Module 1
The entire program of planning for and managing risk to information assets in the organization is referred to as _____.
risk management
In contingency planning operations, _____ requires the largest budget expenditure; maintaining service contracts to cover all the contingencies that the organization faces can be quite expensive.
business continuity
The duplication of systems data to external media or a secondary location to provide recovery capability in the event of data loss is a _____.
data back up
The ____ department of an organization needs to review the procedures of the CSIRT and understand the steps the CSIRT will perform to ensure it is within legal and ethical guidelines for the municipal, state, and federal jurisdictions.
Legal
Organizations with limited funding, staffing, or IR needs may have only _____ IR team members.
part-time
____ ensures that only those with the rights and privileges to access information are able to do so.
Confidentiality
The final component to the CPMT planning process is to deal with ____.
the budgeting of contingency operations
Both data backups and archives should be based on a(n) ____ schedule that guides the frequency of replacement and the duration of storage.
retention
An entry-level InfoSec professional often responsible for the routine monitoring and operation of a particular InfoSec technology is called a _____.
watchstander
The CSIRT should be available for contact by anyone who discovers or suspects that an incident involving the organization has occurred. Some organizations prefer that employees contact the____, which then determines whether to contact the CSIRT.
help desk
Information assets have ____ when authorized users -- people or computer systems -- are able to access them in the specified format without interference or obstruction.
availability
To a large extent, incident response capabilities are part of a normal IT budget; however, the only area in which additional budgeting is absolutely required for incident response is the maintenance of ____.
redundant equipment
A backup plan using WAN/VLAN replication and a recovery strategy using a warm site is most suitable for information systems that have ____ priority within an organization.
moderate
The ____ of an organization defines the roles and responsibilities for incident response by the CSIRT and others who will be mobilized in the activation of the plan.
IR Policy
The champion for the CSIRT may be the same person as the champion for the entire IR function—typically, the ____.
Chief Information Officer
_____ is the protection of the confidentiality, integrity, and availability of information assets, whether in storage, processing, or transmission, via the application of policy, education, training and awareness, and technology.
Information security
Companies may want to consider budgeting for contributions to employee loss expenses (such as funerals) as well as for counseling services for employees and loved ones as part of ____.
crisis management budgeting
A(n) ____ is an extension of an organization’s intranet into cloud computing.
private cloud
The U.S. National Institute of Standards and Technology defines the incident response life cycle as having four main processes: 1) preparation; 2) detection and analysis; 3) containment, eradication, and recovery; and 4) ____.
post-incident activity
A CSIRT model that is effective for large organizations and for organizations with major computing resources at distant locations is the ____.
distributed CSIRT
____ is the presence of additional and disruptive signals in network communications or electrical power delivery.
noise
One modeling technique drawn from systems analysis and design that can provide an excellent way to illustrate how a business functions is a(n) ____.
collaboration diagram
RAID 0 creates one logical volume across several available hard disk drives and stores the data using ____, in which data segments are written in turn to each disk drive in the array.
disk stripping
____ is the process of systematically examining information assets for evidentiary material that can provide insight into how an incident transpired.
forensic analysis
A CSIRT model in which a single CSIRT handles incidents throughout the organization is called a(n) ____.
Central CSIRT