TutorialWeek03_Ans - ITC482 Computer Management &...

Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
Tutorial Week 03 - Solutions Tutorial Week 03 - Solutions Week 03 – Planning for Contingencies Review Questions 1. What is the name for the broad process of planning for the unexpected? What are its three primary components? Answer: Contingency planning. Incident response plan, disaster recovery plan, and business continuity plan. 2. Which two communities of interest are usually associated with contingency planning? Which community must give authority to ensure broad support for the plans? Answer: Information technology and information security. General business community. 3. What percentage of businesses that do not have a disaster plan go out of business after a major loss, according to The Hartford Insurance Company? Answer: 40 percent. 4. List the seven-step CP process as defined by the NIST. Why is it the recommended standard approach to the process? Answer: 1. Develop the contingency planning policy statement. 2. Conduct the business impact analysis. 3. Identify preventive controls. 4. Develop recovery strategies. 5. Develop an IT contingency plan. 6. Plan testing, training, and exercises. 7. Plan maintenance 5. List and describe the four teams that perform the planning and execution of the CP plans and processes. What is the primary role of each? Answer: Contingency planning management team, Incident recovery team, disaster recovery team, and the business continuity plan team. 6. Define the term incident as used in the context of IRP. How is it related to the concept of incident response? Answer: An incident, either natural or manmade, is an attack on the information through an attack or an accident. In reference to the incident response, it is when there is a minor problem or incident that triggers the IRP. 7. List and describe the three criteria used to determine whether an actual incident is occurring. Answer: The criteria needed for an incident to be declared are: information assets are targets of attack and there is a good chance of the attack successfully compromising the confidentiality, integrity, or availability of information resources _____________________________________________________________________________________________ Page: 1
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Tutorial Week 03 - Solutions 8. List and describe the three sets of procedures used to detect, contain, and resolve an incident. Answer: The CP team creates three sets of procedures for incident handling. The first set of procedures is that which must be performed during the incident. These procedures are function-specific and they are grouped and assigned to individuals. The second set of procedures is that which must be performed after the incident. These procedures also may be function-specific. The third set of procedures is that which must be performed to prepare for the incident. These procedures include the details of the data backup
Background image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 02/15/2010 for the course ITC 594 taught by Professor Peterdalmaris during the Three '10 term at Charles Sturt University.

Page1 / 4

TutorialWeek03_Ans - ITC482 Computer Management &...

This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online