAID level 3 - Parallel transfer with parity

In RAID 3, the data block is striped and written on the data disks. This requires a minimum of three drives to implement. In a parallel transfer with parity, data is interleaved bit-wise over the data disks and a single parity disk is added to tolerate any single disk failures.

RAID level 5 - Independent data disks with distributed parity blocks

In RAID 5, each entire block of data and the parity is striped. RAID 5 requires a minimum of three disks. Because it writes both the data and the parity over all the disks, it has the best small read, large write performance of any redundancy disk array.

Identification of critical systems and components

In the event that a disaster is widespread or targeted at an internet service provider (ISP) or key routing hardware point, an organization's continuity plan should include options for alternative network access, including dedicated administrative connections that might be required for recovery.

EXAMALERT

In today's world, mission-critical businesses demand 100% uptime 24 hours a day 7 days a week. Availability is vital, and many businesses would not be able to function without redundancy. Redundancy can take several forms, such as automatic failover, failback, and virtualization. The most notable advantage of server redundancy, perhaps, is load balancing.

Load balancing

Is the primary reason server clustering is implemented. Load balancing provides increased availability by distributing workloads across multiple computing resources. Load balancing aims to optimize the use of resources, maximize throughput, minimize response time, and avoid overload of any single resource.

Business impact analysis (BIA)

Is the process for determining the potential impacts resulting from the interruption of time-sensitive or critical business processes.

Cram Saver 3: Are security posters the best solution for user awareness?

Passive techniques such as posters and email are much less effective than active delivery of security issues such as introductory training and yearly seminars.

EXAMALERT

Some questions might include controls that fulfill more than one principle of security, such as access controls that protect both confidentiality and integrity by limiting unauthorized access to examine data (confidentiality) and to modify data (integrity) or malware defenses that protect against keyloggers (confidentiality) as well as drive deletion logic bombs (integrity). In there cases, it is best to look for additional details that can reveal the best answer.

Cram Saver 2: What is TEMPEST?

TEMPEST is a type of shielding used against electromagnetic interference, generally found in military equipment.

Tower of Hanoi

This is a recursive method where every tape is associated with a disk in the puzzle, and the disk movement to a different peg corresponds with a backup to a tape.

RAID level 6 - Independent data disks with two independent parity schemes

This is an extension of RAID 5 and allows for additional fault tolerance by using two-dimensional parity. This method uses Reed-Solomon codes to protect against up to two disk failures using the bare minimum of two redundant disk arrays.

RAID level 1 - Mirroring and duplexing

This solution, called mirroring or duplexing, requires a minimum of two disks and offers 100% redundancy because all data is written to both disks. The difference between mirroring and duplexing is the number of controllers. Mirroring uses one controller, whereas duplexing uses one controller for each disk. In RAID 1, disk usage is 50% and the other 50% is for redundancy.

Cram Saver 4: An email to ALLSTAFF detailing a new email virus improves what aspect of user security awareness?

Threat awareness. Threat awareness includes recognizing attacks and requires constant reminders of newly emergent threat agents to remain current.

Barricades

To enhance the security of critical or vulnerable facilities, physical access control structures or barricades are used to protect against unauthorized people, vehicles, explosives, and other threats. Barricades provide high levels of protection and can withstand direct impact forces.

EXAMALERT

To mitigate zero-day exploits, organizations should employ a layered approach to security that begins with an acceptable use policy that includes operating system and application patching. By limiting exposure to threats, blocking malware and viruses, and containing security breaches quickly, zero-day exploits can be better mitigated.

Cram Quiz 1: Which recovery site has only power, telecommunications, and networking active all the time? A. Hot site B. Cold site C. Warm site D. Shield site

Warm site. Has basics such as power, networking, and telecommunications active all the time. Although alternative computers may be present, they will not be loaded with operations as in a hot site.

Backup execution/frequency

When choosing a backup strategy, a company should look at the following factors: * How often it needs to restore files: As a matter of convenience, if files are restored regularly, a full backup might be chosen because it can be done with one tape. * How fast the data needs to be restored: If large amounts of data are backed up, the incremental backup method might work the best. * How long the data needs to be kept before being overwritten: If used in a development arena where data is constantly changing, a differential backup method might be the best choice.

Motion detection

Can alert security personnel of intruders or suspicious activity in the company's premise.

Security policy training and procedures

* New-employees and contract agents should be provided education in security as a part of the hiring process. * Reminders and security awareness newsletters, emails, and flyers should be provided to raise general security awareness. * General security polices must be defines, documented, and distributed to employees. * Regular focus group sessions and on-the-job training should be provided for users regarding changes to the user interface, application suites, and general polices. * General online security-related resources should be made available to users through a simple, concise, and easily navigable interface.

Cold site

A cold site is the weakest of the recovery plan options but also the cheapest. These sites are merely a prearranged request to use facilities if needed. Electricity, bathrooms, and space are about the only facilities provided in a cold site contract. Therefore, the organization is responsible for providing and installing all the necessary equipment. If the organization chooses this type of facility it will require additional time to secure equipment, install operating systems, and applications, and contract services such as internet connectivity. The same distance factors should be considered when planning a cold site as when planning a hot site.

Copy backup

A copy backup is similar to a full backup in that it copies all selected files. However, it doesn't reset the archive bit. From a security perspective, the loss of a tape with a copy backup is the same as losing a tape with a full backup.

Differential backup

A differential backup includes all data that has changed since the last full backup, regardless of whether or when the last differential backup was made, because it doesn't reset the archive bit.

Fencing

A fence or similar device that surrounds the entire building.

Full backup

A full backup is a complete backup of all data and is the most time-intensive and resource-intensive form of backup, requiring the largest amount of data storage. A full backup copies all files and resets the archive bit.

Hot site

A hot site is a location that is already running and available 7 days a week, 24 hours a day. These sites allow the company to continue normal business operations, usually within a minimal period of time after the loss of a facility. This type of site is similar to the original site in that it is equipped with all necessary hardware, software, network, and internet connectivity fully installed, configured, and operational. Hot sites are the most expensive to operate and are mostly found in businesses that operate in real time, for whom any downtime might mean financial ruin. The hot site should be located far enough away from the original facility to avoid disaster striking at both facilities.

Cram Quiz 2: What is the plenum? A. A mesh enclosure designed to block EMI B. A mechanism for controlling condensation C. A type of dry-pipe fire control system D. A mechanism for thermal management

A mechanism for thermal management. A plenum is the space below a raised floor or above a drop ceiling that can be used in hot-aisle/cold-aisle sever rooms to efficiently manage thermal dissipation.

Protected distribution (cabling)

A protected distribution system (PDS) consists of copper or optical cables that are physically protected from unauthorized physical access and separated from regular data transmission to protect against electronic access. The purpose of a PDS is to make physical access difficult by enclosing equipment and make electronic access difficult by using different cables and patch panels. SIPRNET (Secure Internet Protocols Router Network) and NIPRNET (Non-Classified but Sensitive Internet Protocol Router Network).

Removing single points of failure

A single point of failure is a potential risk posed by a flaw in business continuity planning in which one fault or malfunction causes an entire system or enterprise to stop operating.

Administrative

Administrative controls consist of management constraints, operational procedures, and supplemental administrative controls established to provide an acceptable level of protection for services. Preventive administrative controls are personnel-oriented techniques for controlling people's behavior to ensure the confidentiality, integrity, and availability of computing data and programs.

Alarms

Alarm systems detect intrusions and monitor/record intruders. Electronic alarm systems are designed to detect, determine, and deter criminal activity or other threatening systems.

NOTE

All tape-rotation schemes can protect your data, but each one has different cost considerations. The Tower of Hanoi is more difficult to implement and manage but costs less than the grandfather-father-son scheme.

Succession planning

BCP must also include contingencies for personnel replacement in the event of loss (death, injury, retirement, termination, and so on) of lack of availability. Succession planning is the process whereby an organization ensures that employees are recruited and developed to fill each key role within the organization.

EXAMALERT

Be familiar with physical security descriptions indicating potential security flaws. Watch for descriptions that include physical details or organizational processes. Be particularly careful when questions address processes using the same physical area for common business traffic as well as data transport media or where data resources are placed in publicly accessible areas.

EXAMALERT

Be familiar with the various types of site descriptions. Watch for scenarios that require you to choose a hot, warm, or cold site solution. Remember that a hot backup site is a full duplicate of the source data center, so it has the fastest recovery time for the highest cost of maintenance. The cold backup site is the opposite: longest recovery window with the lowest cost.

Closed-circuit television

CCTV

Cram Saver 1: Which type of recovery allows a business to sustain operations following an incident?

Business continuity planning (BCP) and continuity of operation planning (COOP) are used to ensure organizational functional restoration in the shortest possible time even if services resume at a reduced level of effectiveness or availability. Disaster recovery plans (DRPs) extend the process to ensure a full recovery of operational capacity following a disaster (natural or manmade). Instructions and details for recovery should occur before an incident. Not only should plans be set forth, but they should be regularly updated and tested, as well, to ensure that communication plans can be implemented and that responders can execute response and recovery plans properly. These should address different scenarios for incident handling responses and notification procedures following identification, short-term recovery of key service, and operational data access functions as part of continuity of operation preparedness, and long-term sustained recovery to full operational status in disaster recovery planning. A business recovery plan, business resumption plan, and contingency plan are also considered part of business continuity planning. In the event of an incident, an organization might also need to restore equipment (in addition to data) or personnel lost or rendered unavailable due to the nature or scale of the disaster.

Cram Quiz 4: Which of these is not a concern for environmental monitoring systems? A. Able to sustain operations during an environmental disaster B. Able to communicate even if the small service was involved C. Able to reach responders in a timely manner D. Include signage noting live or automated review only

Include signage noting live or automated review only. Video surveillance might require signage noting whether cameras are monitored live or not, to avoid a legal complaint if someone tries unsuccessfully to signal for aid during an emergency.

EXAMALERT

Integrity is focused on preserving data against unauthorized modification, which might include deletion, but controls for recovery in the case of deletion might fall more accurately into the availability area. If a question addresses temporarily unavailable data, its is most likely an issue of availability, whereas data outright deleted or overwritten is more likely a case of integrity.

Cram Quiz 2: Which of the principles of security is supported by hashing? A. Confidentiality B. Integrity C. Availability D. Safety

Integrity. Commonly used methods to protect data integrity include hashing the data you receive and comparing it with the hash of the original message. Availability is concerned with ensuring that access to services and data is protected against disruption.

Deterrent

Intended to discourage individuals from intentionally violating information security policies or procedures.

Confidentiality

Involves controls to ensure that security is maintained when data is both at rest (stored) and in use (during the transport and processing) to protect against unauthorized access or inadvertent disclosure. Confidentiality controls include physical access controls, data encryption, logical access controls, and management controls to put in place policies to protect against shoulder surfing, social engineering, and other forms of observational disclosure.

Business continuity concepts

Involves identification of risks and threats to operation and implementing strategies to mitigate the effect of each. BCP is a more comprehensive approach to provide guidance so that the organization can continue making sales and collecting revenue.

Archive bit

Is a file attribute used to track incremental changes to files for the purpose of backup.

Mantrap

Is a holding area between two entry points that gives security personnel time to view a person before allowing him into the internal building. One door of a mantrap cannot be unlocked and opened until the opposite door has been closed and locked.

Encryption

Is a security control used primarily to provide confidentiality protection for data. Encryption ensures that only the right people (people who know the key) can read the information. Encryption does not guarantee that the data hasn't changed, only that it has been kept private. An example is secure socket layer/transport layer security (SSL/TLS), a security protocol for communications over the internet that has been used in conjunction with a large number of internet protocols to ensure security.

Disaster recovery plans (DRPs)

Is a written document that defines how the organization will recovery from a disaster and how to restore business with minimum delay. The document also explains how to evaluate risks; how data backup and restoration procedures work; and the training required for managers, administrators, and users.

It contingency planning

Is designed to sustain and recover critical IT services following an emergency. IT contingency planning is a broad plan that includes organizational and business process continuity and recovery planning.

EXAMALERT

Know the difference between the different types of suppression systems: * For class A fires (trash, wood, and paper), water decreases the fire's temperature and extinguishes its flames. Foam is used to extinguish Class B fires, which are fueled by flammable liquids, gases, and greases. Liquid foam mixes with air while passing through the hose and the foam. * Class C fires (energized electrical equipment, electrical fires, and burning wires) are put out using extinguishers based on carbon dioxide or Halon. Halon was once used as a reliable, effective, and safe fire-protection tool, but in 1987 an international agreement known as the Montreal Protocol mandated the phaseout of environmentally damaging Halons in developed countries by the year 2000 and in less developed countries by 2010, due to emissions concerns. Therefore, carbon-dioxide extinguishes have replaced Halon extinguishers in all but a few locations. Carbon-dioxide extinguishers don't leave a harmful residue, and exposure can be tolerated for a time without extreme protective measures, making them a good choice for an electrical fire in a data center or in other electronic devices. * Class D fires are fires that involve combustible metals such as magnesium, titanium, and sodium. The two types of extinguishing agents for class D fires are sodium chloride and a copper-based dry powder. Class A (combustible materials): Trash, wood, and paper. Class B (Liquids and Gasses): Gasoline, Grease, Propane. Class C (Energized electronics): Motors and computers. Class D (Combustible metals): Magnesium and Sodium.

EXAMALERT

Know the different levels of RAID and the number of disks required to implement each one. The most common forms of RAID include the following: * RAID 0: Spanned volume, no redundancy, highest write speed. * RAID 1: Mirroring, 100% duplication of data across all drives, lowest performance. * RAID 3: Parallel transfer with parity bit, minimum three drives, data written to all drives simultaneously while parity is calculated and written to its own non-redundant drive. * RAID 5: Parallel transfer with distributed parity, data written to all drives simultaneously, parity written in segments across all drives for redundancy of parity as well as data segments, highest read rates. * RAID 10 (also called 1+0): Combines RAID 1 and RAID 0. There is also a variant called 0+1. Both provide fault tolerance and increased performance.

NOTE

Many organizations have chosen to back up data to a cloud environment using one of the many services available. Cloud services offer continuous backup options so that you can easily recovery your files without losing data that is associated with normal backup procedures and not having offsite storage immediately available. Enterprise solutions include options for protecting physical and virtual environments that includes software, appliance, and offsite replication. For example, Barracuda Backup has an extensive range of supported environments and integration with copt files sync and share services so organizations can replicate data from multiple platforms to another Barracuda appliance for private-cloud data protection or secure transfer to the Barracuda cloud.

Proximity readers

Many organizations protect redistricted areas with access control systems that use proximity cards. Proximity cards store details of the user's identity in a manner similar to chip and PIN bank accounts. The access information on the card can be read by simply holding the card close to the reader.

Preventive

Preventive controls attempt to avoid the occurrence of unwanted events by inhibiting the free use of computing resources. Examples of preventive administration controls include security awareness, separation of duties, security policies and procedures, and disaster recovery plans.

Information classification: Private

Private data is information that is unlikely to result in a high-level financial loss or serious damage to the organization, but still should be protected. By default, all data that is not explicitly classified as confidential or public should be treated as private data.

Cram Quiz 3: Which of the following is information that is unlikely yo result in a high-level financial loss or serious damage to the organization but still should be protected? A. Public data B. Confidential data C. Sensitive data D. Private data

Private data.

Information classification:

Public data is information in the public domain. This is a minimal security level. Examples of public data include press releases, directory information, and any other information that is publicly shared.

Cram Quiz 2: Which type of fault-tolerant RAID configuration provides the lowest disk usage fraction? A. RAID 0 B. RAID 3 C. RAID 1 D. RAID 5

RAID 1. RAID 1 (mirroring/duplexing) provides the lowest fraction of total storage for use because every byte of data is written to two devices equally. RAID 0 does not offer fault protection and spans multiple drives with up to 100% disk usage. RAID 3 and RAID 5 are both incorrect because they have fault tolerance but have a higher disk use fraction through the use of parity bit (fixed in RAID 3, distributed i RAID 5) allowing recovery from the loss of a single drive across an array of three or more drives.

RAID level 10 (also called 1+0) - high reliability combined with performance

RAID 10 combines RAID 1 and RAID 0 and requires a minimum of four disks to implement. There is also a variant called 0+1. This solution is a striped array that has RAID 1 arrays. Disks are mirrored in pairs for redundancy and improved performance, and then data us striped across multiple disks. Both provide fault tolerance and increased performance.

Grandfather-father-son backup

Refers to the most common rotation scheme for rotating backup media. The basic method is to define three set of backups. The first set, son, represents daily backups. A second set, father, is used to preform full backups. The final set of three tapes, grandfather, is used to preform full backups on the last day of each month.

Tabletop exercises

Tabletop exercises involve key personnel participating in an informal, simulated scenario setting. Tabletop exercises are conducted to evaluate an organization's capability to execute one or more portions of a business continuity or disaster recovery plan. Functions: * Test and evaluate business continuity or disaster recovery policies and procedures to identify plan weakness and resource gaps. * Train personnel and clearly define roles and responsibilities to improve performance, communication, and coordination. * Meet regulatory requirements.

Technical

Technical controls are sometimes referred to as logical controls. Preventive technical controls are used to prevent unauthorized personnel or programs from gaining remote access to computing resources.

Cram Saver 1: What policy restricts inadvertent data disclosure due to notes left behind?

The clean desk policy assists users in remembering not to write down data nor leave it behind, such as notes of passwords and phrases left under the keyboard.

Backup plans/policies

The different types of backups you can use are full, differential, incremental, and copy.

EXAMALERT

The exam might include questions about the various physical-barrier techniques. Be sure you are familiar with the methods previously listed.

Availability

The final principle of information security is that of availability. Availability involves controls to preserve operations and data in the face of service outages, disaster, or capacity variation. Controls may include load-balancing, redundant services and hardware, backup solutions, and environmental controls intended to overcome outages affecting networking, power, system outages, equipment theft, or data exposure (unless a matter of confidentiality, where regulatory mandates define mandatory control requirements).

Redundancy

The main goal of preventing and effectively dealing with any type of disruption is to ensure availability. Of course you can use RAID, uninterruptible power supply (UPS) equipment, and clustering to accomplish this.

RAID

The most common approach to data availability and redundancy is called redundant array of independent disks (RAID). RAID organizes multiple disks into a large, high-performance logical disk. In other words, if you have three hard drives, you can configure them to look like one large drive. Disk arrays are created to stripe data across multiple disks and access them in parallel. which allows for the following: * Higher data transfer rates on large data accesses * High I/O rates on small data accesses * Uniform load balancing across the table The two major goals when implementing disk arrays are data striping for better performance and redundancy for better reliability. There are many types of RAID. Some of the more common ones can be seen below.

Integrity

The second principle of information security is that of integrity.

Information classification: Low

The unauthorized disclosure of information could be expected to have a limited adverse effect on organizational operations, organizational assets, or individuals. The lowest data classification level includes data openly available to the public. This might include low-sensitivity data that, when openly distributed, presents no risk to the organization.

Information classification: Medium

The unauthorized disclosure of information could be expected to have a serious adverse effect on organizational operations, organizational assets, or individuals. Medium sensitivity should be considered the default classification level for nonrestricted data that has not been explicitly made public.

Information classification: High

The unauthorized disclosure of this information could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals.

Disaster recovery policies

These polices detail responsibilities and procedures to follow during disaster recovery events, including how to contact key employees, vendors, customers, and the press. They should also include instructions for situations in which it might be necessary to bypass the normal chain of command to minimize the damage or the effects of a disaster.

EXAMALERT

Twisted-pair cable is used in most of today's network topologies. Twister-pair cable is either unshielded (UTP) or shielded(STP). UTP is popular because it is inexpensive and easy to install. UTP consists of eight wires twisted into four pairs. The design cancels much of the overflow and interference from one wire to the next, but UTP is subject to interference from outside electromagnetic sources and is prone to radio frequency interference (RFI) and electromagnetic interference (EMI) as well as crosstalk. Longer cable lengths transfer a more significant environmental measure of noise because wires can inadvertently act as an "antenna" for broadcast information. STP differs from UTP in that it has shielding surrounding the cable's wires. Some STP has shielding around the individual wires, which helps prevent crosstalk. STP is more resistant to EMI and is considered a bit more secure because the shielding makes wiretapping more difficult. both UTP and STP are possible to tap, although it is physically a little trickier than tapping coaxial cable because of the physical structure of STP and UTP cable. With UTP and STP, a more inherent danger lies in the fact that it is easy to add devices to the network via open ports on unsecured hubs and switches. These devices should be secured from unauthorized access and cables should be clearly marked so that a visual inspection can let you know whether something is awry. Also, software programs are available that can help detect unauthorized devices and the ports on which they will accept attempts at connection. The plenum is the space between the ceiling and the floor of a building's next level. It is commonly used to run network cables, which must be of plenum-grade. Plenum cable is a grade that complies with fire codes. The outer casing is more fire-resistant than regular twisted-pair cables.

Data handling

User training should address legal or regulatory requirements for accessing, transporting, storing, or disposing of data and data storage devices.

Prevent tailgating

User training should encourage situational awareness at all times.

Personally owned devices

Users must be given training in the proper use of their various personal technologies.

Password behaviors

Users must be instructed in the value of their access credentials and the impact that could result from sharing their passwords and logons.