Information Technology Contingency Planning

Questions and Answers

What is an important component of the risk management process for organizations depending on information systems and networks?

Trending analysis of past computer security incidents (correct)

Employee vacation scheduling

Regular hardware upgrades

Budget allocation for incident response training

Which of the following is the purpose of configuration management in an information system or network?

Identification, inventory, and documentation of configurations (correct)

Training employees on incident response procedures

Regularly changing system administrators

Setting up firewalls

What does a well-defined incident response capability help organizations with?

Delaying incident detection to assess long-term impact

Maximizing destruction for insurance claims

Detecting incidents rapidly and minimizing loss (correct)

Increasing the number of incidents for statistical analysis

How are configuration management and change management related in managing information systems?

Configuration management identifies current configurations, while change management addresses modifications.

What does change management address in an information system or network?

Modifications to the base configuration

What is the primary purpose of maintaining a contingency plan in information security?

To ensure critical systems are always in a ready state for immediate use

Why is risk management considered a cyclic and fundamental part of continuous improvement in information security?

To balance operating and economic costs

What is the purpose of the security certification and accreditation process in information systems?

To ensure ongoing monitoring of security controls

Why is continuous monitoring considered an essential component of any security program?

To check the status of security controls on an ongoing basis

What is the key objective of periodic reviews for maintaining a contingency plan?

To ensure currency of system components and dependencies