CASP lesson 3

Question 1

BCDR

Answer 1

Business Continuity and Disaster Recovery

Question 2

What is essential for the ongoing upkeep of BCDR plans?

Answer 2

Senior leadership participation and oversight

Question 3

An information-system focused plan and identifies the following required steps for
effective continuity planning

Answer 3

The National Institute of Standards and Technology (NIST) Special Publication (SP)
800-34 Rev-1 “Contingency Planning Guide for Federal Information Systems”

Question 4

The National Institute of Standards and Technology (NIST) Special Publication (SP)
800-34 Rev-1 “Contingency Planning Guide for Federal Information Systems” steps for effective continuity planning; i.e, Business Continuity Planning (BCP)

Answer 4

1. Develop the continuity planning policy statement.
2. Conduct the business impact analysis.
3. Identify preventive measures.
4. Create contingency strategies.
5. Develop an information system contingency plan.
6. Ensure plan testing, training, and exercises.
7. Ensure plan maintenance.

Question 5

What are focused on the immediate needs of a disaster, when things are their most frantic and pressing, and is focused on the
tasks required to bring critical systems back online.

Answer 5

Disaster Recovery Plans

Question 6

__________________have a broad scope and cover the range of activities
from the development of a business continuity policy through the creation of the
response plans, evaluation activities, and plan maintenance.

Answer 6

Busines continuity plans

Question 7

The collaborative effort to identify those
systems and software that perform essential functions, meaning the organization
cannot run without them.

Answer 7

Business impact analysis

Question 8

What is the collaborative effort to identify those
systems and software that perform essential functions, meaning the organization
cannot run without them?

Answer 8

Business Impact Analysis (BIA)

Question 9

The first step in the development of the BIA

Answer 9

to identify the information systems
and the various elements that are part of it.

Question 10

Goal of BIA

Answer 10

To assess importance of various elements nd their impact so
that recovery efforts can be prioritized

Question 11

Measuring Recovery Effectiveness

Answer 11

It is not enough to simply bring systems online; how quickly and in what state need
to be defined as well.

Question 12

Recovery Point Objective (RPO)

Answer 12

The recovery point objective defines the amount of data that can be lost without
irreparable harm to the operation of the business.

Question 13

Recovery Time Objective (RTO)

Answer 13

This metric defines the maximum amount of time that performing a recovery can
take. It defines the amount of system downtime the organization can withstand.

Question 14

Recovery Point and Recovery Time Objectives

Answer 14

It is possible to meet the recovery point objective, by successfully bringing systems back
online within the defined timespan, but fail the recovery time objective by recovering
those systems from backups that do not contain data within the recovery point objective.
For example, employees could successfully access the restored system but identify that
too much data is missing.

Question 15

Recovery Service Level

Answer 15

It is important to consider that only portions of a complete system may be critical,
and this should be reflected in the recovery plans.

Question 16

Explain Privacy Impact Assessment

Answer 16

A privacy impact assessment is conducted by an organization in order for it
to determine where privacy data is stored and how that privacy data moves
throughout an information system.

Question 17

NIST defines this as “An analysis of an information system’s
requirements, functions, and interdependencies used to characterize
system contingency requirements and priorities in the event of a
significant disruption.”

Answer 17

Business Impact Analysis (BIA)

Question 18

Which type of assessment seeks to identify specific types of sensitive
data so that its use and handling can be properly disclosed?

Answer 18

Privacy Impact Assessment

Question 19

Cold Site

Answer 19

one that requires the least amount of maintenance.

Question 20

warm site

Answer 20

site includes a datacenter
that is typically scaled-down from the primary site to include the capacity and
throughput needed to run critical systems and software. In addition, systems are
pre-configured and mostly ready to operate when needed although a measured
amount of re-configuration and preparation is needed in order for them to be
ready to operate in place of the primary site. expensive to operate
and complicated to maintain but the benefits are realized upon activation which can
take hours to perhaps a few days to accomplish.

Question 21

Hot Site

Answer 21

site is one that can
be activated and used within minutes. To be able to implement a DR site that can
operate in this way takes very specialized knowledge, sophisticated automation
capabilities, and platforms that are specifically designed to operate in this manner,
which is not common.

Question 22

Mobile site

Answer 22

site can be described as a data center in a box, albeit a large box!

Question 23

Mobile site

Answer 23

site can be described as a data center in a box, albeit a large box!

Question 24

Leveraging Cloud for DR Capacity

Answer 24

the capability to run a legacy on-premise solution in
the cloud is still feasible. To this end, many organizations make the decision to use
public cloud services as a DR site and this approach is often referred to as DR as a
service, or DRaaS. The cloud service is configured in much the same way as a warm
site, with systems pre-configured and/or data replicated to the cloud platform
in near real-time. If a disaster were to occur, the organization’s services would be activated on the cloud platform for the duration necessary until they can be
transitioned back to the primary site.

Question 25

Understanding Incident Response Roles standard

Answer 25

The National Institute of Standards and Technology (NIST)
Special Publication (SP) 800-61 “Computer Security Incident Handling Guide”

Question 26

The ________________________ not only documents the outputs of
the test or incident, but also includes recommendations based on the outputs
and findings.

Answer 26

After Action Report

Question 27

NIST standard for AAR

Answer 27

NIST SP 800-84 “Guide to Test, Training, and Exercise Programs for IT Plans and
Capabilities”

Question 28

First step in BIA?

Answer 28

As with critical security controls, the first step in the development of the BIA is to identify the information systems and the various elements that are part of it.

Question 29

The Sarbanes-Oxley (SOX) Act regarding fraudulent accounting

Answer 29

one example of standards and regulations with descriptions of Business Continuity and Disaster Recovery (BCDR) capabilities.

Question 30

typically “umbrella” contracts that establish an agreement between two entities to conduct business during a defined term.

Answer 30

Master Service Agreements (MSAs)

Question 31

In a ________________, the organization isolates the DR site from the primary site, activating it as though the company is using the DR site. This is the best option to minimize impact.

Answer 31

parallel test

Question 32

Standard that includes an after-action report template that helps with documentation and findings.

Answer 32

NIST SP 800-84, the “Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities

Question 33

Standard that outlines necessary controls for audits of information systems used for certification.

Answer 33

NIST 800-53, “Security and Privacy Controls for Information Systems,”

Question 34

Standard that identifies the groups that are necessary when responding to an incident.

Answer 34

The National Institute of Standards and Technology (NIST) Special Publication (SP) 800-61, “Computer Security Incident Handling Guide,”

Question 35

Standard that addresses addresses IT security techniques, including the introduction and general model and the functional and assurance components that define various operations.

Answer 35

The ISO standard 15408

Question 36

A framework created and maintained by Information Systems Audit and Control Association (ISACA). This frames IT risk from a business leadership viewpoint.

Answer 36

The Control Objectives for Information and Related Technologies (COBIT)

Question 37

Many organizations make the decision to use public cloud services as a Disaster Recovery (DR) site, and this approach is often referred to as _____________, or ___________.

Answer 37

DR as a Service, or DRaaS.