ias_20250325113745 Flashcards
(76 cards)
1
Q
- main goal is to restore normal modes of operation with minimal
cost and disruption to normal business activities
after an adverse event
A
CONTIGENCY PLANNING
2
Q
- systematic process to determine and
evaluate the potential effects of an
interruption to critical business operations - helps the organization determine which
business functions and information systems
are the most critical to the success of the
organization.
A
BUSINESS IMPACT ANALYSIS
3
Q
maximum amount of time that a system
resource can remain unavailable
A
RECOVERY TIME OBJECTIVE
4
Q
- point in time before a disruption or system
outage to which business process data can
be recovered
A
RECOVERY POINT OBJECTIVE
5
Q
- total amount of time the system owner or
authorizing official is willing to accept for a
business process outage or disruption.
A
MAXIMUM TOLERABLE DOWNTIME
6
Q
amount of effort (expressed as elapsed time)
needed to make business functions work
again after the technology element is
recovered.
A
WORK RECOVERY TIME
7
Q
- focuses on the immediate response to an
incident.
A
INCIDENT RESPONSE PLAN
8
Q
detailed step-by-step methods of preparing,
detecting, reacting to, and recovering from
an incident.
* During the incident - planners develop and
document the procedures that must be
performed during the incident.
* After the incident - must be performed
immediately after the incident has ceased.
* Before the incident — draft a third set of
procedures
A
IR PROCEDURES
9
Q
Recognition that an incident is
under way
A
Detection
10
Q
Responding to the incident in a
predetermined fashion to contain and
mitigate its potential damage
A
Reaction
11
Q
— Returning all systems and data
to their state before the incident
A
3Recovery
12
Q
A combination of
on-site and off-site tape-drive, hard-drive,
and cloud backup methods
A
Traditional Data Backups
13
Q
—transfers data in bulk
batches to an off-site facility
A
Electronic Vaulting—
14
Q
transfers only
transaction data in near real time to an offsite facility.
A
Remote Journaling
15
Q
transfers duplicate
online transaction data and duplicate
databases to a remote site on a redundant
server
A
Database Shadowing
16
Q
recommends the creation of at least three
copies of critical data (the original and two
copies)
A
3-2-1 BACKUP RULE
17
Q
- events represent the potential for loss, they
are referred to as adverse events.
A
INCIDENT CANDIDATE
18
Q
adverse event that could result in a loss of
information assets
A
INCIDENT
19
Q
- composed of technical IT, managerial IT, and
InfoSec professionals who are prepared to
detect, react to, and recover from an incident;
may include members of the IRPT.
A
COMPUTER SECURITY INCIDENT RESPONSE
TEAM
20
Q
— Relates to risk management and
governance
A
Identify
21
Q
Relates to implementation of
effective security controls (policy, education,
training and awareness, and technology)
A
Protect
22
Q
Relates to the identification of
adverse events
A
Detect
23
Q
Relates to reacting to an incident
A
Respond
24
Q
Relates to putting things “as they
were before” the incident
A
Recover
25
organization’s set of planning and
preparation efforts for detecting, reacting to,
and recovering from a disaster.
DISASTER RECOVERY
26
which focuses on restoring operations at the
primary site
DISASTER RECOVERY PLAN
27
policy document that guides the
development and implementation of DR
plans and the formulation and performance
of DR teams.
DISASTER RECOVERY POLICY
28
DISASTER CLASSIFICATION
* Fire
* Flood
* Earthquake
* Lightning
* Electrostatic Discharge (ESD)
29
* ensures that critical business functions can
continue if a disaster occurs.
BUSINESS CONTINUITY PLAN
30
CONTINUITY STRATEGIES
Hot Site Cold Site Warm Site
31
Real-time data synchronization.
Most Expensive
Hot Site
32
No data backup and No data
synchronization. Least Expensive
Cold Site
33
Data is synchronized daily or
weekly. Cost Effective
* Warm Site
34
collects information about the organization
and the threats it faces
* consists of a coordinating executive,
representatives from major business units,
and the managers responsible for each of the
other three teams.
* It should include the following personnel:
* Champion—high-level manager
(COO/CEO/PRESIDENT)
* Project manager—mid-level operations
manager
CONTIGENCY PLANNING MANAGEMENT TEAM
35
The team responsible for IR plan -
organization’s preparation, reaction, and
recovery from incident
Incident Response Planning Team (IRPT)
36
The team responsible for DR plan -
organization’s preparation, response, and
recovery from disasters
Disaster Recovery Planning Team (DRPT)
37
The team responsible for BC plan -
establishing primary operations at an
alternate site until the disaster recovery
planning team can recover the primary site
Business Continuity Planning Team (BCPT)
38
assigned
to develop and implement the CM plan.
Crisis Management Planning Team (CMPT)
39
* Focuses on the effects that a disaster has on
people than its effects on other assets.
CRISIS MANAGEMENT
40
systems determine whether and how to
admit a user into a trusted area of the
organization
ACCESS CONTROL
41
provide the ability to share resources in a
peer-to-peer configuration, which allows
users to control and possibly provide access
to information or resources at their disposal.
DISCRETIONARY ACCESS CONTROLS (DACS)
42
are managed by a central authority in the
organization.
NONDISCRETIONARY ACCESS CONTROLS
(NDACS)
43
users are assigned a matrix of authorizations
for particular areas of access.
LATTICE-BASED ACCESS CONTROL (LBAC)
44
position or temporary assignment like project
manager
ROLE-BASED ACCESS CONTROLS (RBACS
45
are tied to a particular chore or responsibility
such as a department’s printer administrator
TASK-BASED ACCESS CONTROLS (TBACS)
46
use data classification schemes; they give
users and data owners limited control over
access to information resources.
MANDATORY ACCESS CONTROLS (MACS)
47
grants or denies access to resources based
on attributes of the user, the resource, and
the environment
ATTRIBUTE-BASED ACCESS CONTROLS
(ABACS)
48
unverified or unauthenticated entities who
seek access to a resource provide a unique
label by which they are known to the system.
* I am a user of the system.
IDENTIFICATION
49
* process of validating an unauthenticated
entity’s purported identity.
* I can prove I’m a user of the system.
* Something you know, Something you have,
Something you are
AUTHENTICATION
50
involves confirming that a person or
automated entity is approved to use an
information asset by matching them to a
database
AUTHORIZATION
51
also known as auditability
* every action performed on a computer
system or using an information asset can be
associated with an authorized user or
system.
ACCOUNTABILITY
52
* information security program that it prevents specific types of information from moving between two different
levels of networks,
* software service running on an existing
router or server
FIREWALL
53
* examines the header information of data
packets that come into a network.
* scan network data packets looking for
compliance with the rules of the firewall’s
database or violations of those rules.
PACKET-FILTERING FIREWALL
54
requires the configuration rules to be manually created,
sequenced, and modified within the firewall.
Static Packet Filtering
55
can react to
network traffic and create or modify its
configuration rules to adapt.
Dynamic Packet Filtering
56
keeps
track of each network connection between
internal and external systems using a state
table and that expedites the filtering of those
communications.
Stateful Packet Inspection (SPI)
57
* is frequently installed on a dedicated
computer separate from the filtering router,
but it is commonly used in conjunction with a
filtering router.
APPLICATION LAYER PROXY FIREWALLS
58
designed to operate at the media access
control sublayer of the network’s data link
layer (Layer 2).
MEDIA ACCESS CONTROL LAYER FIREWALLS
59
combine the elements of other types of
firewalls—that is, the elements of packetfiltering, application layer proxy, and media
access control layer firewalls.
HYBRID FIREWALLS
60
All firewall devices can be configured in
several network connection architectures
FIREWALL ARCHITECTURES
61
* An architecture can be implemented as a
packet-filtering router, or it could be a firewall
behind a router that is not configured for
packet filtering.
SINGLE BASTION HOSTS
62
* A networking scheme in which multiple real,
routable external IP addresses are converted
to special ranges of internal IP addresses,
usually on a one-to-one basis; that is, one
external valid address directly maps to one
assigned internal address.
Network Address Translation (NAT)
63
combines the packet-filtering router with a
separate, dedicated firewall
SCREENED HOST ARCHITECTURE
64
The dominant architecture today used with a DMZ.
SCREENED SUBNET ARCHITECTURE (WITH
DMZ)
65
Firewalls operate by examining a data packet
and performing a comparison with some
predetermined logical rules.
FIREWALL RULES
66
is another utility that can help protect an
organization’s systems from misuse and
unintentional denial-of-service problems.
CONTENT FILTER
67
The connections between company
networks and the Internet use firewalls to
safeguard that interface.
REMOTE ACCESS
68
* is a technology that enables the creation of a
secure and encrypted connection between
your device and the internet.
VIRTUAL PRIVATE NETWORKS (VPNS)
69
also known as a legacy VPN, uses leased
circuits from a service provider and conducts
packet switching over these leased circuits.
TRUSTED VPN
70
use security protocols like IPSec to encrypt
traffic transmitted across unsecured public
networks like the Internet.
SECURE VPNS
71
* combines the trusted and secure
technologies, providing encrypted
transmissions (as in secure VPN) over some
or all of a trusted VPN network.
HYBRID VPN
72
of incoming and outgoing data, in which the
native protocol of the client is embedded
within the frames of a protocol that can be
routed over the public network and be usable
by the server network environment.
ENCAPSULATION
73
* of incoming and outgoing data to keep the
data contents private while in transit over the
public network, but usable by the client and
server computers and/or the local networks
on both ends of the VPN connection.
ENCRYPTION
74
of the remote computer and perhaps the
remote user as well. Authentication and
subsequent user authorization to perform
specific actions are predicated on accurate
and reliable identification of the remote
system and user
AUTHENTICATION
75
the data within an IP packet is encrypted, but
the header information is not.
TRANSPORT MODE
76
* establishes two perimeter tunnel servers to
encrypt all traffic that will traverse an
unsecured network.
TUNNEL MODE
