Management of Information Security Chapter 10
Respond
Which of the following NIST Cybersecurity Framework (CSF) stages relates to reacting to an incident?
incident damage assessment
Which of the following determines the scope of the breach of confidentiality, integrity, and availability of information and information assets?
threat assessment
Which of the following is NOT a major component of contingency planning?
unusual consumption of computing resources
Which of the following is a "possible" indicator of an actual incident, according to Donald Pipkin?
when an incident is detected that affects the organization
At what point in the incident life cycle is the IR plan initiated?
True
Disaster classification is the process of examining an adverse event or incident and determining whether it constitutes an actual disaster. __________
simulation
In which contingency plan testing strategy do individuals participate in a role-playing exercise in which the CP team is presented with a scenario of an actual incident or disaster and expected to react as if it had occurred?
cold site
In which type of site are no computer hardware or peripherals provided?
over 40 percent of
The Hartford insurance company estimates that, on average, __________ businesses that don't have a disaster plan go out of business after a major loss like a fire, a break-in, or a storm.
contingency planning
The actions taken by senior management to specify the organization's efforts and actions if an adverse event becomes an incident or disaster are known as __________.
work recovery time (WRT)
The amount of effort (expressed as elapsed time) needed to make business functions work again after the technology element is recovered is known as __________.
recovery time objective (RTO)
The maximum amount of time that a system resource can remain unavailable before there is an unacceptable impact on other system resources and supported business processes is known as __________.
computer security incident response team (CSIRT)
The team responsible for designing and managing the IR plan by specifying the organization's preparation, reaction, and recovery from incidents is known as the __________.
maximum tolerable downtime (MTD)
The total amount of time the system owner or authorizing official is willing to accept for a business process outage or disruption, including all impact considerations, is known as __________.
False
Training should be as specialized as possible; personnel who are responsible for one duty should not be trained on other duties to avoid confusion during a disaster.
business continuity
When a disaster renders the current business location unusable, which plan is put into action?
False
When an incident takes place, the disaster recovery (DR) plan is invoked before the incident response (IR) plan.
False
When performing full-interruption testing, normal operations of the business are not impacted.
Protect
Which of the following NIST Cybersecurity Framework (CSF) stages relates to implementation of effective security controls (policy, education, training and awareness, and technology)?
React
Which of the following is NOT a stage in the NIST Cybersecurity Framework (CSF)?
Calculate asset valuation and combine with the likelihood and impact of potential attacks in a TVA worksheet.
According to NIST's SP 800-34, Rev. 1, which of the following is NOT one of the stages of the business impact assessment?
False
An alert digest is a description of the incident or disaster that usually contains just enough information so that each person knows what portion of the IR or DR plan to implement without slowing down the notification process. __________
electronic vaulting
Which of the following is a backup method that uses bulk batch transfer of data to an off-site facility and is usually conducted via leased lines or secure Internet connections?
use of dormant accounts
Which of the following is a definite indicator of an actual incident, according to Donald Pipkin?
identifying the vulnerabilities that allowed the incident to occur and spread
Which of the following is a part of the incident recovery process?
keeping the public informed about the event and the actions being taken
Which of the following is a responsibility of the crisis management team?
protect and forget
Which of the following is an organizational CP philosophy for overall approach to contingency planning reactions?
flood
Which of the following is the best example of a rapid-onset disaster?
business impact analysis
Which of the following is the first component in the contingency planning process?
Determine mission/business processes and recovery criticality.
Which of the following is the first major task in the BIA, according to NIST SP 800-34, Rev. 1?
incident classification
Which of the following is the process of examining a possible incident and determining whether it constitutes an actual incident?
It duplicates computing resources, peripherals, phone systems, applications, and workstations.
Which of the following is true about a hot site?
remote journaling
Which of the following refers to the backup of data to an off-site facility in close to real time based on transactions as they occur?
Identify recovery priorities for system resources.
What is the final stage of the business impact analysis when using the NIST SP 800-34 approach?
True
Patch and proceed is an organizational CP philosophy that focuses on the defense of information assets and preventing reoccurrence rather than the attacker's identification and prosecution. __________
crisis management planning team (CMPT)
The group of senior managers and project members organized to conduct and lead all CP efforts is known as the __________.
stop the incident, mitigate incident effects, provide information for recovery from the incident
The steps in IR are designed to:
True
A slow-onset disaster occurs over time and gradually degrades the capacity of an organization to withstand its effects. __________
weighted table analysis or weighted factor analysis
A useful tool for resolving the issue of what business function is the most critical, based on criteria selected by the organization, is the __________.
Conduct an after-action review.
After an incident, but before returning to its normal duties, the CSIRT must do which of the following?
False
A(n) wrap-up review is a detailed examination and discussion of the events that occurred during an incident or disaster, from first detection to final recovery. __________
plans for unexpected adverse events
Contingency planning is primarily focused on developing __________.
True
In a cold site there are only rudimentary services, with no computer hardware or peripherals.
False
In most organizations, the COO is responsible for creating the IR plan.
business continuity
In the event of an incident or disaster, which planning element is used to guide off-site operations?
full-interruption
In which contingency plan testing strategy do individuals follow each and every IR/DR/BC procedure, including the disruption of service, restoration of data from backups, and notification of appropriate individuals?
True
The simplest kind of validation, the desk check, involves distributing copies of the appropriate plans to all individuals who will be assigned roles during an actual incident or disaster.
weighted table analysis
Which of the following is a mathematical tool that is useful in assessing the relative importance of business functions based on criteria selected by the organization?
True
A hot site is a fully configured computing facility that includes all services, communications links, and physical plant operations.