BAKER ITS305 Management of Information Security Chap 3
after- action review (AAR)
"A detailed examination by CSIRT team members and key players in the IR process of the events that occurred
"A scripted description of the incident that consists of just enough information so that each responder
A document containing contact information on the individuals to be notified in the event of an actual incident.
business continuity plan (BC plan)
"A detailed set of processes and procedures that ensure that critical business functions can continue if a disaster occurs
business continuity planning (BCP)
"The actions taken to ensure that critical business functions can continue if a disaster occurs
business continuity team
The team that manages and executes the BC plan by setting up and starting off- site operations in the event of an incident or disaster.
business impact analysis (BIA)
"The first phase of the CP process and a crucial component of the initial planning stages
A task performed by an organization or organizational subunit in support of the overall organization's mission.
business resumption plan (BR plan)
"A set of plans and procedures combining the DR and BC functions
"A facility used for BC operations that provides only rudimentary services and facilities
computer security incident response team (CSIRT)
A subset of the IR team composed of technical and managerial IT and InfoSec professionals prepared to diagnose and respond to an incident.
contingency planning (CP)
The overall process of preparing for unexpected adverse events.
contingency planning management team (CPMT)
"The management team consisting of coordinating executive
crisis management (CM)
The steps taken during and after a disaster that affect the people inside and outside the organization.
crisis management team (CMT)
The individuals from various functional areas of the organization who are tasked with the development and implementation of the CM plan.
The combination of electronic vaulting with remote journaling in which multiple copies of the database are written simultaneously to two separate locations.
"The CP testing strategy in which copies of the appropriate plans are distributed to all individuals who will be assigned roles during an actual incident or disaster
disaster recovery plan (DR plan)
A detailed set of processes and procedures that prepare for and help recover from the effects of disasters.
disaster recovery planning (DRP)
"The preparation for and recovery from a disaster
disaster recovery team
"The team that manages and executes the DR plan by detecting
"The bulk batch- transfer of data to an off- site facility
"The CP testing strategy in which the individuals follow each and every IR/DR/BC procedure
"A fully configured computer facility used for BC operations
An adverse event that constitutes a possible incident.
The process of examining a possible incident or incident candidate and determining if it constitutes an actual incident.
incident response (IR)
A set of procedures that commence when an incident is detected. IR must be carefully planned and coordinated because organizations heavily depend on the quick and efficient containment and resolution of incidents.
incident response plan (IR plan)
"A detailed set of processes and procedures that anticipate
incident response planning (IRP)
The preparation for an unexpected event that might compromise information resources and assets.
incident response team
"The team that manages and executes the IR plan by detecting
Maximum Tolerable Downtime (MTD)
The total amount of time the system owner/authorizing official is willing to accept for a mission/business process outage or disruption and includes all impact considerations.
"A contract between two organizations in which each party agrees to assist the other in the event of a disaster by providing the necessary BC facilities
"The CP testing strategy in which individuals act as if an actual incident or disaster occurred and begin performing their required tasks and executing the necessary procedures
"Disasters that occur suddenly
recovery point objective (RPO)
"The point in time
recovery time objective (RTO)
"The maximum amount of time that a system resource can remain unavailable before there is an unacceptable impact on other system resources
The transfer of live transactions to an off- site facility in which only transactions are transferred and the transfer takes place online and in real time or near real time.
rolling mobile site
"A specialized BC facility configured in the payload area of a tractor/trailer; or externally stored resources
A service agency that provides a BC facility as a service for a fee.
"The CP testing strategy in which each person works individually
slow- onset disasters
"Disasters that occur over time and gradually degrade the capacity of an organization to withstand their effects. Examples include droughts
structured walk- through
"The CP testing strategy in which all involved individuals walk through and discuss the steps they would take during an actual CP event
"A facility that operates like a hot
"A facility used for BC operations that provides many of the same services and options as a hot site
Work Recovery Time (WRT)
The amount of effort (expressed as elapsed time) that is necessary to get the business function operational after the technology element is recovered (as identified with RTO).