Module 5
False
A business impact analysis (BIA) details the steps to recover from a disruption and restore the infrastructure necessary for normal business operations. True/False?
Administrative control
A control involved in the process of developing and ensuring compliance with policy and procedures.
Technical control
A control that is carried out or managed by a computer system.
Corrective control
A control that mitigates or lessens the effects of the threat.
Deterrent control
A control that warns the user that completing a requested action could result in a violation or threat
True
Fencing and mantraps are examples of physical controls. True/False?
corrective
Forensics and incident response are examples of __________ controls.
Emergency operations center (EOC)
The place in which the recovery team will meet and work during a disaster
Maximum tolerable downtime (MTD)
What term describes the longest period of time that a business can survive without a particular critical system?
Quantitative risk assessment
assigns a numerical value, generally a cost value, to each risk, making risk impact comparisons more objective.
Residual risk
risk that remains after you have installed countermeasures and controls
Load balancing
routing protocols that divide message traffic over two or more links
Activity phase controls
security controls that can be classified as either technical or administrative. Preventative controls, detective controls, or corrective controls
Static environments
systems that do not change very much or at all after deployment
Loss expectancy
the amount of money that is lost as a result of an IT asset failure
Total risk
the combined risk of all business assets
Redundancy
the feature of network design that ensures the existence of multiple pathways of communication. to avoid a single point of failure
Consortium agreement
the legal definition for how members of a group will interact
Incident response team
the members of the organization's security incident response team.
EMI shielding
the practice of using magnetic or conductive material to reduce the effect of outside electromagnetic interference (EMI) on sensitive electronic equipment
Parallel tests
the same as full-interruption test, except that processing does not stop at the primary site.
Control
any mechanism or action that prevents, detects, or addresses an attack
Fault tolerance
the ability to encounter a fault, or error, of some type and still support critical operations
Succession planning
the act of planning who will step in if key personnel are incapacitated or unavailable.
Event
Any observable occurrence within a computer or network
Risk register
A list of identified risks that results from the risk-identification process.
Countermeasure
A measure installed to counter or address a specific threat.
True
A personnel safety plan should include an escape plan. True/False?
Mantrap
A physical security control system that has a door at each end of a secure chamber.
Checklist test
A simple review of the plan by managers and the business continuity team to make sure that contact numbers are current and that the plan reflects the company's priorities and structure.
Vulnerability
Adam is evaluating the security of a web server before it goes live. He believes that an issue in the code allows an SQL injection attack against the server. What term describes the issue that Adam discovered?
Threat
Any action that could damage an asset
True
Examples of major disruptions include extreme weather, application failure, and criminal activity. True/False?
2,000,000
Kim is the risk manager for a large organization. She is evaluating whether the organization should purchase a fire suppression system. She consulted a variety of subject matter experts and determined that there is a 1 percent chance that a fire will occur in a given year. If a fire occurred, it would likely cause $2 million in damage to the facility, which has a $10 million value. Given this scenario, what is the single loss expectancy (SLE)?
Safeguard
Something built-in or used in a system to address gaps or weaknesses in the controls that could otherwise lead to an exploit.
Detective control
a control that detects when an action has occurred. Smoke detectors, log monitors, system audits.
Compensating controls
a control that is designed to address a threat in place of a preferred control that is too expensive or difficult to implement
Management control
a control that is designed to manage the risk process
Operational control
a control that operational personnel may implement and manage, such as physical security or incident response.
Preventive control
a control that stops an action before it occurs. Locked doors, firewall rules, user passwords
Proximity reader
a device able to sense a person's nearby token or access card without requiring physical contact
Simulation test
a method of testing a BCP or DRP in which a business interruption is simulated, and the response team responds as if the situation were real
Service bureau
a service provider that has sufficient capacity to offer outsourced wholesale services to smaller customers.
Single point of failure (SPOF)
a single piece of hardware or software that must operate for the larger system or network to operate
Disruption
a sudden unplanned event
Mutual aid
an agreement between organizations able to help each other by relocating IT processing in time of need from disaster
Incident
an event tat results in violating your security policy, or poses an imminent threat to your security policy
Reciprocal centers
data centers of businesses that do the same type of work but are not direct competitors and can be used as alternate processing sites in the case of a disaster.
Qualitative risk assessment
describes risks and then ranks their relative potential impact on business operations
Annualized rate of occurrence (ARO)
how often a loss is likely to occur every year. the annualized loss expediency (ALE) is the product of this rate and the single loss expectancy (SLE). ALRE=AROxSLE
Remote Journaling
method of recording transactions to a remote server in real time.
Sandbox
A strategy for separating programs and running them in their own virtual space.
False
A structured walk-through test is a review of a business continuity plan to ensure that contact numbers are current and that the plan reflects the company's priorities and structure. True/False?
Vulnerability
A weakness that allows a threat to be realized or to have an effect on an asset
disaster
A(n) _________ is an event that prevents a critical business function (CBF) from operating for a period greater than the maximum tolerable downtime.
Risk
The likelihood that a threat will occur.
Impact
The magnitude of harm that could be caused by a threat exercising a vulnerability
Likelihood
The probability that a potential vulnerability might be exercised within the construct of an associated threat environment.
Redundant Array of Inexpensive Disks (RAID)
a disk set management technology that gains speed and fault tolerance. Can provide some protection against software or data compromises, such as virus infection.
Clustering
a logical division of data composed of one or more sectors on a hard drive.