Management of Information Security Chapter 10

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

Respond

Which of the following NIST Cybersecurity Framework (CSF) stages relates to reacting to an incident?

incident damage assessment

Which of the following determines the scope of the breach of confidentiality, integrity, and availability of information and information assets?

threat assessment

Which of the following is NOT a major component of contingency planning?

unusual consumption of computing resources

Which of the following is a "possible" indicator of an actual incident, according to Donald Pipkin?

when an incident is detected that affects the organization

At what point in the incident life cycle is the IR plan initiated?

True

Disaster classification is the process of examining an adverse event or incident and determining whether it constitutes an actual disaster. __________

simulation

In which contingency plan testing strategy do individuals participate in a role-playing exercise in which the CP team is presented with a scenario of an actual incident or disaster and expected to react as if it had occurred?

cold site

In which type of site are no computer hardware or peripherals provided?

over 40 percent of

The Hartford insurance company estimates that, on average, __________ businesses that don't have a disaster plan go out of business after a major loss like a fire, a break-in, or a storm.

contingency planning

The actions taken by senior management to specify the organization's efforts and actions if an adverse event becomes an incident or disaster are known as __________.

work recovery time (WRT)

The amount of effort (expressed as elapsed time) needed to make business functions work again after the technology element is recovered is known as __________.

recovery time objective (RTO)

The maximum amount of time that a system resource can remain unavailable before there is an unacceptable impact on other system resources and supported business processes is known as __________.

computer security incident response team (CSIRT)

The team responsible for designing and managing the IR plan by specifying the organization's preparation, reaction, and recovery from incidents is known as the __________.

maximum tolerable downtime (MTD)

The total amount of time the system owner or authorizing official is willing to accept for a business process outage or disruption, including all impact considerations, is known as __________.

False

Training should be as specialized as possible; personnel who are responsible for one duty should not be trained on other duties to avoid confusion during a disaster.

business continuity

When a disaster renders the current business location unusable, which plan is put into action?

False

When an incident takes place, the disaster recovery (DR) plan is invoked before the incident response (IR) plan.

False

When performing full-interruption testing, normal operations of the business are not impacted.

Protect

Which of the following NIST Cybersecurity Framework (CSF) stages relates to implementation of effective security controls (policy, education, training and awareness, and technology)?

React

Which of the following is NOT a stage in the NIST Cybersecurity Framework (CSF)?

Calculate asset valuation and combine with the likelihood and impact of potential attacks in a TVA worksheet.

According to NIST's SP 800-34, Rev. 1, which of the following is NOT one of the stages of the business impact assessment?

False

An alert digest is a description of the incident or disaster that usually contains just enough information so that each person knows what portion of the IR or DR plan to implement without slowing down the notification process. __________

electronic vaulting

Which of the following is a backup method that uses bulk batch transfer of data to an off-site facility and is usually conducted via leased lines or secure Internet connections?

use of dormant accounts

Which of the following is a definite indicator of an actual incident, according to Donald Pipkin?

identifying the vulnerabilities that allowed the incident to occur and spread

Which of the following is a part of the incident recovery process?

keeping the public informed about the event and the actions being taken

Which of the following is a responsibility of the crisis management team?

protect and forget

Which of the following is an organizational CP philosophy for overall approach to contingency planning reactions?

flood

Which of the following is the best example of a rapid-onset disaster?

business impact analysis

Which of the following is the first component in the contingency planning process?

Determine mission/business processes and recovery criticality.

Which of the following is the first major task in the BIA, according to NIST SP 800-34, Rev. 1?

incident classification

Which of the following is the process of examining a possible incident and determining whether it constitutes an actual incident?

It duplicates computing resources, peripherals, phone systems, applications, and workstations.

Which of the following is true about a hot site?

remote journaling

Which of the following refers to the backup of data to an off-site facility in close to real time based on transactions as they occur?

Identify recovery priorities for system resources.

What is the final stage of the business impact analysis when using the NIST SP 800-34 approach?

True

Patch and proceed is an organizational CP philosophy that focuses on the defense of information assets and preventing reoccurrence rather than the attacker's identification and prosecution. __________

crisis management planning team (CMPT)

The group of senior managers and project members organized to conduct and lead all CP efforts is known as the __________.

stop the incident, mitigate incident effects, provide information for recovery from the incident

The steps in IR are designed to:

True

A slow-onset disaster occurs over time and gradually degrades the capacity of an organization to withstand its effects. __________

weighted table analysis or weighted factor analysis

A useful tool for resolving the issue of what business function is the most critical, based on criteria selected by the organization, is the __________.

Conduct an after-action review.

After an incident, but before returning to its normal duties, the CSIRT must do which of the following?

False

A(n) wrap-up review is a detailed examination and discussion of the events that occurred during an incident or disaster, from first detection to final recovery. __________

plans for unexpected adverse events

Contingency planning is primarily focused on developing __________.

True

In a cold site there are only rudimentary services, with no computer hardware or peripherals.

False

In most organizations, the COO is responsible for creating the IR plan.

business continuity

In the event of an incident or disaster, which planning element is used to guide off-site operations?

full-interruption

In which contingency plan testing strategy do individuals follow each and every IR/DR/BC procedure, including the disruption of service, restoration of data from backups, and notification of appropriate individuals?

True

The simplest kind of validation, the desk check, involves distributing copies of the appropriate plans to all individuals who will be assigned roles during an actual incident or disaster.

weighted table analysis

Which of the following is a mathematical tool that is useful in assessing the relative importance of business functions based on criteria selected by the organization?

True

A hot site is a fully configured computing facility that includes all services, communications links, and physical plant operations.


Kaugnay na mga set ng pag-aaral

Neuroscience Chapter 2: Physical and Electrical Properties of Cells in the Nervous System

View Set

TestOut: ITSP 136 A+ 11.1 Networking Overview 11.4 Practice Questions

View Set

CH 14 ACC, CH 15 ACC, ACC CH 16, CH 17 ACC, CH 18 ACC

View Set

Chapter 1: An Overview of International Business

View Set

Lehne 9th Edition Chapter 91: Miscellaneous Antibacterial Drugs: Fluoroquinolones, Metronidazole, Daptomycin, Rifampin, Rifaximin, Bacitracin, and Polymyxins

View Set