CISM Terms

The recovery site is brought to a state of operational readiness, but operations at the primary site continues normally.

Operations are shut down at the primary site and shifted to the recovery site in accordance with the recovery plan. This is the most rigorous form of testing but is expensive and potentially disruptive.

start with table-top walkthrough, continue with table-top walkthrough with mock disaster scenarios, test infrastructure and recovery of critical applications, with and without involvment of end users, test full restoration with some personell unfamiliar with the systems, test communication plan, do surprise tests

1) all the factors that materially affect the project's success or failure 2) benefits, cost and risks 3) financial aspects like TCO 4) describing the exact scope 5) describing the added value (value proposition) 6) deliverables / outcome 7) project metrics

Return of investment is either calculated as a specific financial measurement or as a collective term. Collective term = gain of investment - cost of investment, financial measurement = usually expressed as a % over three years.

Return of security investment = gain from implemented security - cost for implementing security

Equity Value Analysis: works well then a company's asset are mainly intellectual property, goddwill or marketing allure.

Net Present Value

Total Cost of Ownership: refers to the deployment and operational cost usually for a 3 year period. It helps to differentiate solutions while separating deployment cost (i.e. HW, setup, customizing) and operational cost (continous license fees, opertions, etc.).

Internal Rate of Return

Level 1: initial -> undocumented, ad-hoc Level 2: repeatable -> documented so that repetition can be achieved Level 3: defined -> process is defined Level 4: managed -> using process metrics, management can measure and control Level 5: optimizing -> includes process optimization and improvment

1) cold sites: have only basic environment (cabling, air condition, etc.) ready, is ready to receive equipment and may require weeks to become operational 2) warm sites: have complete infrastructure but only partly configured in terms of IT may have some less powerful comuter equipment ready 3) hot sites: fully configured and ready to operate within several hours, requires only staff, programs and data 4) Duplicate sites: dedicated recovery site similar to the primary siteso it can take over quickly. can be a standby hot site or reciprocal agreement 5) Mirror sites: if continous uptime and availability is required, this type may be the best, 6) Mobile sites: like cold sites but mobile and can be rented

- Interruption window - RTO - RPO - SDO - MTO - Proximity factors - Location - Nature of probable disruptions

1) Redundancy: provide extra capacity, multiple paths between routers, use dynamic routing protocols 2) Alternative routing: using of different networks, circuits or end-points 3) Diverse routing: routing traffic through splitt or duplicate cable facilities 4) Long-haul network diversity: using multiple carriers 5) Last-mile circuit protection: use redundant combinations for the last mile 6) Voice recovery: redundant cabling and alternative routing for voice

Use of different backups for daily, weekly and monthly backups

RPO (Recovery Point Objective) is determined based on the acceptable data loss in case of a disruption of operations. It indicates the earliest point in time that is acceptable to recover the data. The RPO effectively quantifies the permissible amount of data loss in case of interru amount of data loss in case of interruption.

MTO (Maximum Tolerable Outage) defines the maximum time that an enterprise can support processing in alternate (or emergency) mode.

SDO (Service Delivery Objective) is directly related to the business needs, SDO is the level of services to be reached during the alternate process mode until the normal situation is restored normal situation is restored.

The same as inherent risk

Risk that is available due normal course of conducting business

The risk that remains after having applied mitigation measures

Risks that occure due to operating a business i.e. all IT related risks

Risks that are available to a whole system i.e. in banking sector, etc.

When multiple minor vulnerabilities aggregate and lead to a significant impact.

Reduce risks to an acceptable level

The risk that a control will not work as expected.

A risk likely in closely integrated/coupled systems as one failure can lead to a chain reaction.

The management of risk through the use of countermeasures and controls.

The process for systematically avoiding risk i.e. by omiting processes or projects.