Cybersecurity Fundamentals Quiz

Questions and Answers

What is the primary lesson that the AIIMS cyber-attack provides for organizations regarding network security?

• The necessity of network segmentation to isolate vulnerabilities and improve security. (correct)
• The importance of using the same passwords across all systems to prevent confusion.
• The value of avoiding incident response planning to keep operational costs down.
• The benefit of skipping software updates and security patches to maintain system performance.

Which of the following is NOT a recommended action for preventing cyber threats, as highlighted in the text?

• Implementing effective network segmentation techniques like firewalls.
• Ensuring devices and systems are kept up to date with security patches.
• Conducting regular risk assessments.
• Delaying the implementation of security patches to avoid software incompatibilities. (correct)

What is the primary goal of Business Continuity Management (BCM)?

• To reduce operational expenses by optimizing resource allocation.
• To prioritize customer satisfaction as the central objective.
• To increase revenue by implementing new business strategies.
• To manage disruptions and safeguard against impacts to the business. (correct)

What does an Incident Response Plan document primarily aim to achieve in the event of a cyber-attack?

To allow an organization respond to a breach in an organized and efficient manner to minimize damage and downtime. (B)

What is the main objective of providing cybersecurity training to employees?

To ensure employees are aware of the latest security threats and are prepared to handle them. (B)

Why should enterprises conduct regular internal audits as part of BCM?

To ensure adherence to Business Continuity Processes and regulatory needs. (A)

According to the content, what is an essential component of today's networked society?

A heightened reliance on supply chain management, requiring regulatory compliance, data security, and privacy. (B)

What role does top management play in the internal audit process of BCM?

To provide resources for corrective actions based on audit findings. (B)

What is the consequence of poor network segmentation, as evidenced by the AIIMS attack?

It allows threat actors to gain access to critical servers and data. (A)

Which of the following is a key aspect of effective BCM implementation?

Building redundancy in teams and infrastructure. (B)

Which of these is a key aspect of ensuring the continuous availability of services for an enterprise in today's global economy?

The ability to meet the demands of ever-increasing threats and risks. (C)

What does 'business contingency' refer to in the context of BCM?

An event that can possibly cause disruption to business and computer operations. (A)

Why is it important for the internal audit to be conducted by an independent group?

To guarantee impartiality and objectivity of the audit process. (C)

Besides firewalls and intrusion detection systems, what is mentioned in the text as an effective network segmentation technique?

Network access controls. (C)

Besides revenue, what else could be significantly impacted by business disruptions?

Company's brand image and customer satisfaction. (B)

What does Business Continuity refer to in the context of an enterprise?

The uninterrupted availability of key business resources to support essential activities. (D)

What is the primary purpose of the BCM maintenance process?

To demonstrate the documented evidence of the proactive management and governance of the enterprise’s business continuity program. (A)

Why is it important to identify BCP maintenance triggers?

To ensure any organizational, operational, and structural changes are communicated to those responsible for the plan’s upkeep. (B)

What does implementing version control procedures within a BCP ensure?

That the plan is maintained, and always up to date. (B)

According to the self-assessment of a BCM program, what are key products and services assessed against?

Their supporting critical activities and resources within the BCM strategy. (A)

According to the information, what should the BCM policy, strategies, framework and plans accurately reflect?

The enterprise’s priorities and requirements. (A)

What is necessary for an enterprise's BCM competence and capability to be considered effective and fit-for-purpose?

Permits management, command, control, and coordination of an incident. (C)

What should BCM strategies and plans incorporate according to the maintenance program?

Improvements identified during incidents and exercises. (D)

What action should be taken when additional equipment is needed for BCM?

The equipment must be maintained and periodically replaced when necessary. (A)

Which backup method requires the most storage space?

Full Backup (B)

What is the main disadvantage of mirror backups?

Deleted files in the source are also deleted in the mirror. (D)

Which backup method offers the fastest recovery time?

Full Backup (D)

Which backup method is fastest to perform?

Incremental Backup (D)

Which backup type requires the least bandwidth during the backup process?

Incremental Backup (D)

What is a key feature of differential backups?

Backs up all changes since the last full backup. (A)

Which statement about mirror backups is true?

They create an exact, uncompressed copy of the data. (D)

What distinguishes differential backups from incremental backups?

Differential backups back up changes since the last full backup. (B)

What is a primary focus during the selection of a strategy for a business continuity plan?

The processes and technology already present within the enterprise (A)

Which of the following is NOT considered a common preparation for business continuity?

Implementing a new marketing strategy (B)

What is included in the business continuity plans besides critical activities?

Actions for recovering non-critical activities (B)

Which team structure is essential for an effective incident response and recovery?

An Incident Management Team/Crisis Management Team (A)

What will the differential backup include when recovering 200 photos after deleting 100 from the added photos?

The 100 edited photos and the 100 added photos left after deletion (B)

Which of the following is an advantage of using differential backups?

Faster restores than full backups (A), Simpler restores than incremental backups (B)

What is one of the key actions an enterprise must do during an incident?

Confirm the impact of the incident (B)

In what scenario would a differential backup be more beneficial than a full backup?

When large volumes of valuable data need to be processed without constant backups (A)

What aspect should business continuity planning actively aim to reduce?

The likelihood and potential impacts of incidents (D)

What is a disadvantage of differential backups compared to incremental backups?

Not as efficient in storage space usage as incremental backups (A)

Which of the following describes a role of the Incident Management Team during an incident?

Coordinating appropriate response (D)

Why may existing service contracts need to be renegotiated in a business continuity plan?

To add contingency services as required by the strategy (D)

Which of the following statements is true regarding restoring data from differential backups?

Both the full backup set and the last differential backup are required (C)

What will the differential backup store when 300 photos are being recovered after deletion and editing?

The edited photos and the added photos before deletion (C)

Which aspect of differential backups makes them slower compared to incremental backups?

They include duplicated files changed after the full backup (A)

What characterizes the restore speed of differential backups compared to full backups?

Slower restore speed (A)

Flashcards

What is network segmentation?

Dividing a computer network into smaller, isolated segments, such as sub-networks.

How does network segmentation impact security?

Improper network segmentation can allow hackers to access critical servers and data.

What are risk assessments?

Regularly assessing potential risks and vulnerabilities within your network to identify and address them.

Name some network segmentation techniques.

Firewalls, intrusion detection systems, and network access control are examples of these techniques used to enhance security.

What are security updates?

Ensuring all devices and software are up-to-date with the latest security patches to fix vulnerabilities.

What is an Incident Response Plan?

A plan outlining the steps to take during a cyber-attack to minimize damage and downtime.

What is cybersecurity training?

Training employees on cybersecurity awareness, including topics like phishing, password protection, and data privacy.

Why is business continuity important in a networked society?

In a networked world, organizations rely on supply chain management for efficient operations, demanding regulatory compliance, data security, and privacy.

Business Contingency

A sudden event, like an infrastructure outage or human error, that could disrupt business operations.

Business Continuity Management (BCM)

A structured approach to ensuring that an organization can continue essential operations after a disruption.

Business Continuity Planning

The process of identifying potential threats to business operations and developing countermeasures to mitigate their impact.

Business Continuity

The ability to keep critical business functions operational during and after a disruption.

Backup Arrangement

A backup system or arrangement that allows for a smooth transition when a primary system fails.

BCM Internal Audits

Internal audits conducted to verify that Business Continuity processes comply with policies and regulations.

Corrective Actions

Actions taken to eliminate nonconformities identified during internal audits.

Independent Audit Groups

Independent groups, like internal audit functions, that perform BCM audits to ensure objectivity and impartiality.

Business Continuity Plans

These plans are designed to guide the organization through a disruptive event and help it recover its critical functions and resources.

Risk Assessment

Analyzing potential disruption sources that could affect business operations.

Mitigation Measures

The enterprise can take measures to reduce the probability or impact of disruptions.

Resilience

The ability of a system or organization to withstand disruptions and bounce back quickly.

Incident Management Team (IMT)

A team with a well-defined structure responsible for managing and responding to incidents and disruptions.

Incident Management

A set of processes for managing disruptions, including identifying, analyzing, responding to, and recovering from incidents.

Business Recovery

The process of restoring disrupted business operations to their pre-incident state.

Differential Backup

A backup method that only backs up changes made since the last full backup, making it faster than full backups but using more storage space than incremental backups. It creates a copy of all changes, including new files and updated files.

Incremental Backup

A backup strategy where only the files modified since the last backup are copied. This method is efficient in terms of time and storage but can be slow for restores.

Full Backup

A backup that copies all data to a separate location. This is the most comprehensive backup method but can be time-consuming and requires significant storage space.

Differential Backup Restoration

A recovery approach using the full backup and the most recent differential backup. It combines the efficiency of full backups with the speed of differential backups for faster restoration.

Incremental Backup Restoration

A recovery method using the full backup and all subsequent incremental backups. This method is time-consuming but ensures data integrity by using all available backup snapshots.

When to use differential backup?

This technique is beneficial for organizations that handle large amounts of data but cannot afford continuous backups. It balances speed and storage efficiency, making it a practical choice.

Differential Backup Speed

Differential backups are faster than full backups but slower than incremental backups.

Differential Backup Storage

Differential backups use more storage space than incremental backups but less than full backups.

What is BCP Maintenance?

The process of maintaining and updating Business Continuity Plans (BCP) to ensure they remain relevant and effective in the face of changing circumstances.

Who are BCM Implementers?

The key people responsible for implementing the Business Continuity Management (BCM) strategy and plans, ensuring they are adequately trained and competent in their roles.

Why is BCM Risk Management Critical?

The process of actively identifying potential risks and vulnerabilities that could disrupt business operations and developing strategies to mitigate them.

What is a BCM Self-Assessment?

The regular review and assessment of a company's BCM program to ensure its effectiveness and align it with current business priorities and evolving risks.

What is Business Continuity?

The ability to maintain critical business functions during and after a disruptive event, ensuring ongoing operations without significant interruption.

What are BCM Documentation and Records?

The process of documenting and maintaining evidence that demonstrates the effectiveness of the BCM program, showcasing proactive risk management and governance.

What is BCM Exercising?

The regular practice and testing of BCPs through drills and simulations to ensure that the plan is effective and that employees are prepared to execute it.

What is BCM Continuous Improvement?

Periodic reviews of the BCM program to identify areas for improvement and incorporating lessons learned from past incidents or exercises to strengthen the overall strategy.

Mirror Backup

A backup method that creates a perfect mirror image of the original data. It's like having an exact replica of your computer's files, but it can be risky if data is accidentally deleted.

Study Notes

Chapter 5: Business Continuity Planning and Disaster Recovery Planning

• Learning Outcomes: After studying this chapter, students will be able to understand Business Continuity Management (BCM), the phases in BCP development, the BCM process, different types of plans, backup types, Incident Management Plan (IMP) implementation, and Disaster Recovery Procedural Plan (DRPP) components.

Chapter Overview

• BCM Process & Cycle, Types of Backups, BCP and types, DRP: A diagram illustrates the relationships between Business Continuity Plans (BCP), Business Continuity Management (BCM) processes, Types of Backups, and Disaster Recovery Plans (DRP).

• Attack on AIIMS Delhi Servers (2022): A ransomware attack on AIIMS Delhi servers in 2022 highlighted the vulnerability of healthcare organizations to cyber threats. This incident led to data breaches and disruptions in hospital operations.

• Establishment of AIIMS e-hospital: AIIMS Delhi became the country's first fully digital public hospital in 2016 through the Digital India initiative.

• Ransomware Attack (2022): A significant cyberattack on AIIMS Delhi servers on Nov 23, 2022, resulted in the encryption of 1.3 terabytes of data and the compromise of patient records.

• Implications of the Attack: Compromised patient data, blocked internet services, disruption of digital hospital services, and the need for manual operations to keep the hospital going for a period.

Why it Matters?

• Data Exposure: The attack potentially exposed the data of approximately 40 million patients and healthcare workers, raising concerns about data security in healthcare institutions.

• Remedial Actions: The hospital worked to restore systems and address the impact of the cyber-attack, focusing on manual processes temporarily and working to restore the e-hospital applications.

Some Crucial Lessons to be learnt

• Cybersecurity Measures: Emphasizes the critical need for robust cyber security measures to protect sensitive information from cyberattacks and highlights the importance of network segmentation as a critical security measure.

Need of Business Continuity Management (BCM)

• Reliance on Supply Chain: BCM is crucial for managing disruptions in today's interconnected globalized world. It covers risk management and compliance with government regulations.

• Business Continuity Management (BCM): is a process that helps organizations maintain and restore critical functions to ensure business continuity during disruptions or disasters.

Scope of Business Continuity Management (BCM)

• Advantages: BCM can proactively assess risks, develop response plans, minimize damage, and efficiently demonstrate responses during crises or testing exercises.

Business Continuity Policy (BCM Policy)

• Objectives of BCP: The primary aim of Business Continuity Planning is to minimize losses (financial and reputation) during disasters and to enable quick recovery of operations.

Business Continuity Planning (BCP)

• Business Contingency: A business contingency refers to an event that has the potential to disrupt operations. It can range from minor disruptions like a power outage to major disasters like natural disasters.

• Business Continuity Planning (BCP): A framework for managing disruption or disaster that reduces critical business impact. It describes plans for response, recovery, and continuation of critical business functions.

• Incident Response Plan: A crucial part of BCP to deal with emergencies such as cyberattacks, physical damage, or similar crises.

Business Continuity Planning (BCP) – Phases

• Phase 1 – Pre-Planning Activities (Project Initiation): This phase focuses on understanding the existing environment, defining the plan's scope, and setting up project schedules and teams. It will include defining recovery requirements, and obtaining commitment to the program from senior management and staff.

• Phase 2 – Vulnerability Assessment and General Definition of Requirements: This involves identifying possible threats and vulnerabilities, and assessing the potential impact on the organization. Security and controls are key aspects of this phase, and measures to reduce the likelihood of disruption should be identified.

• Phase 3 – Business Impact Assessment (BIA): Enables the identification of critical systems, processes, and functions, their associated economic implications if disrupted, and to determine how long the organization can survive without access to these elements.

• Phase 4 - Detailed Definition of Requirements: Enables the definition of specific recovery plans to address the identified business requirements and needs. This will include all necessary hardware, software, personnel, resources and processes needed to achieve the restoration of services.

• Phase 5 - Plan Development: Defining and documenting recovery plans outlining detailed operational procedures and processes. This also defines the roles and responsibilities of staff involved..

• Phase 6 - Testing/Exercising Program: The testing phase assesses the plans' effectiveness and ensures that recovery procedures are workable and compliant with the plan.

• Phase 7 – Maintenance Program: Regularly testing, revising, and updating the plans to reflect changes in the environment and processes, to ensure that the plan remains relevant and up-to-date following implementation.

• Phase 8 - Initial Plan Testing and Implementation: Testing the plans, identifying issues, and refining the plans based on test results or modifications.

Business Continuity Management (BCM) Cycle

• Fig 5.2: BCM Cycle: The cycle is an iterative process, which means that after the plan has been implemented, it must be tested in order to ensure that it works as anticipated.

Types of Plans

• Emergency Plan: The plan outlines the actions for immediate response to a disaster impacting human life or business operations.

• Fallback and Resumption Procedures: These procedures outline actions to return to normal operations in a timely fashion.

• Incident Management Plan (IMP): Used to manage incidents or crises. This plan provides protocols for managing the impact of various potential emergencies and their consequences.

• Contingency Plan: Outlines the steps an organization will take to resume critical business activities after a disruptive event like system failure, natural disaster etc.

Disaster Recovery Plan

• Scope of Recovery Plan: Outlines the steps and procedures, including the personnel, resources, and processes involved to restore essential business operations.

BCM Testing and Maintenance

• BCM Testing Plan: Tests the plans' effectiveness and identifies areas for improvement, to confirm that the plans are workable, comprehensive, and accurate.

Alternate Processing Facility Arrangements

• Cold Site: Provides essential infrastructure and utilities for restoring operations, potentially allowing for some downtime during recovery. Organizations might enter contracts with other organizations for access to a cold site.

• Warm Site: Offers more operational infrastructure than a cold site, including some necessary equipment, allowing for shorter recovery times.

• Hot Site: A fully equipped facility that mirror the existing IT systems and software, and can be activated quickly; providing the fastest recovery option. Often shared with other organizations.

Types of Backups

• Full Backup: Copies all files in a specified location.

• Incremental Backup: Backs up only files that have changed since the last full or incremental backup.

• Differential Backup: Backs up all files that have changed since the last full backup. Requires the last full backup, unlike incremental backup which can be applied alone.

• Mirror Backup: Creates an exact copy of the source data. Any changes to the source data will also be reflected in the mirror backup.

Methods for testing the plan

• Testing should be based on reasonable scenarios that are a likely possibility. This can be accomplished through simulations or drills, involving individuals or groups in the required roles.