Flashcards in Chapter 12 - Disaster Recovery and Incident Response Deck (25):
What is Business Continuity in a nut shell?
Having a backup plan when a key component is missing, absent, or failure, and the business continues.
What is the process of implementing policies, controls and procedures to counteract the effects of losses, outages or failures of critical business processes?
Business Continuity Planning (BCP)
What are the two key components of BCP?
Business Impact Analysis (BIA)
What are some good reasons to have backups?
Accidental deletion Application errors
Natural disasters Physical attacks
Server failure Virus infection
What are sometimes referred to as shadows?
AT what temperature does paper catch fire?
451 degrees Fahrenheit
What is an ideal medium for on-site storage?
What is the major component of a disaster recovery plan?
access and storage information
What are the different types of Backups
Hierachical Storage Management (HSM)
Describe the Grandfather, Father and Son Backup
The most recent backup after a full backup is SON
As newer backup are made, the SON becomes the FATHER, in turn becomes the GRANDFATHER
- Annual Backup is referred to as GRANDFATHER
- Monthly Backup is referred to as FATHER
- Weekly Backup is referred to as SON
What is a backout?
Is a reversion from a change that had negative consequences.
What is a Hot-Site?
Is a location that can provide operations within hours of failure.
Often referred to as an active Active Backup Model
What is a Warm SIte?
Provides some of the capabilities of a hot site, but it requires the customer to do more work to become operational
What is a Reciprocal Agreement?
An agreement between 2 companies to provide services in the event of an emergency
What is a Cold Site?
Is a facility that isn't ready for use, the organization using it must bring along its equipment and network.
What important items should an Incident Response Policy establish?
- Outside agencies that should be contacted or notified in case of an incident.
- Resources used to deal with an incident.
- List of information that should be collected about an incident.
- Policies and guidelines regarding how to handle an incident.
What can be formalized or an Ad Hoc team?
Computer Security Incident Response Team (CSIRT)
What are the 5 Steps Incident Response?
1. Identifying the Incident
2. Investigating the Incident
3. Repairing the Damage
4. Documenting and Repairing the Response
5. Adjusting Procedures
What is OOV?
Order of Volatility
The amount of time that you have to collect certain data before a window of opportunity is gone.
What is "Capture System Image"?
Capturing an image of the operating system in its exploited state can be helpful in revisiting the issue after the fact to learn more about it.
Why is Documenting Network Traffic and logs valuable in forensics?
This information can be useful in identifying trends associated with repeated attacks
Why would you want to capture video in forensics?
Video can latter be analyzed manually in individual frames as well as run through a number of programs that can create indices of the contents.
Why is important to record the time offset during forensics?
To able to follow events in the correct time sequence.
What are the 5 levels of testing during a Tabletop exercise simulation of a disater?
- Document Review
- Parallel Text
- Cutover Test