ITS 4350 - Disaster Recovery

Review for Second Test

The following questions are provided to help you study for the second test. Do not expect to see these exact questions on the test.

1. What is a Gedankenexperiment? Why do we do them?
   Hint:
   
   
   
   
2. How does the concept of containment lead to different actions depending on the source of an attack?
   
   
3. Why should recovery after an attack lead to a better protected system than we had before it?
   
   
4. What does the text mean when it says that if we are under a DoS attack, so is our ISP?
   
   
5. What does Deming's cycle have to do with searching for the cause of a problem, or a weakness that allowed an attack to succeed?
   
   
6. Whatever you want to call it, what is the purpose of doing a review of an incident after it is resolved?
   
   
7. Forensic is a word with several meanings. What does it mean regarding computer security incidents?
   
   
8. Regarding forensics, what are two meanings of the word evidence?
   
   
9. What are two possible sources that can authorize a search for "evidence" in a workplace?
   
   
10. What is meant by the term anti-forensics?
    
    
11. According to our text, what is the percentage of companies having a data center disaster lasting 10 or more days that go into bankruptcy?
    
    
12. Regarding the mayhem commercials: how does the commercial about the dog and the house robbers relate to an IT organization as well as to a home?
    
    
13. Regarding the mayhem commercials: how does the commercial about the GPS that was never updated relate to an IT organization and its hardware/software?
    
    
14. Why does your business continuity plan require that you know the scope of the disaster that has happened to your organization? (Think geography.)
    
    
15. Where should copies of your contingency plans be stored? (The answer depends greatly on the scope of the disaster.)
    
    
16. Name four of the five informational triggers mentioned in the text that can cause the organization to implement a plan.
    
    
17. What should be the priority order of dealing with threats to belongings, health, life, and structural safety? What do you do about a disagreement between staff about these priorities?
    
    
18. How does the prioritization of threats relate to Maslow's Pyramid?
    
    
19. Just in case you have forgotten, when do we use the business continuity plan, as opposed to the disaster recovery plan, assuming we have both?
    
    
20. Which of the two plans mentioned above is almost guaranteed to involve dealing with an outside entity? Why?
    
    
21. What is an advance party, with regard to business continuity plans? How does the nature of a temporary location (hot, warm, cold) change the roster of who should be assigned to the advance party?
    
    
22. Ignoring the text's initial, and rather disgraceful, definition of the word crisis, what should we consider to be the operational definition to take from this course?
    
    
23. What is the difference between a smoldering crisis and a sudden crisis? How can our approaches to dealing with them differ?
    
    
24. According to the graphic I pointed out from the text, what pecentage of the time will a crisis emerge from a source other than the anticipated sources in that graphic? What can we learn from that statistic?
    
    
25. Why should we be concerned with a head count when there is a sudden crisis? What about known health issues that apply to our staff or guests?
    
    
26. Name two sources of counseling that may be available to our staff who have endured a crisis.
    
    
27. Why is succession an issue in a crisis?