domain 2 : incident response , business continuity and disaster recovery concepts :

module 1 : INCIDENT RESPONSE

*BREACH : the loss of control , compromise , unauthorized disclosure , unauthorized
acquisation , or any similar occurence
*EVENT : any observable occurence in a network or system
*INCIDENT : An event that potentially affect the CIA triad of an information system
or the information the system process , stores or transmits
*EXPLOIT : a particular attack , it is named this way because these attacks exploit
system vulnerabilities
*INTRUSION : a security event , or combination of events , that constitues a
delibrate security incident in wich an intruder gain , access to a ystem
or system ressource without authorization
*THREAT : any circumstance or event with the potential to adversely impact
organizational operations
*VUlNERABILITY : weakness in an information system
*ZERO DAY : a previously uknown system vulnerability with the potential of
exploitation without risk of detection
*THE GOAL OF INCIDENT RESPONSE : - every organization must be prepared for
incidents
- the priority of any incident response is to
protect life , health and safety (always chose safety first)
- the incident response process is aimed at
reducing the impact of an incident
*INCIDENT RESPONSE PLAN COMPONENTS : 1- preparation
2- detection and analysis (documentation)
3- containement (‫)االحتواء‬
4- post-incident activity (lesson learned)
*incident response team : - senior mangement
- information security professionals
- legal representatives
- public affaires/communications representatives
- engineering representative (system and network)
these teams named CIRTs computer incident response team or CSIRTS COMPUTER SECURITY
INCIDENT RESPONSE TEAM

module 2 : business continuity : (maintening business functions )

*BCP buisness continuity plan :- restore business operations after a disaster or
other significant disruption to the organization
- members from across the organization should
participate in creating the BCP to ensure all systems
*key parts of BC : - communication
- procedures and checklists (red book)
- management
- critical contact numbers for the supply chain , as well as maw
enforcement and other sites outside of the facility
*business impact analysis BIA : - an analysis of an information system's
requirement used to characterize system contigency requirement
and priorities in the event of a significatif
disruption

module 3 : DISASTER RECOVERY : (maintain it and communication )

*disaster recovery plan DRP : - policies , procedures and processes related to
recovering critical business functions , technologies ,
 systems and applications after the organization
experiences a disaster.
*key parts of DRP : 1- executive summary of the plan
2- departement-specific plans
3- thecnical guides for maintening critical backup systems
4- full copies for critical DR team
5- checklist for *recovery team *it personnel *managers and
public relations personnel
*RECOVERY POINT OBJECTIVE RPO : how much data can you affrod to lose
*RECOVERY TIME OBJECTIVE RTO : how long can you affrod to be down