CompTIA Security_ Deluxe Study Guide_ SY0-201 - Emmett Dulaney [229]
Disaster recovery is the process of helping your organization prepare for recovery in the event of an unplanned situation, and it’s a part of your organization’s business continuity plans.
Vendors can provide support and services to an organization. SLAs set a benchmark for expected performance when needed. Service performance and reliability are measured by MTBF and MTTR. Vendors that provide software or programming support should have code escrow agreements to ensure that software can be maintained if the vendor ceases business.
Human resource policies define all the key relationships between the employee, the organization, and the information they use. These policies dictate the expectations between all the parties involved. They should be comprehensive, and they should have a huge impact on security expectations.
Business policies drive security efforts and confidentiality issues. They should address physical access, due care, separation of duties, document destruction, and certificate usage.
Understanding how certificate policies affect certificate usage requires a clear understanding of the parties involved in a transaction. The subscriber is the presenter of a certificate. The relying party depends on the subscriber or a third party to verify authenticity. A CA should have a clear set of practices (a CPS) to define how business activities are conducted.
The process of dealing with a security problem is called incident response. An incident-response policy should clearly outline what resources, individuals, and procedures are to be involved in the event of an incident.
Privilege management involves making decisions regarding user and group roles, sign-on procedures, how information is accessed and used, auditing, and access control methods. Privilege management is one of the key components of an effective security policy.
Exam Essentials
Understand the aspects of disaster recovery. Disaster recovery is concerned with the recovery of critical systems in the event of a loss. One of the primary issues is the effectiveness of backup policies and procedures. Offsite storage is one of the more secure methods of protecting information from loss.
Know the types of backups that are typically performed in an organization. The three backup methods are full, incremental, and differential. A full backup involves the total archival of all information on a system. An incremental backup involves archiving only information that has changed since the last backup. Differential backups save all information that has changed since the last full backup.
Be able to discuss the process of recovering a system in the event of a failure. A system recovery usually involves restoring the base operating systems, applications, and data files. The operating systems and applications are usually either restored from the original distribution media or from a server that contains images of the system. Data is typically recovered from backups or archives.
Be able to discuss the types of alternative sites available for disaster recovery. The three types of sites available for disaster recovery are hot sites, warm sites, and cold sites. Hot sites typically provide high levels of capability, including networking. Warm sites may provide some capabilities, but they’re generally less prepared than a hot site. A cold site requires the organization to replicate critical systems and all services to restore operations.
Define the elements of a security policy. The security policy sets the internal expectations of how situations, information, and personnel are handled. These policies cover a broad range of the organization. Most policies in an organization affect the security policies.
Define the various types of policies that affect security efforts in an organization. The major policies that affect security are human resources, business, security, certificate, and incident-response