Management of Information Security Notes Chapter 3 -- Planning for Con

tingencies
Study online at https://quizlet.com/_22u0to
_______ planning ensures that critical business functions can
Disaster recovery
continue if a disaster
A ____ activation requires that the first person call designated
people on the roster, who in turn call other designated people, hierarchical
and so on.
A warm site offers many of the advantages of a(n)
hot
________________ site, but at a lower cost.
_______________ is a set of procedures that commence when
Incident Response
an incident is detected.
A(n) alert message is a scripted set of initial instructions used to
True
respond to an incident.
Electronic vaulting involves the transfer of live transactions to an
False
off-site facility.
The process of examining a possible incident and determining
whether it constitutes an actual incident is called incident verifi- False
cation.
Statement of management commitment
Purpose and objectives of the policy
Scope of the policy
Definition of information security incidents
List the key components of a typical IR policy.
Organizational structure and delineation of roles
Prioritization or severity ratings of incidents
Reporting and contact forms
Performance measures
The four components of contingency planning are the
____________________, the incident response plan, the disas- business impact analysis
ter recovery plan, and the business continuity plan.
The ____ plan focuses on the immediate response to an incident. IR
Crisis management entails a set of focused steps that deal pri-
True
marily with the people involved in a disaster.
The ____ team collects information about information systems
and the threats they face, and creates the contingency plans for CP
incident response, disaster recovery, and business continuity.
A(n) ____ shows the estimated cost of the best, worst, and most
attack scenario end case
likely outcomes of an attack.
The ____________________ plan comprises a detailed set of
processes and procedures that anticipate, detect, and mitigate
incident response
the effects of an unexpected event that might compromise infor-
mation resources and assets.
An organization should start documenting an incident after the
False
incident has been contained.
A(n) ____________________ occurs when an attack affects in-
formation resources and/or assets, causing actual damage or incident
other disruptions.
A(n) ____ entails a detailed examination of the events that oc-
after-action review
curred from first detection to final recovery.
The disaster recovery team is responsible for detecting, evaluat-
ing, and responding to disasters, and reestablishing operations at True
the primary business site.
As part of DR plan readiness, each employee should have two
types of ____ information cards in his or her possession at all emergency
times.
business continuity

1/3
 Management of Information Security Notes Chapter 3 -- Planning for Con
tingencies
Study online at https://quizlet.com/_22u0to
The ____________________ team is charged with setting up and
starting off-site operations in the event of an incident or disaster.
A(n) ____________________ is a method of testing contingency
plans in which all involved individuals walk through the steps they structure walk-through
would take during an actual event.
The DRP is usually managed by the ____. IT community of interest
Activities at unexpected times are probable indicators of an actual
True
incident.
The bulk batch-transfer of data to an off-site facility is known as
electronic vaulting
________________.
____ is the storage of duplicate online transaction data, along with
the duplication of the databases at the remote site on a redundant Database shadowing
server.
In CP, an unexpected event is called a(n) ____. incident
The BC Plan is most properly managed by the ____. CEO
A scripted set of instructions about an incident is known as a(n)
alert message
____.
The immediate determination of the scope of the breach of confi-
dentiality, integrity, and availability of information and information incident damage assessment
assets is called ____________________.
A structured walk-through is the simplest kind of validation for
reviewing the perceived feasibility and effectiveness of the con- False
tingency plan.
A ____ is a fully configured computer facility that needs only the
hot site
latest data backups and the personnel to function.
____ is a method of testing contingency plans in which each
involved person works individually to simulate the performance of A simulation
each task.
The presence of hacker tools in a system definitely signals that an
True
incident is in progress or has occurred.
A(n) ____________________ is a document containing contact
information of the individuals to notify in the event of an actual alert roster
incident.
____ is the process of examining a possible incident and deter-
incident classification
mining whether it constitutes an actual incident.
A(n) attack scenario consists of a detailed description of the
False
activities that usually occur during an attack.
Parallel testing is the most rigorous strategy for testing contin-
False
gency plans.
Crisis management is designed to deal primarily with ____. people
The overall process of preparing for unexpected events is called
contingency planning
_________________.
Rapid-onset disasters occur suddenly, and may take the lives of
True
people and destroy the means of production.
Continuous process improvement (CPI) suggests that each time
the organization rehearses its plans, it should learn from the True
process, improve the process, and then rehearse again.
A(n) champion is an executive who supports, promotes, and
True
endorses the findings of the CP project.
A(n) structured walk-through is a method of testing contingency
plans in which each involved person works individually to simulate False
the performance of each task that he or she is responsible for.

2/3
 Management of Information Security Notes Chapter 3 -- Planning for Con
tingencies
Study online at https://quizlet.com/_22u0to
A project manager—possibly a mid level manager or even the
____________________ — leads the project, putting in place a
CISO
sound project planning process, guiding the development of a
complete and useful project, and prudently managing resources.
Disasters that occur suddenly, with little warning, are classified as
rapid-onset
____________________ disasters.
A(n) ____ determines the extent of the breach of confidentiality,
incident damage assestment
integrity, and availability of information and information assets.
Classifying an incident is the responsibility of the IR team. True
A contract between two organizations in which each party agrees
mutual agreement
to assist the other in the event of a disaster is called a ____.
A document that contains contact information on the individuals
alert roster
to be notified in the event of an actual incident is called a(n) ____.

3/3