380 likes | 863 Views
Fundamentals of Information Systems Security Chapter 8 Risk, Response, and Recovery. Learning Objective. Describe the principles of risk management, common response techniques, and issues related to recovery of IT systems. Key Concepts.
E N D
Fundamentals of Information Systems Security Chapter 8 Risk, Response, and Recovery
Learning Objective • Describe the principles of risk management, common response techniques, and issues related to recovery of IT systems.
Key Concepts • Quantitative and qualitative risk assessment approaches • Business impact analysis (BIA) • Business continuity plan (BCP) • Disaster recovery plan (DRP) • Elements of an incident response plan
BCP • A plan designed to help an organization continue to operate during and after a disruption • Covers all functions of abusiness: IT systems,facilities, and personnel • Generally includes onlymission-critical systems
BCP Elements • Purpose and scope • Assumptions and planning principles • System description and architecture • Responsibilities
BCP Elements (Continued) • Notification or activation phase • Recovery and reconstitution phases • Plan training, testing, and exercises • Plan maintenance
DRP • Includes the specific steps and procedures to recover from a disaster • Is part of a BCP • Important terms: • Critical business function (CBF) • Maximum acceptable outage (MAO) • Recovery time objectives (RTO)
DRP Elements • Purpose and scope • Disaster or emergency declaration • Communications • Emergency response and activities
DRP Elements (Continued) • Recovery steps and procedures • Critical business operations • Recovery operations • Critical operations, customer service, and operations recovery
BIA • A study that identifies the CBFs and MAOs of a DRP • Studies include interviews, surveys, meetings, and so on. • Identifies the impact to the business if one or more IT functions fails • Identifies the priority of different critical systems
BIA Elements Scope • It is affected by sizeof the organization. • For small organization,scope could includeentire organization. • For larger organizations,scope may include onlycertain areas. Objectives
Computer Incident Response Team (CIRT) Plan • Outlines steps taken during a response effort and the roles and responsibilities of the team • Includes the five Ws + H: • Who launched the attack? • What type of attack occurred? • Where the attack occurred? • When the attack occurred? • Why the attack occurred? • How the attack occurred?
Risk Assessment • A process used to identify and evaluate risks • Risks are quantifiedbased on importanceor impact severity • Risks are prioritized
Quantitative Risk Assessment • Single loss expectancy (SLE) • Total loss expected from a single incident • Annual rate of occurrence (ARO) • Number of times an incident is expected to occur in a year • Annual loss expectancy (ALE) • Expected loss for a year SLE X ARO = ALE
Qualitative Risk Assessment • Probability • Likelihood a threat will exploit a vulnerability • Impact • Negative result if a risk occurs Risk level = Probability X Impact
Importance of Risk Assessments • Is part of the overall risk management process • Helps you evaluate controls • Supports decision making • Can help organizations remain in compliance
Summary • You can protect data and business functions with a BCP, DRP, BIA, and incident response plan. • Risk assessments include quantitative and qualitative approaches.