Management of Information Security Notes Chapter 10- Planning for Contingencies
True
Rapid-onset disasters occur suddenly, and may take the lives of people and destroy the means of production.
hierarchical
A ____ activation requires that the first person call designated people on the roster, who in turn call other designated people, and so on.
hot site
A ____ is a fully configured computer facility that needs only the latest data backups and the personnel to function.
mutual agreement
A contract between two organizations in which each party agrees to assist the other in the event of a disaster is called a ____.
alert roster
A document that contains contact information on the individuals to be notified in the event of an actual incident is called a(n) ____.
CISO
A project manager—possibly a mid level manager or even the ____________________ — leads the project, putting in place a sound project planning process, guiding the development of a complete and useful project, and prudently managing resources.
alert message
A scripted set of instructions about an incident is known as a(n) ____.
False
A structured walk-through is the simplest kind of validation for reviewing the perceived feasibility and effectiveness of the contingency plan.
hot
A warm site offers many of the advantages of a(n) ________________ site, but at a lower cost.
incident damage assestment
A(n) ____ determines the extent of the breach of confidentiality, integrity, and availability of information and information assets.
after-action review
A(n) ____ entails a detailed examination of the events that occurred from first detection to final recovery.
attack scenario end case
A(n) ____ shows the estimated cost of the best, worst, and most likely outcomes of an attack.
alert roster
A(n) ____________________ is a document containing contact information of the individuals to notify in the event of an actual incident.
structure walk-through
A(n) ____________________ is a method of testing contingency plans in which all involved individuals walk through the steps they would take during an actual event.
incident
A(n) ____________________ occurs when an attack affects information resources and/or assets, causing actual damage or other disruptions.
True
A(n) alert message is a scripted set of initial instructions used to respond to an incident.
False
A(n) attack scenario consists of a detailed description of the activities that usually occur during an attack.
True
A(n) champion is an executive who supports, promotes, and endorses the findings of the CP project.
False
A(n) structured walk-through is a method of testing contingency plans in which each involved person works individually to simulate the performance of each task that he or she is responsible for.
True
Activities at unexpected times are probable indicators of an actual incident.
False
An organization should start documenting an incident after the incident has been contained.
emergency
As part of DR plan readiness, each employee should have two types of ____ information cards in his or her possession at all times.
True
Classifying an incident is the responsibility of the IR team.
True
Continuous process improvement (CPI) suggests that each time the organization rehearses its plans, it should learn from the process, improve the process, and then rehearse again.
True
Crisis management entails a set of focused steps that deal primarily with the people involved in a disaster.
people
Crisis management is designed to deal primarily with ____.
rapid-onset
Disasters that occur suddenly, with little warning, are classified as ____________________ disasters.
False
Electronic vaulting involves the transfer of live transactions to an off-site facility.
CEO
The BC Plan is most properly managed by the ____.
incident
In CP, an unexpected event is called a(n) ____.
Statement of management commitment Purpose and objectives of the policy Scope of the policy Definition of information security incidents Organizational structure and delineation of roles Prioritization or severity ratings of incidents Reporting and contact forms Performance measures
List the key components of a typical IR policy.
False
Parallel testing is the most rigorous strategy for testing contingency plans.
IT community of interest
The DRP is usually managed by the ____.
IR
The ____ plan focuses on the immediate response to an incident.
CP
The ____ team collects information about information systems and the threats they face, and creates the contingency plans for incident response, disaster recovery, and business continuity.
incident response
The ____________________ plan comprises a detailed set of processes and procedures that anticipate, detect, and mitigate the effects of an unexpected event that might compromise information resources and assets.
business continuity
The ____________________ team is charged with setting up and starting off-site operations in the event of an incident or disaster.
electronic vaulting
The bulk batch-transfer of data to an off-site facility is known as ________________.
True
The disaster recovery team is responsible for detecting, evaluating, and responding to disasters, and reestablishing operations at the primary business site.
business impact analysis
The four components of contingency planning are the ____________________, the incident response plan, the disaster recovery plan, and the business continuity plan.
incident damage assessment
The immediate determination of the scope of the breach of confidentiality, integrity, and availability of information and information assets is called ____________________.
contingency planning
The overall process of preparing for unexpected events is called _________________.
True
The presence of hacker tools in a system definitely signals that an incident is in progress or has occurred.
False
The process of examining a possible incident and determining whether it constitutes an actual incident is called incident verification.
A simulation
____ is a method of testing contingency plans in which each involved person works individually to simulate the performance of each task.
incident classification
____ is the process of examining a possible incident and determining whether it constitutes an actual incident.
Database shadowing
____ is the storage of duplicate online transaction data, along with the duplication of the databases at the remote site on a redundant server.
Disaster recovery
_______ planning ensures that critical business functions can continue if a disaster
Incident Response
_______________ is a set of procedures that commence when an incident is detected.