IS413 Mod 6

A(n) _____ is a document containing contact information for the people to be notified in the event of an incident. emergency notification system call registry alert roster phone list

alert roster

A fundamental difference between a BIA and risk management is that risk management focuses on identifying threats, vulnerabilities, and attacks to determine which controls can protect information, while the BIA assumes _____. All of the above controls have been bypassed controls have proven ineffective controls have failed

all of the above

Most common data backup schemes involve ______. both a and/or b RAID disk-to-disk-to-cloud neither a nor b

both a and/or b

The detailed documentation of the collection, storage, transfer, and ownership of evidentiary material from the crime scene through its presentation in court and its eventual disposition. is called a(n) _____. search warrant chain of evidence evidence affidavit audit trail

chain of evidence

The process of examining an adverse event or incident and determining whether it constitutes an actual disaster is known as _____. disaster classification event escalation disaster indication incident review

diaster classification

A crime involving digital media, computer technology, or related components may best be called an act of _____. digital malfeasance computer theft digital abuse computer trespass

digital malfeasance

A disaster recovery plan shows the organization's intended efforts to establish operations at an alternate site in the aftermath of a disaster. True False

false

An incident is an adverse event that could result in a loss of information assets and threatens the viability of the entire organization. True False

false

Reported attacks are a definite indicator of an actual incident. _____ True False

false

The computer security incident response team is composed solely of technical IT professionals who are prepared to detect, react to, and recover from an incident. True False

false

Two ways to activate an alert roster are simultaneously and in parallel. True False

false

Use of dormant accounts is a probable indicator of an actual incident. True False

false

Digital forensics involves the _____, identification, extraction, documentation, and interpretation of digital media. preservation investigation determination confiscation

preservation

Data backup should be based on a(n) ____ policy that specifies how long log data should be maintained. retention business resumption replication incident response

retention

A ____ is an agency that provides physical facilities in the event of a disaster for a fee. service bureau time-share mobile site cold site

service bureau

Which if these is the primary reason contingency response teams should not have overlapping membership with one person on multiple teams? To spread the work out among more people. So individuals don't find themselves with different responsibilities in different locations at the same time. To allow people to specialize in one area. To avoid cross-division rivalries.

so individuals don't find themselves with different responsibilities in different locations at the same time

Disaster classification is the process of examining an adverse event or incident and determining whether it constitutes an actual disaster. True False

true

Incident damage assessment is used to determine the impact from a breach of confidentiality, integrity, and availability on information and information assets. True False

true

Reported attacks are a probable indicator of an actual incident. True False

true

The disaster recovery planning team (DRPT) is the team responsible for designing and managing the DR plan by specifying the organization's preparation, response, and recovery from disasters. True False

true