Ch10 - Planning for Contingencies

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

disaster recovery (DR)

An organization's set of planning and preparation efforts for detecting, reacting to, and recovering from a disaster.

incident response (IR)

An organization's set of planning and preparation efforts for detecting, reacting to, and recovering from an incident.

electronic vaulting

A backup method that uses bulk batch transfer of data to an off-site facility: this transfer is usually conducted via leased lines or secure Internet connections.

database shadowing

A backup strategy to store duplicate online transaction data along with duplicate databases at the remote site on a redundant server. This server combines electronic vaulting with remote journaling by writing multiple copies of the database simultaneously to two locations.

Timeshare

A continuity strategy in which an organization co-leases facility with a business partner or sister organization. A timeshare allows the organization to have a BC option while reducing its overall costs.

service bureau

A continuity strategy in which an organization contracts with a service agency to provide a BC facility for a fee.

mutual agreement

A continuity strategy in which two organizations sign a contract to assist the other in a disaster by providing BC facilities, resources, and services until the organization in need can recover from the disaster.

rolling mobile site

A continuity strategy that involves contracting with an organization to provide specialized facilities configured in the payload area of a tractor-trailer.

alert message

A description of the incident or disaster that usually contains just enough information so that each person knows what portion of the IR or DR plan to implement without slowing down the notification process.

after-action review (AAR}

A detailed examination and discussion of the events that occurred during an incident or disaster, from first detection to final recovery.

alert roster

A document that contains contact information for personnel to be notified in the event of an incident or disaster.

warm site

A facility that provides many of the same services and options as a hot site, but typically, without installed and configured software applications. Warm sites are used for BC operations.

cold site

A facility that provides only rudimentary services, with no computer hardware or peripherals. Cold sites are used for BC operations.

talk-through

A form of structured walk-through in which individuals meet in a conference room and discuss a CP plan rather than walking around the organization.

hot site

A fully configured computing facility that includes all services, communications links, and physical plant operations. Hot sites are used for BC operations.

business process

A task performed by an organization or one of its units in support of the organization's overall mission.

computer security incident response team (CSIRT)

An IR team composed of technical IT, managerial IT, and InfoSec professionals who are prepared to detect, react to, and recover from an incident. The CSIRT may include members of the IRPT.

Incident

An adverse event that could result in a loss of information assets but does not threaten the viability of the entire organization.

adverse event

An event with negative consequences that could threaten the organization's information assets or operations. Sometimes referred to as an incident candidate.

business impact analysis (BIA)

An investigation and assessment of adverse events that can affect the organization, conducted as a preliminary phase of the contingency planning process, which includes a determination of how critical a system or set of information is to the organization's core processes and its recovery priorities.

business continuity (BC)

An organization's set of efforts to ensure its long-term viability when a disaster precludes normal operations at the primary site. The organization temporarily establishes critical operations at an alternate site until it can resume operations at the primary site or select and occupy a new primary site.

crisis management (CM)

An organization's set of planning and preparation efforts for dealing with potential human injury, emotional trauma, or loss of life as a result of a disaster.

slow-onset disasters

Disasters that occur over time and gradually degrade the capacity of an organization to withstand their effects. Examples include droughts, famines, environmental degradation, desertification, deforestation, and pest infestation.

rapid-onset disasters

Disasters that occur suddenly, with little warning, taking people's lives and destroying the means of production. Examples include earthquakes, floods, storm winds, tornadoes, and mud flows.

incident candidate

See adverse event.

structured walk-through

The CP testing strategy in which all involved individuals walk through a site and discuss the steps they would take during an actual CP event. A walkthrough can also be conducted as a conference room talk-through.

full-interruption testing

The CP testing strategy in which all team members follow each IR/DR/BC procedure, including those for interruption of service, restoration of data from backups, and notification of appropriate individuals.

desk check

The CP testing strategy in which copies of the appropriate plans are distributed to all individuals who will be assigned roles during an actual incident or disaster; each individual reviews the plan and validates its components.

simulation

The CP testing strategy in which the organization conducts a role-playing exercise as if an actual incident or disaster had occurred. The CP team is presented with a scenario in which all members must specify how they would react and communicate their efforts.

business resumption planning (BRP)

The actions taken by senior management to develop and implement a combined DR and BC policy, plan, and set of recovery teams.

business continuity planning (BCP)

The actions taken by senior management to develop and implement the BC policy, plan, and continuity teams.

crisis management planning (CMP)

The actions taken by senior management to develop and implement the CM policy, plan, and response teams.

disaster recovery planning (DRP)

The actions taken by senior management to develop and implement the DR policy, plan, and recovery teams.

incident response planning (IRP)

The actions taken by senior management to develop and implement the IR policy, plan, and computer security incident response team.

contingency planning (CP}

The actions taken by senior management to specify the organization's efforts and actions if an adverse event becomes an incident or disaster. This planning includes incident response, disaster recovery, and business continuity efforts, as well as preparatory business impact analysis.

work recovery time (WRT)

The amount of effort (expressed as elapsed time) needed to make business functions work again after the technology element is recovered. This recovery time is identified by the RTO.

remote journaling

The backup of data to an off-site facility in close to real time based on transactions as they occur.

business continuity plan (BC plan)

The documented product of business continuity planning; a plan that shows the organization's intended efforts to continue critical functions when operations at the primary site are not feasible.

crisis management plan (CM plan)

The documented product of crisis management planning; a plan that shows the organization's intended efforts to protect its personnel and respond to safety threats.

disaster recovery plan (DR plan)

The documented product of disaster recovery planning; a plan that shows the organization's intended efforts in the event of a disaster.

incident response plan (IR plan)

The documented product of incident response planning; a plan that shows the organization's intended efforts in the event of an incident.

contingency planning management team (CPMT}

The group of senior managers and project members organized to conduct and lead all CP efforts.

incident detection

The identification and classification of an adverse event as an incident, accompanied by the CSIRTs notification and the implementation of the IR reaction phase.

crisis management planning team (CMPT}

The individuals from various functional areas of the organization assigned to develop and implement the CM plan.

recovery time objective (RTO)

The maximum amount of time that a system resource can remain unavailable before there is an unacceptable impact on other system resources, supported business processes, and the MTD.

apprehend and prosecute

The organizational CP philosophy that focuses on an attacker's identification and prosecution, the defense of information assets, and preventing reoccurrence. Also known as "pursue and prosecute."

protect and forget

The organizational CP philosophy that focuses on the defense of information assets and preventing reoccurrence rather than the attacker's identification and prosecution. Also known as "patch and proceed."

recovery point objective (RPO)

The point in time before a disruption or system outage to which business process data can be recovered after an outage, given the most recent backup copy of the data.

business continuity policy (BC policy)

The policy document that guides the development and implementation of BC plans and the formulation and performance of BC teams.

crisis management policy (CM policy)

The policy document that guides the development and implementation of CM plans and the formulation and performance of CM teams.

incident response policy (IR policy)

The policy document that guides the development and implementation of IR plans and the formulation and performance of IR teams.

disaster classification

The process of examining an adverse event or incident and determining whether it constitutes an actual disaster.

incident classification

The process of examining an adverse event or incident candidate and determining whether it constitutes an actual incident

business continuity planning team (BCPT}

The team responsible for designing and managing the BC plan of relocating the organization and establishing primary operations at an alternate site until the disaster recovery planning team can recover the primary site or establish a new location.

disaster recovery planning team (DRPT}

The team responsible for designing and managing the DR plan by specifying the organization's preparation, response, and recovery from disasters, including reestablishment of business operations at the primary site after the disaster.

incident response planning team (IRPT}

The team responsible for designing and managing the IR plan by specifying the organization's preparation, reaction, and recovery from incidents.

maximum tolerable downtime (MTD)

The total amount of time the system owner or authorizing official is willing to accept for a business process outage or disruption. The MTD includes all impact considerations.


Ensembles d'études connexes

Fine Arts Midterm Study Questions

View Set

Anatomy: Pectoral Region Muscles

View Set

5.3: Classification and Biodiversity

View Set

Science 5 The Divergent Maze Runner, Science 4 Coach Ezzi Strikes Back, vocab for science chapter 3, Science 3 is this the real life, Science 2 electric boogaloo, Science Prologue

View Set

Insurance Basics: Life & Disability

View Set

Data Analyst Course 2 Challenge Questions

View Set