Scribd
Upload
3 views

Domain2

The document outlines key concepts related to incident response, business continuity, and disaster recovery, emphasizing the importance of preparation and communication. It defines critical terms such as breach, incident, threat, and vulnerability, and describes the roles of incident response teams and the components of effective response and recovery plans. The document also highlights the necessity of regular testing of backups and the execution of business continuity plans to ensure minimal disruption during incidents.

Uploaded by

Appu Aravind
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
3 views

Domain2

The document outlines key concepts related to incident response, business continuity, and disaster recovery, emphasizing the importance of preparation and communication. It defines critical terms such as breach, incident, threat, and vulnerability, and describes the roles of incident response teams and the components of effective response and recovery plans. The document also highlights the necessity of regular testing of backups and the execution of business continuity plans to ensure minimal disruption during incidents.

Uploaded by

Appu Aravind
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

Incident Response, Business Continuity and Disaster Recovery

Concepts
03 February 2025 00:57

Key Topics Include


• Recovery Strategies
• Continuity Strategies
• Incident Management
Incident Terminology
An understanding of incident response starts with knowing the terms used to describe various
cyberattack
• Breach: The loss of control, compromise, unauthorized disclosure, unauthorized acquisition, or
any similar occurrence where: a person other than an authorized user accesses or potentially
accesses personally identifiable information; or an authorized user accesses personally identifiable
information for other than an authorized purpose. NIST SP 800-53 Rev. 5
• Event: Any observable occurrence in a network or system. NIST SP 800-61 Rev 2.
• Exploit: A particular attack. It is named this way because these attacks exploit system
vulnerabilities
• Incident:An event that actually or potentially jeopardizes the confidentiality, integrity, or
availability of an information system or the information the system processes, stores, or
transmits.
• Intrusion:A security event, or combination of events,that constitutes a deliberate security
incident in which an intruder gains, or attempts to gain, access to a system or system
resource without authorization.
IETF RFC 4949 Ver 2.
• Threat: Any circumstance or event with the potential to adversely impact organizational
operations (including mission, functions, image, or reputation), organizational assets,
individuals, other organizations, or the nation through an information system via
unauthorized access, destruction, disclosure, modification of information, and or denial of
service. NIST SP 800-30 Rev 1
• Vulnerability: Weakness in an information system, system security procedures, internal
controls, or implementation that could be exploited by a threat source. NIST SP 800-30
Rev 1
• Zero Day: A previously unknown system vulnerability with the potential of exploitation
without risk of detection or prevention because it does not, in general, fit recognized
patterns, signatures, or methods.
The Goal of Incident Response
• The primary goal of incident management is to be prepared. Preparation requires having a
policy and a response plan that will lead the organization through the crisis,
• Incident response planning is a subset of the greater discipline of business continuity
management (BCM).
Components of the Incident Response Plan

Domain2 Incident Response^J Business Continuity Page 1


Incident Response Team
 A typical incident response team is a cross-functional group of individuals who
represent the managerial,
technical, and functional areas of responsibility most directly impacted by a security
incident.
• Determine the amount and scope of damage caused by the incident.
• Determine whether any confidential information was compromised during the incident.
• Implement any necessary recovery procedures to restore security and recover from
incident-related damage.
• Supervise the implementation of any additional security measures necessary to improve
security and prevent recurrence of the incident.
The Importance of Business Continuity
 A key part of the plan is communication, including multiple contact methodologies and
backup numbers in case of a disruption of power or communication.
The Goal of Disaster Recovery
 Whereas business continuity planning is about maintaining critical business functions,
disaster recovery planning is about restoring IT and communications back to full
operations after a disruption.
Disaster Recovery in the Real World
 It is vital to ensure that an organization’s critical systems are formally identified and have
backups that are regularly tested. Sometimes an incident is not recognized or detected
until days or months later.

Components of a Business Continuity Plan


Domain2 Incident Response^J Business Continuity Page 2
Components of a Business Continuity Plan

Business Continuity in Action


With the execution of the plan, there was no material interruption to the company’s
business or its ability to provide services to its customers—indicating a successful
implementation of the business continuity plan
Components of a Disaster Recovery Plan

Assessment:
1. The red book serves as a hard copy backup accessible outside the facility,
containing outlined procedures in case electronic access is unavailable.
2. Data backups are essential for disaster recovery, ensuring swift restoration of
critical information post-disaster, mitigating risks, and maintaining operational
continuity.
3. Some organizations use the term "crisis management" to describe the incident management
process.
4. The purpose of the Executive Summary is to provide a high-level overview of the
plan.
5. Notification systems and call trees for alerting personnel that the BCP is being
enacted as important components of a business continuity plan.
6. The components of the incident response plan are: Preparation, Detection &
Analysis, Containment, Eradication & Recovery, and Post-Incident Activity.

Domain2 Incident Response^J Business Continuity Page 3


Domain2 Incident Response^J Business Continuity Page 4

You might also like