Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
25 Cards in this Set
- Front
- Back
|
What is:
Business Continuity Planning (BCP) |
The process of implementing policies, controls, and procedures to counteract the effects of losses, outages, or failures of critical business processes. It is primarily a management tool that ensures that critical business can be performed when normal business operations are disrupted.
|
|
|
What are:
Critical Business Functions (CBFs) |
Those processes or systems that must be made operation immediately when an outage occurs. The business can't function without them, and many are information–intensive and require access to both technology and data.
|
|
|
What are:
Working Copies |
Sometimes referred to as shadow copies, these are partial or full backups that are kept at the computer center for immediate recovery purposes. The aren't usually intended to serve as long–term copies.
|
|
|
What is a:
Disaster–Recovery Plan/Scheme |
Helps an organization respond effectively when a disaster occurs such are system failures, network failures, infrastructure failures, or natural disasters. The primary emphasis of such a plan is reestablishing services and minimizing losses.
|
|
|
What is a:
Backup Plan |
Identifies which information is to be stored, how it will be stored, and for what duration it will be stored.
|
|
|
What is a:
Full Backup |
A complete, comprehensive backup of all files on a disk or server.
|
|
|
What is an:
Incremental Backup |
A partial backup that stores only the information that has been changed since the last full or partial backup. This backup only backs up file that have the archive bit turned on.
|
|
|
What is a:
Differential Backup |
A backup that backs up any files that have been altered since the last full backup.
|
|
|
What is the:
Grandfather, Father, Son Method |
A backup method that is based on the philosophy that a full backup should occur at regular intervals. As newer backups are made, the son becomes the father, and the father becomes the grandfather.
|
|
|
What is the:
Full Archival Method |
A backup method that works on the assumption that any information created on any system is stored forever. All backups are kept indefinitely using some form of backup media.
|
|
|
What is the:
Backup Server Method |
A backup method that establishes a server with large amounts of disk space whose sole purpose is to back up data.
|
|
|
What is a:
Backout |
A reversion from a change that had negative consequences.
|
|
|
What is a:
Hot Site |
A location that can provide operations within hours of a failure. This type of site would have servers, networks, and telecommunications equipment in place to reestablish service in a short time.
|
|
|
What is a:
Warm Site |
A site that provides some of the capabilities of a hots site, but it requires the customer to do more work to become operational.
|
|
|
What is a:
Cold Site |
A facility that isn't immediately ready to use. The organization using it must bring along its equipment and network.
|
|
|
What is a:
Computer Security Incident Response Team (CSIRT) |
A formalized, or ad hoc, team that is put together to respond to an incident after it arises.
|
|
|
What is the:
5 Phases of a Typical Incident Response |
Identifying the Incident
Investigating the Incident Repairing the Damage Documenting and Reporting the Response Adjusting Procedures |
|
|
What is an:
Incident Response Plan (IRP) |
Outlines what steps are needed and who is responsible for deciding how to handle a situation.
|
|
|
What is:
Succession Planning |
Outlines those internal to the organization who have the ability to step into positions when they open.
|
|
|
What is:
Code Escrow |
The storage and conditions of a release of source code provided by a vendor. For example it could stipulate how source code would be made available to customers in the event of a vendor's bankruptcy.
|
|
|
What is:
Black Box Penetration Testing |
A penetration test that is performed where the tester has absolutely no knowledge of the system and is function in the same manner as an outside attacker.
|
|
|
What is:
White Box Penetration Testing |
A penetration test that is performed where the tester has significant knowledge of your system. This simulates an attack from an insider.
|
|
|
What is:
Gray Box Penetration Testing |
A penetration test that is performed where the tester has some limited knowledge of the target system.
|
|
|
What is:
Nonintrusive Testing |
Involves passively testing security controls – performing vulnerability scans, probing for weaknesses, but not exploiting them.
|
|
|
What is:
Intrusive Testing |
Involves actually trying to break into the network.
|
