Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
160 Cards in this Set
- Front
- Back
|
What are the three types of remote access?
|
Administrative Access, End-User Access, and Limited (General) Access
|
|
|
What are the five end user remote access technologies?
|
POTS, ISDN, Wireless, DSL, Cable
|
|
|
What is the data rate of POTS?
|
Up to 56Kbps
|
|
|
What is the data rate of ISDN?
|
64-128 Kbps
|
|
|
What is the data rate of Wireless?
|
802.11a 6-54Mbps
802.11b 1-11Mbps |
|
|
What is the data rate of DSL?
|
256Kbps to 8Mbps
|
|
|
What is the data rate of Cable Modem?
|
512Kbps to 52Mbps
|
|
|
What is the data rate of Satellite?
|
400Kbps
|
|
|
Give a brief description of a Laptop.
|
small portable computer that is light enough to carry
|
|
|
Give a brief description of a tablet computer.
|
similar to the notebook, but its screen pivots l80 degrees and then folds down on top of the keyboard, creating a writing surface.
|
|
|
Give a brief description of a Portable Electronic device.
|
Consist of small electronic items used for storing, processing, or transmitting information, usually have less central process unit (CPU) storage capacity, memory allocation, and number of interfaces compared to standard desktops or laptops.
|
|
|
Give a brief description of a Personal Digital Assistant.
|
handheld computer that Provides numerous organizational capabilities, such as calendar, address list, to-do list, and notepad.
|
|
|
Give a brief description of a Wireless keyboards and mice.
|
These systems use numerous wireless technologies for transmitting data to the computer, such as WLAN, Bluetooth, and Infrared.
|
|
|
Give a brief description of a Messaging device and pager.
|
A text-messaging device is a simple and quick way to send and receive messages.
|
|
|
Give a brief description of a Blackberry device.
|
is wireless and used for exchanging two-way emails.
|
|
|
What is a VPN?
|
A VPN is a virtual network, built on top of existing physical networks that can provide a secure communications mechanism for data and IP information transmitted between networks.
|
|
|
VPN’s use what two forms of cryptography?
|
symmetric and asymmetric
|
|
|
What are the three VPN architectures?
|
Gateway-to-Gateway Architecture, Host-to-Gateway Architecture, and Host-to-Host Architecture.
|
|
|
Which architecture does not need to perform separate authentication?
|
Gateway - to - Gateway Architecture
|
|
|
Define IPsec.
|
IPSec is a collection of protocols that assist in protecting communications over IP networks.
|
|
|
What are the two encryption modes that IPSec uses?
|
transport and tunnel
|
|
|
Explain the three primary components of IPsec.
|
Authentication Header (AH), Encapsulating Security Payload (ESP), Internet Key Exchange (IKE)
|
|
|
Explain Authentication Header (AH).
|
Provides integrity protection for packet headers and data, as well as user authentication.
|
|
|
Explain Encapsulating Security Payload (ESP).
|
performs authentication to provide integrity protection, although not for the outermost IP header.
|
|
|
Explain Internet Key Exchange (IKE).
|
an automated protocol to negotiate, create, and manage security associations between two computers.
|
|
|
What are the AH modes?
|
Transport and Tunnel
|
|
|
What are the two ESP modes?
|
Transport and Tunnel
|
|
|
How many phases are in IKE?
|
IKE SAs are established in two phases.
|
|
|
How many modes are in phase one of IKE?
|
Phase 1 uses one of two modes: Main mode or Aggressive mode.
|
|
|
How many modes are in phase two of IKE?
|
Phase 2 has only one mode: Quick Mode
|
|
|
What is a Contingency Plan?
|
Consists of a comprehensive statement of all the actions to be taken before, during, and after a disaster or emergency condition, along with documented and tested procedures.
|
|
|
Define Risk Management.
|
The discipline of identifying and measuring security risks associated with an Information System (IS), and controlling and reducing those risks to an acceptable level.
|
|
|
What are the three processes in Risk Management?
|
Risk assessment, Risk mitigation, and Evaluation and continual assessment.
|
|
|
What are the six steps with Risk Assessment based on the NIST SP 800-30?
|
Step 1 – System Characterization
Step 2 – Threat Identification Step 3 – Vulnerability Identification Step 4 – Risk Analysis Step 5 – Control Recommendations Step 6 – Results Documentation |
|
|
The level of effort of the risk assessment is based on what?
|
FIPS 199
|
|
|
What are the three common threat sources?
|
Natural threats, Human threats, Environmental threats
|
|
|
Define vulnerability.
|
A flaw or weakness in system security procedures, design, implementation, or internal controls that could be exploited and result in a security breach or a violation of the system’s security policy.
|
|
|
What should a proper overall impact analysis consider?
|
Impact to the systems, data, and the organization’s mission. Additionally, this analysis should also consider the criticality and sensitivity of the system and its data.
|
|
|
What is the goal of the control recommendations step?
|
To reduce the level of risk to the information system and its data to a level the organization deems acceptable
|
|
|
What is the risk assessment report?
|
the mechanism used to formally report the results of all risk assessment activities.
|
|
|
Who signs the statement accepting residual risk?
|
The DAA.
|
|
|
Who approves low risk software?
|
The ISSPM/ISSM.
|
|
|
Who approves high risk software?
|
The respective DAA.
|
|
|
What are some types of unauthorized software?
|
Games, Public domain software or “shareware” which have been obtained from unofficial channels, all applications that have been developed outside Government approved facilities, such as those developed on personally owned computers at home or software acquired via non-U.S. Government “bulletin boards,” personally owned software (either purchased or gratuitously acquired), software purchased using employee funds (from an activity such as a coffee fund), Software from unknown sources, illegally copied software in violation of copyright rules, and music and video or multimedia compact disks not procured through official Government channels.
|
|
|
What should be conducted that is part of the certification and accreditation process.
|
A solution security analysis.
|
|
|
Explain high to low data transfers.
|
High to low data transfer is the use of media to transfer information from a higher classified system to a lower classified system. A local SOP must be written to outline the steps to protect the media and systems involved when transferring data. Approved procedures, use new media, write protect the media, and conduct a human review, scan for viruses, and mark media with classification.
|
|
|
Explain low to high data transfers.
|
Low to high data transfer is the the use of media to transfer information from a lower classified system, including unclassified, to a higher classified system. A local SOP must be written to outline the steps to protect the media and systems involved when transferring data. Media must be new, scan for virus, load media, write protect the media.
|
|
|
Describe reliable human review of data.
|
Perform a reliable human review of 100% of the information as stored on the media to verify its classification level and that classified information was not accidentally appended to the transferred data.
|
|
|
labeling all removable storage media and devices, what were the series of classification and descriptor labels.
|
SF 700 series
|
|
|
What classification label is SF 706?
|
Top Secret
|
|
|
What classification label is SF 707?
|
Secret Label
|
|
|
What classification label is SF 708?
|
Confidential Label
|
|
|
What classification label is SF 710?
|
Unclassified Label
|
|
|
What classification label is SF 711?
|
Data Descriptor
|
|
|
What classification label is SF 712?
|
Classified SCI Label
|
|
|
Who is responsible for the security of all IS’s and media assigned to the organization and under his/her purview?
|
The ISSM/IAM.
|
|
|
Define Clearing.
|
the process of removing information from the system or media to facilitate continued use and to preclude the IS from recovering previously stored data.
|
|
|
Define Sanitizing/Purging.
|
the process of removing information from the media or equipment such that data recovery using any known technique or analysis is prevented.
|
|
|
Define Destruction.
|
the process of physically damaging media so that it is not usable and there is no known method of retrieving the data.
|
|
|
Define Declassification.
|
an administrative process used to determine whether media no longer requires protection as classified information.
|
|
|
Define Overwriting.
|
a software process that replaces the data previously stored on magnetic storage media with a predetermined set of meaningless data.
|
|
|
Define Degaussing.
|
a procedure that reduces the magnetic flux on media virtually to zero by applying a reverse magnetizing field.
|
|
|
What needs to be done after buying a new degausser?
|
the gaining organization must establish a SOP explaining how it will be used.
|
|
|
T/F: Hard disk are expendable items and not authorized to be reclassified to a lower classification and reused outside of the operational community.
|
TRUE
|
|
|
What is the difference between volatile and non-volatile memory?
|
Memory components that do not retain data after removal of all electrical power sources, and when re-inserted into a similarly configured system, are considered volatile memory components. Components that do retain data when all power sources are discontinued are nonvolatile memory components.
|
|
|
Define volatile memory.
|
Memory components that do not retain data after removal of all electrical power sources, and when re-inserted into a similarly configured system
|
|
|
Define non-volatile memory.
|
Components that do retain data when all power sources are discontinued are nonvolatile memory components.
|
|
|
What are some examples of minor and accidental incidents that can be handled administratively in the unit?
|
A one time brief web site visit containing inappropriate content or inappropriate,or vulgar usage of mission systems chat features, or game playing.
|
|
|
Define:
Compromise |
the compromise or probable compromise of classified information resulting from the loss of control, improper storage, improper classification, or improper escorting of media, computer equipment (with memory), computer generated output, human error in reviewing media for content and classification resulting in compromise, and incorrect setting of a security filter resulting in compromise.
|
|
|
Define:
Spillage |
- information of a higher classification or restrictive in nature is intentionally or inadvertently placed on machines or networks of lower classification or less restrictive policy.
|
|
|
Incidents in progress are classified at a minimum of what?
|
CONFIDENTIAL
|
|
|
Privilege users may use LAN analyzers or sniffers to monitor traffic if what conditions are in place?
|
a. Reasonable notice has been provided to all users by display of the warning banners.
b. The base or post has been certified for monitoring by the Service General Counsel (if required by the appropriate Service). c. The sniffer or monitor does not intercept any traffic from outside the military base or post. d. The privileged user has approval from the ISSM/ISSPM to monitor in the normal course of his or her duties except this monitoring is only permitted for service or mechanical quality control checks. |
|
|
In reference to audit trails the audit data should include what?
|
1. The date
2. Identification of the user 3. Time the user logs on and off the system 4. Function(s) performed |
|
|
If automated audit trails are not supported the ISSM/SA must obtain approval from who?
|
The ISSPM/SCO
|
|
|
Audit trail records are kept for how long?
|
Retain Audit Trail records for five years.
|
|
|
Who may grant TEMPEST site accreditation for electronic processing of SCI?
|
Certified Tempest Technical Authority (CTTA)
|
|
|
What’s the purpose of configuration management?
|
to manage the effects of changes or differences in configurations on an information system or network.
|
|
|
Who is responsible for setting forth policies concerning CM and implementing CM at the highest level for the organization?
|
Chief Information Officer (CIO)
|
|
|
What are the five steps of configuration management?
|
Step 1: Identify Change, Step 2: Evaluate Change Request, Step 3: Implementation Decision, Step 4: Implement Approved Change Request, and Step 5: Continuous Monitoring.
|
|
|
Define:
IAVA. |
An IAVA addresses severe network vulnerabilities, resulting in immediate and potentially severe threats to DoD systems and information. Corrective action is of the highest priority due to the severity of the vulnerability risk.
|
|
|
Define IAVB.
|
An Information Assurance Vulnerability Bulletin (IAVB) addresses new vulnerabilities that do not pose an immediate risk to DoD systems, but are significant enough that noncompliance with the corrective action could escalate the risk.
|
|
|
Define TA.
|
A Technical Advisory (TA) addresses new vulnerabilities that are generally categorized as low risk to DoD systems.
|
|
|
Who ensures individual and organizational accountability for implementing the IAVM program and protecting information systems?
|
Combatant commands, Services and agencies (CC/S/As)
|
|
|
A typical system lifecycle includes the following activities and explain their purposes.
|
1. Initiation – The system is described in terms of its purpose, mission, and configuration.
2. Development and Acquisition – The system is possibly contracted and constructed according to documented procedures and requirements. 3. Implementation and Installation – The system is installed and integrated with other applications, usually on a network. 4. Operational and Maintenance – The system is operated and maintained according to its mission requirements. 5. Disposal – The system’s lifecycle is complete and it is deactivated and removed from the network and active use |
|
|
What is the objective of the ST&E?
|
to uncover design, implementation and operational flaws that could allow the violation of security policy, determine the adequacy of security mechanisms, assurances and other properties to enforce the security policy, and assess the degree of consistency between the system documentation and its implementation.
|
|
|
The operational stage is subdivided into how many stages? What are they?
|
The Operational Stage is subdivided into two stages, including a Maintenance Stage in which the system may be temporarily off-line due to a system upgrade, configuration change, or an attack. During the Operational Stage, periodic operational testing is conducted. During the Maintenance Stage, ST&E testing may need to be conducted just as it was during the Implementation Stage.
|
|
|
What are some security testing techniques?
|
1. Network Scanning
2. Vulnerability Scanning 3. Password Cracking 4. Log Review 5. Integrity Checkers 6. Virus Detection 7. War Dialing 8. War Driving (802.ll or wireless LAN testing) 9. Penetration Testing |
|
|
Define:
Critical Infrastructure |
any asset that the incapacitation or destruction of which would have a negative impact on the IS.
|
|
|
Define Evaluation Assurance Level.
|
provides a convenient reference for the amount of analysis and testing performed on a product.
|
|
|
Define Certification.
|
the validation that the protection measures are implemented and are functioning properly.
|
|
|
Define Accreditation
|
the approval for the system to process classified information
|
|
|
How long can an Interim approval to operate (IATO) be granted?
|
Interim approval to operate may be granted for up to 180 with an option to extend it for an additional 180 days.
|
|
|
How often does a IS need to be reaccredited?
|
Each IS is re-evaluated for reaccreditation every 3 years or when major system changes occur.
|
|
|
Define DAC
|
Discretionary Access Control, or DAC, takes place when the owner of an object such as a process, file or folder manages access control at Navy personnel discretion.
|
|
|
Define MAC
|
Media Access Control, Authorization or clearance to access a level of data.
|
|
|
Define RBAC.
|
Role-based Access Control, referred to as RBAC, is access based on the role a user plays in the organization.
|
|
|
Define INFOCON Level ALPHA
|
Commands will increase intelligence watch and strengthen security measures of DoD information systems and networks. Increased risk of attack/activities will look out for malicious activities that are detected or suspected.
|
|
|
Define INFOCON Level BRAVO
|
further increase in CND force readiness. Specific risk of attack/significant level of network probes/some network penetration or DoS has been attempted.
|
|
|
Define INFOCON Level CHARLIE
|
promotes further increases in CND force readiness but less than maximum. Limited attacks with minimal success which are successfully counteracted.
|
|
|
Define INFOCON Level DELTA.
|
maximum CND force readiness. General attack initiated w/widespread incidents designed to undermine the mission/significant risk of mission failure.
|
|
|
Who will recommend changes in DoD INFOCON to Commander United States Strategic Command (CDRUSSTRATCOM)?
|
JTF-GNO
|
|
|
When preparing for outages where should preventive controls be documented?
|
Preventive controls should be documented in the Contingency Plan.
|
|
|
Define:
Cold Site |
A Cold Site typically consists of a facility with adequate space and infrastructure to support the IT system.
|
|
|
Define:
Hot Site |
Hot Sites are office spaces appropriately sized to support system requirements and configured with the necessary system hardware, supporting infrastructure, and support personnel.
|
|
|
Define:
Warm Site |
Warm Sites are partially equipped office spaces that contain some or all of the system hardware, software, telecommunications, and power sources.
|
|
|
Define Mobile Sites
|
Mobile Sites are self-contained, transportable shells custom-fitted with specific telecommunications and IT equipment necessary to meet system requirements.
|
|
|
Define Mirrored Sites
|
Mirrored Sites are fully redundant facilities with full, real-time information mirroring. They are identical to the primary site in all technical respects.
|
|
|
What incidents require a report to NCIS?
|
Incidents that require a report to NCIS involve suspected criminal activity such as information system trespass, theft, unauthorized alteration of official data, data destruction and espionage.
|
|
|
Define:
Technical vulnerability |
A hardware, firmware or software weakness or design deficiency that leaves an IS open to potential exploitation.
|
|
|
Define Administrative vulnerability.
|
A security weakness caused by incorrect or inadequate implementation of a system's existing security features.
|
|
|
What is a Computer Security Incident?
|
An attempt to exploit a security system such that the actual or potential adverse effects may involve fraud, waste or abuse; compromise of information; loss or damage of property and information.
|
|
|
What is a IS Security Incident?
|
An unexpected behavior by an IS that yields abnormal results. An unexpected output or misrouting of data, unauthorized use or access, unexplained outages, denial of service, loss of accountability or the presence of a virus are some examples.
|
|
|
What is a Security Violation?
|
a failure to comply with the policies and procedures established which could reasonably result in the loss or compromise of classified information.
|
|
|
List some examples of the way to protect your workstations.
|
Always install virus-scanning software and keep virus definition files up to date. Monitor your system logs for errors. Configure logging or auditing for critical system resources and data. Limit access to workstations to a specific user or set of users. Control access to local and shared resources. Remove unnecessary applications and services. Configure automated or centralized backup systems. Ensure the latest operating system and application security fixes are applied and kept current. Network monitoring systems and some intrusion detection systems can help you monitor the workstations on your network. You should monitor system logs for error messages about file system changes, permission changes, services that no longer start, or other system modifications and critical error messages.
|
|
|
List some examples of the way to protect your servers.
|
Physically secure servers in a locked room. Prevent users from logging on interactively at the console. Carefully control and monitor access to resources, such as the file system, shared data, and printers. Carefully control and monitor access to all services. Additional services such as user databases, account directory services, web services, and other services provided by servers should be logged. Track service access errors, failures of services to load, and any changes in running services, either additional services or services that are disabled or stopped. Frequent backups of server configurations, shared data, and service data are critical to protecting your server. Be sure to test backups by actually restoring data to an alternate location to be sure that your backups are working. Also, you should keep your backup media physically secure. Password protect backup media, encrypt it, and store it in fireproof safes if possible. Finally, you must also be sure to monitor access and availability of the resources the server provides.
|
|
|
What factors determine the protection level of an information system?
|
Clearance levels, formal access approvals, and the need-to-know basis of users.
|
|
|
Define:
Operation Security (OPSEC) |
a process that has a purpose of denying information to potential adversaries.
|
|
|
What is the objective of ST&E?
|
to review the technical and non-technical performance of the information security design.
|
|
|
Who has the responsibility to ensure the commands Certification and Accreditation is completed?
|
The IAM.
|
|
|
What is a clipping level and what happens when it is exceeded?
|
A clipping level is a baseline of user activity that is considered a routine level of user errors. When a clipping level is exceeded, a violation record is produced.
|
|
|
What automated tool can be used by applications to look for evidence of data tampering?
|
Integrity verification programs can be used by applications to look for evidence of data tampering, errors and omissions.
|
|
|
Describe:
Detection |
the foundation for the ability to respond to and report information system incidents
|
|
|
Define Containment.
|
involves limiting the scope and magnitude of an incident.
|
|
|
Define Eradication.
|
Eradication entails removing the cause of the incident.
|
|
|
What type of incidents are reported to NIOC?
|
Those that may have actual or potentially adverse affects on Department of the Navy or DoN activities. These incidents include malicious logic detection and response, and technical vulnerabilities that may be exploited at DoN sites.
|
|
|
Define Electronic Communications and Privacy Act.
|
states that in most cases electronic communications cannot be disclosed except under court order.
|
|
|
Define Computer Fraud and Abuse Act of 1986
|
known as CFAA, this act defines all types of computer crimes, like transmitting malicious code and accessing a computer without authorization. It also defines the penalties that each crime carries.
|
|
|
Define Computer Security Act of 1987 (Public Law 100-235).
|
mandated the establishment of security standards and security plans for DoD IS. This act also mandated periodic security training for personnel who manage, use, or operate DoD IS.
|
|
|
Define Economic Espionage Act of 1996
|
another important law that protects intellectual property by criminalizing the theft of trade secrets.
|
|
|
Define Digital Millennium Copyright Act
|
referred to as DMCA, also protects intellectual property and copyrighted material. It defines unlawful activity, and the penalties for such activity, relating to copyrighted work.
|
|
|
Define USA Patriot Act
|
most recent and widest ranging law that governs the use of DoD IS. This act revised and amended many laws relating to IA. The USA Patriot Act loosens the requirements for the disclosure of electronic communications. It also enables government personnel to more easily perform surveillance and share intercepted communications.
|
|
|
Define DoDD 8570.1
|
mandates the IA training, certification, and workforce program required for all authorized users of DoD IS.
|
|
|
Describe the Purpose of Monitoring
|
Monitoring uses mechanisms, tools and techniques that identify security events that could impact the operations of a computer facility.
|
|
|
Who may authorize targeted monitoring?
|
Authorization for targeted monitoring must come through the Commander or Commanding Officer in consultation with legal representation by the Judge Advocate General (JAG) General
|
|
|
Define purpose of the DoD Instruction 8500.2.
|
Implements policy, assigns responsibilities, and prescribes procedures for applying integrated, layered protection of the DOD information systems and networks.
|
|
|
Objective of Penetration testing
|
to assess the system's ability to withstand intentional attempts to circumvent security features through exploitation of the technical security vulnerabilities.
|
|
|
Define TEMPEST.
|
A U.S. government codename for a set of standards, for limiting electric or electromagnetic radiation emanations from electronic equipment such as microchips, monitors or printers. It is a counter-intelligence measure aimed at the prevention of radiation espionage.
|
|
|
You discover a vulnerability within your network, who do you notify to begin the research and the IAVA process?
|
Defense Information Systems Agency, or DISA
|
|
|
Define responsibilities for the Assistant Secretary of Defense
|
has overall responsibility for the implementation of the IAVM program policy and procedures across all combatant command, services, and agencies.
|
|
|
Define responsibilities for the Director, Command, Control, Communications and Computer Systems and Joint Staff
|
develop joint IAVM program policy and guidance.
|
|
|
Define responsibilities for the Command, US Strategic Command
|
maintains overall responsibility for IAVM program execution. The Commander also reports IAVM significant compliance issues concerning DoD organizations or incidents to the Chairman Joint Chiefs of Staff and the Secretary of Defense.
|
|
|
Define responsibilities for the Director of DISA
|
implements and maintains an IAVA compliance and status tracking system to maintain IAVM program compliance statistics throughout the DoD.
|
|
|
Define responsibilities for the Combatant Command, Services and Agencies
|
It is their responsibility to implement an IAVM program that provides responsive and effective vulnerability management.
|
|
|
What is the web-based DoD application that is used to assist DISA in managing its internal implementation of the IAVA process?
|
The Vulnerability Compliance Tracking System is a web-based DoD application that is used to assist DISA in managing its internal implementation of the IAVA process.
|
|
|
The Vulnerability Compliance Tracking System is a web-based DoD application that is used to assist DISA in managing its internal implementation of the IAVA process.
|
Intrusions, attempted intrusions, probes, denial of services attacks, and malicious logic infections.
|
|
|
What is NCIS responsibilities?
|
Criminal investigation is the responsibility of the Naval Criminal Investigative Service, or NCIS. The NCIS investigates criminal activity and provides counterintelligence support to the DoN.
|
|
|
What is an Incident Response Plan?
|
Addresses the detection, response, and reporting requirements applicable to each information system.
|
|
|
Who did DoD task to develop and provide security configuration guidance for IA and IA-enabled IT products?
|
The DoD tasks the Defense Information Systems Agency, or DISA, to develop and provide security configuration guidance for IA and IA-enabled IT products in coordination with the Director of the National Security Agency, or NSA.
|
|
|
Define Contingency plan:
|
Provides procedures and capabilities for recovering a major application or general support system.
|
|
|
When is training most effective?
|
Training is most effective when targeted to a specific audience.
|
|
|
What are the two types of audiences for training?
|
General users and those who require specialized or advanced skills.
|
|
|
What are the four phases of the incident response process?
|
Preparation, detection and analysis, containment or eradication or recovery, and post-incident activity.
|
|
|
What should be done when reviewing incident data?
|
When reviewing incident data, it is important to review security logs, internal and external policies, and to report all threats to the Information Assurance Officer, or IAO.
|
|
|
What is an example of effectively using collected incident report data?
|
Data on the total number of hours the incident response team has dedicated to incident response activities and its cost over a particular period of time may be used to justify additional funding for the incident response team.
|
|
|
Give some examples of a disaster you need to prepare for.
|
Power outage, hardware failure, vandalism, fire, or natural disaster.
|
|
|
How often should your procedures for document restoration be tested?
|
Procedures for document restoration must be developed and tested periodically, at least annually, to ensure information systems security controls function reliably or, in the event of their failure, that adequate backup restoration functions are in place.
|
|
|
Who must ensure that all critical systems are identified and that contingency planning, disaster recovery plans and continuity of operations plans exist?
|
The ISSM (Information Systems Security Program Manager)
|
|
|
What is the first step in implement a restoration plan?
|
Conduct a risk assessment of the system
|
|
|
What are the responsibilities of the ISSM to management in regards to the contingency plan?
|
The ISSM should ensure that management realizes some services may not be provided or otherwise available during an emergency. It is necessary to obtain management agreement on the assumptions on which the plan is based, including the dependence on other organizations for assistance. The ISSM must also communicate to management the existence of a plan and obtain approval of the plan.
|
|
|
How are the changes to the contingency plan indicated in documentation?
|
Entries to the contingency plan should include the change number, date pages changed or deleted, name inserted of person posting change, when posted, plan distribution, and other information as local conditions warrant.
|
