Upgrade to remove ads
Planning for Contingencies CH3
Terms in this set (69)
When the use of technology is disrupted and business operations come close to a standstill,___ are required to permit the organization to continue essential functions if information technology support is interrupted.
Over ___% of businesses that don't have a disaster plan go out of business after a major loss.
___planning is the overall planning for unexpected events. Involves preparing for, detecting, reacting to, and recovering from events that threaten the security of information resources and assets
restoration, minimum cost
The main goal of Contingency Planning is the ___to normal modes of operation with ___ and disruption to normal business activities after an unexpected event.
Incident response planning (IRP)
___ focuses on immediate response.
Disaster recovery planning (DRP)
___focuses on restoring operations at the primary site after disasters occur.
Business continuity planning (BCP)
___facilitates establishment of operations at an alternate site
Identify, Anticipate, Select, Implement, Test
To ensure continuity across all of the CP processes, contingency planners should
___the mission- or business-critical functions and the resources that support them. ___potential contingencies or disasters. ___contingency planning strategies. ___ the selected strategy. ___and revise contingency plans.
___ the contingency planning policy statement provides the authority and guidance necessary to develop an effective contingency plan
BIA (Business Impact Analysis)
Conduct the ___, which helps to identify and prioritize critical IT systems and components.
Identifying preventive controls are measures taken to reduce the effects of system disruptions, which can increase system ___ and reduce ___ life cycle costs
Develop___strategies to ensure that the system may be recovered quickly and effectively following a disruption
Develop an IT ___ plan which contains detailed guidance and procedures for restoring a damaged system.
testing, training, and exercises
In a CP, you need to plan ___,___, and ___.
___the plan identifies planning gaps.
___prepares recovery personnel for plan activation. Both activities improve plan effectiveness and overall agency preparedness.
The plan should be updated regularly to remain current with system ___
You need identification of key ___ and standards that impact CP planning and a brief overview of their relevancy.
You need identification of key ___responsible for CP operations
You need a ___ to the individual members of the organizations and additional administrative information.
The CP team
The incident recovery (IR) team
The disaster recovery (DR) team
The business continuity plan (BC) team
Four teams are involved in contingency planning and contingency operations
Information technology managers
Information security managers
The CP team should include a Champion, Project Manager, and what three types of team members?
BIA provides the CP team with information about systems and the ___ they face.
BIA is the ___ phase in the CP process and is a crucial component of the initial planning stages. Provides detailed___of each potential attack's impact.
risk management, successful
BIA is not ___. BIA assumes controls have been bypassed or are ineffective, and attack was ___.
An organization that uses a ___ process will have identified and prioritized threats
An ___is a detailed description of activities that occur during an attack.
The second major BIA task is the analysis and ___ of business functions within the organization
Estimate the cost of the best, worst, and most likely outcomes by preparing an attack scenario ___, which allows identification of what must be done to recover from each possible case.
Incident Response Plan
A___is a detailed set of processes and procedures that anticipate, detect, and mitigate the impact of an unexpected event that might compromise information resources and assets. Procedures commence when "this" is detected.
Incident response is a ___ measure, not a preventative one
Details of data backup schedules
Disaster recovery preparation
Copies of service agreements
Business continuity plans
Develop procedures for tasks that must be performed in advance of the incident. 6 Procedures
__is when you determine whether an event is an actual incident. May be challenging.
Incident Classification, IR team
___ uses initial reports from end users, intrusion detection systems, host- and network-based virus detection software, and systems administrators. Careful training allows everyone to relay vital information to the___.
files, execution, consumption, crashes
"Possible" indicators of an incident:
Presence of unfamiliar ___.
Presence or ___ of unknown programs or processes.
Unusual___of computing resources.
Activities, accounts, IDS
"Probable" indicators of an incident:
___at unexpected times.
Presence of new ___.
dormant, logs, hacker, peer, hacker
"Definite" indicators of an incident:
Notifications by partner or___.
Once an actual incident has been confirmed and properly classified the IR team moves from the detection phase to the___phase.
notification, assignment, documentation
In an IRP, a number of action steps must occur quickly and may occur concurrently. These steps include___of key personnel, the ___ of tasks, and documentation of the incident.
A___is a document containing contact information on the individuals to be notified in the event of an actual incident either sequentially or hierarchically.
The alert message is a___description of the incident. Other key personnel must be notified of the incident after the incident has been confirmed, but before the___or other external sources learn of it.
___begins once an incident has been confirmed and the notification process is underway. Record the who, what, when, where, why and how of each action taken during the incident.
Documentation serves as a ___ after the fact to determine if the right actions were taken, and if they were effective. Can also prove the organization did everything possible to deter the spread of the incident.
The essential task of___is to stop the incident or contain its impact.
Stopping the incident
Recovering control of the systems
Incident containment strategies focus on two tasks
Disconnect, filtering rules, Disabling, firewalls, disabling
Incident Response Containment strategies:
___ the affected communication circuits.
Dynamically apply___to limit certain types of network access.
___compromised user accounts.
Reconfiguring___to block the problem traffic.
Temporarily___ the compromised process or service .
vulnerabilities, safeguards, detection
Incident Response Recovery process: Part1
Identify the ___ that allowed the incident to occur and spread and resolve them.
Address the ___ that failed to stop or limit the incident, or were missing from the system in the first place and install, replace or upgrade them.
Evaluate monitoring capabilities (if present) to improve ___ and reporting methods, or install new monitoring capabilities.
Restore, services, monitor, communities of interest
Incident Response Recovery process: Part2
___ the data from backups as needed
Restore the___and processes in use where compromised (and interrupted) services and processes must be examined, cleaned, and then restored.
Restore the confidence of the members of the organization's___.
after-action review (AAR)
Before returning to routine duties, the IR team must conduct an ___review (AAR), which is a detailed examination of the events that occurred.
All team members___their actions during the incident and identify areas where the IR plan worked, didn't work, or should improve.
civil or criminal
When an incident violates___or___law, it is the organization's responsibility to notify the proper authorities. Selecting the appropriate law enforcement agency depends on the type of crime committed: Federal, State, or local
A___ plan is the preparation for and recovery from a disaster, whether natural or man made.
In general, an incident is a disaster when:
The organization is unable to contain or control the___ of an incident, or
The level of damage or destruction from an incident is so___the organization is unable to quickly recover.
Disaster Recovery Plan (DRP)
The key role of a___is defining how to reestablish operations at the location where the organization is usually located.
roles, alert roster, priorities, Documentation, mitigate, Alternative
Key points in the DRP:
Clear delegation of ___ and responsibilities.
Execution of the___and notification of key personnel.
Clear establishment of___.
___of the disaster.
Action steps to___the impact.
___implementations for the various systems components.
Actual events often ___ even the best of plans. To be prepared, DRP should be flexible.
restoration, alternative actions, BCP
If physical facilities are intact, begin ___.
If organization's facilities are unusable, take ___.
When disaster threatens the organization at the primary site, DRP becomes___.
Business Continuity Plan, CEO
The___Plan ensures critical business functions can continue in a disaster.
Managed by the ___ of the organization.
The BCP is activated and executed concurrently with the ___ when needed.
While BCP reestablishes critical functions at an alternate site,__same__focuses on reestablishment at the primary site
BCP relies on ___ of critical business functions and the resources to support them
Continuity strategies :
___options: hot, warm and cold sites.
___options: timeshare, service bureaus, mutual agreements
Determining factor is usually cost.
To get any BCP site running quickly organization must be able to recover___.
Electronic Vaulting, Remote journaling, Database shadowing
BCP Options include:
___-Bulk batch-transfer of data to an off-site facility.
___-Transfer of live transactions to an off-site facility.
___-Storage of duplicate online transaction data.
___is a set of focused steps that deal primarily with the people involved during and after a disaster.
personnel, declaration, public, parties
Crisis management team actions:
Supporting ___ and their loved ones during the crisis.
Determining the event's impact on normal business operations.
Making a disaster ___.
Keeping the___informed about the event.
Communicating with outside___.
Key tasks of the crisis management team are
___personnel status and___the alert roster.
business resumption plan (BRP)
Because the DRP and BCP are closely related, most organizations prepare them concurrently. May combine them into a single document, the ___.
During a Testing Contingency Plan, ___are identified during testing and improvements can be made, resulting in a reliable plan.
Contingency plan testing strategies:
Full interruption testing
iteration, continuous process improvement (CPI), Constant
In Contingency Planning, iteration results in improvement. A formal implementation of this methodology is a process known as ___. Each time the plan is rehearsed it should be improved. ___evaluation and improvement lead to an improved outcome.
YOU MIGHT ALSO LIKE...
Strategic Management - Theory and Practice | John…
ISM 4323 CH. 3
OTHER SETS BY THIS CREATOR
CH10 Protection Mechanisms
CH9 Risk Management: Controlling Risk
CH8 Risk Management: Identifying and Assessing Risk