Module 5 Incident response and contingency planning

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

warm site

A BC facility that provides many of the same services and options as a hot site, but typically without installed and configured software applications

cold site

A BC facility that provides only rudimentary services, with no computer hardware or peripherals

service bureau

A BC strategy in which an organization contracts with a service agency to provide a facility for a fee

mutual agreement

A BC strategy in which two organizations sign a contract to assist the other in a disaster by providing BC facilities, resources, and services until the organization in need can recover from the disaster

rolling mobile site

A BC strategy that involves contracting with an organization to provide specialized facilities configured in the payload area of a tractor-trailer

timeshare

A continuity strategy in which an organization co-leases facilities with a business partner or sister organization, which allows the organization to have a BC option while reducing its overall costs.

talk-through

A form of structured walk-through in which individuals meet in a conference room and discuss a CP plan rather than walking around the organization.

hot site

A fully configured BC facility that includes all computing services, communications links, and physical plan operations

business process

A task performed by an organization or one of its units in support of the organization's overall mission and operations

computer security incident response team (CSIRT)

An IR team composed of technical IT, managerial IT, and InfoSec professionals who are prepared to detect, react to, and recover from an incident; may include members of the IRPT

incident

An adverse event that could result in a loss of information assets but does not threaten the viability of the entire organization

Business impact analysis (BIA)

An investigation and assessment of adverse events that can affect the organization, conducted as a preliminary phase of the contingency planning phase of the contingency planning process; it includes a determination of how critical a system or set of information is to the organization's core processes and its recovery priorities.

business continuity (BC)

An organization's set of efforts to ensure its long-term viability when a disaster precludes normal operations at the primary site; typically includes temporarily establishing critical operations at an alternate site until operations can be resumed at the primary site or a new permanent site.

Crisis management (CM)

An organization's set of planning and preparation efforts for dealing with potential human injury, emotional trauma, or loss of life as a result of a disaster

Disaster recovery (DR)

An organization's set of planning and preparation efforts for detecting, reacting to, and recovering from a disaster

incident response (IR)

An organization's set of planning and preparation efforts for detecting, reacting to, and recovering from an incident

evidentiary material (EM)

Any information that could potentially support an organization's legal or policy-based case against a suspect; also known as items of potential evidentiary value.

IR procedures

Detailed, step by step methods of preparing, detecting, reacting to, and recovering from an incident

slow-onset disasters

Disasters that occur over time and gradually degrade the capacity of an organization to withstand their effects

rapid-onset disasters

Disasters that occur suddenly, with little warning, taking people's lives and destroying the means of production

digital forensics

Investigations that involve the preservation, identification, extraction, documentation, and interpretation of computer media for evidentiary and root cause analysis, following clear, well-defined methodologies

search warrant

Permission to search for evidentiary material at a specified location or to seize items to return to an investigator's lab for examination

chain of custody

See chain of evidence

affidavit

Sworn testimony that certain facts are in the possession of an investigating officer and that they warrant the examination of specific items located at a specific place; the affidavit specifies the facts, the items, and the place.

structured walk-through

The CP testing strategy in which all involved individuals walk through a site and discuss the steps they would take during an actual CP event; can also be conducted as a conference room talk-through

simulation

The CP testing strategy in which the organization conducts a role-playing exercise as if an actual incident or disaster had occurred. the CP team is presented with a scenario in which all member must specify how they would react and communicate their efforts.

business continuity planning (BCP)

The actions taken by senior management to develop an implement the BC policy, plan, and continuity teams.

business resumption planning (BRP)

The actions taken by senior management to develop and implement a combined DR and BC policy, plan, and set of recovery teams.

crisis management planning (CMP)

The actions taken by senior management to develop and implement the CM policy, plan, and response teams

disaster recovery planning (DRP)

The actions taken by senior management to develop and implement the DR policy, plan, and recovery teams

incident response planning (IRP)

The actions taken by senior management to develop and implement the IR policy, plan, and computer security incident response team.

contingency planning

The actions taken by senior management to specify the organization's efforts and actions if an adverse event becomes an incident or disaster; CP typically includes incident response, disaster recovery, and business continuity efforts, as well as preparatory business impact analysis

work recovery time (WRT)

The amount of effort (expressed as elapsed time) needed to make business functions work again after the technology element is recovered. This recovery time is identified by the RTO

forensics

The coherent application of methodical investigatory techniques to present evidence of crimes in a court or similar setting.

full-interruption testing

The cp testing strategy in which all team members follow each IR/DR/BC procedure, including those for interruption of service, restoration of data from backups, and notification of appropriate individuals

chain of evidence

The detailed documentation of the collection, storage, transfer, and ownership of evidentiary material from the crime scene through its presentation in court and its eventual disposition

root cause analysis

The determination of the source or origin of an event, problem, or issue like an incident.

BC plan

The documented product of business continuity planning; a plan that shows the organization's efforts to continue critical functions when operations at the primary site are not feasible

crisis management plan (CM plan)

The documented product of crisis management planning; a plan that shows the organization's intended efforts to protect its personnel and respond to safety threats

disaster recovery plan (DR plan)

The documented product of disaster recovery planning; a plan that shows the organization's intended efforts in the even of a disaster

Incident response plan(IR plan)

The documented product of incident response planning; a plan that shows the organization's intended efforts in the event of an incident.

Contingency planning management team (CPMT)

The group of senior managers and project members organized to conduct and lead all CP efforts

crisis management planning team (CMPT)

The individuals from various functional areas of the organization assigned to develop and implement the CM plan

Recovery time objective (RTO)

The maximum amount of time that a system resource can remain unavailable before there is an unacceptable impact on other system resources, supported business processes, and the maximum tolerable downtime

apprehend and prosecute

The organizational CP philosophy that focuses on an attacker's identification and prosecution, the defense of information assets, and preventing reoccurrence; also known as pursue and punish

protect and forget

The organizational CP philosophy that focuses on the defense of information assets and preventing reoccurrence rather than the attacker's identification and prosecution; also known as patch and proceed

recovery point objective (RPO)

The point in time before a disruption or system outage to which business process data can be recovered after an outage, given the most recent backup copy of the data

BC policy

The policy document that guides the development and implementation of BC plans and the formulation and performance of BC teams.

crisis management policy (CM policy)

The policy document that guides the development and implementation of CM plans and the formulation and performance of CM teams.

IR policy

The policy document that guides the development and implementation of IR plans and the formulation and performance of IR teams

disaster classification

The process of examining an adverse event or incident and determining whether it constitutes an actual disaster

business continuity planning team (BCPT)

The team responsible for designing and managing the BC plan of relocation the organization and establishing primary operations at an alternate site until disaster recovery planning team can recover the primary site or establish a new location

disaster recovery planning team (DRPT)

The team responsible for designing and managing the DR plan by specifying the organization's preparation, response, and recovery from disasters, including reestablishment of business operations at the primary site after the disaster

incident response planning team (IRPT)

The team responsible for designing and managing the IR plan by specifying the organization's preparation, reaction, and recovery from incidents

maximum tolerable downtime (MTD)

The total amount of time the system owner of authorizing official is willing to accept for a business process outage or disruption. The MTD includes all impact considerations

3-2-1 backup rule

a backup strategy that recommends the creation of at least three copies of critical data (the original and two copies) on at least two different media, with at least one copy stored off-site

electronic vaulting

a backup strategy that transfers data in bulk batches to an off-site facility.

database shadowing

a backup strategy that transfers duplicate online transaction data an duplicate databases to a remote site on a redundant server, combining electronic vaulting with remote journaling by writing multiple copies of the database simultaneously to two locations

remote journaling

a backup strategy that transfers only transaction data in near real time to an off-site facility.

database shadowing

a backup strategy that transfers only transaction data near real time to an off-site facility.

digital malfeasance

a crime involving digital media computer technology or related components

alert message

a description of the incident or disaster that usually contains just enough information so that each person knows what portion of the IR or DR plan to implement with out slowing down the notification process

after-action review

a detailed examination an discussion of the events that occurred during an incident or disaster, from first detection to final recovery

alert roster

a document that contains contact information for personnel to be notified in the event of an incident or disaster

incident

an adverse event that could result in a loss of information assets but does not threaten the viability of the entire organization

adverse event

an event with negative consequences that could threaten the organization's information assets or operations; also referred to as an incident candidate

incident canidate

any event that may cause damages to the business also called adverse events

desk check

the CP testing strategy in which copies of the appropriate plans are distributed to all individuals who will be assigned roles during an actual incident or disaster; each individual reviews the plan and validates its components

DR policy

the policy document that guides the development and implementation of DR plans and the formulation and performance of DR teams.


Ensembles d'études connexes

SoundByte Quiz Intellectual Property and Plagiarism

View Set

CH 8 Vehicles and Other Major Purchases

View Set

UNIT 7: Intermolecular Forces Test

View Set

Network concepts, technologies, and database fundamentals notes:

View Set