CHAPTER SUMMARY
This chapter has provided information on identifying assets. Asset identification is an important first step in any risk identification process. An organization’s assets include its hardware and software, data and information assets, and personnel. The seven domains of a typical IT infrastructure can be used to ensure that all the assets are identified.
Once the assets have been identified, they can be protected using various tools. A business impact analysis helps in identifying the impact to the business if a service fails, which helps in prioritizing the most important assets. A disaster recovery plan documents the steps that would need to be taken to restore a failed system. A business continuity plan is broader and is used to help ensure that mission-critical systems continue to operate even after a disaster.
KEY CONCEPTS AND TERMS
CHAPTER 7 ASSESSMENT
- Ensuring that a service is operational 99.999 percent of the time is possible even if a server needs to be regularly rebooted.
- True
- False
- What is a single point of failure?
- Any single part of a system that can fail
- Any single part of a system that can cause the entire system to fail if it fails
- Any single part of a system that has been protected with redundancy
- Any single part of a system
- When identifying the assets in an organization, what would be included?
- Hardware
- Software
- Personnel
- Only A and B
- A, B, and C
- When identifying hardware assets in an organization, what information should be included?
- Model number and manufacturer
- Serial number
- Location
- Only A and C
- A, B, and C
- An organization may use a ________ rotation policy to help discover dangerous shortcuts or fraudulent activity.
- What type of data should be included when identifying an organization’s data or information assets?
- Organizational data
- Customer data
- Intellectual property
- A and B only
- A, B, and C
- What is a data warehouse?
- A database used in a warehouse
- A database used to identify the location of products in a warehouse
- A database created by combining multiple databases into a central database
- One of several databases used to create a central database for data mining
- What is data mining?
- The process of retrieving relevant data from a data warehouse
- A database used in metal mining operations
- A database created by combining multiple databases into a central database
- A process used to extract, load, and transform a data warehouse
- What can an asset management system be compared with to ensure an entire organization is covered?
- Hardware and software assets
- Software assets
- Personnel and data assets
- The seven domains of a typical IT infrastructure
- When updating an organization’s business continuity plans, only ________ systems should be included.
- Which of the following is a privacy regulation that may impact data sourced from the European Economic Area?
- HIPAA
- GDPR
- PCI DSS
- FOIP
- What should an organization use if it wants to determine what the impact would be if a specific IT server fails?
- BIA
- BCP
- DRP
- BCC
- What should an organization use if it wants to ensure it can continue mission-critical operations in the event of a disaster?
- BIA
- BCP
- DRP
- BCC
- What should an organization use if it wants to ensure it can recover a system in the event of a disaster?
- BIA
- BCP
- DRP
- BCC
- A BCP and a DRP are two different things.
- True
- False