Chapter 8: Textbook Notes
Types of Backups (3):
-Full Backup -Differential Backup -Incremental Backup
Steps in the Incident-Handling Process (4):
-Notification -Response -Recovery and follow-up -Documentation
BIA Issue Categories:
-People -Systems -Data -Property
Key Reasons to Conduct a Business Impact Analysis (BIA) (3):
-To set the value of each business unit or resource as it relates to how the entire organization operates -To identify the critical needs to develop a business recovery plan (BRP) -To set the order or priority for restoring the organization's functions after a disruption
Business Impact Analysis Questions (2):
-What can affect the business? -How will it affect the business?
Critical Business Function (CBF)
A ranking of all business systems from most to least critical
Formula for Annualized Loss Expectancy (ALE)
ALE=SLE*ARO
Formula for Annualized Rate of Occurrence (ARO)
ARO=# of incidents/year
Annualized Rate of Occurence (ARO)
How often a loss is likely to occur every year
Asset Value (AV)
The importance of an asset to the organization's ability to meet its mission
Recovery Point Objective (RPO)
The minimum amount of tolerable data loss for each business function
Maximum Tolerable Downtime (MTD)
The most time a business can survive without a particular critical system
Exposure Factor (EF)
The percentage of the asset value that will be lost if an incident were to occur
Emergency Operations Center (EOC)
The place where the recovery team will meet and work during a disaster (note: there may be multiple locations)
Remote Journaling
The system writes a log of online transactions to an off-site location which updates a copy of the database; should the primary site go down, the off-site copy would be current
Recovery Time Objective (RTO)
The time frame for restoring a CBF; must be shorter than or equal to the MTD
Business Impact Analysis (BIA)
An analysis of the business to determine what kinds of events will have an impact on what systems
Technical Controls
Controls carried out/managed by a computer system
Administrative Controls
Controls managing the activity phase of security (the things people do)
Safeguards & Countermeasures
Controls that exercise restraint on or management of some activity
Detective Controls
Controls that identify a threat has landed in your system (i.e. IDS)
Corrective Controls
Controls that reduce the effects of a threat
Preventive Controls
Controls that stop threats from coming in contact with a vulnerability (i.e. IPS)
Full Backup
Copies all data to a backup media
Simulation Test
Identifies reaction and response times and inefficiencies/unidentified vulnerabilities
Control
Limits or constrains behavior
Parallel Test
Operational test which has significant cost, but processing does not stop at the primary site
Formula for Single Loss Expectancy (SLE)
SLE=AV*EF
Full-Interruption Test
Shuts down the original system for the duration; can only use processes that exist at the alternate site to continue business operations
Checklist Test
Simple review of the BCP/DRP by managers to make sure that contact numbers are current and the plan reflects proper priorities and structure
Differential Backup
Start by making a full backup when traffic is lightest; then back up changes on a daily basis until the following week (i.e. the differential builds upon itself)
Incremental Backup
Start by making a full backup when traffic is lightest; then back up daily changes each night (i.e. every day would have to be restored individually)
Structured Walk-Through Test
Teams of representatives from each dept. should present their portion of the plan and check for gaps/overlaps between departments
Single Loss Expectancy (SLE)
The Exposure Factor (EF) of an asset multiplied by its total value; a prediction of expected loss
Annualized Loss Expectancy (ALE)
The Single Loss Expectancy times the Annualized Rate of Occurrence; a product of the exposure factor and how often a loss is likely to occur every year
Residual Risk
The amount of risk left over after natural or inherent risks have been reduced by risk controls (Residual Risk = Risk - Risk Controls)
