Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
71 Cards in this Set
- Front
- Back
Business Continuity Planning (BCP) |
The process of implementing policies, controls, |
|
Critical Business Functions |
Processes or systems that must be made operational immediately when an outage occurs.
The business can’t function without them |
|
Two Key Components of BCP |
1. Business Impact Analysis (BIA) 2. Risk Assessment |
|
Business Impact Analysis (BIA) |
Concerned with evaluating the processes.
Focuses on the impact a loss would have on the organization. |
|
Risk Assessment |
Concerned with evaluating the risk or likelihood of a loss. |
|
Identifying Critical Functions |
“What functions are necessary to continue operations until full service can be restored?” |
|
Prioritizing Critical Business Functions |
When business is continued after an event, operations must be prioritized as to essential and nonessential functions. |
|
Calculating a Time Frame for Critical Systems Loss |
How long can the organization survive
This dictates the contingencies that must be |
|
Estimating the Tangible and Intangible Impact on the Organization |
Tangible nature, such as lost production
Intangible losses will also be a factor such as customers lose faith in your service? |
|
Utilities |
Electricity, water, and natural gas are key aspects of business continuity.
Natural disasters and weather considerations. |
|
High Availability |
The process of keeping services and systems operational during an outage.
The goal is to have key services available |
|
Redundancy |
Refers to systems that are either duplicated or that fail over to other systems in the |
|
Fail-over |
The process of reconstructing a system or switching over to other systems when a failure is detected. |
|
Fault Tolerance |
The ability of a system to sustain operations in the event of a component failure.
This capability involves over-engineering systems by adding redundant components and subsystems. |
|
Uninterruptible Power Supply (UPS) |
Allow you to continue to function in the absence of power for only a short duration.
Along with surge protection—UPS should accompany everyserver and workstation. |
|
Redundant Array of Independent Disks |
Technology that uses multiple disks to |
|
RAID Level 0 |
Disk striping.
It uses multiple drives and maps them together as a single physical drive.
Primarily for performance, not for fault tolerance.
If any drive in a RAID 0 array fails, the entire logical drive becomes unusable. |
|
RAID Level 1 |
Disk mirroring.
Provides 100 percent redundancy |
|
RAID Level 3 |
Disk striping with a parity disk.
Implement fault tolerance by using striping (RAID 0) in conjunction with a separate disk that stores parity information.
Common in older systems, and it’s supported by most Unix systems. |
|
Parity Information |
A value based on the value of the data stored in each disk location.
This system ensures that the data can be recovered in the event of a failure. |
|
RAID Level 5 |
Disk striping with parity.
The parity information is spread across all the disks in the array instead of being limited to a |
|
Disaster Recovery |
Ability to recover system operations after a disaster.
A key aspect of disaster-recovery planning is designing a comprehensive backup plan that includes backup storage, procedures, and maintenance. |
|
Backups |
Duplicate copies of key information, ideally stored in a location other than the one where the information is currently stored. |
|
Working Copies |
Shadow copies—are partial or full backups that are kept at the computer center for immediate recovery purposes.
Most recent backups that have been made. |
|
Onsite Storage |
Location on the site of the computer
Storage containers are available that |
|
Offsite Storage |
A location away from the computer center where paper copies and backup media are kept. |
|
Disaster-Recovery Plan |
Helps an organization respond effectively when a disaster occurs.
Disasters may include system failure, network failure, infrastructure failure, and |
|
Database Systems |
Provide the ability to globally back up
Larger-scale database systems |
|
User Files |
Word processing documents, spreadsheets, and other user fi les are extremely valuable to an organization. |
|
Applications |
Word processors, transaction systems, and other programs usually don’t change on a frequent basis. |
|
Full Backup |
A complete, comprehensive backup of all fi les on a disk or server.
A full backup can be a time-consuming process on a large system. |
|
Incremental Backup |
Partial backup that stores only the information |
|
Differential Backup |
Backs up any files that have been altered since the last full backup; it makes duplicate copies of files that haven’t changed since the last differential backup. |
|
3 Models of Backup Plans |
1. Grandfather, Father, Son Method 2. Full Archival Method 3. Backup Server Method |
|
Grandfather, Father, Son Method |
Full backup should occur at regular intervals, such as monthly or weekly.
Most recent backup after the full backup is the son. As newer backups are made, the son becomes the father, and the father, in turn, becomes the grandfather.
This backup is stored in an offsite facility for a period of one year. |
|
Full Archival Method |
All full backups, all incremental backups, and any other backups are permanently kept somewhere.
Any information created on any system is stored forever. |
|
Backup Server Method |
Establishes a server with large amounts |
|
Recovering a System |
This process includes making sure hardware is functioning, restoring or installing the operating systems, restoring or installing applications, and restoring data files. |
|
Backout vs. Backup |
A backout is a reversion from a change that had negative consequences.
Uninstalling service packs, hotfi xes, and patches, they can also include reversing a migration, using previous fi rmware, and so on. |
|
Alternate Sites |
You can lease or purchase a facility |
|
Hot Site |
A location that can provide operations within hours of a failure.
Site would have servers, networks, and telecommunications equipment in place to reestablish service in a short time. |
|
Warm Site |
Provides some of the capabilities of a hot site, but it requires the customer to do more work to become operational. |
|
Cold Site |
A facility that isn’t immediately ready to use.
The organization using it must bring along its equipment and network.
Site provides a place for operations to resume, but it doesn’t provide the infrastructure to support those operations. |
|
Incident Response Policies |
Define how an organization will respond to an incident.
Policies may involve third parties, and they need to be comprehensive. |
|
Incident |
Any attempt to violate a security policy, a successful penetration, a compromise of a system, or any unauthorized access to information. |
|
Incident Response |
Encompasses forensics and refers to the process of identifying, investigating, repairing, documenting, and adjusting procedures to prevent another incident. |
|
Forensics |
The process of identifying what has occurred on a system by examining the data trail.
It involves an analysis of evidence found in computers and on digital storage media. |
|
Incident Response Plan (IRP) |
Outlines what steps are needed and who is responsible for deciding how to handle a situation. |
|
5 Step Incident Response Process |
1. Identifying the Incident 2. Investigating the Incident 3. Repairing the Damage 4. Documenting and Reporting the Response 5. Adjusting Procedures |
|
Identifying The Incident |
When a suspected incident pops up, first responders are those who must ascertain
Escalation, involves consulting policies, consulting appropriate management, and determining how best to conduct an investigation into the incident. |
|
Investigating The Incident |
Involves searching logs, fi les, and any other sources of data about the nature and scope of the incident. |
|
Repairing The Damage |
After a problem has been identified, what steps will you take to restore service?
How to restore access to resources that have been compromised. |
|
Documenting and Reporting The Response |
Document the steps you take to identify, detect, and repair the system or network. |
|
Adjusting Procedures |
After an incident has been successfully managed, it’s a worthwhile step to revisit the procedures and policies in place in your organization to determine what changes, if any, need to be made. |
|
Forensics from the Security+ Perspective |
Act in Order of Volatility Capture System Image Document Network Traffic and Logs Capture Video Record Time Offset Take Hashes Capture Screenshots Talk to Witnesses Track Man Hours and Expenses |
|
Act in Order of Volatility |
When dealing with multiple issues, address them in order of volatility (OOV); always deal with the most volatile first. |
|
Capture System Image |
A system image is a snapshot of what exists. |
|
Document Network Traffic and Logs |
Look at network traffic and logs to see what information you can find there. |
|
Capture Video |
Capture any relevant video you can. |
|
Record Time Offset |
It is quite common for workstation times to be off slightly from actual time, and that can happen with servers as well.
Record the time offset on each affected machine during the investigation. |
|
Take Hashes |
Collect as much data as possible to be able to illustrate the situation, and hashes must not be left out of the equation. |
|
Capture Screenshots |
Capture all relevant screenshots for later analysis. |
|
Talk to Witnesses |
It is important to talk to as many witnesses to what happened as possible and as soon as possible. |
|
Track Man Hours and Expenses |
Track total man-hours and expenses associated with the investigation and be prepared to justify them if necessary to superiors, a court, or insurance agents. |
|
Succession Planning |
Outlines those internal to the organization who have the ability to step into positions when they open. |
|
Reinforcing Vendor Support |
Software vendors and hardware vendors are necessary elements in the process of building |
|
Service-Level Agreements (SLA) |
Is an agreement between you or your company and a service provider, typically a technical support provider.
Stipulate the performance you can expect |
|
Recovery Time Objectives |
The maximum amount of time that a process or service is allowed to be down and the consequences still considered acceptable. |
|
Mean Time Between Failures |
The measure of the anticipated incidence of failure for a system or component.
Anticipated lifetime. |
|
Mean Time to Restore |
How long it takes to repair a system or component once a failure occurs (this is often also referenced as mean time to repair). |
|
Code Escrow Agreements |
Storage and conditions of release of source code provided by a vendor.
Stipulate how source code would be made available to customers in the event of a vendor’s bankruptcy. |