Sec+ 13-15 Communicate Operational Security

Business Continuity

Organization's ability to maintain operations after a disruptive event.

Disaster Recovery Plan (DRP)

Written document detailing process for restoring IT resources following a disruptive event.

Business Impact Analysis (BIA)

Analyzes most important business functions and quantifies impact of their loss.

Single Point of Failure

Component or entity that will disable the entire system if it no longer functions.

Risk Assessment

Determining exposure to threats and assessing the impact if threats are realized.

Vulnerability Assessment

Systematic evaluation of asset exposure to risks and threats.

Disaster Recovery

Subset of business continuity planning focused on protecting and restoring IT functions.

Mean Time Between Failure (MTBF)

Average time until a component fails and must be replaced.

RAID Level 0

Striped disk array without fault tolerance, distributes data across multiple drives.

Recovery Time Objective (RTO)

Length of time it will take to recover backed up data.

Fire Suppression Systems

Methods and technologies used to extinguish or prevent fires.

Environmental Controls

Techniques to prevent disruption caused by environmental factors such as fire.

Incident Response Procedures

Response steps taken when an unauthorized incident occurs.

Chain of Custody

Process of maintaining control and tracking of evidence during an investigation.

Honeypot

A computer protected by minimal security to attract and analyze attacks.

Vulnerability Scanning

Automated process searching for known security weaknesses in systems.

Penetration Testing

Testing conducted to exploit system weaknesses to reveal vulnerabilities.

Security Policy

Document outlining protections to ensure an organization's assets face minimal risks.

Data Backup

Copying information to a different medium and storing it for use in an event of disaster.

Change Management

Methodology for making modifications while tracking changes and mitigating risks.

Privilege Management

Process of assigning and revoking access privileges to systems and data.

Continuous Data Protection (CDP)

Data backup method that allows for immediate restoration of data.

Risk Mitigation

Determining how to deal with risks and establish how much risk can be tolerated.

Critical Business Function

Essential operations necessary for the organization's survival.

Threat Analysis

Identification and evaluation of potential threats to an organization.

Impact Assessment

Process of determining the effects of disruption on business operations.

Resource Requirements

Essential resources needed for recovery after a disaster.

Testing and Maintenance

Regular check-ups and updates on disaster plans to ensure effectiveness.

Emergency Response Plan

Guidelines for responding to emergencies to ensure safety and security.

Supply Chain Risk Management

Strategies to identify and mitigate risks in the supply chain.

Business Continuity Plan (BCP)

A strategy to ensure that critical business functions can continue during a crisis.

Data Loss Prevention (DLP)

Strategies used to prevent data breaches and loss of sensitive information.

Incident Management

Process of managing and responding to incidents to minimize impact.

Business Continuity is the organization's ability to maintain ______________ after a disruptive event.

operations

A Disaster Recovery Plan (DRP) is a ____________ document detailing the process for restoring IT resources following a disruptive event.

written

The process of analyzing the most important business functions and quantifying the impact of their loss is called _____________.

Business Impact Analysis (BIA)

A ______________ Point of Failure is a component or entity that will disable the entire system if it no longer functions.

Single

Risk Assessment involves determining exposure to ____________ and assessing the impact if threats are realized.

threats

A systematic evaluation of asset exposure to risks and threats is referred to as a ______________ Assessment.

Vulnerability

__________ Time Objective (RTO) indicates the length of time it will take to recover backed up data.

Recovery

Example of environmental controls includes methods and technologies used to ___________ or prevent fires.

extinguish

A ____________ plan provides guidelines for responding to emergencies to ensure safety and security.

Emergency Response

Data ___________ is the process of copying information to a different medium to be used in the event of a disaster.

Backup

What is Business Continuity?

The organization's ability to maintain operations after a disruptive event.

What does a Disaster Recovery Plan (DRP) entail?

A written document detailing the process for restoring IT resources following a disruptive event.

What is the purpose of a Business Impact Analysis (BIA)?

To analyze the most important business functions and quantify the impact of their loss.

Define Single Point of Failure.

A component or entity that will disable the entire system if it no longer functions.

What is Risk Assessment?

Determining exposure to threats and assessing the impact if threats are realized.

Describe Vulnerability Assessment.

A systematic evaluation of asset exposure to risks and threats.

What is the focus of Disaster Recovery?

Protecting and restoring IT functions as part of business continuity.

What does Mean Time Between Failure (MTBF) measure?

Average time until a component fails and must be replaced.

What does Recovery Time Objective (RTO) indicate?

The length of time it will take to recover backed up data.

What are Fire Suppression Systems designed for?

To extinguish or prevent fires.