Chapter 3 of Management of Information Security, 3rd ed., Whitman and Mattford
_______ planning ensures that critical business functions can continue if a disaster
A ____ activation requires that the first person call designated people on the roster, who in turn call other designated people, and so on.
A warm site offers many of the advantages of a(n) ________________ site, but at a lower cost.
_______________ is a set of procedures that commence when an incident is detected.
A(n) alert message is a scripted set of initial instructions used to respond to an incident.
Electronic vaulting involves the transfer of live transactions to an off-site facility.
The process of examining a possible incident and determining whether it constitutes an actual incident is called incident verification.
Statement of management commitment Purpose and objectives of the policy Scope of the policy Definition of information security incidents Organizational structure and delineation of roles Prioritization or severity ratings of incidents Reporting and contact forms Performance measures
List the key components of a typical IR policy.
business impact analysis
The four components of contingency planning are the ____________________, the incident response plan, the disaster recovery plan, and the business continuity plan.
The ____ plan focuses on the immediate response to an incident.
Crisis management entails a set of focused steps that deal primarily with the people involved in a disaster.
The ____ team collects information about information systems and the threats they face, and creates the contingency plans for incident response, disaster recovery, and business continuity.
attack scenario end case
A(n) ____ shows the estimated cost of the best, worst, and most likely outcomes of an attack.
The ____________________ plan comprises a detailed set of processes and procedures that anticipate, detect, and mitigate the effects of an unexpected event that might compromise information resources and assets.
An organization should start documenting an incident after the incident has been contained.
A(n) ____________________ occurs when an attack affects information resources and/or assets, causing actual damage or other disruptions.
A(n) ____ entails a detailed examination of the events that occurred from first detection to final recovery.
The disaster recovery team is responsible for detecting, evaluating, and responding to disasters, and reestablishing operations at the primary business site.
As part of DR plan readiness, each employee should have two types of ____ information cards in his or her possession at all times.
The ____________________ team is charged with setting up and starting off-site operations in the event of an incident or disaster.
A(n) ____________________ is a method of testing contingency plans in which all involved individuals walk through the steps they would take during an actual event.
IT community of interest
The DRP is usually managed by the ____.
Activities at unexpected times are probable indicators of an actual incident.
The bulk batch-transfer of data to an off-site facility is known as ________________.
____ is the storage of duplicate online transaction data, along with the duplication of the databases at the remote site on a redundant server.
In CP, an unexpected event is called a(n) ____.
The BC Plan is most properly managed by the ____.
A scripted set of instructions about an incident is known as a(n) ____.
incident damage assessment
The immediate determination of the scope of the breach of confidentiality, integrity, and availability of information and information assets is called ____________________.
A structured walk-through is the simplest kind of validation for reviewing the perceived feasibility and effectiveness of the contingency plan.
A ____ is a fully configured computer facility that needs only the latest data backups and the personnel to function.
____ is a method of testing contingency plans in which each involved person works individually to simulate the performance of each task.
The presence of hacker tools in a system definitely signals that an incident is in progress or has occurred.
A(n) ____________________ is a document containing contact information of the individuals to notify in the event of an actual incident.
____ is the process of examining a possible incident and determining whether it constitutes an actual incident.
A(n) attack scenario consists of a detailed description of the activities that usually occur during an attack.
Parallel testing is the most rigorous strategy for testing contingency plans.
Crisis management is designed to deal primarily with ____.
The overall process of preparing for unexpected events is called _________________.
Rapid-onset disasters occur suddenly, and may take the lives of people and destroy the means of production.
Continuous process improvement (CPI) suggests that each time the organization rehearses its plans, it should learn from the process, improve the process, and then rehearse again.
A(n) champion is an executive who supports, promotes, and endorses the findings of the CP project.
A(n) structured walk-through is a method of testing contingency plans in which each involved person works individually to simulate the performance of each task that he or she is responsible for.
A project manager—possibly a mid level manager or even the ____________________ — leads the project, putting in place a sound project planning process, guiding the development of a complete and useful project, and prudently managing resources.
Disasters that occur suddenly, with little warning, are classified as ____________________ disasters.
incident damage assestment
A(n) ____ determines the extent of the breach of confidentiality, integrity, and availability of information and information assets.
Classifying an incident is the responsibility of the IR team.
A contract between two organizations in which each party agrees to assist the other in the event of a disaster is called a ____.
A document that contains contact information on the individuals to be notified in the event of an actual incident is called a(n) ____.