Term
|
Definition
Protection of Medical Records in transit and or stored |
|
|
Term
Gramm-Leach Bliley Act (GLB) |
|
Definition
Restricts what banks can use of your PII |
|
|
Term
Children Online Protection Act |
|
Definition
Under 13 (Preteen), Facebook |
|
|
Term
Familey Education Privacy act |
|
Definition
No release of transcripts students |
|
|
Term
|
Definition
Regulation for GOVERNANCE of Information Security |
|
|
Term
|
Definition
|
|
Term
|
Definition
Sarbanes Oxley Act, passed to prevent false reporting of financial data. Publicly trading Company |
|
|
Term
|
Definition
Adopts Management process ongoing testing of controls |
|
|
Term
|
Definition
Measure twice and cut once it's in reverse alphabetical order |
|
|
Term
Payment Card Industry (PCI DSS) Data Security Standard |
|
Definition
Not a US Law, Anything it touches should be in compliance. Everything under the merchants control |
|
|
Term
How to maintain a vulerablity management program |
|
Definition
Use and regularly update anti-virus software program |
|
|
Term
PCI-DSS stuff that business can't collect and keep as it prertains to credit card transactions |
|
Definition
Full track data CVC Pin number PIN number (Card |
|
|
Term
|
Definition
|
|
Term
|
Definition
Proper preparation (Planning) |
|
|
Term
|
Definition
Duty , Breach of Duty, Causation, Damages |
|
|
Term
|
Definition
|
|
Term
Breach of Contract (Contract Law) |
|
Definition
|
|
Term
|
Definition
Preponderance of Evidence (51/49%) |
|
|
Term
|
Definition
Clear and Convincing (75/25%) |
|
|
Term
|
Definition
Beyond reasonable doubt (95/100%) |
|
|
Term
|
Definition
Compliance levels (pin testing/vul testing) KPI (Key performance Indicator) KGI (Key Goal Indicator) |
|
|
Term
KPI (Key Performance Indicator) |
|
Definition
|
|
Term
|
Definition
|
|
Term
Best way to stop a data breach |
|
Definition
Limit the amount of PIIor DATA received |
|
|
Term
|
Definition
Anything you can use to identity someone |
|
|
Term
OECD (Organization Economical Fair Information Practice |
|
Definition
Trans border data flow of PII |
|
|
Term
|
Definition
Not businesses only Cititizens |
|
|
Term
|
Definition
Businesses expectations for Privacy |
|
|
Term
|
Definition
How the business deals with your private information |
|
|
Term
Breach of Data Reportable |
|
Definition
Management will report or not (was it actally breached) |
|
|
Term
|
Definition
first sale (allowed to sale what you bought) Fair use (Non profit/educational use only) |
|
|
Term
|
Definition
don't register, last for a lifetime |
|
|
Term
|
Definition
focused on commercial rentals, who they can rent to |
|
|
Term
DRM (Digital Rights Management) |
|
Definition
Protects digital content (Data in Use) |
|
|
Term
Control (Data in Use) Benifet |
|
Definition
prevents the user from printing document |
|
|
Term
|
Definition
For countries who don't allow data encyrption. encryption for personal use only not companys |
|
|
Term
|
Definition
Permits US based org to cerifty themselves properly handling of european peoples pii. |
|
|
Term
ISC2 Code of Ethics Canons |
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
Policies, standards, procedures, guidlines |
|
|
Term
|
Definition
|
|
Term
|
Definition
Step by steps instructions in a given situation |
|
|
Term
|
Definition
|
|
Term
|
Definition
Must be followed, binding mandatory |
|
|
Term
|
Definition
|
|
Term
|
Definition
non-binding, recommendations only, not mandatory |
|
|
Term
Documentation v/s Non-documentation |
|
Definition
|
|
Term
|
Definition
transfer/SLA's accept/ migitgate/Controls avoid/get |
|
|
Term
Memorandum of Understanding/MOU |
|
Definition
Used to support SLA/ISA and Not binding |
|
|
Term
|
Definition
Interconnection security agreement/binding Service Level Agreement/binding |
|
|
Term
|
Definition
Onsite assessment Document Review Process/Policy Review |
|
|
Term
Someone in a police uniform |
|
Definition
|
|
Term
|
Definition
Sniffing and taking it offline to analyze, not replaying |
|
|
Term
|
Definition
Sniffing and Replaying (credentials involved) |
|
|
Term
|
Definition
Criminal Hacker (BLack Hat) for personal gain |
|
|
Term
|
Definition
Unskilled attacker using hacking tools (scripts) created by others |
|
|
Term
|
Definition
blackhat hacker for political reasons |
|
|
Term
|
Definition
skilled hackers security research without permission no malichous intent |
|
|
Term
Advanced Persistant Threat APT (mole) |
|
Definition
foothold and wait, foreign gov |
|
|
Term
|
Definition
Identify threats, events and vulnerablitlity |
|
|
Term
|
Definition
Management needs monetary value to make decision |
|
|
Term
First step in Qualitiative or Quanitative Risk Analysis |
|
Definition
|
|
Term
|
Definition
Asset value X Exp Factor(%loss if event occurred) |
|
|
Term
Annualized Loss Expectancey |
|
Definition
|
|
Term
Low Risk Impact Moderate Hight |
|
Definition
Limited Serious Sever/Catastrophic |
|
|
Term
|
Definition
risk after countermeasures or safeguards |
|
|
Term
|
Definition
|
|
Term
|
Definition
chooses not to impliment risk based on total dollar/risk |
|
|
Term
Appropriate Response to Risk (Management) |
|
Definition
Mitigate-Reduce/control risk Accept Risk-live with it Risk Transferance-SLE or Insurance Avoidance-Change the activety that causes risk |
|
|
Term
|
Definition
Categorize Select Implement Assess Authorized Monitor |
|
|
Term
Four Common Control Types |
|
Definition
|
|
Term
|
Definition
Prioritize Identified Risk |
|
|
Term
STRIDE threat modeling stands for. |
|
Definition
Spoofing, Tampering, Repudiation, Information Disclosure (stuff left in code), Denial of Service, Elevation of Privelage |
|
|
Term
bUSINESS iMPACT analysis Steps |
|
Definition
Dermine Mission/Business processes that are critical Identify Resource Requirements Identify recovery priorities for systems |
|
|
Term
|
Definition
Based on internal standards |
|
|
Term
|
Definition
meets predetermined external policies |
|
|
Term
Applications whitelisting trans |
|
Definition
|
|
Term
protect solid state drives from |
|
Definition
|
|
Term
Magnetic Media destroy data |
|
Definition
|
|
Term
what is a way to erase data in cloud envir |
|
Definition
encrypt it and throw away the key |
|
|
Term
|
Definition
same key (1 key) for encrypt and decrpt AES (any algorith with a S in name or abbreviation) (Robert exception) R starts not symetric |
|
|
Term
|
Definition
A means NOT one key two keys, public and private.
ECC, GMAL, RSA, DIFF Helman Public key is only for encrypting |
|
|
Term
AES comes in 3 sizes for the KEY |
|
Definition
128, 192, 256. Block sized 128 bits |
|
|
Term
What is an advantage to Link encryption? |
|
Definition
encrypts All data along a route |
|
|
Term
|
Definition
Email security self authentication users create there own. built on own Web of trust not CA |
|
|
Term
|
Definition
|
|
Term
|
Definition
MD5 (128bits), SHA1 (160 bits) Can't de-hash something. Signature. reflexts what's actually in the message. |
|
|
Term
|
Definition
pre-computed list of pre-hashed passwords |
|
|
Term
|
Definition
adding a random varible to hash to change the hash |
|
|
Term
|
Definition
23 people in a room greater than 50% chance that they have the same birthday. |
|
|
Term
RSA ECC El-GAmal, Diffied Hellman (Asymetrical Encyrption |
|
Definition
|
|
Term
Symetric Keys use what type |
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
Triple DES is more powerful then DES |
|
Definition
Yes 3 keys (3Rounds of Encyrption/Decryption) |
|
|
Term
Meet in the Middle (Triple DES) |
|
Definition
Only talks about triple des 1st and 3rd keys are sniffed |
|
|
Term
|
Definition
Obsolete/broken symmetric Algorithm |
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
Blocks (AES 128bit size), |
|
|
Term
|
Definition
|
|
Term
How many keys are in Asymetric Encrypted |
|
Definition
Public key is used for encrypting, private key used for decrypting |
|
|
Term
HTTPS standard uses RSA Assmetric encryption |
|
Definition
PKI uses RSA encyrption for certificates |
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
taking a asymetric key and exchanging a symeteric key |
|
|
Term
Online certificates S protocol |
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
more randomness of numbers |
|
|
Term
|
Definition
standard format for certificates |
|
|
Term
|
Definition
|
|
Term
|
Definition
Public Outside sell/issue (verisign), Private make your own, not valid online |
|
|
Term
what goes in the Certificate Revocation List (suspended/revoked only) |
|
Definition
Certificate Serial Number |
|
|
Term
|
Definition
hack CRL list and paste user cert serial number in it. |
|
|
Term
|
Definition
1/3rd of key given out (split knowledge) |
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
IPSEC made of 2 protocols |
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
a way to send info from one location to another in secret |
|
|
Term
|
Definition
|
|
Term
sending data using IPSEC privately on your own network uses which mode |
|
Definition
|
|
Term
Sending data over internet using IPSEC uses what mode |
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
Hashed whole header with packet |
|
|
Term
|
Definition
|
|
Term
encrypting for IPSEC (ESP) |
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
exchange session key (setup secure channel) |
|
|
Term
|
Definition
|
|
Term
what a key exhange for IPSEC |
|
Definition
|
|
Term
|
Definition
photons to do key exchange, only for key exchange (diffie hellman |
|
|
Term
|
Definition
|
|
Term
|
Definition
TELNET/ SSH (Encryption on Layer 7) |
|
|
Term
ESP encyrption is on what layer |
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
RDP (Remote Desktop Protocol) |
|
|
Term
|
Definition
always successful but not quick, youll die before it happens |
|
|
Term
|
Definition
attacker captures cypher text only |
|
|
Term
|
Definition
|
|
Term
RC4 is bit not block cypher |
|
Definition
|
|
Term
|
Definition
Digest is another name for HASH |
|
|
Term
Message authentication without Asymmetric encryption |
|
Definition
Message Authenication Code (MAC/HMAC) |
|
|
Term
Is there integrety in encryption |
|
Definition
|
|
Term
Verification means it meets specifications |
|
Definition
|
|
Term
Validation means it solves a real world problem |
|
Definition
|
|
Term
What are the phases of Systems engineer process lifecycle |
|
Definition
Concept of Op, req and Artch, Det Design, Implement, Integrate test verification, System verifcation and validation, Op and Maint |
|
|
Term
Framework for Enterprise Security Architechure |
|
Definition
|
|
Term
Place security from the beginning |
|
Definition
|
|
Term
|
Definition
|
|
Term
Lattis based security Model |
|
Definition
Deals with Mandatory Access Control (MAC) |
|
|
Term
Matrix Models Rows are Capability Table, |
|
Definition
Matrix Columns are Objects |
|
|
Term
reading and writing data from one level to next |
|
Definition
|
|
Term
Bell LaPadula deals with Confidentuality only |
|
Definition
True, Lattus Based (MAC Model) |
|
|
Term
|
Definition
deals with reading not writing |
|
|
Term
|
Definition
Can't write down star is writing |
|
|
Term
Strong * Propety of LaPadula |
|
Definition
read up read down write up or write down. |
|
|
Term
Biba is what type of model |
|
Definition
Integrity (NO WURD-WriteUpReadDown) |
|
|
Term
|
Definition
Users at one level can't even request service from someone at a higher level |
|
|
Term
Simple/Reading Star/Writing |
|
Definition
|
|
Term
|
Definition
|
|
Term
Bibi Model-No WURD write down Bella LaPadula Model WDRU |
|
Definition
|
|
Term
Clark Wilson Model Integrity calls for |
|
Definition
Well Formed Transactions Seperations of Duty |
|
|
Term
Brewer Nash Model (Competition) |
|
Definition
Dynamic Rules No Conflict of Intrist |
|
|
Term
|
Definition
Protection Profile Document |
|
|
Term
What is the name of the object your making meet the protection profile |
|
Definition
|
|
Term
Evaluation Assurance Level |
|
Definition
|
|
Term
|
Definition
Boundary around a trusted protected mechanism |
|
|
Term
|
Definition
Problem with Multiple thread processing |
|
|
Term
HAL Hardware Abstraction Layer |
|
Definition
|
|
Term
|
Definition
Operation system software |
|
|
Term
what enforces security inside of a computer system |
|
Definition
|
|
Term
Mandatory Vacations enforce Job Rotation |
|
Definition
|
|
Term
|
Definition
code written with backdoor |
|
|
Term
|
Definition
|
|
Term
How do you ensure a software company that goes out of business doesn't leave your company who bought there software from leaving you high and dry? |
|
Definition
Make a copy of the software and put it in escrow |
|
|
Term
Covert Timing Channel Covert Storage Channel |
|
Definition
Stretch time to allow them to get in Hiding on someone else channel reading data |
|
|
Term
|
Definition
important when deciding best facility location |
|
|
Term
how to mitigate threat at active user station |
|
Definition
disable portable device inputs |
|
|
Term
|
Definition
Crime Prevention through environment design |
|
|
Term
Deter, Detect, Delay, Respond |
|
Definition
|
|
Term
|
Definition
Cement Pillars to stop someone from raming the facilty |
|
|
Term
|
Definition
Guards and Dogs Difference |
|
|
Term
Authentication Types Something you know Type 1 Something you have Type 2 Something you are Type 3 |
|
Definition
|
|
Term
Guards are more expensive then dogs |
|
Definition
Discernment is why you select guards v/s dogs |
|
|
Term
|
Definition
|
|
Term
Data centers should be located where in building |
|
Definition
Core(center) of the facility not on top floor or in basement |
|
|
Term
anylizing the questions eliminate the wrong answers |
|
Definition
Slow down and anylize the questions |
|
|
Term
|
Definition
|
|
Term
|
Definition
Paper, Liquid, Electric, compustable metals |
|
|
Term
|
Definition
Administrative, Technical, Physical KNOW THEM |
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
logical link controller MAC |
|
Definition
|
|
Term
|
Definition
|
|
Term
coaxal (analog) fiber optic twisted pair |
|
Definition
Broadband (more than one signal on one line)
Ethernet connection |
|
|
Term
bottom floor Other floor wiring closets |
|
Definition
Main Distribution Frame Intermediate distribution frame |
|
|
Term
Fiber is immune to efi/rfi |
|
Definition
|
|
Term
NO T in Cable 100Base -**T** |
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
multiple signals on line (multiplexing) |
|
|
Term
|
Definition
two cables talking to each others |
|
|
Term
single fiber goes farther |
|
Definition
|
|
Term
synchronious Transmission |
|
Definition
doesn't use start and stop bits (stream of data)uses external clock with data |
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
multiple points of failure |
|
|
Term
|
Definition
|
|
Term
|
Definition
multiple points of failure |
|
|
Term
Aplication Protocol Interface API |
|
Definition
|
|
Term
|
Definition
Layer 7, Agent software on device |
|
|
Term
|
Definition
IP address plus port number |
|
|
Term
segments, packets, frames, bits |
|
Definition
|
|
Term
flow control done on which layer |
|
Definition
|
|
Term
Christmas tree attack (flags) |
|
Definition
|
|
Term
IP Header is on what layer |
|
Definition
|
|
Term
IPv4 IP Address bit length |
|
Definition
|
|
Term
|
Definition
A-1-126 B 128-191 c 192-223 D 224 |
|
|
Term
Private IP address/internal network only |
|
Definition
10.xxx.xxx.xxx 172.16.xxx.xxx-172.31.xxx.xxx 192.168.xxx.xxx |
|
|
Term
|
Definition
Automatic Private IP Address 169.254.xxx.xxx (sign of no DHCP) |
|
|
Term
|
Definition
|
|
Term
N.H.H.H Class A Network name and Computer Number N.N.H.H. Class B Network Name and Computer Number N.N.N.H ClassC Network Name and Computer Number |
|
Definition
|
|
Term
ICMP (ping)is on what layer of OSI Model |
|
Definition
|
|
Term
Routers breakup broadcast domain |
|
Definition
Switches breakup collision domain |
|
|
Term
|
Definition
IP address to Mac address |
|
|
Term
|
Definition
|
|
Term
Frame Relay is on which Layer of OSI |
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
Encapsulated on Layer 4,3,2 |
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
Link Local starts with FE80: |
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
ICMP is not a snch flood (TCP/UDP attack) |
|
Definition
|
|
Term
Utility Control System, Supervisor Control Systems, |
|
Definition
|
|
Term
|
Definition
Unsecure QoS (traffic Shape) SIP (session Initiation protocol) RTP (Real Time Transfer Protocol) |
|
|
Term
|
Definition
Sniffing Eavesdropping SPIT (Spam over IT) SPIM (Spam over Internet Messaging) Vishing Fishing-Email Pharming-DNS |
|
|
Term
wireless (only to tower or ap) |
|
Definition
|
|
Term
Direct Seq Spread Spectrum (DSSS) wireless uses how much of the bandwidth |
|
Definition
|
|
Term
Freq hopping spread spectrum (FHSS) |
|
Definition
uses only part of the bandwith |
|
|
Term
WEP wireless uses and why it's bad |
|
Definition
RC4 Initialation vector Key was short (64 bit) |
|
|
Term
|
Definition
128 bit key TKIP (renegotiate keys every hour) problem (RC4 is used also) |
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
different ssid used to steal bandwith unauthorized device on a network |
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
DDOS Distributed Denial of Service |
|
Definition
Botnets, Handles, zombies |
|
|
Term
|
Definition
looks like common network commo |
|
|
Term
Blue Snarfing /steal Blue jacking /send |
|
Definition
stealing info sending spam |
|
|
Term
|
Definition
linux software based firewalls |
|
|
Term
Packet filtering firewall (ACL) |
|
Definition
L3 packet filtering(uses access control list filtering) doesn't care about content |
|
|
Term
Dynamic Stateful firewall |
|
Definition
operates on multiple layers (3,4,5) |
|
|
Term
Application Layer Firewall |
|
Definition
do deep packet inspection (performance suffers from lag) |
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
Hardened (Endpoint Security) |
|
Definition
Do every conceivable to it to secure it |
|
|
Term
Bastion Host (usually inside DMZ) |
|
Definition
Host that has been hardened |
|
|
Term
|
Definition
Computer with two NIC's to isolate traffic from internet Problem accidentally internal routing of the two NIC cards |
|
|
Term
|
Definition
area between trusted and untrusted network, Packet filtering firewall, Honeypot |
|
|
Term
|
Definition
just alert someone is in the DMZ |
|
|
Term
|
Definition
|
|
Term
Detection system Prevention system |
|
Definition
only detects Can detect and block |
|
|
Term
|
Definition
behavior, downfalls, prevent good things |
|
|
Term
|
Definition
compares to known attack signatures, downfall outdated people get throught |
|
|
Term
Host based detection system |
|
Definition
can only detect unencrypted traffic |
|
|
Term
|
Definition
bad-not get every packet in sequence |
|
|
Term
|
Definition
Challenge Han shake Authentication Protocol |
|
|
Term
|
Definition
|
|
Term
|
Definition
distance between local internet to your building |
|
|
Term
CSU/DSU (Converter box used in the last mile) |
|
Definition
csu on providers side dsu connects on cutomer side |
|
|
Term
|
Definition
packets show up out of sequence |
|
|
Term
|
Definition
|
|
Term
Symmetic DSL asymetric dsl |
|
Definition
same up and down speed fast down slow up |
|
|
Term
|
Definition
|
|
Term
Anything that has a S is symetric including the Robert rule RC5 |
|
Definition
|
|
Term
BIBA NO WURD BellaLaPulla NO WDRU |
|
Definition
|
|
Term
|
Definition
RADIUS VLAN (Logically Segmented not Physically) |
|
|
Term
|
Definition
|
|
Term
Hypervisor Type 1 Hypervisor Type 2 |
|
Definition
|
|
Term
VDI Virtual Desktop Infrastruction |
|
Definition
thin client and OS hosted one central/cloud server |
|
|
Term
|
Definition
virus breaking out of vm into os |
|
|
Term
|
Definition
moving data from private cloud to public cloud (Hybrid Cloud) |
|
|
Term
|
Definition
using computer as router, switches, etc v/s hardware |
|
|
Term
|
Definition
|
|
Term
Technical (Logical Controls) |
|
Definition
|
|
Term
|
Definition
|
|
Term
Id, authentication, authorized, account |
|
Definition
|
|
Term
|
Definition
directory service (native LDAP Con-Password is sent in cleartext) |
|
|
Term
|
Definition
|
|
Term
|
Definition
symmetric keys (confidentiality?integrity)port 123 NTP (time stamp) subject to brute force attack since all users info is on one server |
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
biometric things needed to set it up |
|
Definition
acceptability, enrollment, throughput, cost, accuracy |
|
|
Term
|
Definition
replay attack on bio metric (normal is usually threshold 75%) |
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
type 1 equals type 2 errors |
|
|
Term
|
Definition
simple object access protocol (object languages) |
|
|
Term
|
Definition
|
|
Term
Federated ID management SSO |
|
Definition
Portable ID Accross buisness boundries |
|
|
Term
|
Definition
Security Assersion markup langage |
|
|
Term
|
Definition
OAuth 2.0 (Access Tokens used for authorization) |
|
|
Term
Discretionary Access Control |
|
Definition
|
|
Term
Mandatory Access Control (lattic based)with Labels |
|
Definition
Strongest form of Access conrol (Bibba/Bella Lapadula) |
|
|
Term
Role Based Access Control |
|
Definition
Based on users/roles (Separation of Duties) |
|
|
Term
Rule Based Access Control |
|
Definition
|
|
Term
Keyboard is not a technique to restric Access Control Technique |
|
Definition
Menus, Shells, Database views, physically constrained, Encryption |
|
|
Term
subject/role/user-capability (row) Objects/file-access control list (colum) |
|
Definition
|
|
Term
|
Definition
Design and validate assessment and test strategies |
|
|
Term
|
Definition
Form of integrety, software, logs, etc.monitoring the controls |
|
|
Term
Categorize Select baseline controls Implement the controls assess/test control authorized monitor the security controls |
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
No seq lang between you and database |
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
Is a Supervisor a Administrative Control |
|
Definition
|
|
Term
IC2 Business Continnuty Plan |
|
Definition
|
|
Term
Planning/preparation is a function of Due Diligence |
|
Definition
|
|
Term
Acting on the plan/preparation is Due Care |
|
Definition
|
|
Term
Critical IT functions moved/transferred to alternate site for up to 30 days |
|
Definition
|
|
Term
|
Definition
|
|
Term
BRP Business Resumption Plan |
|
Definition
To restore everything back to original site |
|
|
Term
First thing you do in Incident Response |
|
Definition
|
|
Term
when is the disaster over |
|
Definition
when you have moved back to original site or a new permanent site |
|
|
Term
no single point of failure |
|
Definition
|
|
Term
MTBF (Mean time before falure) |
|
Definition
how long before equip go down, manufacture should provide |
|
|
Term
MTTR (Mean time to repair) |
|
Definition
How long to get it repaired |
|
|
Term
Which RAID uses interleaving |
|
Definition
|
|
Term
Load Balancing v/s Server |
|
Definition
LB on frontend of network Server on Backend |
|
|
Term
|
Definition
Moving everything/mangement HQ to alternated site |
|
|
Term
If a there is a disaster Rescue Team (First REsponders) |
|
Definition
First Responders/Understand priority |
|
|
Term
Recovery team moves everything to alt site |
|
Definition
|
|
Term
Salvage Team try to fix original site |
|
Definition
|
|
Term
|
Definition
Checklist Performing Walkthru Conducting Simulations (scenarios) Parallel Testing (testing alt site Full Interruption testing (shutdown and relocate all resources) Most costly best way to prepare |
|
|
Term
How often should a DRP tested |
|
Definition
|
|
Term
|
Definition
1st protect people 2nd get it assets up and running |
|
|
Term
Three phases following disruptioin |
|
Definition
Notificaton/Activation after Disaster Delcared Recovery Phase Reconstitution Move most critical moved first |
|
|
Term
Occupant Emergency Plan (OEP) |
|
Definition
Who works with OEP and forensics: rescue team |
|
|
Term
CERT team (Computer Em Response Team)is |
|
Definition
|
|
Term
who is responsible for implementing the COOP |
|
Definition
|
|
Term
|
Definition
|
|
Term
Spiral Software development method |
|
Definition
Requires a Risk Analysts in each spiral Prototyping |
|
|