Lesson 7: Explain Resiliency and Site Security Concepts Flashcards
Define a ‘acquisition/procurement’ policy
Policies and processes that ensure asset and service purchases and contracts are fully managed, secure, use authorized suppliers/vendors, and meet business goals.
Define ‘total cost of ownership (TCO)’
The initial purchase price along with the ongoing costs of maintenance, updates, and potential security incidents associated with an asset.
Define ‘Configuration management’
Ensures that each configurable element within an asset inventory has not diverged from its approved configuration.
Define ‘Change control’
The process by which the need for change is recorded and approved.
Define ‘change management’
The process through which changes to the configuration of information systems are implemented as part of the organization’s overall configuration management efforts.
Define a ‘Service Asset’
Things, processes, or people that contribute to delivering an IT service.
Define a ‘Configuration Item (CI)’
An asset that requires specific management procedures to be used to deliver the service.
Define a ‘baseline configuration’
A list of settings that an asset, such as a server or application, must adhere to.
Define a ‘Security Baseline’
Minimum set of security configuration settings a device or software must maintain to be considered adequately protected.
Define a ‘configuration management system (CMS)’
The tools and databases used to collect, store, manage, update, and report information about CIs.
Define ‘Data deduplication’
Data compression technique that identifies and eliminates redundant data.
Define ‘On-site backups’
Backup that writes job data to media that is stored in the same physical location as the production system.
Define ‘Off-site backups’
Backup that writes job data to media that is stored in a separate physical location to the production system.
How can an organization identify potential issues in their data recovery process?
Testing backups/restore capabilities and making necessary improvements.
Define a ‘Snapshot’
Image backup; Used to create the entire architectural instance/copy of an application, disk, or system at a specific point in time.
What is the purpose of a snapshot?
It is used in backup processes to restore the system or disk of a particular device at a specific time.
Define a ‘VM snapshot’
Capture the state of a virtual machine, including its memory, storage, and configuration settings.
Define a ‘Filesystem snapshot’
Capture the state of a file system at a given moment, enabling users to recover accidentally deleted files or restore previous versions of files in case of data corruption.
Define a ‘SAN snapshot’
taken at the block-level storage layer within a storage area network which capture the state of the entire storage volume.
Define ‘Replication’
Creating and maintaining exact copies of data on different storage systems or locations.
Define ‘Journaling’
A method used by file systems to record changes not yet made to the file system in an object called a journal before the file indexes are updated.
Define ‘Sanitization’
Process of removing sensitive information from storage media to prevent unauthorized access or data breaches.
Define ‘continuity of operations planning (COOP)’
Processes and procedures to ensure critical business functions can continue during and after a disruption.
What is the purpose of continuity of operations planning (COOP)?
Minimize downtime, protect essential resources, and maintain business resilience.
What are key components of continuity of operations planning (COOP)
Identifying critical business functions, establishing priorities, determining the resources needed to support these functions; Involves creating redundancy for IT systems and data.
What is the difference between continuity of operations planning (COOP) and Business continuity planning (BCP)?
Continuity of operations is a component of the broader business continuity concept; COOP is primarily concerned with the immediate response and restoration of critical functions, while business continuity encompasses a more comprehensive approach to ensure the overall resilience and recovery of the entire organization.
Define ‘Capacity Planning’
Organizations assess their current and future resource requirements to ensure they can efficiently meet their business objectives to support anticipated growth or changes in demand.
What are the variables/subjects that are taken into account when Capacity Planning?
Personnel, storage, computer hardware, software, and connection infrastructure resources.
What might be taken into consideration when capacity planning for physical infrastructure?
Evaluating physical facilities to see if they can accommodate growth; Power, cooling, and connectivity.
What metrics can an organization use to assist in capacity planning?
Trend analysis, simulation modeling, and benchmarking.
Define ‘Trend analysis’ and its function
Examines historical data to identify patterns and trends in resource usage, demand, and performance to forecast future resource requirements by understanding past patterns.
Define the purpose of ‘Trend analysis’
Help identify potential bottlenecks or other areas that require attention.
Define ‘Simulation modeling’ and its function
Leverages computer-based models to simulate real-world scenarios; Assess the impact of changes in demand, different resource allocation strategies, or system configurations.
Define ‘Benchmarking’ and its function
A comparison of an organization’s performance metrics against industry standards or best practices; A way to identify areas for improvement and establish performance targets.
What is the ultimate goal of capacity planning?
Allows organizations to optimize resource allocation, reduce costs, and minimize the risk of downtime or performance issues.
What are ‘people’ risks associated with capacity planning?
Insufficient staffing, skills gaps, lack of cross-training/succession planning, resistance to change, lack of employee engagement, or ineffective communication.
