Please enter something
Home Page Flashcards ISM 4323 CH. 3 - Flashcards

ISM 4323 CH. 3 – Flashcards

Kolby Cobb
8 July 2022

Unlock all answers in this set

Unlock answers
question
Contingency planning
answer
The overall planning for unexpected events Involves preparing for, detecting, reacting to, and recovering from events that threaten the security of information resources and assets. Main goal: The restoration to normal modes of operation with minimum cost and disruption to normal business activities after an unexpected event
question
Incident response planning (IRP)
answer
Focuses on immediate response
question
Disaster recovery planning (DRP)
answer
Focuses on restoring operations at the primary site after disasters occur ~The key role of a DRP is defining how to reestablish operations at the location where the organization is usually located
question
Business continuity planning (BCP)
answer
Facilitates establishment of operations at an alternate site
question
Conduct the BIA
answer
Helps to identify and prioritize critical IT systems and components BIA assumes controls have been bypassed or are ineffective, and attack was successful An organization that uses a risk management process will have identified and prioritized threats Update threat list and add one additional piece of information - the attack profile An attack profile is a detailed description of activities that occur during an attack The second major BIA task is the analysis and prioritization of business functions within the organization
question
Plan maintenance
answer
The plan should be updated regularly to remain current with system enhancements
question
Elements of a contingency planning policy statement
answer
Develop the contingency planning policy statement Provides the authority and guidance necessary to develop an effective contingency plan An introductory statement of philosophical perspective by senior management A statement of the scope and purpose of the CP operations A call for periodic risk assessment and business impact analysis by the CP Team
question
Four teams are involved in contingency planning and contingency operations
answer
The CP team The incident recovery (IR) team The disaster recovery (DR) team The business continuity plan (BC) team
question
The CP team should include
answer
Champion Project Manager Team Members: -Business managers -Information technology managers -Information security managers
question
NIST
answer
These procedures (contingency plans, business interruption plans, and continuity of operations plans) should be coordinated with the backup, contingency, and recovery plans of any general support systems, including networks used by the application. The contingency plans should ensure that interfacing systems are identified and contingency/disaster planning coordinated.
question
Business Impact Analysis (BIA)
answer
Provides the CP team with information about systems and the threats they face -Second phase in the CP process. -A crucial component of the initial planning stages -Provides detailed scenarios of each potential attack's impact
question
Task order in contingency planning
answer
1)Business impact analysis, 2)Incident response planning 3) disaster recovery planning, 4) business continuity planning
question
The CP team conducts the BIA in the following stages:
answer
Threat attack identification Business unit analysis Attack success scenarios Potential damage assessment Subordinate plan classification
question
attack profile
answer
detailed description of activities that occur during an attack
question
Business Impact Analysis (BIA)
answer
Create a series of scenarios depicting impact of successful attack on each functional area Helps to identify and prioritize critical IT systems and components Estimate the cost of the best, worst, and most likely outcomes By preparing an attack scenario end case Allows identification of what must be done to recover from each possible case
question
Incident Response Plan
answer
A detailed set of processes and procedures that anticipate, detect, and mitigate the impact of an unexpected event that might compromise information resources and assets -Procedures commence when an incident is detected
question
Incident Response Plan
answer
When a threat becomes a valid attack, it is classified as an information security incident if: 1) It is directed against information assets 2) It has a realistic chance of success. 3)It threatens the confidentiality, integrity, or availability of information assets, Incident response is a reactive measure, not a preventative one
question
Incident Response Plan
answer
Develop procedures for tasks that must be performed in advance of the incident ~Details of data backup schedules ~Disaster recovery preparation ~Training schedules ~Testing plans ~Copies of service agreements ~Business continuity plans
question
Incident classification
answer
Determine whether an event is an actual incident. Uses initial reports from end users, intrusion detection systems, host- and network-based virus detection software, and systems administrators
question
Once an actual incident has been confirmed and properly classified
answer
IR team moves from the detection phase to the reaction phase A number of action steps must occur quickly and may occur concurrently These steps include notification of key personnel, the assignment of tasks, and documentation of the incident
question
Alert roster
answer
A document containing contact information on the individuals to be notified in the event of an actual incident either sequentially or hierarchically The alert message is a scripted description of the incident Other key personnel must be notified of the incident after the incident has been confirmed, but before media or other external sources learn of it
question
Documentation
answer
Begins once an incident has been confirmed and the notification process is underway Record the who, what, when, where, why and how of each action taken during the incident Serves as a case study after the fact to determine if the right actions were taken, and if they were effective
question
Incident containment strategies focus on two tasks
answer
Stopping the incident. Recovering control of the systems The essential task of IR is to stop the incident or contain its impact
question
Containment strategies
answer
Disconnect the affected communication circuits Dynamically apply filtering rules to limit certain types of network access Disabling compromised user accounts Reconfiguring firewalls to block the problem traffic Temporarily disabling the compromised process or service
question
Incident damage assessment
answer
Determination of the scope of the breach of confidentiality, integrity, and availability of information and information assets
question
Recovery process
answer
Identify the vulnerabilities that allowed the incident to occur and spread and resolve them. ~Address the safeguards that failed to stop or limit the incident, or were missing from the system in the first place and install, replace or upgrade them ~Evaluate monitoring capabilities (if present) to improve detection and reporting methods, or install new monitoring capabilities
question
after-action review (AAR)
answer
A detailed examination of the events that occurred ~All team members review their actions during the incident and identify areas where the IR plan worked, didn't work, or should improve ~Before returning to routine duties, the IR team must conduct an after-action review
question
Disaster Recovery Plan (DRP)
answer
The preparation for and recovery from a disaster, whether natural or man made In general, an incident is a disaster when: ~The organization is unable to contain or control the impact of an incident, or ~The level of damage or destruction from an incident is so severe the organization is unable to quickly recover how to reestablish operations at the location where the organization is usually located
question
Scenario development and impact analysis
answer
Used to categorize the level of threat of each potential disaster
question
Key points in the DRP
answer
Clear delegation of roles and responsibilities Execution of the alert roster and notification of key personnel. Clear establishment of priorities Documentation of the disaster. Action steps to mitigate the impact Alternative implementations for the various systems components at Primary site
question
Business Continuity Plan BCP
answer
~Ensures critical business functions can continue in a disaster ~Managed by CEO of the organization ~Activated and executed concurrently with the DRP when needed ~While BCP reestablishes critical functions at alternate site, DRP focuses on reestablishment at the primary site
question
Business Continuity Plan
answer
Relies on identification of critical business functions and the resources to support them ~Continuity strategies: ~Exclusive-use options: hot, warm and cold sites ~Shared-use options: timeshare, service bureaus, mutual agreements ~Determining factor is usually cost
question
Hot Sites
answer
Fully configured computer facility with all services
question
Warm Sites
answer
Like hot site, but software applications not kept fully prepared
question
Cold Sites
answer
Only rudimentary services and facilities kept in readiness
question
Timeshares
answer
Like an exclusive use site but leased
question
Service bureaus
answer
Agency that provides physical facilities
question
Mutual agreements
answer
Contract between two organizations to assist
question
Specialized alternatives
answer
Rolling mobile site Externally stored resources
question
BCP site running quickly
answer
Electronic vaulting: Bulk batch-transfer of data to an off-site facility Remote journaling: Transfer of live transactions to an off-site facility Database shadowing: Storage of duplicate online transaction data
question
Crisis management
answer
A set of focused steps that deal primarily with the people involved during and after a disaster
question
Crisis management team actions
answer
~Supporting personnel and their loved ones during the crisis ~Determining the event's impact on normal business operations ~Making a disaster declaration ~Verifying personnel status ~Activating the alert roster ~Keeping the public informed about the event ~Communicating with outside parties KEY TASKS: ~Verifying personnel status ~Activating the alert roster
question
Business Resumption Planning
answer
Because the DRP and BCP are closely related, most organizations prepare them concurrently May combine them into a single document, the business resumption plan (BRP) Although a single planning team can develop the BRP, execution requires separate teams
question
Business Resumption Planning
answer
Components of a simple disaster recovery plan Name of agency Date of completion or update of the plan and test date Agency staff to be called in the event of a disaster Emergency services to be called (if needed) in event of a disaster
question
Business Resumption Planning disaster recovery plan
answer
Locations of in-house emergency equipment and supplies Sources of off-site equipment and supplies Salvage priority list Agency disaster recovery procedures Follow-up assessment
question
Contingency plan testing strategies
answer
Desk check Structured walkthrough Simulation Parallel testing Full interruption testing
question
contingency planners should
answer
Identify the mission- or business-critical functions and the resources that support them Anticipate potential contingencies or disasters Select contingency planning strategies Implement the selected strategy Test and revise contingency plans
question
Identify preventive controls
answer
Measures taken to reduce the effects of system disruptions can increase system availability and reduce contingency life cycle costs
question
Develop recovery strategies
answer
Ensure that the system may be recovered quickly and effectively following a disruption
question
Plan testing, training, and exercises
answer
Testing the plan identifies planning gaps Training prepares recovery personnel for plan activation Both activities improve plan effectiveness and overall agency preparedness
question
Attack profiles
answer
should include scenarios depicting typical attack including: Methodology Indicators Broad consequences Add alternate outcomes Best case, worst case, and most likely
question
Incident Response Plan
answer
Planning requires a detailed understanding of the information systems and the threats they face The IR planning team seeks to develop pre-defined responses that guide users through the steps needed to respond to an incident Enables rapid reaction without confusion or wasted time and effort
question
Incident Response Plan Possible indicators
answer
Presence of unfamiliar files Presence or execution of unknown programs or processes Unusual consumption of computing resources Unusual system crashes
question
Incident Response Plan Probable indicators
answer
Activities at unexpected times Presence of new accounts Reported attacks Notification from IDS
question
Incident Response Plan Definite indicators
answer
Use of dormant accounts Changes to logs Presence of hacker tools Notifications by partner or peer Notification by hacker
question
Once contained and system control regained, Incident Recovery can begin
answer
The IR team must assess the full extent of the damage in order to determine what must be done to restore the systems
question
Recovery process
answer
Restore the data from backups as needed Restore the services and processes in use where compromised (and interrupted) services and processes must be examined, cleaned, and then restored Continuously monitor the system Restore the confidence of the members of the organization's communities of interest
question
disaster recovery plan DRP can classify disasters
answer
The most common method is to separate natural disasters from man-made disasters Another way of classifying disasters is by speed of development Rapid onset disasters Slow onset disasters
question
Components of a simple disaster recovery plan
answer
~Name of agency ~Date of completion or update of the plan and test date ~Agency staff to be called in the event of a disaster ~Emergency services to be called (if needed) in event of a disaster.~Locations of in-house emergency equipment and supplies ~Sources of off-site equipment and supplies ~Salvage priority list ~Agency disaster recovery procedures ~Follow-up assessment
question
continuous process improvement (CPI)
answer
A formal implementation of this methodology is a process known as. Each time the plan is rehearsed it should be improved Iteration results in improvement
Get an explanation on any task
Get unstuck with the help of our AI assistant in seconds
New
Get unstuck with AI assistant right now
  • Enter your topic/question
  • Receive an explanation
Pro tips to get quality response
  • Ask one question at a time
  • Enter a specific assignment topic
  • Aim at least 500 characters
Question
What is the right structure for an essay
Answer
A paragraph is a related group of sentences that develops one main idea. Each paragraph in the body of the essay should contain:
  • a topic sentence that states the main or controlling idea
  • supporting sentences to explain and develop the point you’re making
  • evidence from your reading or an example from the subject area that supports your point
  • analysis of the implication/significance/impact of the evidence finished off with a critical conclusion you have drawn from the evidence.