Week 9

avatar
Created by
Daniel Shogun

Cards (63)

  • Contingency Planning - This is the actions taken by senior management to specify the organization's efforts and actions if an adverse event becomes an incident or disaster.
  • Contingency Planning - This planning includes the incident response, disaster recovery, and business continuity efforts, as well as preparatory business impact analysis.
  • Components of Contingency Planning:
    1. Incident Response Planning
    2. Disaster Recovery Planning
    3. Business Continuity Planning
  • Types of Planning and Primary Functions:
    1. Incident Response Plan
    2. Disaster Recovery Plan
    3. Business Continuity Plan
  • Incident Response Plan - It focuses on immediate response, but if the attack escalates or is disastrous, the process moves on to disaster recover and business continuity plan.
  • Disaster Recovery Plan - It typically focuses on restoring systems at the original site after disasters occur, and so is closely associated with the BC plan.
  • Business Continuity Plan - It occurs concurrently with the DR plan when the damage is major or on-going and requires more than simple restoration of information and information resources.
  • Business Resumption Planning - It is the combined function of Disaster Recovery Plan and Business Continuity Plan
  • Contingency Planning Management Team - This is the group of senior managers and project members organized to conduct and lead all Contingency Planning efforts.
  • Three Contingency Planning Management Team:
    1. Champion
    2. Project Manager
    3. Team Member
  • Champion - There must have a high-level manager to support, promote and endorse the findings of the project. This could be the CIO or ideally the CEO.
  • Project Manager - Amid-level manager or even the CISO must lead the project and make sure a sound planning process is used, a complete and useful project plan is develop, and resources are prudently managed to reach the goals of the project.
  • Team Member - They should be the managers of their representative from the various communities of interest.
  • Business Impact Analysis - It is an investigation and assessment of the various adverse events that can affect the organization.
  • Business Impact Analysis - It is conducted as a preliminary phase of the contingency planning process, which includes a determination of how critical a system or set information is to the organization's core processes and recovery priorities.
  • What should consider when Undertaking the Business Impact Analysis:
    1. Scope
    2. Plan
    3. Balance
    4. Know the Objective
    5. Follow-up
  • Scope - It is the part of the organization to be included in the business impact analysis should be carefully considered to determine which business units to cover, which systems to include, and the nature of the risk being evaluated.
  • Plan - The need data will likely be voluminous and complex, so work from a careful ___ to ensure that the proper data is collected to enable a comprehensive analysis.
  • Plan - Getting the correct information to address the needs of decision makers is important.
  • Balance - Some information may be objective in nature and other information may be available only as subjective or anecdotal references.
  • Balance - The facts should be weighted properly against opinions.
  • Know the Objective - Identify in advance what key decision makers require for making choices.
  • Follow-up - Communicate periodically to ensure that process owners and decision makers will support the process and the end result of the BIA.
  • Incident Response Planning - It includes identification and classification and the response to it.
  • Incident Response Plan - It is made up of activities that must be performed when an incident has been identified.
  • Incident Response Planning - It focuses on detecting and correcting the impact of an incident on information assets.
  • Four Phases of Incident Response:
    1. Planning
    2. Detection
    3. Reaction
    4. Recovery
  • Incident Response Planning - The actions taken by senior management to specify the organization's processes and procedures to anticipate, detect, and mitigate the effect of an incident.
  • Incident Response Plan - The documented product of incident response planning and it shows the organization's intended efforts in the event of an incident.
  • Incident Candidate - It is an adverse event that has strong potential to meet the criteria to become an incident.
  • Incident Classification - It is the process of examining an incident candidate and determining whether it constitutes an actual incident.
  • Incident Reaction - It consists of actions outline in the IR plan that guide the organization in attempting to stop the incident, mitigate its impact, and provide information for recovery.
  • Incident Reaction - These actions take place as soon as the incident is over.
  • Two types of Key Personnel:
    1. Alert Message
    2. Alert Roster
  • Alert Message - It is a scripted description of the incident that usually contains just enough information so that each person knows what portion of the IR plan to implement without slowing down the notification process.
  • Alert Roster - A document that contains contact information for people to be notified in the event of an incident.
  • Two types of Alert Roster:
    1. Hierarchical Roster
    2. Sequential Roster
  • Hierarchical Roster - The first person calls a few other people on the roster, who in turn call other.
  • Sequential Roster - The single contact persons calls each person on the roster.
  • Documenting an Incident - The documentation records the who, what, when, where, why, and how of the event.