1/24
Flashcards covering disaster recovery definitions, protection steps, DRP implementation, and the 10 steps to secure sensitive organizational information.
Name | Mastery | Learn | Test | Matching | Spaced | Call with Kai | Chat |
|---|
No analytics yet
Send a link to your students to track their progress
What is the primary function of Disaster Recovery methods?
To protect data from natural occurrences (e.g., fire, flood) or human-induced incidents (e.g., hacking, malware, accidents).
According to the lecture, where should a copy of account passwords be kept?
In a safe place such as a safe, a locked firebox, or another secure location.
What are the four online backup service providers mentioned in the transcript?
Carbonite, Barracuda Cloud Storage, CrashPlan, and Mozy.
What method can be used to backup mobile device files by using the device as a removable drive?
Connecting the mobile device to a computer.
What must be ensured during the transfer and storage of mobile device data to prevent unauthorized access?
Encryption should always be used.
What is the purpose of creating a restore point in Windows?
To store information about the computer that can later be used to return Registry settings, system files, and programs to a previous state if a problem occurs.
How is Disaster Recovery (DR) specifically defined in relation to organizational infrastructure?
It focuses on the restoration of IT systems and infrastructure following a disruptive event, including technical solutions like backup systems and failover mechanisms.
What is a Disaster Recovery Plan (DRP)?
A formal document containing detailed instructions on how an organization responds to unplanned incidents such as natural disasters, power outages, and cyber attacks.
What are three key reasons a business needs a tested disaster recovery plan?
To minimize interruptions to normal operations, to limit the extent of damage, and to minimize the economic impact of the interruption.
What is the first typical element in a Disaster Recovery Plan?
Creating a disaster recovery team responsible for developing, implementing, and maintaining the DRP.
In the context of a DRP, what does the organization prioritize when identifying critical applications?
Short-term survivability, such as generating cash flows and revenues, rather than a long-term solution of restoring full functioning capacity.
What is an example of a critical business process that should not be delayed during recovery?
The processing of payroll.
What items should be considered for backup and off-site storage according to the DRP typical elements?
Financial statements, tax returns, employee contact lists, inventory records, vendor listings, and critical supplies like checks and purchase orders.
Why is testing and maintaining the DRP described as a 'continual process'?
Because the risks of disasters and emergencies are always changing, and the plan must accommodate changes in business processes and technology.
Name five examples of common natural disasters listed in the transcript.
Earthquakes, Volcanoes, Tsunamis, Hurricanes, and Floods.
What are the two recommended ways to configure network security for sensitive information?
Configure firewalls to block unauthorized access and segment networks.
What is the goal of User Education and Awareness in securing sensitive information?
To train employees on identifying suspicious activities like phishing and to reduce the risk of human error.
What are two strategies mentioned for Malware Prevention?
Implement anti-virus software and apply security updates and patches regularly.
What policy should be established regarding removable media?
Establish policies and controls for use, including encryption and antivirus scanning, and restrict access to authorized personnel.
What does the 'Secure Configuration' step entail for hardware and software?
Systems should be secure by default, unnecessary services should be disabled, and default accounts and passwords must be removed.
What is the 'Least Privilege' principle in managing user privileges?
Implementing access rights based strictly on a user's job requirements to limit access to sensitive data and systems.
What are the three components of Incident Management?
Developing a response plan, identifying and reporting incidents, and assessing impact to contain damage.
What specific items should be analyzed during continuous monitoring to identify potential threats?
Log files, network traffic, and system performance metrics.
How should home and mobile working environments be secured?
By establishing policies, using secure connections, and encrypting sensitive data.
What is the role of Cybersecurity Governance?
To establish policies, procedures, and controls to manage risks, conduct regular risk assessments, and audit compliance with standards.