Answer to Tutorial 7 Information Security

1. Who is ultimately responsible for managing a technology? Who is responsible for enforcing it? Answer: Manager is responsible for managing a technology. Everybody in a supervisory position is responsible for enforcing it. 2. When is IRP used? Answer: An Incident Response Planning (IRP) covers the identication, classication, response to, and recovery from an incident. It should be used when an incident in progress is rst detected by an organization. IRP is more reactive, than proactive, with the exception of the planning that must occur to prepare the IR teams to be ready to react to an incident. 3. When is DRP used? Answer: A disaster recovery plan (DRP) addresses the preparation for and recovery from a disaster, whether natural or man-made. It is used before a disaster, in preparation for the occurrence, and after a disaster to rebuild and recover organizational functionality. 4. When is BCP used? How do you determine when to use IRP, DRP, or BCP plans? Answer: Business Continuity Planning (BCP) will be needed if a disaster has rendered the current location of the business unusable for continued operation. BCP outlines the reestablishment of critical business operations during a disaster that impacts operations at the primary site. An Incident Response Plan is used as soon as an incident in progress has been identied. An attack is identied as an incident if: (a) It is directed against information assets. 1

(b) It has a realistic chance of success. (c) It could threaten the condentiality, integrity, or availability of information resources. A Disaster Recovery Plan (DRP) is used if an incident escalates or is disastrous. It typically focuses on restoring systems at the original site after disasters occur. A Business Continuity Plan (BCP) is used concurrently with the Disaster Recovery Plan when the damage is major or long term, requiring more than simple restoration of information and information resources. 5. What are the ve elements of a business impact analysis? Answer: The ve elements of a business impact analysis are: (a) Threat attack identication (b) Business unit analysis (c) Attack success scenario development (d) Potential damage assessment (e) Subordinate plan classication 6. Describe hot sites. Answer: A hot site is a fully congured computer facility, with all services, communications links, and physical plant operations including heating and air conditioning. Hot sites duplicate computing resources, peripherals, phone systems, applications, and workstations. A hot site can be operational in a matter of minutes, and in some cases may be built to perform a fail-over seamlessly by picking up the processing load from a failing site. The hot site is therefore the most expensive alternative available. 7. Describe warm sites. Answer: A warm site provides many of the same services and options of the hot site. However, it typically does not include the actual applications the company needs, or the applications may not yet be installed and congured. A warm site frequently includes computing equipment and peripherals with servers but not client workstations. A warm site has many of the advantages of a hot site, but at a lower cost. The downside is that it requires hours, if not days, to make a warm site fully functional.

8. Describe cold sites. Answer: A cold site provides only rudimentary services and facilities. No computer hardware or peripherals are provided. All communications services must be installed after the site is occupied. Basically a cold site is an empty room with heating, air conditioning, and electricity. Everything else is an option. Although the obvious disadvantages may preclude its selection, a cold site is better than nothing. The main advantage of cold sites over hot and warm sites is the cost. 9. What is containment and why is it part of the planning process? Answer: Containment is the process of determining what systems have been attacked and removing their ability to attack non-compromised systems. Containment is part of the planning process because the containment of an attack could prevent the attack from escalating into a disaster. It is focused on stopping the incident and recovering control of the systems. 10. What is computer forensics? When are the results of computer forensics used? Answer: Computer forensics is the process of collecting, analyzing and preserving computer-related evidence. This information is used in informal proceedings when dealing with internal administrative, criminal or civil legal proceedings, if the perpetrator is brought to justice.