Front | Back |
DRP
|
A plan to restore an organizations IT capability in the event that its data center is destroyed
|
BCP
|
A plan that specifies how to resume not only IT operations but all business processes in the event of a major calamity
|
List 5 preventative controls
|
(1)People (A)Creat a security aware culture (B)Training(2)Processes (A)User access controls (authentication/authorization)(3)IT solutions (A)Anti malware (B)Network Access Controls (firewalls, intrusion prevention systems) (C)Device and software hardening (configuration contols) (D)Encryption(4)Physical Security-Access controls (locks, guards)(5)Change Control and Change Mgt
|
List 4 Detective Controls
|
(1)Log Analysis(2)Intrusion Detection Systems(3)Penetration Testing(4)Continuous Monitoring
|
List 3 Corrective Controls
|
(1)Computer Incident Response Team (CIRT)(2)Chief Information Security Officer (CISO)(3)Patch Management
|
Backup
|
A copy of a database, file, or software program
|
RPO Recovery Point Objective
|
The amount of data the organization is willing to reenter or potentially lose. The RPO is inversely related to the frequency of backups Question: How much data are we willing to recreate from source docs (if they exist) or potentially lose (if no docs exist).
|
RTO Recovery Time Objective
|
The max tolerable time to restore an organizations information system following a disaster, representing the length of time that the organization is willing to attempt to function without its information system. Question: How long can the organization function without its information system?
|
Incremental backup
|
A type of partial backup that involves copying only the data items that have changed since the last partial backup, this produces a set of incremental backup files each containing the results of one days transactions.
|
Full backup
|
An exact copy of an entire database
|
Differential backup
|
A type of partial backup that involves copying all changes made since the last full backup. Thus each new differential backup file contains cumulative effects of all activity since the last full backup
|
Sign check
|
Determines whether the data in a field have the appropriate arithmetic sign, for example the quantity ordered field should never be negative.
|
Field Check
|
Determines whether the characters in a field are of the proper type, for example a check on a field that is suppose to contain only numeric values such as a zip code, would indicate an error if it contained alpha characters
|
Validity check
|
Compares the id code or account number in transaction data with similiar data in the master file to verify that the account exists.
|
Limit check
|
Tests a numerical amount against a fixed value
|