projects:cism
差别
这里会显示出您选择的修订版和当前版本之间的差别。
| 两侧同时换到之前的修订记录前一修订版 | |||
| projects:cism [2026/02/11 22:38] – jackiez | projects:cism [2026/02/11 22:44] (当前版本) – jackiez | ||
|---|---|---|---|
| 行 225: | 行 225: | ||
| Multifactor authentication combines different authentication techniques to provide stronger security. Authorization ensures that authenticated users may only perform actions necessary to carry out their assigned responsibilities. | Multifactor authentication combines different authentication techniques to provide stronger security. Authorization ensures that authenticated users may only perform actions necessary to carry out their assigned responsibilities. | ||
| ### Chapter8 Incident Response | ### Chapter8 Incident Response | ||
| + | **Security events are occurrences that may escalate into a security incident.** An event is any observable occurrence in a system or network. A security event includes any observable | ||
| + | occurrence that relates to a security function. A security incident is a violation or imminent threat of violation of computer security policies, | ||
| + | **The cybersecurity incident response process has four phases.** The four phases of incident response are preparation; | ||
| + | post-incident activities. The process is not a simple progression of steps from start to finish. Instead, it includes loops that allow responders to return to prior phases as needed during the response. | ||
| + | **Security event indicators include alerts, logs, publicly available information, | ||
| + | event management systems, antivirus software, file integrity checking software, and third-party monitoring services. Logs are generated by operating systems, services, applications, | ||
| + | security incident is in progress. | ||
| + | **Policies, procedures, and playbooks guide incident response efforts.** The incident response policy serves as the cornerstone of an organization' | ||
| + | response. Procedures provide the detailed, tactical information that CSIRT members need when responding to an incident. CSIRTs often develop playbooks that describe the specific procedures that they will follow in the event of a specific type of cybersecurity incident. | ||
| + | **Incident response teams should represent diverse stakeholders.** The core incident response team normally consists of cybersecurity professionals with specific expertise in incident response. | ||
| + | In addition to the core team members, the CSIRT may include representation from technical subject matter experts, IT support staff,legal counsel, human resources staff, and public relations and marketing teams. | ||
| + | **Incidents may be classified according to the attack vector where they originate.** Common attack vectors for security incidents include external/ | ||
| + | **Response teams classify the severity of an incident.** The functional impact of an incident is the degree of impairment that it causes to the organization. The economic impact is the amount of | ||
| + | financial loss that the organization incurs. In addition to measuring the functional and economic impact of a security incident, organizations should measure the time that services will be unavailable and the recoverability effort. Finally, the nature of the data involved in an | ||
| + | incident also contributes to the severity of the information impact. | ||
| ### Chapter9 Business Continuity and Disaster Recovery | ### Chapter9 Business Continuity and Disaster Recovery | ||
| - | + | **Understand the four steps of the business continuity planning process.** Business continuity planning involves four distinct phases: | |
| + | project scope and planning, business impact analysis, continuity planning, and approval and implementation. Each task contributes to the overall goal of ensuring that business operations continue uninterrupted in the face of an emergency. | ||
| + | **Describe how to perform the business organization analysis.** In the business organization analysis, the individuals responsible for leading the BCP process determine which departments | ||
| + | and individuals have a stake in the business continuity plan. This analysis serves as the foundation for BCP team selection and, after validation by the BCP team, is used to guide the next stages of BCP development. | ||
| + | **List the necessary members of the business continuity planning team.** The BCP team should contain, at a minimum, | ||
| + | technical experts from the IT department; physical and IT security personnel with BCP skills; legal representatives familiar with corporate legal, regulatory, and contractual responsibilities; | ||
| + | **Know the legal and regulatory requirements that face business continuity planners.** Business leaders must exercise due diligence to ensure that shareholders' | ||
| + | event disaster strikes. Some industries are also subject to federal, state,and local regulations that mandate specific BCP procedures. Many businesses also have contractual obligations to their clients that they must meet before, during, and after a disaster. | ||
| + | **Explain the steps of the business impact analysis process.** The five stages of the business impact analysis process are the identification of priorities, risk identification, | ||
| + | **Describe the process used to develop a continuity strategy.** During the strategy development phase, the BCP team determines which risks they will mitigate. In the provisions and | ||
| + | processes phase, the team designs mechanisms and procedures that will mitigate identified risks. The plan must then be approved by senior management and implemented. Personnel must also receive training on their roles in the BCP process. | ||
| + | **Explain the importance of comprehensively documenting an organization' | ||
| + | a written record of the procedures to follow when disaster strikes. It prevents the “it' | ||
| + | **Be familiar with the common types of recovery facilities.** The common types of recovery facilities are cold sites,warm sites, hot sites, mobile sites, and multiple sites. Be sure you | ||
| + | understand the benefits and drawbacks for each such facility. | ||
| + | **Understand the technologies that may assist with database backup.** Databases benefit from three backup technologies.Electronic vaulting is used to transfer database backups to a remote | ||
| + | site as part of a bulk transfer. In remote journaling, data transfers occur on a more frequent basis. With remote mirroring technology, | ||
| + | **Explain the common processes used in disaster recovery programs.** These programs should take a comprehensive approach to planning and include considerations related to the initial | ||
| + | response effort, personnel involved, communication among the team and with internal and external entities, assessment of response efforts, and restoration of services. DR programs should also include training and awareness efforts to ensure personnel understand their responsibilities and lessons learned sessions to continuously improve the program. | ||
| + | **Know the five types of disaster recovery plan tests and the impact each has on normal business operations.** The five types of disaster recovery plan tests are: read-through tests, | ||
| + | structured walk-throughs, | ||
| + | Neither has an impact on business operations. Simulation tests may shut down noncritical business units. Parallel tests involve relocating personnel but do not affect day-to-day operations. Full-interruption tests involve shutting down primary systems and shifting responsibility to the recovery facility. | ||
projects/cism.txt · 最后更改: 由 jackiez