Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

ISC > S2-m3 > Flashcards

S2-m3 Flashcards

1
Q

Availability means…

A

to be able to perform business functions or meet business objectives, is critical to a business success

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
1
Q

What is system availability?

A

when business data is accessible and IT systems are operating normally. A component of availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Business Resiliency

A

Consideration of continuous operation or quick return to operation. The integration of system availability controls, disaster recovery plans, business continuity plans, and crisis management plans into a central set of procedures to consider whether a business can continue to operate or quickly return to operations without irreparable harm to its people, information, or assets.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Business Continuity

A

Ability to continue delivering products and services; focuses on non-IT, operations focused. More comprehensive than disaster recovery plans, contain contingency and mitigation procedures around all business processes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

System Availability Controls

A

Ability to Prevent Systems disruptions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Crisis Management

A

Overall response to a dire situation; broader than DR

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Disaster Recovery

A

Strategic recovery after a disaster. Focuses on IT functions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Incident Response Plan

DR or CM

A

Specific recover after an event

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Physical and IT Infrastrucutre Controls

System Availability Controls

A

Physical and virtual controls in place so all systems continue to be available for normal business operations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Uninterrupted Power Supply

System Availability Controls

A

Backup power supply in the event of a power outage to sustain IT operations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Redundancy and Backup

System Availability Controls

A

Ability to restore IT operations form replicated environments and backup

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

The steps in a disaster recovery plan

A
  1. assess the risk
  2. identify mission critical applications and data
  3. develop a plan for handling the mission critical applications
  4. determine the responsibilities of the personnel involved in disaster recovery
  5. test the disaster recovery plan
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Cold Site

A

an off site location that has all the electrical connections and other physicals requirements for data processing but it does not have the actual equipment. Takes 1-3 days to be made operational bc system has to be acquired

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Warm site

A

a warm backup site falls somewhere between a cold site and a hot site. It is a facility that already has hardware installed but will fall short of the processing capabilities typically found in a hot site or at the actual business during normal operations due to lack of fully operational computer and equipment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Hot site

A

an offsite location that is equipped to take over the company’s data processing as these locations are not only prewired for use but also include the necessary hardware and office equipment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

SOC 2 Engagement Considerations of Business Continuity Plan testing

A

-was based on relevant and likely scenarios
-was focused on components that can significantly impair the company
-considered scenarios in which key personnel are lacking
-was periodically revised based on test results

16
Q

Business Impact Analysis (BIA)

A

Helps identify and asses risks by identifying business units, departments, and processes that are essential to the survival of an entity

17
Q

High Impact Category

A

-cannot operate without
-high recovery costs
-fail to meet the orgs objectives to maintain its rep

18
Q

Moderate Impact Category

A

-partially function temporarily
-some costs of recovery
-fail to meet the orgs objectives to maintain its rep

19
Q

Low Impact Category

A

-could operate for an extended period of time
-may notice an effect on achieving the orgs objectives or maintaining its rep

20
Q

BIS steps

A
  1. Establish the BIA approach: Define impacts, criteria, timeframes, methodology
  2. Identify critical resources:
  3. Define Disruption Impacts
  4. Estimate Losses
  5. Establish Recovery Priorities
  6. Create BIA report
  7. Implement BIA Recommendations
21
Q

Failure of IT infrastructure

A

Availability of systems may be directly affected by failures in hardware, software, and network applications. These failures can result from:
-out dated infrastructure
-lack of system maintenance
- malware
-physical damage

22
Q

Insufficient Capacity and Resources

A

System availability may be slowed down or disrupted if an organizations IT infrastructure is unable to meet the processing or storage needs of current operational demands

23
Q

Lack of Business Resiliency

A

if resiliency program is insufficient or nonexistent, organizations may lose critical, confidential or private data, recovery slowly or never

24
Q

Metrics for system availability

A

organizations use specific metrics when assessing system availability and risks. When companies use third party service organizations to manage IT operations the service organization must adhere to an agreed service time AST and and a minimal amount of downtime DT specified in a service level agreement SLA

25
Q

Maximum Tolerable Downtime

A

amount of time a business can tolerate an outage without causing long term significant damage

26
Q

Recovery Point Objective

A

maximum threshold for data lost, dollars lost, or inoperability as measured by some metric

27
Q

Recovery Time Objective

A

Max amount of time it should take to restore business operations to a target state

28
Q

Mean Time to Repair

A

Average Length of time it takes to repair

29
Q

Recovery Time Actual

A

The actual time it takes to restore business operations to its target state after a system failure

30
Q

Recovery Point Actual

A

Actual time it takes to recover to a pre event state, or to a target state of operability

31
Q

Full Backups

A

exact copy of entire database. time consuming, most organizations only do full backups weekly and supplement partial backups

32
Q

Incremental backups

A

copying only the data items that have changed since the last backup. Produces a set of incremental backup files, each containing the results of one days transactions

33
Q

The criteria for availability SOC 2 considerations

A

-infrastructure capacity and monitoring
-recovery plans

34
Q

Annualized loss expectancy

A

refers to the cost of a specific loss within a given year. It takes the SLE and multiples it by the ARO

35
Q

Annualized rate of occurrence

A

the projected frequency of occurrences that occur in a given year.

36
Q

Differential

A

copies all changes made since the last full backup. Each new different backup file contains the cumulative effects of all activity since the last full backup

37
Q
A

ISC (18 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions