Summary of Exam Objectives

Risk is the possibility of loss, and may come in the form of natural disasters, internal theft, viruses, or any number of other potential threats. To address this possibility, risk management is used to identify potential threats and develop methods of dealing with them before they result. Risk management requires a company to identify what risks may affect them, the assets related to certain risks, the likelihood and impact of each occurring, and methods to reduce the damage that may be caused if they occur.

Disaster recovery plans provide procedures for recovering after a disaster occurs, and provide insight into methods for preparing for the recovery should the need arise. Disasters can also occur in the form of employees' accidentally or maliciously deleting data, intrusions of the system by hackers, viruses and malicious programs that damage data, and other events that cause downtime or damage. Because preparation for disaster recovery begins long before a disaster actually occurs, the plan will address such issues as proper methods for backing up data, offsite storage, and alternate sites for restoring systems to their previous state.

A disaster recovery plan is incorporated into a business continuity plan, which identifies key functions of an organization, the threats that are most likely to endanger them, and creates processes and procedures that ensure these functions will not be interrupted long after an incident. In addition to the disaster recovery plan, the business continuity plan may also incorporate a business recovery plan that addresses how business functions will resume at an alternate site, and a business resumption plan that addresses how critical systems and key functions of the business will be maintained. A contingency plan may also be included to outline the actions that can be performed to restore normal business activities after a disaster. Together, they provide a proactive approach to dealing with incidents before they occur.

Incidents are instances of a threat, and need to be handled as soon as possible after being identified. Certain incidents, such as those resulting from intentional or malicious actions, need to be investigated by following set procedures. These steps consist of preparation, detection, containment, eradication, recovery, and follow up.

Forensics combines investigative techniques and computer skills for the collection, examination, preservation, and presentation of evidence. Information acquired through forensic procedures can be used in the investigation of internal problems, or for criminal or civil cases. Awareness should be promoted so that users in an organization know to contact the incident response team when incidents such as hacking occur, and management will support any investigations conducted by the team. Because any evidence acquired in an investigation may be used in court proceedings, it is vital that strict procedures be followed in any forensic investigation.



SSCP Systems Security Certified Practitioner Study Guide
SSCP Study Guide and DVD Training System
ISBN: 1931836809
EAN: 2147483647
Year: 2003
Pages: 135

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net