Chapter 8: Risk, Response, Recovery
Clustering
involves connecting two or more computers to act like a single computer.
Supervisory Control and Data Acquisition
systems are common in industrial settings.
Impact
the amount of harm a threat exploiting a vulnerability can cause.
total risk
the combined risk to all business assets
Risk
the likelihood that a particular threat will be realized against a specific vulnerability.
annualized loss expectancy
the loss when an incident happens
Maximum total downtime
the most time a business can survive without a particular critical system.
Emergency operations center
the place where the recovery team will meet and work during a disruption.
residual risk
the risk that remains after you have deployed countermeasures and controls
risk register
A description of the risk, The expected impact if the associated event occurs, The probability of the event occurring, Steps to mitigate the risk, Steps to take should the event occur, Rank of the risk
SLE
AV × EF
Identifying risks consists of
Brainstorming, Surveys, Interviews, Working groups, Checklists, Historical information
two key risk management principles
Don't spend more to protect an asset than it is worth, A countermeasure without a corresponding risk is a solution seeking a problem
Steps in risk management
Identify risks, Assess risks, Plan risk response, Implement risk responses, Monitor and control risk responses
Mobile devices
Mobile operating system patches and upgrades are available and easy to apply, but not all users update their devices.
Critical business function
Once the BIA has identified the business systems that an incident will affect, you must rank the systems from most to least critical
ALE
SLE × ARO
Differential Backup
Start by making a full backup, perhaps on Sunday, when network traffic is lightest. As the week progresses, each night's backup takes a little longer.
Vehicle systems
category of static systems is a type of embedded system
Accept
The organization knows the risk exists and has decided that the cost of reducing it is higher than the loss would be.
Embedded systems
These are generally small computers that are contained in a larger device.
Mainframes
These large computers exist primarily in large organization data centers.
Safeguards
address gaps or weaknesses in the controls that could otherwise lead to a realized threat
Transfer
allows the organization to transfer the risk to another entity. Insurance is a common way to reduce risk.
Incident
any event that either violates or threatens to violate your security policy.
Vulnerability
any exposure that could allow a threat to be realized
RAID
are multiple disk drives that appear as a single disk driver but actually store multiple copies of data in case a disk drive in the array fails.
Quantitative risk assessment
attempts to describe risk in financial terms and put a dollar value on each risk.
activity phase controls
can be either administrative or technical
Gaming consoles
computers that are optimized to handle graphics applications efficiently.
Countermeasures
counter or address a specific threat
Avoid
deciding not to take a risk.
Multiple servers or devices
generalized implementation of load balancing simply makes multiple servers or network devices that can respond to the same requests for service available.
detective controls
identify that a threat has landed in your system, ex: IDS
Controls
include both safeguards and countermeasures
Qualitative risk assessment
ranks risks based on their probability of occurrence and impact on business operations. Allows the business units and technical experts to understand the ripple effects of an event on other departments or operations.
exposure factor
represents the percentage of the asset value that will be lost if an incident were to occur.
annualized rate of occurance
risk likelihood, usually per year
checklist test
simple review of the plan by managers and the business continuity team to make sure that contact numbers are current and that the plan reflects the company's priorities and structure.
Threat
something (generally bad) that might happen.
Incremental Backup
start with a full backup when network traffic is light. Then, each night, you back up only that day's changes. As the week progresses, the nightly backup takes about the same amount of time.
preventive controls
stop threats from coming in contact with a vulnerability, ex: IPS
purpose of risk management
to identify possible problems before something bad happens
Reduce
uses various controls to mitigate or reduce identified risks. These controls might be administrative, technical, or physical.
Load balancing
using two or more servers to respond to service requests
Enhance
you increase the probability or positive impact of the event associated with the risk.
Exploit
you take advantage of an opportunity that arises when you respond to that risk.
Share
you use a third party to help capture the opportunity associated with that risk.