Читаем CISSP Practice полностью

Business continuity planning (BCP) helps to identify the organization’s exposure to internal and external threats; synthesize hard and soft assets to provide effective prevention and recovery for the organization, and maintains competitive advantage and value system integrity. BCP counteracts interruptions to business activities and should be available to protect critical business processes from the effects of major failures or disasters. It deals with the natural and man-made events and the consequences, if not dealt with promptly and effectively.

Business impact analysis (BIA) determines the proportion of impact an individual business unit would sustain subsequent to a significant interruption of computing or telecommunication services. These impacts may be financial, in terms of monetary loss, or operational, in terms of inability to deliver.

Disaster recovery plans (DRP) contain procedures for emergency response, extended backup operation, and post-disaster recovery, should a computer installation experience a partial or total loss of computer resources and physical facilities. The primary objective of the DRP is to provide the capability to process mission-essential applications, in a degraded mode, and return to normal mode of operation within a reasonable amount of time.

The candidate is expected to know the difference between BCP and DRP; BCP in terms of project scope and planning, business impact analysis, recovery strategies, recovery plan development, and implementation. Moreover, the candidate should understand disaster recovery in terms of recovery plan development, implementation, and restoration.

Key Areas of Knowledge

Understand business continuity requirements by developing and documenting project scope and plan.

Conduct business impact analysis.

1. Identify and prioritize critical business functions

2. Determine maximum tolerable downtime (MTD) and other criteria

3. Assess exposure to outages such as local, regional, and global

4. Define recovery objectives such as RTO and RPO

Develop a recovery strategy.

1. Implement a backup storage strategy such as offsite storage, electronic vaulting, and tape rotation

2. Recovery site strategies such as cold site, warm site, or hot site

Understand disaster recovery process.

1. Response

2. Personnel

3. Communications

4. Assessment

5. Restoration

6. Training

Exercise, assess, and maintain the plan (e.g., version control and distribution).

DOMAIN 9: LEGAL, REGULATIONS, INVESTIGATIONS, AND COMPLIANCE

Overview

The legal, regulations, investigations, and compliance domain addresses computer crime laws and regulations. This domain includes the investigative measures and techniques used to determine if a crime has been committed, and methods to gather evidence.

A computer crime is any illegal action where the data on a computer is accessed without permission. This includes unauthorized access or alteration of data, or unlawful use of computers and services.

Incident handling provides the ability to react quickly and efficiently to malicious technical threats or incidents.

The candidate is expected to know the methods for determining whether a computer crime has been committed; the laws that would be applicable for the crime; laws prohibiting specific types of computer crime; methods to gather and preserve evidence of a computer crime; investigative methods and techniques; and ways to address compliance.

Key Areas of Knowledge

Understand legal issues that pertain to information security internationally.

1. Computer crime

2. Licensing and intellectual property such as copyright and trademark

3. Import/export controls

4. Trans-border data flow

5. Privacy

Understand professional ethics.

1. ISC2 Code of Professional Ethics

2. Support organization’s Code of Ethics

Understand and support investigations.

1. Policy, roles, and responsibilities (e.g., rules of engagement, authorization, and scope)

2. Incident handling and response

3. Evidence collection and handling such as chain of custody and interviewing

4. Reporting and documenting

Understand forensic procedures.

1. Media analysis

2. Network analysis

3. Software analysis

4. Hardware/embedded device analysis

Understand compliance requirements and procedures.

1. Regulatory environment

2. Audits

3. Reporting

Ensure security in contractual agreements and procurement processes (e.g., cloud computing, outsourcing, and vendor governance).

DOMAIN 10: PHYSICAL AND ENVIRONMENTAL SECURITY

Overview

The physical and environmental security domain addresses the threats, vulnerabilities, and countermeasures that can be utilized to physically protect an enterprise’s resources and sensitive information. These resources include people, the facility in which they work, and the data, equipment, support systems, media, and supplies they utilize.