Chapter 8: Risk, Response, and Recovery
Maximum Tolerable Downtime
__________ is the limit of time that a business can survive without a particular critical system.
Business Continuity Plan
A plan that contains the actions needed to keep critical business processes running after a disruption is called a __________.
Disaster Recovery Plan
A plan that details the steps to recover from a major disruption and restore the infrastructure necessary for normal business operations is a __________.
True
A vulnerability is any exposure that could allow a threat to be realized. True or False?
Detective control
An IDS is what type of control?
Incident
Any event that either violates or threatens to violate your security policy is known as a(n) __________.
Residual
Risk that remains even after risk mitigation efforts have been implemented is known as __________ risk.
All of the above
The incident-handling process includes which of the following? ~Documentation ~Response ~Notification ~Recovery and followup ~All of the above
True
The primary steps to disaster recovery include the safety of individuals, containing the damage, and assessing the damage and beginning the recovery operations. True or False?
False
The process of describing a risk scenario and then determining the degree of impact that event would have on business operations is quantitative risk analysis.