Week 3 - Hands-On Project Mod 5 and 6_Stanzione
.docx
keyboard_arrow_up
School
University Of Arizona *
*We aren’t endorsed by this school
Course
CYB 300
Subject
Information Systems
Date
Jan 9, 2024
Type
docx
Pages
12
Uploaded by flidai
Week 3 Hands On
Student’s name
Name of institution (The University of Arizona Global Campus)
Course name and number
Instructor’s name
Due date
Part One
Module 05: Incident Response and Contingency Planning Review Questions
1.
What is the name for the broad process of planning for the unexpected? What are its primary components?
o
Answer: Contingency planning is the comprehensive process of preparing for the unexpected. Business impact analysis, incident response planning, disaster recovery planning, and business continuity planning are some of its key components.
2.
Which two communities of interest are usually associated with contingency planning? Which community must give authority to ensure broad support for the plans? o
Answer: Contingency planning frequently involves the information technology and information security groups. To guarantee widespread support for the proposals, the general business community must grant authority.
3.
According to some reports, what percentage of businesses that do not have a disaster plan go out of business after a major loss? o
Answer: According to some statistics, 40 percent of companies without a disaster plan will close their doors following a significant loss.
4.
List the seven-step CP process recommended by NIST. o
Answer: The seven steps recommended by NIST are:
1. Develop the contingency planning policy statement.
2. Conduct the business impact analysis.
3. Identify preventive controls.
4. Develop recovery strategies.
5. Develop an IT contingency plan.
6. Plan testing, training, and exercises.
7. Plan maintenance.
5.
List and describe the teams that perform the planning and execution of the CP plans and processes. What is the primary role of each? o
Answer: The management team in charge of contingency planning gathers data on information systems and the dangers they are exposed to. The team then performs the BIA and develops the incident response, catastrophe recovery, and business continuity contingency plans.
By identifying, analyzing, and responding to incidents, the incident response team controls and carries out the IR plan.
By identifying, assessing, and responding to disasters, the disaster recovery team controls and carries out the DR plan. They also help the principal business site's operations resume.
By establishing and launching off-site operations in the case of an incident or disaster, the business continuity team manages and implements the BC strategy.
6.
Define the term incident
as used in the context of IRP. How is it related to the concept of incident response?
o
Answer: A natural or human-made incident is an assault on information or an accident. The incident response plan is activated by an incident.
7.
List and describe the criteria used to determine whether an actual incident is occurring. o
Answer: When information assets are the target of an assault, there is a strong likelihood that the attack will be successful, and the confidentiality, integrity, or availability of information resources is threatened, an actual incident is taking place.
8.
List and describe the sets of procedures used to detect, contain, and resolve an incident. o
Answer: Three sets of incident handling protocols are developed by the CP team. The first set of steps are those that need to be taken while the situation is happening. These tasks are organized into groups and given to specific people. They are function-specific. The second set of steps pertains to what must be done following the incident. These procedures could also be based on a particular function. The third group of steps consists of those that need to be taken in order to get ready for the incident. The specifics of data backup schedules, disaster recovery planning, training schedules, testing plans, copies of service agreements, and business continuity plans are all included in these procedures.
9.
What is incident classification? o
Answer: The process of assessing a negative event that could develop into an incident and determining whether it actually is an incident is known as incident classification. The IR team is in charge of classifying an incident.
10.
List and describe the actions that should be taken during the reaction to an incident. o
Answer: The response to an incident involves the following steps: incident detection using incident classification, notification of key personnel, documentation of the incident, implementation of the necessary containment strategies, and either escalation
of the incident to a disaster or the start of the incident recovery process.
11.
What is an alert roster? What is an alert message? Describe the two ways they can be used.
o
Answer: A company's alert roster is a list of people who need to be informed in the case of an issue. An alert message is a pre-written communication that contains just enough details to let responders know how the event is progressing and which step of the incident response plan they should take next. A first responder can use an alert roster and message in a sequential way by calling each member of the list one at a time, or they can be used hierarchically by having the first responder call one group, who then phones another group, and so on.
12.
List and describe several containment strategies given in the text. On which tasks do they focus?
o
Answer: • Cutting off an attack from outside the firm network by disconnecting impacted communication sources; this tactic should only be utilized if the specified communications route is not business-critical
• Dynamically implementing filtering rules to restrict specific sorts of network access, which focuses on the particular weakness the threat agent is utilizing • Keeping an eye on the situation while formulating a more focused plan these containment techniques all center on putting a stop to the occurrence and regaining system control.
13.
What is a disaster recovery plan, and why is it important to the organization? o
Answer: The disaster recovery plan addresses both pre-disaster planning and post-
disaster recovery. Both natural and man-made disasters can occur. The incident response team's ability to escalate situations to the level of disaster makes the plan essential to the organization. The disaster recovery team must now use this strategy to figure out how to resume business activities at the site of the incident and the company's location.
14.
What is a business continuity plan, and why is it important? o
Answer: A business continuity plan assures that crucial business operations may continue in the case of a calamity, making it crucial to the survival of the company.
15.
What is a business impact analysis, and what is it used for? o
Answer: The CP team receives information about systems and the threats they face from the business impact analysis. The team can prepare for calamities by using it to provide important scenarios.
16.
Why should contingency plans be tested and rehearsed?
o
Answer: Untested plans cannot be implemented. The effectiveness of the plan and its capacity to achieve its goal of reducing recuperation time cannot be determined without
testing and practice. The removal of as many unknown aspects as is practical is one of the main goals of this kind of planning. Testing can also make the plan's hidden defects apparent, allowing them to be fixed before the plan is ever needed.
17.
Which types of organizations might use a unified continuity plan? Which types of organizations might use the various contingency planning components as separate plans? Why? o
Answer: Unified contingency plans may be used by small to medium-sized businesses since they are succinct and simpler to test. A unified strategy cannot be used by large enterprises since it would be a laborious document to create or test.
18.
What strategies can be used to test contingency plans? o
Answer: Desk check, methodical inspection, simulation, concurrent testing, and full interruption.
19.
List and describe two specialized alternatives not often used as a continuity strategy. o
Answer: A business continuity plan is a method to ensure that operations can continue in the event of an emergency or tragedy.
20.
What is digital forensics, and when is it used in a business setting? o
Answer: In digital forensics, computer media are preserved, identified, extracted, documented, and interpreted for use in evidential and root-cause investigations. In a professional setting, digital forensics is used to look into policy or legal infractions committed by an employee, contractor, or outsider as well as attacks on physical or information assets.
21.
What is a security awareness program?
o
Answer: Security awareness is the understanding and attitude that individuals within an organization have toward safeguarding its physical assets, particularly its data assets.
Module 06: Legal, Ethical, and Professional Issues in Information Security Review Questions
1.
What is the difference between law and ethics?
o
Answer: A person's ethics are the moral standards they set for themselves and their own behavior. Laws are formalized regulations used to control society as a whole.
2.
What is civil law, and what does it accomplish? o
Answer: In contrast to criminal law or administrative law, civil law is a branch of law that
governs the non-criminal rights, obligations of people (natural persons and legal persons), and the equal legal relations between private individuals.
3.
What are the primary examples of public law? o
Answer: Constitutional law, administrative law, tax law, criminal law, and all procedural law are all considered to be a part of public law.
4.
Which law amended the Computer Fraud and Abuse Act of 1986, and what did it change? o
Answer: The Computer Fraud and Abuse Act of 1986 was updated by the National Information Infrastructure Protection Act of 1996. It changed a number of CFAA provisions and toughened the punishments for a few offences.
5.
Which law was created specifically to deal with encryption policy in the United States?
o
Answer: All Americans are now able to buy or sell any encryption product because to the Security and Freedom Through Encryption Act of 1999, which also explains the use of encryption for Americans.
6.
What is privacy in an information security context? o
Answer: Privacy is a more exact "condition of not being subject to unauthorized intrusion," not full independence from observation.
7.
What is another name for the Kennedy–Kassebaum Act (1996), and why is it important to organizations that are NOT in the healthcare industry? o
Answer: The Health Insurance Portability and Accountability Act of 1996, also known as HIPAA, safeguards the security and confidentiality of patient information by establishing
and enforcing regulations and standardizing electronic data exchange. It affects all organizations involved in providing healthcare, including medical practices, clinics, life insurance companies, universities, and some businesses that administer employee health plans with self-insurance.
Beyond the fundamental privacy rules, the act mandates that businesses that store health information utilize information security tools to safeguard it, as well as policies and procedures to keep that security up to date. It also necessitates a thorough evaluation of the organization's information security policies, practices, and systems. Message integrity, user authentication, and nonrepudiation are all guaranteed by security standards based on which HIPAA offers recommendations for the use of electronic signatures. For each of the security standards, no specific security technologies are listed; only that security must be used to protect the confidentiality of patient data.
The publication and sharing of private health information without documented consent are heavily constrained under the HIPAA privacy rules. The guidelines give patients the right to know who has access to and has accessed their personal information. The rules
limit the use of health information to what is absolutely essential to provide the necessary health care services.
8.
If you work for a financial services organization such as a bank or credit union, which 1999 law affects your use of customer data? What other effects does it have? o
Answer: The Gramm-Leach-Bliley Act of 1999, often known as the Financial Services Modernization Act, is the law from 1999 that has an impact on how financial institutions
handle customer data. This Act specifically mandates that all financial institutions publish their privacy practices regarding the exchange of nonpublic personal information. Customers must also be given adequate notice in order for them to request
that their information not be shared with outside parties. The act also makes sure that an organization's privacy rules are fully revealed when a customer first approaches them
about doing business and made available to them at least once a year for as long as they
are a member of the professional association.
9.
What is the primary purpose of the USA PATRIOT Act, and how has it been revised since its original passage? o
Answer: The U.S.A. PATRIOT Act of 2001 amended pre-existing legislation to give law enforcement authorities more freedom to thwart terrorism-related operations.
10.
What is PCI DSS, and why is it important for information security? o
Answer:
11.
What is intellectual property (IP)? What laws currently protect IP in the United States and Europe? o
Answer: In the United States, intellectual property is acknowledged as a protected asset.
This privilege is included in the published word, including electronic media, according to US copyright rules. As long as the use is restricted to educational or library purposes, is not excessive, and is not done for profit, fair use of copyrighted works includes using them to support news reporting, teaching, scholarship, and a variety of other relevant activities. It is completely acceptable to use parts of someone else's work as references as long as due recognition is given to the original author of such works, including a proper description of the location of source materials (citation), and the work is not represented as one's own.
The World Intellectual Property Organization (WIPO) is attempting to lessen the effects of copyright, trademark, and privacy infringement, particularly when done by removing technological copyright protection mechanisms. The United States' contribution is the Digital Millennium Copyright Act (DMCA). The implementation of Directive 95/46/EC by the European Union in 1995, which increased protection for people with regard to the processing of personal data as well as the use and movement of such data, prompted the development of this American statute. In order to comply with Directive 95/46/EC, the United Kingdom has already established a version of this rule known as the Database Right.
12.
How does the Sarbanes–Oxley Act of 2002 affect information security managers? o
Answer: Top management will assess the accuracy of the data they receive from technology managers while also requesting that information security managers certify the data's confidentiality and integrity.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help