Presentation is loading. Please wait.

Presentation is loading. Please wait.

CompTIA Security+ Study Guide (SY0-401)

Published byMagdalene Warren Modified over 6 years ago

Similar presentations

Presentation on theme: "CompTIA Security+ Study Guide (SY0-401)"— Presentation transcript:

1 CompTIA Security+ Study Guide (SY0-401)
Chapter 12: Disaster Recovery and Incident Response

2 Chapter 12: Disaster Recovery and Incident Response
Given a scenario, implement basic forensic procedures. Summarize common incident response procedures. Summarize risk management best practices. Explain the proper use of penetration testing versus vulnerability scanning.

3 Business Continuity Business continuity planning (BCP)
is the process of implementing policies, controls and procedures to counteract the effects of losses, outages, or failures of critical business processes Critical business functions(CBF) Two key components of BCP: business impact analysis (BIA) risk assessment

4 Storage Mechanisms Working copy backups Onsite storage
are partial or full backups that are kept at the computer center for immediate recovery purposes Onsite storage usually refers to a location on the site of the computer center that is used to store information locally

5 Chapter 12: Disaster Recovery and Incident Response
is the ability to recover system operations after a disaster Backups are duplicate copies of key information, ideally stored in a location other than the one where the information is currently stored

6 Backup Plan Issues A disaster-recovery plan
helps an organization respond effectively when a disaster occurs Understanding Backup Plan Issues Database Systems User Files Applications

7 Knowing Backup Types Full Backup
is a complete, comprehensive backup of all files on a disk or server Incremental Backup is a partial backup that stores only the information that has been changed since the last full or the last incremental backup Differential Backup backs up any files that have been altered since the last full backup; it makes duplicate copies of files that haven’t changed since the last differential backup

8 Developing a Backup Plan
Grandfather, Father, Son method Grandfather, Father, Son method is based on the philosophy that a full backup should occur at regular intervals, such as monthly or weekly Full Archival method works on the assumption that any information created on any system is stored forever Backup Server method establishes a server with large amounts of disk space whose sole purpose is to back up data

9 Chapter 12: Disaster Recovery and Incident Response
Recovering a System Backout vs. Backup alternate or backup sites Hot Site Warm Site

10 Chapter 12: Disaster Recovery and Incident Response
Incident response plan (IRP) outlines what steps are needed and who is responsible for deciding how to handle a situation Incident is the occurrence of any event that endangers a system or network Incident response encompasses forensics and refers to the process of identifying, investigating, repairing, documenting, and adjusting procedures to prevent another incident

11 Incident Response Process
Step One: Identifying the Incident Incident identification Step Two: Investigating the Incident Step Three: Repairing the Damage Step Four: Documenting and Reporting the Response Step Five: Adjusting Procedures

12 Forensics from the Security+ Perspective
Act in Order of Volatility Capture System Image Document Network Traffic and Logs Capture Video Record Time Offset Take Hashes Capture Screenshots Talk to Witnesses Track Man Hours and Expenses

13 Chapter 12: Disaster Recovery and Incident Response
Succession planning outlines those internal to the organization who have the ability to step into positions when they open Tabletop Exercises Simulate disaster Reinforcing Vendor Support Software vendors and hardware vendors are necessary elements in the process of building systems and applications

14 Service-Level Agreements
Service-level agreement (SLA) is an agreement between you or your company and a provider, typically a technical support provider Recovery Time Objectives (RTO) is the maximum amount of time that a process or service is allowed to be down and the consequences still considered acceptable Mean Time between Failures (MTBF) is the measure of the anticipated incidence of failure for a system or component Mean time to restore (MTTR) is the measurement of how long it takes to repair a system or component once a failure occurs

15 Code Escrow Agreements
refers to the storage and conditions of release of source code provided by a vendor Example: a code escrow agreement would stipulate how source code would be made available to customers in the event of a vendor’s bankruptcy

16 Penetration Testing Penetration testing Steps in penetration testing:
the goal of penetration testing is to simulate an attack and look for holes that exist in order to be able to fix them Steps in penetration testing: Verify a Threat Exists Bypass Security Controls Actively Test Security Controls

17 Ethical Hacking Black Box White Box Gray Box
the administrator acts as if they have no prior knowledge of the network White Box occasionally referred to as full disclosure testing Gray Box also known as partial disclosure testing.

18 Vulnerability Scanning
involves looking for weaknesses in networks, computers, or even applications Five major tasks: Passively Testing Security Controls Interpreting Results Identifying Vulnerability Identifying Lack of Security Controls Identifying Common Misconfigurations

Download ppt "CompTIA Security+ Study Guide (SY0-401)"

Similar presentations

Information Technology Disaster Recovery Awareness Program.

Information Technology Disaster Recovery Awareness Program.
Case Study: Business Continuity Planning for Site- Level Disaster Kimberley A. Pyles Northrop Grumman Corporation

Case Study: Business Continuity Planning for Site- Level Disaster Kimberley A. Pyles Northrop Grumman Corporation
Backup and Disaster Recovery (BDR) A LOGICAL Alternative to costly Hosted BDR ELLEGENT SYSTEMS, Inc.

Backup and Disaster Recovery (BDR) A LOGICAL Alternative to costly Hosted BDR ELLEGENT SYSTEMS, Inc.
GLOBRIN Business Continuity Workshop TECHNOLOGY & INFORMATION 13 th November 2013 Graham Jack.

GLOBRIN Business Continuity Workshop TECHNOLOGY & INFORMATION 13 th November 2013 Graham Jack.
© 2009 EMC Corporation. All rights reserved. Introduction to Business Continuity Module 3.1.

© 2009 EMC Corporation. All rights reserved. Introduction to Business Continuity Module 3.1.
1 An Overview of Computer Security computer security.

1 An Overview of Computer Security computer security.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 12: Managing and Implementing Backups and Disaster Recovery.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 12: Managing and Implementing Backups and Disaster Recovery.
TEL382 Greene Chapter 11. 10/27/09 2 Outline What is a Disaster? Disaster Strikes Without Warning Understanding Roles and Responsibilities Preparing For.

TEL382 Greene Chapter /27/09 2 Outline What is a Disaster? Disaster Strikes Without Warning Understanding Roles and Responsibilities Preparing For.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Backup & Restore The purpose of backup is to protect data from loss. The purpose of restore is to recover data that is temporarily unavailable due to some.

Backup & Restore The purpose of backup is to protect data from loss. The purpose of restore is to recover data that is temporarily unavailable due to some.
John Graham – STRATEGIC Information Group Steve Lamb - QAD Disaster Recovery Planning MMUG Spring 2013 March 19, 2013 Cleveland, OH 03/19/2013MMUG Cleveland.

John Graham – STRATEGIC Information Group Steve Lamb - QAD Disaster Recovery Planning MMUG Spring 2013 March 19, 2013 Cleveland, OH 03/19/2013MMUG Cleveland.
Copyright © 2015 Pearson Education, Inc. Processing Integrity and Availability Controls Chapter 10 10-1.

Copyright © 2015 Pearson Education, Inc. Processing Integrity and Availability Controls Chapter
Chapter 10 Information Systems Controls for System Reliability—Part 3: Processing Integrity and Availability Copyright © 2012 Pearson Education, Inc.

Chapter 10 Information Systems Controls for System Reliability—Part 3: Processing Integrity and Availability Copyright © 2012 Pearson Education, Inc.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 12: Managing and Implementing Backups and Disaster Recovery.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 12: Managing and Implementing Backups and Disaster Recovery.
1 Business Continuity. 2 Continuity strategy Business impact Incident response Disaster recovery Business continuity.

1 Business Continuity. 2 Continuity strategy Business impact Incident response Disaster recovery Business continuity.
Planning for Continuity

Planning for Continuity
November 2009 Network Disaster Recovery October 2014.

November 2009 Network Disaster Recovery October 2014.
CISA REVIEW The material provided in this slide show came directly from Certified Information Systems Auditor (CISA) Review Material 2010 by ISACA.

CISA REVIEW The material provided in this slide show came directly from Certified Information Systems Auditor (CISA) Review Material 2010 by ISACA.
Security+ All-In-One Edition Chapter 16 – Disaster Recovery and Business Continuity Brian E. Brzezicki.

Security+ All-In-One Edition Chapter 16 – Disaster Recovery and Business Continuity Brian E. Brzezicki.
Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Disaster Recovery, Business Continuity, and Organizational Policies.

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Disaster Recovery, Business Continuity, and Organizational Policies.

Similar presentations

Ads by Google