Like this study set? Create a free account to save it.

Sign up for an account

Already have a Quizlet account? .

Create an account

Chapter 3 of Management of Information Security, 3rd ed., Whitman and Mattford

Disaster recovery

_______ planning ensures that critical business functions can continue if a disaster


A ____ activation requires that the first person call designated people on the roster, who in turn call other designated people, and so on.


A warm site offers many of the advantages of a(n) ________________ site, but at a lower cost.

Incident Response

_______________ is a set of procedures that commence when an incident is detected.


A(n) alert message is a scripted set of initial instructions used to respond to an incident.


Electronic vaulting involves the transfer of live transactions to an off-site facility.


The process of examining a possible incident and determining whether it constitutes an actual incident is called incident verification.

Statement of management commitment
Purpose and objectives of the policy
Scope of the policy
Definition of information security incidents
Organizational structure and delineation of roles
Prioritization or severity ratings of incidents
Reporting and contact forms
Performance measures

List the key components of a typical IR policy.

business impact analysis

The four components of contingency planning are the ____________________, the incident response plan, the disaster recovery plan, and the business continuity plan.


The ____ plan focuses on the immediate response to an incident.


Crisis management entails a set of focused steps that deal primarily with the people involved in a disaster.


The ____ team collects information about information systems and the threats they face, and creates the contingency plans for incident response, disaster recovery, and business continuity.

attack scenario end case

A(n) ____ shows the estimated cost of the best, worst, and most likely outcomes of an attack.

incident response

The ____________________ plan comprises a detailed set of processes and procedures that anticipate, detect, and mitigate the effects of an unexpected event that might compromise information resources and assets.


An organization should start documenting an incident after the incident has been contained.


A(n) ____________________ occurs when an attack affects information resources and/or assets, causing actual damage or other disruptions.

after-action review

A(n) ____ entails a detailed examination of the events that occurred from first detection to final recovery.


The disaster recovery team is responsible for detecting, evaluating, and responding to disasters, and reestablishing operations at the primary business site.


As part of DR plan readiness, each employee should have two types of ____ information cards in his or her possession at all times.

business continuity

The ____________________ team is charged with setting up and starting off-site operations in the event of an incident or disaster.

structure walk-through

A(n) ____________________ is a method of testing contingency plans in which all involved individuals walk through the steps they would take during an actual event.

IT community of interest

The DRP is usually managed by the ____.


Activities at unexpected times are probable indicators of an actual incident.

electronic vaulting

The bulk batch-transfer of data to an off-site facility is known as ________________.

Database shadowing

____ is the storage of duplicate online transaction data, along with the duplication of the databases at the remote site on a redundant server.


In CP, an unexpected event is called a(n) ____.


The BC Plan is most properly managed by the ____.

alert message

A scripted set of instructions about an incident is known as a(n) ____.

incident damage assessment

The immediate determination of the scope of the breach of confidentiality, integrity, and availability of information and information assets is called ____________________.


A structured walk-through is the simplest kind of validation for reviewing the perceived feasibility and effectiveness of the contingency plan.

hot site

A ____ is a fully configured computer facility that needs only the latest data backups and the personnel to function.

A simulation

____ is a method of testing contingency plans in which each involved person works individually to simulate the performance of each task.


The presence of hacker tools in a system definitely signals that an incident is in progress or has occurred.

alert roster

A(n) ____________________ is a document containing contact information of the individuals to notify in the event of an actual incident.

incident classification

____ is the process of examining a possible incident and determining whether it constitutes an actual incident.


A(n) attack scenario consists of a detailed description of the activities that usually occur during an attack.


Parallel testing is the most rigorous strategy for testing contingency plans.


Crisis management is designed to deal primarily with ____.

contingency planning

The overall process of preparing for unexpected events is called _________________.


Rapid-onset disasters occur suddenly, and may take the lives of people and destroy the means of production.


Continuous process improvement (CPI) suggests that each time the organization rehearses its plans, it should learn from the process, improve the process, and then rehearse again.


A(n) champion is an executive who supports, promotes, and endorses the findings of the CP project.


A(n) structured walk-through is a method of testing contingency plans in which each involved person works individually to simulate the performance of each task that he or she is responsible for.


A project manager—possibly a mid level manager or even the ____________________ — leads the project, putting in place a sound project planning process, guiding the development of a complete and useful project, and prudently managing resources.


Disasters that occur suddenly, with little warning, are classified as ____________________ disasters.

incident damage assestment

A(n) ____ determines the extent of the breach of confidentiality, integrity, and availability of information and information assets.


Classifying an incident is the responsibility of the IR team.

mutual agreement

A contract between two organizations in which each party agrees to assist the other in the event of a disaster is called a ____.

alert roster

A document that contains contact information on the individuals to be notified in the event of an actual incident is called a(n) ____.

Please allow access to your computer’s microphone to use Voice Recording.

Having trouble? Click here for help.

We can’t access your microphone!

Click the icon above to update your browser permissions and try again


Reload the page to try again!


Press Cmd-0 to reset your zoom

Press Ctrl-0 to reset your zoom

It looks like your browser might be zoomed in or out. Your browser needs to be zoomed to a normal size to record audio.

Please upgrade Flash or install Chrome
to use Voice Recording.

For more help, see our troubleshooting page.

Your microphone is muted

For help fixing this issue, see this FAQ.

Star this term

You can study starred terms together

Voice Recording