8.6. Exam Essentials

Understand the aspects of disaster recovery

Disaster recovery is concerned with the recovery of critical systems in the event of a loss. One of the primary issues is the effectiveness of backup policies and procedures. Offsite storage is one of the more secure methods of protecting information from loss.

Know the types of backups that are typically performed in an organization

The three backup methods are full, incremental, and differential. A full backup involves the total archival of all information on a system. An incremental backup involves archiving only information that has changed since the last backup. Differential backups save all information that has changed since the last full backup.

Be able to discuss the process of recovering a system in the event of a failure

A system recovery usually involves restoring the base operating systems, applications, and data files. The operating systems and applications are usually either restored from the original distribution media or from a server that contains images of the system. Data is typically recovered from backups or archives.

Be able to discuss the types of alternative sites available for disaster recovery

The three types of sites available for disaster recovery are hot sites, warm sites, and cold sites. Hot sites typically provide high levels of capability, including networking. Warm sites may provide some capabilities, but they're generally less prepared than a hot site. A cold site requires the organization to replicate critical systems and all services to restore operations.

Define the elements of a security policy

The security policy sets the internal expectations of how situations, information, and personnel are handled. These policies cover a broad range of the organization. Most policies in an organization affect the security policies.

Define the various types of policies that affect security efforts in an organization

The major policies that affect security are human resources, business, security, certificate, and incident-response policies. Human resource policies describe expected behavior and other policies concerning employees. Business policies drive all other policies, set expectations of how the organization will do business, and protect information.

Be able to describe the needed components of an incident-response policy

The incident-response policy explains how incidents will be handled, including notification, resources, and escalation. This policy drives the incident-response process, and it provides advance planning to the incident-response team.

Know the aspects of privilege management

Privilege-management decision making involves evaluating the roles of individuals and departments in an organization. This includes centralized versus decentralized decision making, sign-on procedures, auditing, and role control.

Be able to describe the purpose of an audit

An audit is the process of testing and verifying the effectiveness of policies and procedures in an organization. A security audit may include evaluating privileges, systems usage, and escalation. The final product of an audit is the report to management, which outlines the results of the audit and pinpoints areas that need improvement.

Be able to describe the three roles of access control

The three roles are MAC, DAC, and RBAC. Mandatory Access Control (MAC) establishes rigid access control methods in the organization. Discretionary Access Control (DAC) allows for flexibility in access control. Role-Based Access Control (RBAC) is based on the role the individual or department has in the organization.