lesson 8

Ace your homework & exams now with Quizwiz!

A business impact analysis (BIA) details the steps to recover from a disruption and restore the infrastructure necessary for normal business operations.

fasle

A structured walk-through test is a review of a business continuity plan to ensure that contact numbers are current and that the plan reflects the company's priorities and structure.

fasle

Kim is the risk manager for a large organization. She is evaluating whether the organization should purchase a fire suppression system. She consulted a variety of subject matter experts and determined that there is a 1 percent chance that a fire will occur in a given year. If a fire occurred, it would likely cause $2 million in damage to the facility, which has a $10 million value. Given this scenario, what is the single loss expectancy (SLE)?

$2,000,000

The recovery point objective (RPO) can come from the business impact analysis or sometimes from a government mandate, such as banking laws

true

Forensics and incident respons are examples of ___________ controls.

Corrective

Kim is the risk manager for a large organization. She is evaluating whether the organization should purchase a fire suppression system. She consulted a variety of subject matter experts and determined that there is a 1 percent chance that a fire will occur in a given year. If a fire occurred, it would likely cause $2 million in damage to the facility, which has a $10 million value. Given this scenario, what is the annualized loss expectancy (ALE)?

$20,000

What is a key principle of risk management programs?

Don't spend more to protect an asset than it is worth.

Deterrent controls identify that a threat has landed in your system.

False

Risk refers to the amount of harm a threat exploiting a vulnerability can cause.

False

Adam's company recently suffered an attack where hackers exploited an SQL injection issue on their web server and stole sensitive information from a database. What term describes this activity?

Incident

What term describes the longest period of time that a business can survive without a particular critical system?

Maximum tolerable downtime (MTD)

Beth is conducting a risk assessment. She is trying to determine the impact a security incident will have on the reputation of her company. What type of risk assessment is best suited to this type of analysis?

Qualitative

Which data source comes first in the order of volatility when conducting a forensic investigation?

RAM

What term describes the risk that exists after an organization has performed all planned countermeasures and controls?

Residual risk

Joe is responsible for the security of the industrial control systems for a power plant. What type of environment does Joe administer?

Supervisory Control and Data Acquisition (SCADA

Which control is NOT an example of a fault tolerance technique designed to avoid interruptions that would cause downtime?

Warm site

A successful business impact analysis (BIA) maps the context, the critical business functions, and the processes on which they rely.

true

Jake has been asked to help test the business continuity plan at an offsite location while the system at the main location is shut down. He is participating in a parallel test.

fasle

Purchasing an insurance policy is an example of the _____________________ risk management strategy.

transfer

Nancy performs a full backup of her server every Sunday at 1 A.M. and differential backups on Mondays through Fridays at 1 A.M. Her server fails at 9 A.M. Wednesday. How many backups does Nancy need to restore?

2


Related study sets

African American Experience - Reconstruction through the 1950s

View Set

Environmental Science Multiple Choice

View Set

NMLS Segment 11 (Financial Calculations)

View Set