Assignment03

Assignment03 - Management of Information Security, 2nd ed....

Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
Management of Information Security, 2 nd ed. ______________________________________________________________________________ JOHN MOURA Chapter 3: Planning for Contingencies Review Questions 1. What is the name for the broad process of planning for the unexpected? What are its three primary components? ANSWER: Contingency Planning. 1) Business Impact Analysis (BIA) 2) Incident Response Plan 3) Disaster Recovery Plan 4) Business Continuity Plan 2. Which two communities of interest are usually associated with contingency planning? Which community must give authority to ensure broad support for the plans? ANSWER: Businesses and federal agencies. Need support from the general business community. 3. What percentage of businesses that do not have a disaster plan go out of business after a major loss, according to The Hartford Insurance Company? ANSWER: Over 40% 4. List the seven-step CP process as defined by the NIST. Why is it the recommended standard approach to the process? ANSWER: 1) Develop CP policy statement 2) Conduct BIA 3) Identify preventative controls 4) Develop recovery strategies 5) Develop IT contingency plan 6) Plan testing, training, and exercises 7) Plan maintenance It is a tested methodology. 5. List and describe the four teams that perform the planning and execution of the CP plans and processes. What is the primary role of each? ANSWER: The CP team – collects information about information systems and the threats they face, conducts the BIA, and creates CPs. Include champion, manager, and team members _____________________________________________________________________________________________ Page: 1
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Management of Information Security, 2 nd ed. ______________________________________________________________________________ The incident recovery (IR) team – manages and executes the IR plan by detecting, evaluating, and responding to incidents. The disaster recovery (DR) team - manages and executes the DR plan by detecting,
Background image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

This homework help was uploaded on 04/06/2008 for the course 547 471 taught by Professor Binde during the Spring '07 term at Rutgers.

Page1 / 5

Assignment03 - Management of Information Security, 2nd ed....

This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online