Cybersecurity Fundamentals Part 1 (Week4)
An event that can negatively impact an organization's information assets or operations is termed an ______.
Adverse Event
A fundamental difference between a BIA and risk management is that risk management focuses on identifying threats, vulnerabilities, and attacks to determine which controls can protect information, while the BIA assumes _____. All of the above controls have been bypassed controls have failed controls have proven ineffective
All of the above
This type of planning ensures that critical business functions continue if a catastrophic incident or disaster occurs.
Business Continuity (BC)
The team assigned to manage the business continuity plan, which involves relocating operations to an alternate site post-disaster, is the ______.
Business Continuity Planning Team (BCPT)
A high-level manager that supports, promotes, and endorses the findings of a project.
Champion
The process involving senior management's definition of actions in the face of potential incidents, including preparation and remedial steps, is called ______.
Contingency Planning (CP)
The team comprised of senior managers and members tasked with carrying out all contingency planning activities is known as the ______.
Contingency Planning Management Team (CPMT)
The collection of individuals from different areas within the organization who are responsible for the crisis management plan is called the ______.
Crisis Management Planning Team (CMPT)
The term for investigation of wrongdoing in the arena of information security.
Digital Forensics
This type of planning encompasses preparation for handling and recovering from a disaster, whether natural or human-made.
Disaster Recovery (DR)
The team in charge of orchestrating the organization's strategy for preparation, response, and recovery from disasters is the ______.
Disaster Recovery Planning Team (DRPT)
A disaster recovery plan shows the organization's intended efforts to establish operations at an alternate site in the aftermath of a disaster. True False
False
A rapid-onset disaster is one that gradually degrades the capacity of an organization to withstand their effects. True False
False
A(n) DR plan ensures that critical business functions continue if a catastrophic incident or disaster occurs. True False
False
A(n) disaster is any adverse event that could result in loss of an information asset or assets, but does not currently threaten the viability of the entire organization. True False
False
A(n) disaster recovery plan includes the steps necessary to ensure the continuation of the organization when a disaster's scope or scale exceeds the ability of the organization to restore operations, usually through relocation of critical business functions to an alternate location. True False
False
A(n) sequential roster is activated as the first person calls a few people on the roster, who in turn call a few other people. True False
False
An affidavit is permission to search for evidentiary material at a specified location or to seize items to return to an investigator's lab for examination. True False
False
An incident is an adverse event that could result in a loss of information assets and threatens the viability of the entire organization. True False
False
Reported attacks are a definite indicator of an actual incident. True False
False
Root cause analysis is the coherent application of methodical investigatory techniques to present evidence of crimes in a court or similar setting. True False
False
The computer security incident response team is composed solely of technical IT professionals who are prepared to detect, react to, and recover from an incident. True False
False
The total time needed to place the business function back in service must be longer than the maximum tolerable downtime. True False
False
An adverse event that begins to manifest as a real threat to information.
Incident
The process by which the IR team examines an incident candidate and determines whether it constitutes an actual incident.
Incident Classifcation
The group tasked with creating and administering the organization's protocol for preparedness, reaction, and recuperation from incidents is the ______.
Incident Response Planning Team (IRPT)
The maximum duration an organization can withstand a process outage is referred to as the ______.
Maximum Tolerable Downtime (MTD)
These are the three categories of incident indicators.
Possible, Probable, and Definite
The specific time before a disruption from which data must be recovered is known as the ______.
Recovery Point Objective (RPO)
Which if these is the primary reason contingency response teams should not have overlapping membership with one person on multiple teams? So individuals don't find themselves with different responsibilities in different locations at the same time. To spread the work out among more people. To avoid cross-division rivalries. To allow people to specialize in one area.
So individuals don't find themselves with different responsibilities in different locations at the same time.
A service bureau is an agency that provides a service for a fee. True False
True
An affidavit is a sworn testimony that certain facts are in the possession of an investigating officer and that they warrant the examination of specific items located at a specific place. True False
True
An alert message is a description of the incident or disaster that usually contains just enough information so that each person knows what portion of the IR or DR plan to implement without slowing down the notification process. True False
True
Disaster classification is the process of examining an adverse event or incident and determining whether it constitutes an actual disaster. True False
True
Incident classification is the process of examining an adverse event or incident candidate and determining whether it constitutes an actual incident. True False
True
Incident damage assessment is used to determine the impact from a breach of confidentiality, integrity, and availability on information and information assets. True False
True
Prior to the development of each of the types of contingency planning documents, the CP team should work to develop the policy environment. True False
True
The disaster recovery planning team (DRPT) is the team responsible for designing and managing the DR plan by specifying the organization's preparation, response, and recovery from disasters. True False
True
The organization must choose one of two philosophies that will affect its approach to IR and DR as well as subsequent involvement of digital forensics and law enforcement: protect and forget or apprehend and prosecute. True False
True
The recovery point objective (RPO) is the point in time prior to a disruption or system outage to which mission/business process data can be recovered after an outage. True False
True
The work recovery time (WRT) is the amount of effort (expressed as elapsed time) needed to make business functions work again after the technology element is recovered. True False
True
The time required to restore business operations after the technological components are back online is termed the ______.
Work Recovery Time (WRT)
The sworn testimony that certain facts are in the possession of an investigating officer and that they warrant the examination of specific items located at a specific place is called a(n) _____. sworn warrant writ of habeus corpus search warrant affidavit
affidavit
Ideally, the _____, systems administrators, the chief information security officer (CISO), and key IT and business managers should be actively involved during the creation and development of all CP components senior auditor chief executive officer (CEO) chief information officer (CIO) chief financial officer (CFO)
chief information officer (CIO)
The process of examining an adverse event or incident and determining whether it constitutes an actual disaster is known as _____. incident review event escalation disaster classification disaster indication
disaster classification
The transfer of large batches of data to an off-site facility, usually through leased lines or services, is called ____. electronic vaulting database shadowing remote journaling off-site storage
electronic vaulting
A resumption location known as a ____ is a fully configured computer facility capable of establishing operations at a moment's notice. service bureau hot site mobile site cold site
hot site
The total amount of time the system owner or authorizing official is willing to accept for a business process outage or disruption is _____. work recovery time (WRT) recovery time objective (RTO) maximum tolerable downtime (MTD) recovery point objective (RPO)
maximum tolerable downtime (MTD)
