312 76 Study Guide 74b5fb7868

uCertify Study Guide for EC-Council Exam 312-76
EC-Council Disaster Recovery Professional (EDRP)
Pass your certification exam in first attempt
uCertify Team
www.ucertify.com
Copyright
2009 . All rights reserved. No part of this book may be used or reproduced in any manner whatsoever without written permission from uCertify.com. The information contained herein is for the personal use of the reader and may not be incorporated in any commercial programs, other books, databases, or any kind of software without the written consent of uCertify.com. Making copies of this book or any portion for any purpose other than your own use is a violation of the United States Copyright laws. The information contained in this book has been obtained by uCertify.com from sources believed to be reliable. However, because of the possibility of human error by our sources, ucertify.com or others do not guarantee the accuracy, adequacy, or completeness of any information in this book and is not responsible for any errors or omissions or the results obtained from the use of such information.
uCertify.com The fastest way to IT Certification
Foreword
IT certification exams require a lot of study and practice. Many of our customers spend weeks, if not months preparing for the exam. While most classroom training and certification preparation software do a good job of covering exam material and providing practice questions, summarization of the highlights and key study points is often missing. This book is intended to bridge the gap between preparation and the final exam. It is designed to be an easy reference that will walk you through all the exam objectives with easy to remember key points required to successfully pass the certification exam. It reinforces the key points, while helping you focus on the exam requirements. The benefits are multifold and can help you save hours of exam review, while keeping key concepts fresh in your mind before the exam. This critical review will help you with the final exam preparation touches and give you the confidence needed for the big day. Benefits of this exam countdown and quick review guide: 1. Focused approach to reviewing exam material review what you need to know. 2. All key exam concepts highlighted and reinforced. 3. Time saving must know facts at your finger tips in one condensed version. 4. Detailed explanations of all possible answers to practice questions to ensure your grasp of the topic. 5. A full length simulation exam to determine your exam readiness.
uCertify.com Fastest way to IT Certification
Table of Contents
Copyright ........................................................................................ 2 Foreword ......................................................................................... 3 Table of Contents ............................................................................. 4 How this book will help you ............................................................ 8 About uCertify ................................................................................ 10 About this Book .............................................................................. 11 About Exam 312-76: EC-Council Disaster Recovery Professional (EDRP) ........... 12 Exam Registration........................................................................13 Exam Objectives & Skills Expected .................................................13 FAQ for EC-Council Exam 312-76 ...................................................15 Test Taking Tips ...................................................................... 17 The Big Day ............................................................................ 17 Chapter 1 - Disaster Recovery and Business Continuity ........................ 20 Overview................................................................................ 20 Key Points .............................................................................. 20 Key Terms .............................................................................. 28 Test Your Knowledge....................................................................29 Answer Explanations ................................................................ 31 Chapter 2 - Nature and Causes of Disasters ........................................ 34 Overview ....................................................................................34 Key Points .............................................................................. 34 Key Terms .............................................................................. 41 Test Your Knowledge....................................................................42 Answer Explanations ................................................................ 44 Chapter 3 - Emergency Management ................................................. 46 Overview ....................................................................................46 Key Points .............................................................................. 46 Key Terms .............................................................................. 52 Test Your Knowledge....................................................................53 Answer Explanations ................................................................ 55 Chapter 4 - Laws and Acts ............................................................... 59 Overview ....................................................................................59 Key Points .............................................................................. 59 Key Terms .............................................................................. 68 Test Your Knowledge....................................................................70 Answer Explanations ................................................................ 72 Chapter 5 - Business Continuity Management ..................................... 76 Overview ....................................................................................76 Key Points .............................................................................. 76
Key Terms .............................................................................. 86 Test Your Knowledge ................................................................... 88 Answer Explanations........................................................................... 90 Chapter 6 - Disaster Recovery Planning Process ................................... 93 Overview ................................................................................... 93 Key Points............................................................................... 93 Key Terms ............................................................................ 104 Test Your Knowledge ................................................................. 105 Answer Explanations............................................................... 107 Chapter 7 - Responsibilities Common to all Disaster Recovery Teams.... 110 Overview ................................................................................. 110 Key Points............................................................................. 111 Key Terms ............................................................................ 119 Test Your Knowledge ................................................................. 121 Answer Explanations............................................................... 123 Chapter 8 - Risk Management ......................................................... 126 Overview ................................................................................. 126 Key Points............................................................................. 126 Key Terms ............................................................................ 132 Test Your Knowledge ................................................................. 133 Answer Explanations............................................................... 135 Chapter 9 - Facility Protection ......................................................... 138 Overview ................................................................................. 138 Key Points............................................................................. 138 Key Terms ............................................................................ 143 Test Your Knowledge ................................................................. 144 Answer Explanations............................................................... 146 Chapter 10 - Data Recovery............................................................ 148 Overview ................................................................................. 148 Key Points............................................................................. 148 Key Terms ............................................................................ 151 Test Your Knowledge ................................................................. 152 Answer Explanations............................................................... 154 Chapter 11 - System Recovery ........................................................ 158 Overview ................................................................................. 158 Key Points............................................................................. 159 Key Terms ............................................................................ 164 Test Your Knowledge ................................................................. 165 Answer Explanations............................................................... 167 Chapter 12 - Backup and Recovery .................................................. 173 Overview ................................................................................. 173 Key Points............................................................................. 173 Key Terms ............................................................................ 178
6 Test Your Knowledge.................................................................. 179 Answer Explanations ...............................................................181 Chapter 13 - Centralized and Decentralized System Recovery ..............184 Overview .................................................................................. 184 Key Points .............................................................................184 Key Terms .............................................................................186 Test Your Knowledge.................................................................. 187 Answer Explanations ...............................................................189 Chapter 14 - Windows Data Recovery Tools .......................................192 Overview .................................................................................. 192 Key Points .............................................................................192 Key Terms .............................................................................198 Answer Explanations ...............................................................201 Chapter 15 - Linux, Mac and Novell Netware Data Recovery Tools.........205 Overview .................................................................................. 205 Key Points .............................................................................205 Key Terms .............................................................................209 Test Your Knowledge.................................................................. 210 Answer Explanations ...............................................................212 Chapter 16 - Incident Response .......................................................215 Overview .................................................................................. 215 Key Points .............................................................................215 Key Terms .............................................................................224 Test Your Knowledge.................................................................. 225 Answer Explanations ...............................................................227 Chapter 17 - Role of Public Services in Disaster..................................230 Overview .................................................................................. 230 Key Points .............................................................................230 Key Terms .............................................................................232 Test Your Knowledge.................................................................. 233 Answer Explanations ...............................................................235 Chapter 18 - Organizations Providing Services during Disasters ............237 Overview .................................................................................. 237 Key Points .............................................................................237 Key Terms .............................................................................243 Test Your Knowledge.................................................................. 244 Answer Explanations ...............................................................246 Chapter 19 - Organizations Providing Disaster Recovery Solutions ........251 Overview .................................................................................. 251 Key Points .............................................................................251 Key Terms .............................................................................259 Test Your Knowledge.................................................................. 260 Answer Explanations ...............................................................262
Full Length Practice Test Questions .................................................. 266 Answer Explanations............................................................... 279 Acronyms..................................................................................... 311 Glossary ...................................................................................... 313 Things to Practice: A Final Checklist ............................................. 337 uCertify Test Prepration Software for EC-Council Exam 312-76 ............ 338 Useful Links.................................................................................. 342
How this book will help you

uCertifys guide for EC-Council Exam 312-76 is an invaluable supplement to those in the final stages of their preparation for the ECCouncil 312-76 Disaster Recovery Professional (EDRP) exam. This book is organized into three sections. Section A Section A contains general information about the book and Exam 31276. It describes the exam objectives, pre-requisites, exam format, test taking tips and strategies and more. Section B Section B contains nineteen chapters. Each chapter contains a Quick Review of the material you need to know for a given objective. It reinforces concepts reviewed via pop quizzes and practice questions. Pop Quiz Short, to-the-point questions with definitive answers. Practice Questions: At the end of each chapter, a series of questions test your understanding of the topics covered in the chapter. These questions are patterned after actual exam questions and difficulty levels. Detailed explanations are provided for each question, explaining not just the correct answer, but the incorrect answers as well, to ensure a real grasp of the question.
Section C Section C contains seventy full-length questions. These questions will test your preparation for the exam within a stipulated period. The Answer Sheet for the exam contains a complete analysis of the question. Finally, the Appendices includes Acronyms and Glossary followed by References and Index. This is very handy for last minute reviews. We wish you all the best with your exam! Principal contributors:
Lily Joshi Manish Kumar Avdhesh Jaiswal

uCertify Team
Section A Introduction
10
About uCertify
uCertify is a leading provider of IT certification exam preparation software. For over a decade, we have been preparing top quality preparation guides for hundreds of IT certification exams. Our software Preparation Kits (Prepkits, as we call them), contain exhaustive study material, tips, study notes and hundreds of practice questions that culminate in a full length simulated preparation exam. Choose exams from vendors such as Microsoft, Oracle, CompTIA, SUN, CIW, ECCouncil, ADOBE, CISCO, ITIL, IBM, LPI, ISC-2, and more. Authored by highly experienced and certified professionals, uCertify PrepKits not only guarantee your success at getting certified, but also equip you to truly understand the subject. As they say, "Successful people don't do different things, they do things differently." uCertify's preparation methodology is that difference. We will give you a competitive edge over others who may be paper certified but not qualified to use the skills on the job. A customer pass rate of over 98%, is testimony to the success of our methodology. Learn more about us at www.ucertify.com and www.prepengine.com , our smarter learning platform, which powers each of our Prepkits.
11
About this Book

What this book is and what it's not This book is invaluable as a final review guide for EC-Council Exam 31276. It is a supplement to your exam preparation, be it classroom training, practical experience, or even test preparation software. The book is designed to help you save time while ensuring you are ready, by providing you a Quick Review of all exam objectives, without having to review all exam material. In addition, the book helps reinforce key concepts and terminology, both of which are important to review just before your exam. A big bonus is the full length exam simulation practice test, the results of which are a good indicator of your exam readiness. This book is not a substitute for exhaustive test preparation services such as uCertify Prepkits or classroom training. uCertify strongly recommends that you first study the exam material extensively and gain as much practical experience as possible in the areas you are expected to have skills in. Use this book as a final review before your actual exam.
12
About Exam 312-76: EC-Council Disaster Recovery Professional (EDRP)

EC-Councils 312-76 (EDRP) exam recognizes the knowledge and skills of a candidate in figuring out vulnerabilities and taking appropriate countermeasures to prevent and mitigate failure risks for an organization. EDRP also provides the networking professional with a foundation in disaster recovery principles, including preparation of a disaster recovery plan, assessment of risks in the enterprise, development of policies, and procedures, and understanding of the roles and relationships of various members of an organization, implementation of the plan, and recovering from a disaster. This course takes an enterprise-wide approach to developing a disaster recovery plan. Students will learn how to create a secure network by putting policies and procedures in place, and how to restore a network in the event of a disaster.. Benefits of Certification IT certification is an industry wide, internationally standardized, highly recognized method that demonstrates your technical problem skills and expertise in a given area. By passing a certification exam, an individual shows to his current or potential employer that s/he recognizes the value of staying current with the latest technology. The certification process helps you gain market relevant skills culminating in an industry respected certificate in one or more areas offered for certification. While not all employers require certification, getting certified is tangible proof of your motivation and skills as an IT professional. Surveys consistently show certified professionals to earn more than their counterparts who do not have a formal certification. Most certified professional have found that their financial investment in training and certification is paid off by gains in salary, job opportunities, or expanded roles, typically over a short period of time.
13
Exam Registration
EC-Council exams can be registered and taken at Prometric testing centers across the globe. Be sure to give yourself plenty of time to prepare for the exam before you schedule your exam day.
Name
Prometric:
Phone (US and Canada)

1-800-775-3926
Phone (Other Countries)

1-410-843-8000
http://www.prometric.com
Exam Objectives & Skills Expected

EC-Council has specified more than sixty-five objectives for the exam 312-76. These objectives are grouped under nine topics. Disaster Recovery and Business Continuity Nature and Causes of Disasters Emergency Management Laws and Acts Business Continuity Management Disaster Recovery Planning Process Risk Management Facility Protection Data Recovery System Recovery Windows Data Recovery Tools Incident Response Organizations Services during Disasters Organizations Providing Disaster Recovery Solutions
14 Candidates for the 312-76 certification exam are expected to be competent in the following areas: Describing Disaster Recovery and Business Continuity Understanding Nature and Causes of Disasters Understanding Emergency Management Defining Laws and Acts Describing Business Continuity Management Understanding Disaster Recovery Planning Process Describing Risk Management Understanding Facility Protection Explaining Data Recovery Understanding Data Recovery Understanding System Recovery Providing Windows Data Recovery Tools Describing Incident Response Defining Organizations Services during Disasters Describing Organizations Providing Disaster Recovery Solutions
Who should take this exam?

The EC-Council Disaster Recovery Professional (EDRP) exam is appropriate for you if you are working or want to work in a typically complex computing environment of medium-to-large organizations. ECCouncil Disaster Recovery test is designed to measure the foundation in disaster recovery principles, including preparation of a disaster recovery plan, assessment of risks in the enterprise, development of policies, and procedures, and understanding of the roles and relationships of various members of an organization, implementation of the plan, and recovering from a disaster.
15
FAQ for EC-Council Exam 312-76

Q. What are the pre-requisites to take the 312-76 exam? A. There are no pre-requisites for the 312-76 exam.
Q. What is the format of the exam? A. This exam consists of single choice and Multiple Choice questions.
Q. What does one gain from this certification? A. EC-Council Disaster Recovery Professional test is designed to measure your level of knowledge in identifying vulnerabilities and takes appropriate countermeasures to prevent and mitigate failure risks for an organization. It also provides the networking professional with a foundation in disaster recovery principles, including preparation of a disaster recovery plan, assessment of risks in the enterprise, development of policies, and procedures, and understanding of the roles and relationships of various members of an organization, implementation of the plan, and recovering from a disaster.. Q. How many questions are asked in the exam? A. You will be required to attempt approximately 50 questions.
Q. What is the duration of the exam? A. Users are required to attempt all questions within 120 minutes.
Q. What is the passing score? A. You need a score of 700 out of 1000 to pass the exam.
Q. What is the exam retake policy? A. There is no restriction on the number of times a candidate can appear for the examination. There is no waiting period between attempts.
Q. Where can I get more practice questions? A. Download uCertify PrepKit to have more Practice questions from the download link below: http://www.ucertify.com/exams/EC-Council/312-76.html Q. Where can the test 312-76 be taken? A. EC-Council exams may be taken at Prometric testing facilities.
Q. What is the exam fee?

16 A. The net price for taking test 312-76 is US$250. The net price does not include applicable taxes, vouchers, promotions or membership discounts you may have.
17
Test Taking Tips

Stay calm and relaxed. When you start the test, read the question and ALL its options carefully even if you think you know the answer. Be prepared for tricky questions! If you are taking an adaptive test, remember that you will not get a chance to change your answer once you move on, so be sure before you mark the answer. In a linear test you will have a chance to change the answer before you hand in the exam. If you know the correct answer, attempt the question and move on. If you are not sure, mark your best guess and move on. If it is a linear test, you should also bookmark the question so that you can return to it later. Sometimes related questions help you get the right answers for the questions you were unsure of, so it is always a good idea to bookmark the question. If you are unsure of the correct answer, read all the options and eliminate the options that are obviously wrong. Then choose from the options left. Once you have finished answering all the questions, check the time left. If you have time, review the book marked questions. Never leave a question unanswered. All certification tests that we know are timed and count unanswered questions as wrong. If you don't have time, take a blind guess.
Before the test

Be confident and relaxed. Sleep well the night before the exam.
The Big Day

It is strongly recommended that you arrive at the testing center at least 15 minutes before the exam is scheduled. Dont forget to bring two pieces of identification with you, one of which must be a photo I.D., such as a
18 valid driver's license. You will be required to show the identification when you sign in at the testing center. The center-in-charge will explain the examination rules, after which you will be asked to sign a document that states that you fully understand and abide by the rules of the exam. Once you are signed in, you will be directed to the exam room. Carrying anything into the room is strictly prohibited. You will be given a few blank pieces of paper and a pen upon entering the room. Once you complete the exam, your score will be tabulated and you will know immediately if you have passed or failed the exam. If you failed, you can retake it as soon as you are ready, even the same day. It is a good idea to note down all the difficult topics you faced during the exam and revise this review guide or other training material before retaking the exam. If you fail the same exam a second time, you must wait at least 14 days before you will be allowed to reschedule. The testing center-in-charge is typically available to assist with administrative aspects of the testing.
19
Section B Core Contents
20
Chapter 1 - Disaster Recovery and Business Continuity

Overview
This Chapter helps you prepare for the EC-Council Disaster Recovery Professional Exam by explaining disaster recovery processes and business continuity planning. A more detailed list of these items includes the following objectives: Disaster Recovery: Disaster recovery can be defined as the process of restoring systems and data if there is a partial or complete failure of computers due to technical or other causes. Disaster recovery is the process of resuming normal business operations as quickly as possible, after the disaster is over. Business Continuity: Business Continuity defines the preparations done for an application outage that can affect the business adversely. It also enables the business to recover from adverse conditions by responding accordingly. Business Continuity provides solutions for determining systems unavailability, performance, or recovery strategies. It is the major concern for businesses where information is a key asset.
Key Points
Introduction to Disaster Recovery and Business Continuity
Disaster recovery can be defined as the process of restoring systems and data if there is a partial or complete failure of computers due to technical or other causes. Disaster recovery is the process of resuming normal business operations as quickly as possible, after the disaster is over. The disaster recovery process includes the following: To execute a written disaster recovery plan To replace any damaged hardware To restore data To test all hardware and software before resuming operations.
The following are the two broad categories of disasters:

21
Natural disasters: Preventing a natural disaster is very difficult, but it is possible to take precautions to minimize losses resulting from them. These disasters include flood, fire, earthquake, hurricane, etc. Man made disasters: These disasters are the major reasons of failures. Human errors and intervention may be intentional or unintentional, and can cause massive failures such as the loss of communication and utility. These disasters include accidents, walkout, sabotage, burglary, virus, intrusion, etc.
Disaster recovery is a part of emergency management, which includes physical, environmental, and economic elements. It also has a psychosocial well-being. A recovery offers prospects to improve these aspects beyond previous conditions by enhancing social and natural environments, infrastructure, and economies, thus contributing to a more flexible community. Following are the factors on which successful recovery relies: A sequence of circumstances and events that allows a human or another agent to cause an information-related misfortune by exploiting vulnerabilities in an IT product. A threat can be either 'intentional' or 'accidental'. Understanding the context: It is very important to understand the community context. Recognizing complexity: A successful recovery recognizes the complex and dynamic nature of emergencies and communities. Using community led approaches: A successful recovery should be responsive and flexible. Ensuring coordination of all activities: A successful recovery requires a planned, coordinated, and adaptive approach. It should be based on continual assessment of impacts and needs. Employing effective communication: A successful recovery is built on an effective communication system. Acknowledging and building capacity: A successful recovery acknowledges, supports, and builds on community, individual, and organizational capacities.
Successful recovery is based on the community context understanding. The following are the functions performed for understanding the community context:
22 It should appreciate risks faced by communities. It should acknowledge the existing strength and capacity, including past experience. It should be free from discrimination and remain culturally sensitive. It should recognize and respect the differences. It should support those who may be more vulnerable, such as people with disabilities, the elderly, children, and those directly affected.
A security management plan is a documented set of policies and procedures. It ensures the security of an organization's operations and assets. It comprises guidelines on the procedures to minimize perceived risks to an acceptable level. A security management plan also provides appropriate response measures for disasters. The main objective of a security management plan is the establishment of a secured organizational environment by reducing risks. Hacktivism is the act of hacking or breaking into a computer system for politically or socially motivated purposes. The person who performs the act of hacktivism is known as a hacktivist. A hacktivist uses the same tools and techniques as that used by hackers. However, a hacktivist attacks government organizations and agencies, international economic organizations, and any other entities that the hacktivist defines as a cause of social and economic inequities. Malicious hacking is a term in which a black hat hacker, sometimes called a cracker, breaks computer security without authorization or uses technology (usually a computer, phone system, or network) for malicious reasons such as vandalism, credit card fraud, identity theft, piracy, or other such types of illegal activities. Following are the phases of malicious hacking: Reconnaissance: In this phase, the attacker gathers information about the victim. Scanning: In this phase, the attacker begins to probe the target for vulnerabilities that can be exploited. Gaining Access: In this phase, the attacker vulnerability to gain access into the system. exploits a
23
Maintaining Access: In this phase, the attacker maintains access to fulfill his purpose of entering into the network. Covering Tracks: In this phase, the attacker attempts to cover his tracks so that he cannot be detected or penalized under the criminal law.
Ethical hacker is one name given to the Penetration Tester. An ethical hacker is usually employed by an organization who trusts him or her to attempt to penetrate networks and/or computer systems, using the same methods as a hacker for the purpose of finding and fixing computer security vulnerabilities. Illegal hacking ,i.e., gaining unauthorized access to computer systems is a crime in most countries, but penetration testing done on the request of the owner of the targeted system(s) or network(s) is not. An ethical hacking project comprises three phases, summarized as below: Preparation: In this phase, a formal contract containing a nondisclosure clause as well as a legal clause to protect the ethical hacker against any prosecution that he may face during the conduct phase is signed. The contract also outlines the infrastructure perimeter, evaluation activities, time schedules, and resources available to the ethical hacker. Conduct: In this phase, the technical evaluation report is prepared based on testing potential vulnerabilities. Conclusion: In this phase, the results of the evaluation is communicated to the organization and corrective actions are taken, if needed.
Disaster Recovery and Business Continuity Program

The salient features of disaster recovery planning are as follows: Impact and risk assessment: It helps to determine the magnitude and criticality of service and data failures to figure out the form of recovery planning and preparations to be implemented. It is important to establish the order of recovery in the event of catastrophic failures. Disaster recovery plan: It must be created including details for contingency planning in the event that catastrophic events preclude the use of previous network resources. Disaster recovery policy: It helps to detail the responsibilities and procedures to be followed during disaster recovery events,
24 including how to contact the key employees, vendors, customers, and the press. Service-level agreement: It determines contracts with ISPs, utilities, facilities managers, and other suppliers that explain the minimum level of support that is provided in the event of failures.
The Communication Management Plan aims to define communication necessities for the project and how the information will be circulated; it sets the communication structure for the project. This structure provides guidance for communication throughout the project's life and is updated as the communication needs change. The Communication Managements Plan identifies and defines the roles of persons concerned with the project. It includes a matrix known as the communication matrix to map the communication requirements of the project. The various considerations in the business continuity planning process are as follows: Network connectivity: The BCP must include options for alternate network access, including dedicated administrative connections that may be required for a recovery. Facilities: The BCP must include considerations for recovery in the event that the existing hardware and facilities are rendered inaccessible or unrecoverable. Clustering: The BCP must include clustering to provide loadbalancing to avoid loss of functionality through directed attacks meant to prevent valid access. Fault tolerance: The BCP must include cross-site replication between hot and cold backup servers for high availability solutions requiring high levels of fault tolerance.
The various performance areas in the business continuity model are as follows: Initiation: It helps to get the sponsor, authority, scope, and funding. Risk analysis: It documents and prioritizes the current risks. Risks may include natural disasters or man-made events.
25
Business impact analysis: It develops a low-level business process blueprint and helps to determine what is needed to sustain the business. Strategy creation: It uses risk analysis and business impact analysis to formulate a possible strategy based on facts and assumptions in evidence. Emergency response: It integrates planned strategy with the first responder by using the Incident Command System (ICS). Plan creation: It creates and organizes the plan, including personnel assignments and detailed procedures. Training and awareness: It teaches individuals the necessary roles and skills to perform the required functions of the BC/DR plan and also educates the organization about the existence of the plan and anticipated areas of coverage. Maintenance and testing: It keeps plans current without structured exercises to improve skills and identify deficiencies. People have to practice their roles to gain proficiency and a change control system will be needed to improve the documentation. Communication: It is used by the clients, investors, partners, employees, and stakeholders to be informed and to feel comfortable with the information they receive. Internal and external messages need to be properly vetted to convey the intended message. A schedule of communications and scripted messages needs to be developed by the BC marketing team in advance. Plans need to include an uninterruptible communication system which is not prone to outages as the cell phones or land line phones are. Integration with other organizations: A good plan will integrate with the plans of business partners, suppliers, clients, and government agencies. A good integration adapts the relationship from the one based on price to the one based on being a true partner.
Best Practices in Disaster Recovery & Business Continuity Program

The following are the best practices for Business Continuity/Disaster Recovery:
26 Identify, qualify, and quantify (infrastructure and services). critical business assets
Perform risk assessment and business impact analysis. Perform a budget analysis of risk mitigation. Formulate recovery plans to establish recovery time objectives and recovery point objectives. Incorporate ITIL, ITSM, COSO, and COBIT into the business, technology, and processes. Observe industry and government regulations. Draft and test BC/DR plans and contracts. Monitor and audit BC/DR plans to ensure their effectiveness and regulatory compliance.
The International Strategy for Disaster Reduction (ISDR) is a strategic framework adopted by the United Nations Member States in 2000. The ISDR guides and coordinates the efforts of a wide range of partners to achieve a substantive reduction in disaster losses. It aims to build resilient nations and communities as an essential condition for sustainable development. The United Nations International Strategy for Disaster Reduction (UNISDR) is the secretariat of the ISDR system. The ISDR system comprises numerous organizations, states, intergovernmental and nongovernmental organizations, financial institutions, technical bodies and civil society, which work together and share information to reduce disaster risks. UNISDR serves as the focal point for the implementation of Hyogo Framework for Action (HFA) a ten year plan of action adopted in 2005 by 168 governments to protect lives and livelihoods against disasters. To raise awareness of disaster risk reduction, the United Nations (UN) International Day for Natural Disaster Reduction is observed on the second Wednesday of October annually. This is a step to encourage people and governments to join hands in building stronger communities and nations.
Activities for natural disaster reduction include media announcements about launches for campaigns that center on the day's theme. Governments and communities also take part in the International Day for Natural Disaster Reduction. They participate in various events such as drawing, drama, essay, or photography competitions that focus on making people aware of natural disaster
27
reduction and increasing their preparedness for such situations. Other activities include community tree planting, conferences, fairs and seminars, and street parades.
Pop Quiz
Q1: Which process is required for effective business continuity and disaster-recovery planning?
Ans: Business impact assessment (BIA)

Q2: Which test ensures that the organization complies with the requirements of a disaster recovery plan?
Ans: Checklist test
28
Key Terms
Disaster recovery can be defined as the process of restoring systems and data, if there is a partial or complete failure of computers due to technical or other causes. Business Continuity defines the preparations done for an application outage that can affect the business adversely. It also enables the business to recover from adverse conditions by responding accordingly. A security management plan is a documented set of policies and procedures. It ensures the security of an organization's operations and assets. It comprises guidelines on the procedures to minimize perceived risks to an acceptable level. Hacktivism is the act of hacking or breaking into a computer system for politically or socially motivated purposes. The person who performs the act of hacktivism is known as a hacktivist. Malicious hacking is a term in which a black hat hacker, sometimes called a cracker, breaks the computer security without authorization or uses technology (usually a computer, phone system or network) for malicious reasons such as vandalism, credit card fraud, identity theft, piracy, or other types of illegal activities. An Ethical Hacker is one name given to the Penetration Tester. An ethical hacker is usually employed by an organization who trusts him or her to attempt to penetrate the networks and/or computer systems, using the same methods as a hacker, for the purpose of finding and fixing computer security vulnerabilities. The Communications Management Plan aims to define the communication necessities for the project and how the information will be circulated. The International Strategy for Disaster Reduction (ISDR) is a strategic framework adopted by United Nations Member States in 2000. The ISDR guides and coordinates the efforts of a wide range of partners to achieve a substantive reduction in disaster losses.
29
Test Your Knowledge

Q1. Disaster recovery constitutes the process, policies, and procedures related to preparing for the recovery or the continuation of technological infrastructure critical to an organization after a natural or human-induced disaster. Which of the following statements are true about disaster recovery? Each correct answer represents a complete solution. Choose all that apply. A. Disaster recovery is the process of restoring systems and data if there is a partial or complete failure of computers due to technical or other causes. Disaster recovery is a subset of business continuity. Natural disasters, political disasters, and man-made disasters are the three broad categories of disasters. A disaster recover plan (DRP) explains how an organization is to deal with potential disasters.
B. C. D. Q2.
Business continuity is an activity performed by any organization to ensure that critical business functions will be available to the customers, suppliers, regulators, and other entities that have access to those functions. Which of the following statements are true about business continuity? Each correct answer represents a complete solution. Choose all that apply. A. B. C. Business continuity refers to activities that are performed daily to maintain service, consistency, and recoverability. Business continuity describes the mentality or methodology of conducting the day-to-day disaster recovery process. The foundation of business continuity are the policies, guidelines, standards, and procedures implemented by an organization. Business continuity includes project management, system backups, change control, and help desk.
D. Q3.
Disaster recovery is the process of resuming normal business operations as quickly as possible after the disaster is over. What does the disaster recovery process include? Each correct answer represents a complete solution. Choose all that apply. A. B. Executing a written disaster recovery plan Replacing a damaged hardware
30 C. D. E. Q4. Encrypting data Restoring data Testing all hardware and software before resuming operations
Disaster recovery is part of emergency management, which includes physical, environmental, and economic elements. What are the factors on which successful recovery relies upon? Each correct answer represents a complete solution. Choose all that apply. A. B. C. D. Understanding the context Recognizing the complexity Using community-led approaches Employing effective communication
Q5.
Della works as a security manager for SoftTech Inc. She is training some of the newly recruited personnel in the field of security management. She is giving a tutorial on DRP. She explains that the major goal of a disaster recovery plan is to provide an organized way of making decisions if a disruptive event occurs and asks for other objectives of the DRP. If you are among the newly recruited personnel in SoftTech Inc, what will be your answer to her question? Each correct answer represents a part of the solution. Choose three. A. B. C. D. Protect an organization from major computer services failures. Minimize risks to the organization from delays in providing services. Guarantee the reliability of standby systems through testing and simulation. Maximize decision-making required by the personnel during a disaster.
31
Answer Explanations
A1. Answer options A, B, and D are correct. Disaster recovery are the processes, policies, and procedures related to preparing for a recovery or continuation of the technological infrastructure critical to an organization after a natural or humaninduced disaster. Disaster recovery planning is a subset of a larger process known as business continuity planning and should include planning for resumption of applications, data, hardware, communications (such as networking) and other IT infrastructure. A business continuity plan (BCP) includes planning for non-IT related aspects such as the key personnel, facilities, crisis communication and reputation protection, and should refer to the disaster recovery plan (DRP) for IT related infrastructure recovery / continuity. Disaster recovery can be defined as the process of restoring systems and data if there is a partial or complete failure of computers due to technical or other causes. A disaster recovery plan (DRP) is also referred to as a business continuity plan or business process contingency plan (BPCP). It describes how an organization is to deal with potential disasters. Answer option C is incorrect. The following are the two broad categories of disasters: Natural disasters: Preventing a natural disaster is very difficult, but it is possible to take precautions for minimizing losses resulting from them. These disasters include flood, fire, earthquake, hurricane, etc. Man-made disasters: These disasters are the major reasons for failures. Human errors and intervention may be intentional or unintentional, and may cause massive failures such as the loss of communication and utility. These disasters include accidents, walkouts, sabotage, burglary, virus, intrusion, etc. A2. Answer options A, C, and D are correct. Business continuity is an activity performed by any organization to ensure that critical business functions will be available to the customers, suppliers, regulators, and other entities that must have access to those functions. These activities include many daily chores, such as project management, system backups, change control, and help desk. Business Continuity is not something implemented at the time of the disaster; it refers to activities that are performed regularly to maintain service, consistency, and recoverability. The foundation of business continuity are the policies, guidelines, standards, and procedures implemented by an organization. All
32 system design, implementation, support, and maintenance must be based on this foundation in order to have hopes of achieving business continuity, disaster recovery, or in some cases, system support. Business continuity is sometimes confused with disaster recovery, but they are separate entities. Disaster recovery is a small subset of business continuity. Answer option B is incorrect. The term business continuity describes the mentality or methodology of conducting day-to-day business, whereas business continuity planning is an activity of determining what that methodology should be. A business continuity plan may be considered as the personification of a methodology that is followed by everyone in an organization on a regular basis to ensure normal and smooth operations. A3. Answer options A, B, D, and E are correct. Disaster recovery can be defined as the process of restoring systems and data, if there is a partial or complete failure of computers due to technical or other causes. Disaster recovery is the process of resuming normal business operations as quickly as possible, after the disaster is over. The disaster recovery process includes the following: To execute a written disaster recovery plan. To replace a damaged hardware. To restore data. To test all hardware and software before resuming operations.
Answer option C is incorrect. The disaster recovery process does not include encryption of data. A4. Answer options A, B, C, and D are correct. Disaster recovery is a part of emergency management which includes physical, environmental, and economic elements. Following are the factors on which successful recovery relies: Understanding the context: It is very important to understand the community context. Recognizing complexity: A successful recovery recognizes the complex and dynamic nature of emergencies and communities. Using community led approaches: A successful recovery should be responsive and flexible.
33
Ensuring coordination of all activities: A successful recovery requires a planned, coordinated, and adaptive approach. It should be based on continual assessment of impacts and needs. Employing effective communication: A successful recovery is built on an effective communication system. Acknowledging and building capacity: A successful recovery acknowledges, supports, and builds on community, individual, and organizational capacities.
A5.
Answer options A, B, and C are correct. The goals of a Disaster Recovery Plan include the following: It protects an organization from major computer services failures. It minimizes risks to the organization from delays in providing services. It guarantees reliability of standby systems through testing and simulation. It minimizes decision-making required by the personnel during a disaster.
34
Chapter 2 - Nature and Causes of Disasters

Overview
The cause of a natural disaster may be an earthquake, volcano, tsunami, landslide, hurricane, flood, wildfire, and drought. These can do severe damage. This chapter describes the procedure to protect from these disasters. Natural Disaster: A natural disaster refers to the results of a combination of natural hazards (physical events such as volcanic eruptions, landslides, sinkholes, blizzards, drought, hailstorms, heat waves, hurricanes, tropical storms, typhoons, ice ages, tornadoes, earthquakes, landslides, etc.) and human activities. Human vulnerabilities that are caused due to the lack of proper emergency management lead to financial, structural, and human losses. The resulting loss is based on the capacity of the population to support or resist the disaster. Man-made Disaster: Man-made disasters are disasters resulting from man-made hazards. Man-made hazards or disasters are also known as anthropogenic. These disasters are the major reasons for failures. Human errors and intervention may be intentional or unintentional, thus causing massive failures such as loss of communication and utility. These disasters include accidents, walkouts, sabotage, burglary, virus, intrusion, etc.
Key Points
Nature and Categorization of Disasters
A natural disaster refers to the results of the combination of natural hazards (physical events such as volcanic eruptions, landslides, sinkholes, blizzards, drought, hailstorms, heat waves, hurricanes, tropical storms, typhoons, ice ages, tornadoes, earthquakes, landslides, etc.) and human activities. Human vulnerabilities that are caused due to the lack of proper emergency management lead to financial, structural, and human losses. The resulting loss is based on the capacity of the population to support or resist the disaster. This phenomenon is concentrated in the formulation that "disasters occur when hazards meet vulnerability". Hence, a natural hazard would never result in a disaster in areas without vulnerability, for example, strong earthquakes in uninhabited areas. The term natural is uncertain because the events basically are not hazards or disasters devoid of human involvement. The degree of potential loss can also depend on the nature of the hazard
35
itself. The nature of the hazard ranges from wildfires that threaten individual buildings to impact events, which have the potential to end a civilization. A Tsunami refers to a series of huge waves that cause great devastation and loss of life when they strike a coast. The following are the causes of a Tsunami: An underwater earthquake A volcanic eruption A sub-marine rockslide An asteroid crashing into water from the space A meteoroid crashing into water from the space
A volcano is a mountain having an opening downwards to the reservoir of molten rocks towards the surface of the earth. Volcanoes are caused by the growth of igneous products. As the gases in the molten rocks produce intense pressure, an eruption takes place. Volcanic eruptions can be of two kinds, quiet or volatile. The consequences of a volcano result in flowing lava, flat landscapes, poisonous gases, and fleeing ashes, and rocks. A tornado is one of the most violent storms on the surface of the earth. It looks like a rotating, funnel shape cloud. These storms strike quickly without any prior warning. It enlarges from a thunderstorm on the ground in the form of whirl winds. Its speed is around 300 miles per hour. The damage path can be one mile wide or around 50 miles long. Terrorism, major thefts, sabotage, and labor disputes are all categorized and analyzed for their effects on business continuity as an organized or deliberate disruption. A virus is an executable file that infects documents, has a replacing ability, and avoids detection. Viruses are designed to corrupt or delete data files from the hard disk. A virus harms the operating system by replacing one or more programs. It slows down the speed of the operating system by making its multiple copies. Cyberstalking is the use of the Internet or other electronic means to stalk someone. It has been defined as the use of information and communications technology, particularly the Internet, by an individual or group of individuals, to harass another individual, group of individuals, or an organization. The behavior includes false
36 accusations, monitoring, transmission of threats, identity theft, damage to data or equipment, solicitation of minors for sexual purposes, and gathering information for harassment purposes.
Pop Quiz
Q1: Which is one the major causes of disastrous events?
Ans: Human interference

Q2: Which is an example of a manmade disaster?
Ans: Power failure
Landslides, Hurricanes, Floods, and Wildfires

The term landslide is described as the gravitational movement of a mass of rock, debris, or earth down a slope. The classification of landslides is usually done on the basis of the material involved, such as rock, debris, earth, mud and the type of movement, such as a fall, topple, avalanche, slide, flow, spread. In other words, landslides refer to mass movements such as rock falls, mudslides, and debris flows. The following are the types of landslides: Slides: These refer to mass movements where a distinctive zone of weakness is present that separates the slide material form the more stable underlying material. Falls: These refer to the abrupt movement of masses of geologic materials, for example, boulders and rocks that become detached from steep slopes or cliffs. Topples: These refer to landslides that occur when a rock or soil material becomes detached from an exposed face. Flows: These refer to the movement of saturated soil material, mostly at very high rates.
The term landslide is described as the gravitational movement of a mass of rock, debris, or earth down a slope. The following are the characteristics of landslides: Shallow landslides typically engage only the soil layer and the upper regolith zone.
37
Deep-seated landslides additionally engage bedrocks at greater depths. The volume of landslides varies from a few cubic meters to several cubic kilometers in the case of giant landslides. The speed of landslides ranges from a few centimeters per year for the slow-moving landslides to tens of kilometers per hour for the rapid, highly destructive landslides. On the basis of activity or movement, the landslides are classified as active, dormant, or inactive.
A hurricane is a tropical cyclone occurring in the North Atlantic Ocean or the Northeast Pacific Ocean, east of the International Dateline. A hurricane is also a wind storm like the tornado, but it is a tropical cyclone. Hurricanes occur due to a low pressure system that generally builds in the tropical region. Hurricanes come with thunderstorms and an anticlockwise spread of winds near the surface of the earth. Floods are one of the most common hazards in the United States and other parts of the world. A flood refers to the swelling of the rivers during monsoons due to the excessive flow of water in the riverbed. Almost every nation faces losses caused by this natural calamity. The effects of floods can be local to a neighborhood or extend to a community; it can spread a larger impact. Either the whole river basin or multiple states could get affected by the floods. A wildfire is any uncontrolled fire in combustible vegetation that occurs in the countryside or a wilderness area. The main problem faced by the people who live around forest areas is of wildfires. The dry conditions in the different parts of United States increase the possibilities of wildfires. If people become aware of how to protect the buildings in their area and are well prepared for that, they can reduce the damage caused by wildfires.
Pop Quiz
Q1: Which storm looks like a rotating, funnel shape cloud?
Ans: A Tornado
Q2: Which tool is used to measure the intensity of an earthquake?
Ans: Richter Scale

38
Drought, Consequences of Drought, Measures to Overcome Drought Effects

A drought is the time period or condition of an unusually dry weather within a geographic area where rainfall is generally present. During drought conditions, a region experiences lack of precipitation. Droughts may occur in any climatic zone, but the characteristics of a drought may vary considerably from one region to another. A drought generally results in water shortages badly affecting human activities. During a drought, water-supply reservoirs become empty, wells dry up, and crop damage ensues. The seriousness of the drought situations depends upon the degree of water shortage, size of the area affected, and the length and warmth of the dry period. A drought generates a large number of impacts affecting environmental, social, and economic standards of living. The impacts of a drought can be seen far beyond the physical effects of the drought itself. Some of the direct impacts of a drought are as follows: Damage to the wildlife and fish habitat. Reduced water levels. Increase in fire hazards. Increased livestock and wildlife death rates. Reduced crop, rangeland, and forest productivity.
There are three types of droughts: Meteorological drought: This type of drought occurs when the actual rainfall in an area is drastically less than the climatological mean of that area. Hydrological drought: This type of drought occurs when there is a marked depletion in the surface water that causes very low stream flow and drying of lakes, rivers, and reservoirs. Agricultural drought: This type of drought occurs when there is inadequate moisture in the soil resulting in acute crop stress and fall in the agricultural productivity.
39
Pop Quiz
Q: Which tool is used to predict volcanic eruptions?
Ans: Tiltmeter
Q1: In which type of a drought is the actual rainfall in an area drastically less than the climatological mean of that area?
Ans: Meteorological drought
Categorization of Human Intentional Disasters

Man-made disasters are disasters resulting from man-made hazards. Man-made hazards or disasters are also known as anthropogenic. These disasters are the major reasons for failures. Human error and intervention may be intentional or unintentional, thus causing massive failures such as the loss of communication and utility. These disasters include accidents, walkouts, sabotage, burglary, virus, intrusion, etc. Natural disasters: Natural disasters are disasters resulting from natural hazards. Preventing a natural disaster is very difficult, but it is possible to take precautions to avoid losses. These disasters include flood, fire, earthquake, hurricane, etc. A power outage is also known as a blackout or power failure. It is a short-term or long-term loss of electric power to an area. There are many causes of power failures in an electricity network. Examples of these causes include faults at the power stations, damage to the electric transmission lines, substations, or other parts of the distribution system, a short circuit, or the overloading of electricity mains. Arson is defined as the willful act of setting something on fire. Arson is the crime of purposely or maliciously setting fire to structures or wildland areas. It may be distinguished from the other causes such as spontaneous combustion and natural wildfires. It generally describes fires deliberately set to the property of another or to one's own property in order to collect insurance compensation. CBRN is pronounced as C-BURN. It is an initialism for chemical, biological, radiological, and nuclear. It is commonly used worldwide
40 to refer to incidents or weapons in which any of these four hazards have presented themselves. CBRN is a replacement for the cold war term NBC (nuclear, biological, and chemical). Civil disorder terrorism is a category of terrorism. It is a form of collective violence interfering with the peace, security, and normal functioning of the community. Civil disorder is also known as civil unrest or civil strife. It is a broad term that is typically used by law enforcement to describe one or more forms of disturbances caused by a group of people. Eco-terrorism is an act of terrorism, violence, or sabotage committed in support of ecological, environmental, or animal rights caused against persons or their properties. It is defined by the Federal Bureau of Investigation as "the use or threatened use of violence of a criminal nature against people or property by an environmentally oriented, sub-national group for environmental-political reasons, or aimed at an audience beyond the target, often of a symbolic nature." Cyberterrorism is the leveraging of a target's computers and information, particularly via the Internet, to cause physical, realworld harm or severe disruption of the infrastructure. In other words, cyberterrorism can be defined as an activity that is wellplanned, committed, and coordinated in cyberspace. Cyberterrorism includes terrorists' recruitment done through Web sites and using email communications for violent activities. It could include damaging an air traffic control computer system resulting in a plane crash, infiltrating water treatment plant computer systems to contaminate water supplies, and destroying an electric power system to disrupt power supplies.
Pop Quiz
Q1: Which elements of policy implementation refers to the methodologies of securing systems but is a recommended action only and is not compulsory?
Ans: Guidelines
Q2: What is the major cause of disastrous events?
Ans: Human interference
41
Key Terms
A natural disaster refers to the results of the combination of natural hazards (physical events such as volcanic eruptions, landslides, sinkholes, blizzards, drought, hailstorms, heat waves, hurricanes, tropical storms, typhoons, ice ages, tornadoes, earthquakes, landslides, etc.) and human activities. A Tsunami refers to a series of huge waves that cause great devastation and loss of life when they strike a coast. A volcano is a mountain having an opening downwards to the reservoir of molten rocks towards the surface of the earth. Volcanoes are caused by the growth of igneous products. Floods are one of the most common hazards in the United States and other parts of the world. A flood refers to the swelling of the rivers during monsoons due to the excessive flow of water in the riverbed. A tornado is one of the most violent storms on the surface of the earth. It looks like a rotating, funnel shape cloud. These storms strike quickly without any prior warning. A hurricane is a tropical cyclone occurring in the North Atlantic Ocean or the Northeast Pacific Ocean, east of the International Dateline. A Drought is the time period or condition of an unusually dry weather within a geographic area where rainfall is generally present. During drought conditions, a region experiences lack of precipitation. A power outage is also known as a blackout or power failure. It is a short-term or long-term loss of the electric power to an area. There are many causes of power failures in an electricity network.
42
Test Your Knowledge

Q1. Which of the following statements are true about a natural disaster? Each correct answer represents a complete solution. Choose all that apply. A. B. C. D. Q2. A natural disaster refers to the results of the combination of natural hazards and human activities. A natural disaster occurs when hazards meet vulnerability. A natural hazard would never result in a natural disaster in areas without vulnerability. The degree of potential loss does not depend on the nature of the natural disaster.
Which of the following tools are used to measure the intensity of earthquakes? Each correct answer represents a complete solution. Choose two. A. B. C. D. Seismometers Seismic equipment Accelerographs Richter scales
Q3.
Which of the following statements are true about landslides? Each correct answer represents a complete solution. Choose all that apply. A. B. A landslide is the gravitational movement of a mass of rock, debris, or earth down a slope. The speed of landslides ranges from a few centimeters per year for the slow-moving landslides to tens of kilometers per hour for the fast-moving landslides. Shallow landslides typically engage bedrock at greater depths. The volume of landslides varies from a number of cubic meters to several cubic kilometers for the giant landslides.
C. D. Q4.
Which of the following statements are true about a drought? Each correct answer represents a complete solution. Choose all that apply. A. It is the time period or condition of abnormally dry weather within a geographic area.
uCertify Study Guide for EC-Council Exam 312-76 B.
43
Its seriousness depends upon the degree of water shortage, size of area affected, and the length and warmth of the dry period. During drought conditions, a region experiences lack of condensation. It may occur in any climatic zone.
C. D. Q5.
Which of the following is a replacement for the cold war term NBC (nuclear, biological, and chemical)? A. B. C. D. CBRN NBCR NBCA NABC
44
Answer Explanations
A1. Answer option A, B, and C are correct. A natural disaster refers to the results of the combination of natural hazards (physical events such as volcanic eruptions, landslides, sinkholes, blizzards, drought, hailstorms, heat waves, hurricanes, tropical storms, typhoons, ice ages, tornadoes, earthquakes, landslides, etc.) and human activities. Human vulnerabilities that are caused due to the lack of proper emergency management lead to financial, structural, and human losses. The resulting loss is based on the capacity of the population to support or resist the disaster. The phenomenon is concentrated in the formulation that "disasters occur when hazards meet vulnerability". Hence, a natural hazard would never result in a natural disaster in areas without vulnerability, for example, strong earthquakes in uninhabited areas. The term natural is uncertain because the events basically are not hazards or disasters devoid of human involvement. The degree of potential loss can also depend on the nature of the hazard itself. The nature of hazard ranges from wildfires that threaten individual buildings to impact events, which have the potential to end a civilization. A2. Answer options A, C, and D are correct. Strong-motion seismometers, also known as accelerographs, and Richter scales are used to measure the intensity of earthquakes. Answer option B is incorrect. A Seismic equipment is used to measure the deformation of mountains. A3. Answer options A, B, and D are correct. The term landslide is described as the gravitational movement of a mass of rock, debris, or earth down a slope. The classification of landslides is usually done on the basis of the material involved such as rock, debris, earth, mud and the type of movement such as fall, topple, avalanche, slide, flow, spread. In other words, landslides are referred to as mass movements such as rock falls, mudslides, and debris flows. The following are the characteristics of landslides:
Shallow landslides typically engage only the soil layer and the upper regolith zone. Deep-seated landslides additionally engage bedrocks at greater depths.
45
The volume of landslides varies from a few cubic meters to several cubic kilometers in cases of giant landslides. The speed of landslides ranges from a few centimeters per year for the slow-moving landslides to tens of kilometers per hour for the rapid, highly destructive landslides.
On the basis of activity or movement, the landslides are classified as active, dormant, or inactive. A4. Answer options A, B, and D are correct. A Drought is the time period or condition of an unusually dry weather within a geographic area where rainfall is generally present. During drought conditions, a region experiences lack of precipitation. Droughts may occur in any climatic zone, but the characteristics of a drought may vary considerably from one region to another. A Drought generally results in water shortages badly affecting human activities. During a drought, water-supply reservoirs become empty, wells dry up, and crop damage ensues. The seriousness of drought situations depends upon the degree of water shortage, size of area affected, and the length and warmth of the dry period. Answer option C is incorrect. During drought conditions, a region experiences lack of precipitation. A5. Answer option A is correct. CBRN is pronounced as C-BURN. It is an initialism for chemical, biological, radiological, and nuclear. It is commonly used worldwide to refer to incidents or weapons in which any of these four hazards have presented themselves. CBRN is a replacement for the cold war term NBC (nuclear, biological, and chemical). Answer options B, C, and D are incorrect. These are invalid options.
46
Chapter 3 - Emergency Management

Overview
Emergency management is a field that deals with strategic organizational management processes. It is used to protect critical assets of an organization from hazard risks which are posed by disasters or catastrophes, and to ensure their continuance within their planned lifetime. Successful emergency management depends on the detailed combination of emergency plans at all stages in the organization. It also develops an understanding that the lower levels of the organization are accountable for managing emergencies and getting additional resources and assistance from the upper levels. Mitigation: This phase emphasizes on the long-term actions for reducing or eliminating risks. Mitigation techniques are of two types, structural and non-structural. Mitigation is the most cost-effective technique to reduce the impact of hazards, though it is not always fruitful. Preparedness: This phase works as a continuous cycle to plan, organize, guide, implement, estimate, and develop events to ensure effectual organization and improvement of abilities to prevent, protect, respond, recover, and mitigate the effects of natural disasters, acts of terrorism, and other man-made disasters. In the preparedness phase, emergency managers create plans of action to manage and counter their risks and take actions to build necessary capabilities needed to implement such plans. Response: There are a number of windows hacking tools available in the market that help a hacker to get authenticated unethically. This objective covers some of the important hacking tools. Recovery: This phase restores the affected area to its preceding state. Recovery efforts are concerned with the problems and decisions that must be made after the immediate needs are addressed. Recovery efforts are primarily concerned with actions that involve rebuilding the destroyed property, re-employment, and repair of other essential infrastructure.
Key Points
Emergency, Emergency Management, and its Phases
An emergency situation causes instant risks to life, health, property, and environment. It requires immediate intervention to restrict the
uCertify.com The Fastest Way to IT Certification
47
deteriorating situation, while in some situations, mitigation is not possible and agencies are only able to offer palliative care for the consequences. Whereas various emergency situations are self evident like the natural disasters which threaten several lives, various smaller incidents require the individual opinion of an observer in order to decide whether it meets the criteria of an emergency. The Emergency management team consists of executives and line managers to make firm decisions at the Emergency Operations Center. This team coordinates with the managers still operating on the undamaged areas of the business and makes decisions about the allocation of personnel necessary to support response and recovery efforts. The leader of each team reports to the emergency management team. Emergency management is a field that deals with strategic organizational management processes. It is used to protect the critical assets of an organization from hazard risks which are posed by disasters or catastrophes, and to ensure their continuance within their planned lifetime. Successful emergency management depends on the detailed combination of emergency plans at all stages in the organization. It also develops an understanding that the lower levels of the organization are accountable for managing emergencies and getting additional resources and assistance from the upper levels. The various phases of emergency management are as follows: Mitigation: This phase emphasizes on long-term actions for reducing or eliminating risks. Mitigation techniques are of two types, structural and non-structural. Mitigation is the most costeffective technique to reduce the impact of hazards, though it is not always fruitful. Preparedness: This phase works as a continuous cycle to plan, organize, guide, implement, estimate, and develop events to ensure effectual organization and improvement of abilities to prevent, protect, respond, recover, and mitigate the effects of natural disasters, acts of terrorism, and other man-made disasters. In the preparedness phase, emergency managers create plans of action to manage and counter their risks and take actions to build necessary capabilities needed to implement such plans. Response: This phase incorporates mobilization of required emergency services and the first responder in the disaster region.
48 Response consists of the first wave of core emergency services, such as the police, ambulance squad, and firefighters. Organizational response to any significant disasters whether natural or terrorist-born is based on the existing emergency management organizational systems and processes such as the Federal Response Plan (FRP) and the Incident Command System (ICS). Recovery: This phase restores the affected area to its preceding state. Recovery efforts are concerned with problems and decisions that must be made after the immediate needs are addressed. Recovery efforts are primarily concerned with actions that involve rebuilding the destroyed property, re-employment, and repair of other essential infrastructure.
Incident Management is used to restore normal service operations as quickly as possible and minimize the adverse effects on either the business or the user at a cost-effective price, thus ensuring that the best possible levels of service quality and availability are maintained. Here, 'Normal service operation' is defined as a service operation within Service Level Agreement (SLA) limits. The various Activities of Incident Management are as follows: Incident detection and recording Classification and initial support Investigation and diagnosis Resolution and recovery Incident closure Incident ownership, monitoring, tracking, and communication
Change Management is used to ensure that standardized methods and procedures are used for efficient handling of all the changes. A change is "an event that results in a new status of one or more configuration items (CI's)" approved by the management, is cost effective, and enhances business process changes (fixes) - with minimum risks to the IT infrastructure. The main aims of Change Management are as follows: Minimal disruption of services Reduction in back-out activities Economic utilization of resources involved in the change
49
Release Management is used for platform-independent and automated distribution of software and hardware, including license controls across the entire IT infrastructure. Proper software and hardware control ensures availability of licensed, tested, and versioncertified software and hardware, which functions as intended when introduced into the existing infrastructure. Quality control during the development and implementation of new hardware and software is also the responsibility of Release Management. This guarantees that all software meet the demands of business processes. The goals of Release Management are as follows: Plan the rollout of software. Design and implement procedures for the distribution and installation of changes to IT systems. Effectively communicate and manage expectations of customer during the planning and rollout of new releases. the
Control the distribution and installation of changes to the IT systems. The focus of release management is the protection of the live environment and its services through the use of formal procedures and checks.
The response phase of emergency management consists of actions taken to save lives and to avoid greater damages to possessions in an emergency situation. Safety and well-being in an emergency depend on how well prepared one is, and on how he or she responds to a crisis. When someone is seeks shelter from a tornado or turns off the gas valves in an earthquake, these activities come under the response activities.
Pop Quiz
Q1: Which script is included as a part of the disaster recovery plan to confirm that everything is working as intended?
Ans: Base-functionality script

Q2: Which document helps the disaster recovery team members in getting the alternate sites up and running?
Ans: Technical guide
50
Effects of a Disaster on Business Organizations, Emergency Management for Business Organizations, FEMA- Federal Emergency Management Agency, FEMA as an Organization, Activities of FEMA
The responsibility of the local government in emergency management is to create plans and offer resources to guard people from risks that threaten their communities. Mitigation activities, preparedness plans, response to emergencies, and recovery operations help the local government in achieving it. The local government develops emergency management plans because it serves as the link between citizens and the state and federal agencies in the emergency management network. Local laws specify a chain of command during emergencies. The responsibility of the state government in emergency management is to protect communities and citizens within the state. The state government develops statewide emergency management activities, facilitates to coordinate emergency management activities concerning more than one community, or supports individual communities when they need help. The state acts as the central point between policy guidance and resources available at the federal level and implementation of comprehensive emergency management programs at the local level. The various programs provided by FEMA are as follows: It provides training and research information programs on the latest mitigation measures. It provides coordination and review of the State emergency plans. It provides financial assistance. It provides flood insurance to individuals and businesses in communities that join the National Flood Insurance Program (NFIP). It provides subsidies to the state and local offices of emergency management for maintaining emergency management programs. It provides guidance and coordination for plans to warn and protect the nation in national security emergencies.
51
It provides coordination of services for disaster response and recovery activities.
The Federal Emergency Management Agency (FEMA) is concerned with the mitigation, preparedness, response, and recovery activities. FEMA is the major source of federal support for learning in disaster management. FEMA is acknowledged as the authority to counter terrorism through the Nunn-Lugar-Domenici amendment under the Weapons of Mass Destruction Act of 1996. FEMA also assists individuals and businesses with low interest loans.
Pop Quiz
Q1: Which document provides a high-level view of the entire organization's disaster recovery efforts?
Ans: Executive summary

Q2: Which agency is concerned with the mitigation, preparedness, response, and recovery activities?
Ans: Federal Emergency Management Agency (FEMA)
52
Key Terms
An emergency situation causes instant risks to life, health, property, and environment. It requires immediate intervention to restrict the deteriorating situation, while in some situations, mitigation is not possible and agencies are only able to offer palliative care for the consequences.digipower The Emergency management team consists of executives and line managers to make s decisions at the Emergency Operations Center. Incident Management is used to restore normal service operation as quickly as possible and minimize the adverse effects on either the business or the user, at a cost-effective price, thus ensuring that the best possible levels of service quality and availability are maintained. Change Management is used to ensure that standardized methods and procedures are used for efficient handling of all changes. Release Management is used for platform-independent and automated distribution of software and hardware, including license controls across the entire IT infrastructure. The response phase of emergency management consists of actions taken to save lives and avoid greater damages to possessions in an emergency situation. The preparedness phase works as a continuous cycle to plan organize, guide, implement, estimate, and develop events to ensure effectual organization and the improvement of abilities to prevent, protect, respond, recover, and mitigate the effects of natural disasters, acts of terrorism, and other man-made disasters. The Federal Emergency Management Agency (FEMA) is concerned with the mitigation, preparedness, response, and recovery activities. FEMA is the major source of federal support for learning in disaster management.
53
Test Your Knowledge

Q1. Which of the following teams coordinates with the managers still operating on undamaged areas of the business and makes decisions about the allocation of personnel necessary to support response and recovery efforts? A. B. C. D. Q2. Damage assessment team Emergency response team Physical security team Emergency management team
Which of the following situations causes an instant risk to life, health, property, or environment, and requires an immediate intervention to prevent the situation from deteriorating? A. B. C. D. Economic situation External situation Internal situation Emergency situation
Q3.
Which of the following fields deals with strategic organizational management processes, protects the critical assets of an organization from hazard risks that can result in disasters or catastrophes, and ensures their continuance within their planned lifetime? A. B. C. D. Emergency management Risk management Incident management Change management
Q4.
Which of the following BCP teams handles financial arrangement, public relations, and media inquiries at the time of disaster recovery? A. B. C. D. Emergency-management team Off-site storage team Software team Applications team
54 Q5. Which of the following authorities has the responsibility of creating mitigation measures such as building codes, zoning ordinances, or land-use management programs, and educating people and training emergency workers? A. B. C. D. State government Local government Federal government Voluntary agency and organization
55
Answer Explanations
A1. Answer option D is correct. The Emergency management team consists of executives and line managers to make strong decisions at the Emergency Operations Center. This team coordinates with the managers still operating on undamaged areas of the business and makes decisions about the allocation of personnel necessary to support response and recovery efforts. The leaders of each team report to the emergency management team. Answer option A is incorrect. The damage assessment team assesses the damage of the disaster in order to provide an estimate of time required to recover. Answer option B is incorrect. The emergency response team has the responsibility of accounting for the personnel and rendering aid. The emergency response team includes fire wardens for each floor and persons trained in administering first aid. Answer option C is incorrect. The physical security team addresses crowd control and security and operates 24 hours a day to protect individuals and organizational assets. A2. Answer option D is correct. An emergency situation causes instant risks to life, health, property, and environment. It requires immediate intervention to restrict the deteriorating situation, while in some situations, mitigation is not possible and agencies are only able to offer palliative care for the consequences. Whereas various emergency situations are self evident like natural disasters which threaten several lives, various smaller incidents require the individual opinion of an observer in order to decide whether it meets the criteria of an emergency. Answer option A is incorrect. An economic situation signifies the state of economy of a country, organization, or region at a specific time. Answer option B is incorrect. An external situation includes the following areas: Market Competition
56 Technology Supplier market Economy Regulation
Answer option C is incorrect. An internal situation includes the following areas: A3. Organization's culture Organization's image Organization's structure Key staff Brand awareness Financial resources
Answer option A is correct. Emergency management is a field that deals with strategic organizational management processes. It is used to protect the critical assets of an organization from hazard risks which are posed by disasters or catastrophes, and to ensure their continuance within their planned lifetime. Successful emergency management depends on the detailed combination of emergency plans at all stages in the organization. It also develops the understanding that the lower levels of the organization are accountable for managing emergencies and getting additional resources and assistance from the upper levels. Answer option B is incorrect. Risk management is a continuous process. The process from the threats to the risks and then finally to the security measures is known as risk management. In this process, risks are first identified, then examined, and then finally reduced to an acceptable level. The process is applied to all aspects of operational processes. Answer option C is incorrect. Incident Management (IcM) refers to the activities of an organization to identify, analyze, and correct the hazards. For instance, a fire in a factory would be a risk that realized, or an incident that happened. An Incident Response Team (IRT) or an Incident Management Team (IMT), specifically designated
57
for the task beforehand or on the spot, would then manage the organization through the incident. Usually as part of the wider management process in private organizations, Incident Management is followed by a post-incident analysis where it is determined why the incident happened despite precautions and controls. This information is then used as a feedback to further develop the security policy and/or its practical implementation. In the USA, the National Incident Management System, developed by the Department of Homeland Security, integrates effective practices in emergency management into a comprehensive national framework. Answer option D is incorrect. Change management is a structured approach to transitioning individuals, teams, and organizations from a current state to a desired future state. It is an organizational process aimed at empowering the employees to accept and embrace changes in their current business environment. In project management, change management refers to a project management process where changes to a project are formally introduced and approved. A4. Answer option A is correct. The emergency-management team handles key decision making and directs recovery teams and business personnel, financial arrangement, public relations, and media inquiries. Answer option B is incorrect. The off-site storage team is responsible for obtaining, packaging, and shipping media and records to the recovery facilities. Answer option C is incorrect. The software team is responsible for restoring system service packs, loading and testing operating systems software, and resolving system-level problems. Answer option D is incorrect. The application team is responsible for restoring user packs and application programs on the backup system. A5. Answer option B is correct. The local government is concerned with creating mitigation measures such as building codes, zoning ordinances, or land-use management programs. It helps in educating people and training emergency workers.
58 The responsibility of the local government in emergency management is to create plans and offer resources to guard people from the risks that threaten their communities. Mitigation activities, preparedness plans, response to emergencies, and recovery operations help the local government in achieving it. The local government develops emergency management plans because it serves as the link between the citizens and the state and federal agencies in the emergency management network. Local laws specify a chain of command in emergencies. Answer option A is incorrect. The responsibility of the state government in emergency management is to protect communities and citizens within the state. The state government develops statewide emergency management activities, facilitates to coordinate emergency management activities concerning more than one community, or supports individual communities when they need help. The state acts as the central point between policy guidance and resources available at the federal level and implementation of comprehensive emergency management programs at the local level. Answer option C is incorrect. The responsibility of the federal government is concerned with mitigation, preparedness, response, and recovery activities. Answer option D is incorrect. The responsibility of voluntary agencies and organizations is mainly concerned with the disaster victims. These organizations help the victims by distributing food, medicine, and supplies, and by providing temporary shelter. Many voluntary organizations also conduct fund-raising drives to provide financial assistance to the disaster victims.
59
Chapter 4 - Laws and Acts

Overview
This Chapter helps you prepare for the EC-Council Disaster Recovery Professional (EDRP) Exam by covering the applicable acts in disaster recovery, laws, and acts in the United States of America, Sarbanes-Oxley Act, Foreign Corrupt Practices Act, etc. Applicable Acts in DR, Laws and Acts in the United States of America, Industries: Sarbanes-Oxley Act, Foreign Corrupt Practices Act (FCPA), Healthcare: HIPAA Regulations, Financial Institutions: Gramm-Leach-Bliley Act, Flood Disaster Protection Act of 1973 Robert T. Stafford Disaster Relief and Emergency Assistance Act, XCAN-SPAM Act of 2003, Federal Financial Institutions Examinations Council (FFIEC), Personal Information Protection and Electronic Documents Act (PIPEDA) Laws and Acts of Europe, Data Protection Act 1998, Transmission of Personal Data: Directive 2002/58/EC, Personal Data: Directive 95/46/EC, Insurance: Financial Groups Directive (FGD), The Foundation of Personal Data Security Law: OECD Principles Dutch Personal Data Protection Act, Austrian Federal Act concerning the Protection of Personal Data, German Federal Data Protection Act, Laws and Acts in Australia, Health Records and Information Privacy Act (HRIP), Financial Transactions Reporting (FTR) Act 1988
Key Points
Applicable Acts in DR, Laws and Acts in the United States of America, Industries, Healthcare: HIPAA Regulations, Financial Institutions: Gramm-LeachBliley Act, Flood Disaster Protection Act of 1973, Robert T. Stafford Disaster Relief and Emergency Assistance Act, XCAN-SPAM Act of 2003,PIPEDA
The Sarbanes-Oxley Act of 2002 is also known as the 'Public Company Accounting Reform and Investor Protection Act' (in the Senate) and 'Corporate and Auditing Accountability and Responsibility Act' (in the House). It sets new enhanced standards for all U.S. public company boards and management and public accounting firms. It is named after the sponsors U.S. Senator Paul Sarbanes (D-MD) and U.S. Representative Michael G. Oxley. This Act is arranged into eleven titles.
60 The most important sections within these are 302, 401, 404, 409, 802, and 906. The Foreign Corrupt Practices Act of 1977 (FCPA) is a United States federal law. It is known for two of its main provisions, one that addresses the accounting transparency requirements under the Securities Exchange Act of 1934 and the other that concerns bribery of foreign officials. The Flood Disaster Protection Act was enacted in 1973 by the Congress. It was introduced in order to protect homes that are most vulnerable to floods. Floods are one of the most common hazards in the United States and other parts of the world. Floods refer to the swelling of rivers during monsoons due to the excessive flow of water in the riverbed. Almost every nation is in danger due to the losses caused by this natural calamity. The Health Insurance Portability and Accountability Act (HIPAA) of 1996 was enacted by the U.S. Congress in 1996. According to the Center for Medicare and Medicaid Services (CMS) Website, Title I of HIPAA protects health insurance coverage for the workers and their families when they change or lose their jobs. Title II of HIPAA, known as Administrative Simplification (AS) provisions, requires the establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers. This is intended to help people keep their information private, though in practice, it is normal for the providers and health insurance plans to require the waiver of HIPAA rights as a condition of service. The Administration Simplification provisions also address the security and privacy of health data. The standards are meant to improve the efficiency and effectiveness of the nation's health care system by encouraging the widespread use of electronic data interchange in the U.S. health care system. Federal law 18 U.S.C. 2510 is related to wire, oral, and electronic communication. 18 U.S.C. 1029 is related to fraudulent activities associated with access drives, and 18 U.S.C. 1030 is related to fraudulent activity associated with computers. The Foreign Corrupt Practices Act of 1977 (FCPA) is primarily known for two of its main provisions, one that addresses the accounting transparency requirements under the Securities Exchange Act of 1934 and another that concerns bribery of foreign officials. Robert T. Stafford Disaster Relief and Emergency Assistance Act, XCAN-SPAM Act of 2003, Federal Financial Institutions
61
Examinations Council (FFIEC), Personal Information Protection and Electronic Documents Act (PIPEDA). Load testing is end to end performance tests under anticipated load. Its main objective is to find out the response time for various time critical transactions and ensure that they are within documented prospects. It also measures the capability of an application by measuring the transaction's pass, fail, or error rates. It determines whether an application meets the system response time requirements. Most accurate load testing occurs with actual, rather than theoretical, results. There is little agreement on what the specific goals of load testing are. The term is often used synonymously with performance testing, reliability testing, and volume testing. Load testing can be conducted in two ways: Longevity or endurance testing Volume testing Stress testing simulates the ever increasing load (i.e., more than the anticipated load). It checks for improper loss of data or service and often causes defects to come to light.
It is concerned with the throughput, resource bottlenecks, and functionality loss.
62
As the images show, it will take more time if the stress increases. It determines the maximum capacity of systems. It is particularly important for distributed systems, as they can display a severe degradation when a network becomes overloaded.
The Robert T. Stafford Disaster Relief and Emergency Assistance Act is also known as the Stafford Act. It is a United States federal law designed to bring an arranged and systemic means of federal natural disaster assistance for the state and local governments in carrying out their responsibilities to aid the citizens. This Act is a 1988 amended version of the Disaster Relief Act of 1974. The CAN-SPAM Act of 2003 was signed into law by President George W. Bush on December 16, 2003. It establishes the United States first national standards used for sending commercial e-mails. It requires the Federal Trade Commission (FTC) to enforce its provisions. CANSPAM stands for Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003. FFIEC stands for the Federal Financial Institutions Examinations Council. The Federal Financial Institutions Examination Council (FFIEC) was established on March 10, 1979, in accordance with title X of the Financial Institutions Regulatory and Interest Rate Control Act of 1978 (FIRA), Public Law 95-630. In 1989, title XI of the Financial Institutions Reform, Recovery and Enforcement Act of 1989 (FIRREA) established The Appraisal Subcommittee (ASC) within the Examination Council. PIPEDA stands for Personal Information Protection and Electronic Documents Act. It is a Canadian law related to data privacy and it governs how private-sector organizations collect, use, and disclose personal information in the course of commercial business. This act contains various provisions to facilitate the use of electronic
63
documents. PIPEDA became a law on 13 April 2000, to promote consumer trust in electronic commerce.
Pop Quiz
Q1: Which can be identified as a consequence of a disaster in risk analysis?
Ans: Loss of operating capability

Q2: Which administrative policy control requires individuals or organizations to be engaged in good business practices relative to the organization's industry?
Ans: Due care
Laws and Acts of Europe, Transmission of Personal Data, Personal Data,Insurance, The Foundation of Personal Data Security Law, Dutch Personal Data Protection Act, Austrian Federal, German Federal Data Protection Act, Laws and Acts in Australia, Health Records and Information Privacy Act (HRIP), Financial Transactions Reporting (FTR) Act 1988
The Office of Thrift Supervision (OTS) is a United States federal agency under the Department of Treasury. It is the primary federal regulator of the federally chartered and state chartered savings associations. It does not receive a government budget; instead, it is paid by the banks it regulates. Other regulatory agencies like the OTS include the Office of the Comptroller of the Currency, the Federal Deposit Insurance Corporation, the Federal Reserve System, and the National Credit Union Administration. The Financial Groups Directive (FGD) is intended to collectively carry out supervision across sectors for financial organizations, which have significant activities in the banking, investment sectors, and insurance sectors. It has the mission to introduce improved prudential management for the supervision of third-country financial organizations. The various privacy principles included in the OECD guidelines are as follows:
64 The Collection Limitation Principle: This principle states that individuals should know about and have the permission to the collection of their data. The Data Quality Principle: This principle states that any data collected must be correct. The Purpose Specification Principle: This principle states that the purpose for data collection must be declared to individuals before their data is collected. The Use Limitation Principle: This principle states that the data must only be used for the purposes stated when it was collected. The Security Safeguards Principle: This principle states that the collected data should be protected from unauthorized access. The Openness Principle: This principle states that people can contact the entity collecting their data. People can discover where their personal data is collected and stored. The Individual Principle: This principle states that people should know if data about them has been collected. People must also have access to their collected information. The Accountability Principle: This principle states that the entity collecting the data must be held accountable for following the privacy principles.
The Financial Groups Directive (FGD) is intended to collectively carry out supervision across sectors for financial organizations which have significant activities in the banking, investment, and insurance sectors. The Organization for Economic Cooperation and Development (OECD) accepted guidelines to protect personal data. These guidelines are known as the OECD guidelines on the protection of privacy and transborder flows of personal data. Mitigation is a risk response planning technique associated with threats that seeks to reduce the probability of occurrence or impact of a risk to below an acceptable threshold. Risk mitigation involves taking early actions to reduce the probability and impact of a risk occurring on the project. Adopting less complex processes, conducting more tests, or choosing a more stable supplier are examples of mitigation actions.
65
Data confidentiality is a security principle that ensures data privacy on the network system. It ensures that the data will be kept a secret and will be accessed only by limited authorized users. It prohibits eavesdropping by unauthorized users. Confidentiality of data has also been defined by the International organization for Standardization (ISO) in ISO-17799 as "ensuring that information is accessible only to the authorized users". The Federal Acquisition Regulation (FAR) is the principal set of rules in the Federal Acquisition Regulation System. This system consists of sets of regulations issued by the agencies of the Federal government of the United States to govern the acquisition process. This process consists of three phases, which are as follows: Need recognition and acquisition planning Contract formation Contract administration
The FAR System regulates the activities of the government personnel in carrying out that process. Nearly all government agencies are required to comply with FAR. However, some agencies are exempt (e.g., the United States Postal Service, the Tennessee Valley Authority, the Federal Aviation Administration, and the Bonneville Power Administration); in those cases, the agency promulgates its own specific procurement rules. The Article 2 of Dutch Personal Data Protection Act (DPDPA) describes the following rules: DPDPA applies to the fully or partly automated processing of personal data and the non-automated processing of personal data entered in a file or intended to be entered therein. This Act does not apply to the processing of personal data, which consists of the following conditions: In the course of a purely personal or household activity By or on behalf of the intelligence or security services referred to in the Intelligence and Security Services Act For the purposes of implementing the police tasks defined in Article 2 of the Police Act 1993 Governed by or under the Municipal Database (Personal Records) Act
66 For the purposes of implementing the Judicial Documentation Act For the purposes of implementing the Electoral Provisions Act This Act is not concerned with the processing of personal data by the armed forces where the Defense Minister decides with a view to arrange or presents the armed forces to maintain or promote the international legal order. Such a decision shall be communicated to the Data Protection Commission as quickly as possible.
The Article 4 of Dutch Personal Data Protection Act (DPDPA) describes the following rules : This Act deals with the processing of personal data carried out in the context of the activities of an establishment of a responsible party in the Netherlands. This Act deals with the processing of personal data by or for responsible parties who are not established in the European Union, whereby use is made of automated or non-automated means situated in the Netherlands, unless these means are used only for forwarding personal data. The responsible parties referred to are prohibited from processing personal data, unless they authorize a person or body in the Netherlands to act on their behalf in accordance with the provisions of this Act. For the purposes of application of this Act and the provisions based upon it, the said person or body shall be deemed to be the responsible party.
The Health Records and Information Privacy Act (HRIP) protects the privacy of health information in New South Wales. It deals with managing health information in both the public and private sectors in the New South Wales. This consists of hospitals, whether public or private, doctors, and other health care organizations. It also incorporates other organizations that have any type of health information. It can be as diverse as a university that conducts research programs, or a fitness center that records information about a person's health and injuries. The HRIP Act includes fifteen health privacy principles (HPPs), which summarize how the health information should be collected, stored, used, and disclosed. This Act sets out how complaints regarding management of health information can be dealt with.
67
The Financial Transaction Report (FTR) Act provides information of assured transactions and transfers to the Australian Transaction Reports and Analysis Centre (AUSTRAC), and entails assured obligations related to accounts and for other related purposes. Australia's anti-money laundering and counter-terrorism financing program places obligations on financial institutions and other financial intermediaries. These obligations are included in the Financial Transaction Reports Act 1988 as well as the Anti-Money Laundering and CounterTerrorism Financing Act 2006.
Pop Quiz
Q1: Which directive is intended to carry out supervision across sectors for financial organizations?
Ans: Financial Groups Directive

Q2: Which act provides a scheme for regulating commercial e-mails and other types of commercial electronic messages?
Ans: Spam Act
68
Key Terms
An emergency situation causes instant risks to life, health, property, and the environment. It requires immediate intervention to restrict the deteriorating situation, while in some situations, mitigation is not possible and agencies are only able to offer palliative care for the consequences. Underpinning Contract (UC) is a contract between an IT service provider and a third party. In another way, it is an agreement between the IT organization and an external provider about the delivery of one or more services. The Sarbanes-Oxley Act of 2002 is also known as the 'Public Company Accounting Reform and Investor Protection Act' (in the Senate) and 'Corporate and Auditing Accountability and Responsibility Act' (in the House). The Foreign Corrupt Practices Act of 1977 (FCPA) is a United States federal law. It is known for two of its main provisions, one that addresses the accounting transparency requirements under the Securities Exchange Act of 1934 and another that concerns bribery of foreign officials The Flood Disaster Protection Act was enacted in 1973 by the Congress. It was introduced in order to protect homes that are most vulnerable to floods. The Health Insurance Portability and Accountability Act (HIPAA) of 1996 was enacted by the U.S. Congress in 1996. Federal law 18 U.S.C. 2510 is related to wire, oral, and electronic communication. 18 U.S.C. 1029 is related to fraudulent activities associated with access drives, and 18 U.S.C. 1030 is related to fraudulent activities associated with the computers. Load testing is end to end performance test under the anticipated load. Its main objective is to find out the response time for various time critical transactions and ensure that they are within documented prospects. Stress testing simulates the ever increasing load (i.e., more than the anticipated load). It checks for improper loss of data or service and often causes defects to come to light. PIPEDA stands for the Personal Information Protection and Electronic Documents Act. It is a Canadian law related to data
69
privacy and it governs how private-sector organizations collect, use, and disclose personal information in the course of commercial business. The Office of Thrift Supervision (OTS) is a United States federal agency under the Department of Treasury. It is the primary federal regulator of federally chartered and state chartered savings associations. The Financial Groups Directive (FGD) is intended to collectively carry out supervision across sectors for financial organizations, which have significant activities in the banking, investment sectors, and insurance sectors. The Organization for Economic Cooperation and Development (OECD) accepted guidelines to protect personal data. These guidelines are known as the OECD guidelines on the protection of privacy and transborder flows of personal data. The Office of Thrift Supervision (OTS) is a United States federal agency under the Department of the Treasury.
70
Test Your Knowledge

Q1. Which of the following federal laws are related to the hacking activities? Each correct answer represents a complete solution. Choose three. A. B. C. D. Q2. 18 U.S.C. 2510 18 U.S.C. 1029 18 U.S.C. 1030 18 U.S.C. 1028
Which of the following acts is known for two of its main provisions, one that addresses the accounting transparency requirements under the Securities Exchange Act of 1934 and another that concerns bribery of foreign officials? A. B. C. D. HIPAA FCPA Gramm-Leach-Bliley Act Flood Disaster Protection Act
Q3.
Availability Management deals with the day-to-day availability of services. Which of the following takes over when a 'disaster' situation occurs? A. B. C. D. Capacity Management Service Level Management Service Reporting Service Continuity Management
Q4.
The CAN-SPAM Act of 2003 was signed into law by President George W. Bush on December 16, 2003. Which of the following statements are true about the CAN-SPAM Act? Each correct answer represents a complete solution. Choose all that apply. A. B. C. CAN-SPAM stands for Controlling Assault of Non-Solicited Pornography And Marketing Act of 2003. It establishes the United States first national standards for sending commercial e-mails. The CAN-SPAM Act is also referred to as the We-Can-Spam Act.
uCertify Study Guide for EC-Council Exam 312-76 D. Q5.
71
It requires the Federal Trade Commission (FTC) to enforce its provisions.
Which of the following strategies is used to minimize the effects of a disruptive event on a company, and is created to prevent interruptions to normal business activities? A. B. C. D. Contingency Plan Disaster Recovery Plan Continuity of Operations Plan Business Continuity Plan
72
Answer Explanations
A1. Answer options A, B, and C are correct. Federal law 18 U.S.C. 2510 is related to wire, oral, and electronic communication. 18 U.S.C. 1029 is related to fraudulent activities associated with access drives, and 18 U.S.C. 1030 is related to fraudulent activity associated with computers. Answer option D is incorrect. Federal law 18 U.S.C. 1028 deals with fraud related to possession of false identification documents. A2. Answer option B is correct. The Foreign Corrupt Practices Act of 1977 (FCPA) is a United States federal law. It is known for two of its main provisions, one that addresses the accounting transparency requirements under the Securities Exchange Act of 1934 and another that concerns bribery of foreign officials. Answer option A is incorrect. The Health Insurance Portability and Accountability Act (HIPAA) of 1996 was enacted by the U.S. Congress in 1996. According to the Center for Medicare and Medicaid Services (CMS) Website, Title I of HIPAA protects health insurance coverage for the workers and their families when they change or lose their jobs. Title II of HIPAA, known as the Administrative Simplification (AS) provisions, requires the establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers. This is intended to help people keep their information private, though in practice it is normal for the providers and health insurance plans to require the waiver of HIPAA rights as a condition of service. Administration Simplification provisions also address the security and privacy of health data. The standards are meant to improve the efficiency and effectiveness of the nation's health care system by encouraging widespread use of electronic data interchange in the U.S. health care system. Answer option C is incorrect. The Gramm-Leach-Bliley Act (GLBA), also known as the Financial Services Modernization Act of 1999, (enacted November 12, 1999) is an act of the 106th United States Congress (1999-2001) signed into law by President William J. Clinton which repealed part of the Glass-Steagall Act of 1933, opening up the market among the banking companies, securities companies, and insurance companies. The Glass-Steagall Act prohibited any one institution from acting as any combination of an investment bank, a commercial bank, and an insurance company.
73
The Gramm-Leach-Bliley Act allowed commercial banks, investment banks, securities firms, and insurance companies to consolidate. For example, Citicorp (a commercial bank holding company) merged with Travelers Group (an insurance company) in 1998 to form the conglomerate Citigroup, a corporation combining banking, securities, and insurance services under a house of brands that included Citibank, Smith Barney, Primerica, and Travelers. This combination, announced in 1998, would have violated the Glass-Steagall Act and the Bank Holding Company Act of 1956 by combining securities, insurance, and banking, if not for a temporary waiver process. The law was passed to legalize these mergers on a permanent basis. Historically, the combined industry has been known as the 'financial services industry'. Answer option D is incorrect. The Flood Disaster Protection Act was enacted in 1973 by the Congress. It was introduced in order to protect homes that are most vulnerable to floods. Floods are one of the most common hazards in the United States and other parts of the world. Floods refer to the swelling of the rivers during monsoons due to the excessive flow of water in the riverbed. Almost every nation is in danger due to the losses caused by this natural calamity. A3. Answer option D is correct. The Service delivery processes are as follows: Service Level Management: The objective of Service Level Management is to define, agree, record, and manage levels of the service. Service Level Management manages the services depending on tangible records of services, service level targets, and the characteristics of the workload. This process supports in achieving a balance between the service cost, quality, and workloads. Service Level Management develops an understanding of the responsibilities of the service provider and the customers through negotiation and Service Level Agreements (SLAs). Service Reporting: The objective of Service Reporting is to produce agreed, timely, reliable, and accurate reports for the purpose of decision-making and effective communication. The information included in service reports decides the success of all Service Management processes. The needs and requirements of both internal management and the customer are met by Service Reporting. Service Continuity and Availability: The objective of Service Continuity and Availability is to ensure that agreed service continuity and availability commitments to customers are met in all situations. Availability Management deals with the day-to-day availability of services, and when a 'disaster' situation occurs
74 and the continuity plan Management replaces it. is invoked, Service Continuity
Budgeting and Accounting for IT services: The objective Budgeting and Accounting for IT services is to budget and account for the cost of service provision. Capacity Management: The objective of Capacity Management is to ensure that the service provider has, at all times, sufficient capacity so that the current and the future needs of the customer get fulfilled. The Capacity Management process is the focal point for all performance and capacity issues. Information Security Management: The objective of Information Security Management is to manage information security effectively among all service providers. Information Security is a system of policies and procedures. It is designed to recognize, control, and protect information and any equipment that is used in connection with its storage, transmission, and processing.
A4.
Answer options A, B, and D are correct. The CAN-SPAM Act of 2003 was signed into a law by President George W. Bush on December 16, 2003. It establishes the United States first national standards used for sending commercial e-mails. It requires the Federal Trade Commission (FTC) to enforce its provisions. CAN-SPAM stands for Controlling the Assault of NonSolicited Pornography and Marketing Act of 2003. Answer option C is incorrect. The CAN-SPAM Act is sometimes referred to as the You-Can-Spam Act. This is because while the bill does not clearly legitimize e-mail spams, it anticipates laws that are allowed for an easier prosecution and rights to private action. In particular, it does not necessitate e-mailers to get permission before they send marketing messages.
A5.
Answer option D is correct. BCP is a strategy to minimize the consequence of instability and to allow for the continuation of business processes. The goal of BCP is to minimize the effects of a disruptive event on a company, and is formed to avoid interruptions to normal business activities. Business Continuity Planning (BCP) is the creation and validation of a practiced logistical plan for how an organization will recover and restore partially or completely interrupted critical (urgent) functions within a predetermined time after a disaster or extended disruption. The logistical plan is called a business continuity plan.
75
Answer option A is incorrect. A contingency plan is a plan devised for a specific situation when things go wrong. Contingency plans are often devised by governments or businesses who want to be prepared for anything unforeseen that could happen. Contingency plans include specific strategies and actions to deal with specific variances to assumptions resulting in a particular problem, emergency, or state of affairs. They also include a monitoring process and "triggers" for initiating planned actions. They are required to help governments, businesses, or individuals to recover from serious incidents in the minimum time with minimum cost and disruption. Answer option B is incorrect. Disaster recovery planning is a subset of a larger process known as business continuity planning and should include planning for resumption of applications, data, hardware, communications (such as networking), and other IT infrastructure. A business continuity plan (BCP) includes planning for non-IT related aspects such as the key personnel, facilities, crisis communication, and reputation protection, and should refer to the disaster recovery plan (DRP) for IT-related infrastructure recovery/continuity. Answer option C is incorrect. The Continuity Of Operation Plan (COOP) refers to the preparations and institutions maintained by the United States government, providing survival of federal government operations in the case of catastrophic events. It provides procedures and capabilities to sustain an organization's essential. COOP is the procedure documented to ensure persistent critical operations throughout any period where normal operations are unattainable.
76
Chapter 5 - Business Continuity Management

Overview
This Chapter helps you prepare for the EDRP Exam by covering the following objectives: Business Continuity Management, Business Continuity Planning, Objectives of Business Continuity Planning, Essential Resources in Business Continuity Planning, Business Continuity Management Planning Steps, ISO (International Organization for Standardization) Overview of BS 7799 / ISO 17799, ISO/IEC 17799:2005, ISO/IEC 17799:2005: Business Continuity Management, Risk Analysis, Risk Assessment, Basic Elements of Risk Assessment, and Business Impact Analysis (BIA) Components of Business Impact Analysis Threat Analysis, Crisis Management, Steps in Crisis Management, Crisis Management Phases Compliance, Preparedness, Training and Resource Development, Contingency Planning, Points to remember in BCM Plan Testing, Birmingham City Council's BCM Assessment Template, Greenwich Council - Emergency and BCM Plan.
Key Points
Business Continuity Management, Business Continuity Planning, Objectives of Business Continuity Planning, Essential Resources in Business Continuity Planning, Business Continuity Management Planning Steps, ISO (International Organization for Standardization)
Business Continuity Management is a management process that determines potential impacts that are likely to threaten an organization. It provides a framework for promoting quick recovery and the capability for an effective response to protect the interests of its brand, reputation, and stakeholders. Business continuity management includes disaster recovery, business recovery, crisis management, incident management, emergency management, product recall, contingency planning, etc. Business Continuity Planning (BCP) is the creation and validation of a practiced logistical plan that defines how an organization will recover and restore partially or completely interrupted critical (urgent) functions within a predetermined time after a disaster or
77
extended disruption. The logistical plan is called a Business Continuity Plan. A conflict of interest occurs when a person is in a position to influence decisions or other outcomes on behalf of one party when such decisions or outcomes could affect the party with which the person has competing loyalties. For example, when a person is acting as an employee, he has the duty of being loyal to his employer. The take-grant protection model is a formal model used in the field of computer security to establish or disprove the safety of a given computer system that follows specific rules. It shows that for specific systems the question of safety is decidable in linear time, which is in general undecidable. The model represents a system as a directed graph, where vertices are either subjects or objects. The edges between them are labeled and the label indicates rights that the source of the edge has over the destination. Two rights occur in every instance of the model: take and grant. They play a special role in the graph rewriting rules describing admissible changes of the graph. Every business should have a continuity plan in place, as it provides to the company a map to follow in the case of a disaster. There are a number of risks that can permanently close a business such as a disease, fire, flood, earthquake, terrorism, and cyber-attack. Business continuity planning comprises five steps. If these steps are followed properly, then the risks of out these disasters will be mitigated. The business continuity planning steps are as follows: Analysis Solution design Implementation Testing and organization acceptance Maintenance
Business continuity management is a management process that determines potential impacts that are likely to threaten an organization. It is the process of managing risks. It also ensures business continuity. It includes the following elements: Risk mitigation plan Business continuity plan
78 Pandemic plan Contingency plan Business recovery Audits
Business continuity plan development refers to the utilization of information collected in the Business Impact Analysis (BIA) for the creation of the recovery strategy plan to support the critical business functions. The following components are addressed in a business continuity plan: Readiness: It covers the preceding steps and provides a strong foundation for the remainder of the BCP. Prevention: It includes limiting, preventing, or avoiding the impact of a crisis. Response: It is very important to react effectively, appropriately, and quickly during a crisis. Recovery/resumption: It is important to assess damages after the activation of crisis management team. The crisis management team is responsible for this damage assessment.
Business Continuity Planning determines the risks to the organizational processes and creates policies, plans, and procedures in order to minimize the impact of those risks. The following are the steps in the Business Continuity Planning process: Project scope and planning Business Impact Assessment Continuity planning Approval and implementation
79
Pop Quiz
Q1: Which mode of operation supports users with different clearances and data at the various classification levels?
Ans: Multilevel mode

Q2: In which management style does the manager share the responsibility of making decisions and provides support to the subordinates?
Ans: The supporting style
Overview of BS 7799 / ISO 17799, ISO/IEC 17799:2005, ISO/IEC 17799:2005: Business Continuity Management, Risk Analysis, Risk Assessment, Basic Elements of Risk Assessment, and Business Impact Analysis (BIA) Components of Business Impact Analysis
A business impact analysis (BIA) is a crisis management and business impact analysis technique that identifies threats that can impact the business continuity of operations. Such threats can be either natural or man-made. The BIA team should have a clear understanding of the organization, key business processes, and IT resources for assessing risks associated with continuity. In the BIA team, there should be the senior management, IT personnel, and end users to identify all resources that are to be used during normal operations. The characteristics of the DIAP Information Readiness Assessment function are as follows : It provides data needed to accurately assess IA readiness. It identifies and generates IA requirements. It performs vulnerability/threat analysis assessment.
Certification and Accreditation (C&A or CnA) is a process for implementing information security. It is a systematic procedure for evaluating, describing, testing, and authorizing systems prior to or after a system is in operation. The C&A process is used extensively in the U.S. Federal Government. Some C&A processes include FISMA, NIACAP, DIACAP, and DCID 6/3.
80 Certification is a comprehensive assessment of the management, operational, and technical security controls in an information system, made in the support of security accreditation, to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system. Accreditation is the official management decision given by a senior agency official to authorize operations of an information system and to explicitly accept the risk to agency operations (including mission, functions, image, or reputation), agency assets, or individuals, based on the implementation of an agreed-upon set of security controls. Business Continuity Management is a management process that determines potential impacts that are likely to threaten an organization. It provides a framework for promoting quick recovery and the capability for an effective response to protect the interests of its brand, reputation, and stakeholders. Business continuity management includes disaster recovery, business recovery, crisis management, incident management, emergency management, product recall, contingency planning, etc. BS 7799 Part 1 was a standard originally published as BS 7799 by the British Standards Institute (BSI) in 1995. It was eventually adopted by ISO as ISO/IEC 17799, "Information Technology - Code of practice for information security management" in 2000. ISO/IEC 17799 was most recently revised in June 2005 and was renamed to ISO/IEC 27002 in July 2007. BS 7799 Part 2 of BS7799 was first published by BSI in 1999, known as BS 7799 Part 2, titled "Information Security Management Systems - Specification with guidance for use". It is focused on how to implement an Information security management system (ISMS).
Pop Quiz
Q1: What is the version of the BS7799 standard that covers risk analysis and management?
Ans: BS7799 Part 3

Q2: Which standard provides the guidelines and general principles for initiating, implementing, maintaining, and improving information security management in an organization?
Ans: ISO/IEC 17799:2005

81
Threat Analysis, Crisis Management, Steps in Crisis Management, Crisis Management Phases
The crisis communication plan can be broadly defined as the plan for exchange of information before, during, or after a crisis event. It is considered as a sub-specialty of the public relations profession that is designed to protect and defend an individual, company, or organization facing a public challenge to its reputation. The aim of a crisis communication plan is to assist organizations to achieve continuity of critical business processes and information flows under crisis, disaster, or event driven circumstances. The crisis management process is used by organizations to handle the main event warning to damage the organization, stakeholders, and the common people. Crisis management is used to deal with the threats after their occurrence. It consists of skills and techniques required to identify, assess, understand, and cope with a severe situation, particularly from the instant its first occurrence to the point that recovery procedures start. The various phases of crisis management are as follows: Pre-crisis: The pre-crisis phase deals with prevention and preparation. Managers plan how to respond to crisis events that may occur. Crisis response: The crisis response phase is when the management must actually respond to a crisis. In this phase, the managers respond to the crisis in hopes of reducing its impact. Post-crisis: The post-crisis phase searches for ways to get ready for the next crisis and accomplish the commitments made during the crisis phase, including follow-up information. Managers assess the damage and attempt to return the organization to atleast its pre-crisis stage.
A crisis is described as a major threat to operations that encompasses negative consequences if not dealt accurately. A crisis consists of the following elements: A threat to the organization The element of surprise A short decision time
82 A crisis develops financial losses by disrupting operations, generating losses of market share/purchase intentions, or spawning lawsuits related to the crisis.
The following are the different types of crises: Sudden crisis: It is an immediate and unexpected crisis. Smoldering crisis: It is of utmost importance to handle smoldering crisis initially because it has a humble beginning but takes large proportions if not resolved. Bizarre crisis: This crisis is unusual and unexpected.
Pop Quiz
Q1: Which term best describes the presence of any potential event that causes an undesirable impact on the organization?
Ans: Threat
Q2: Which process acts as a control measure that provides the some amount of protection to the assets?
Ans: Safeguard
Compliance, Preparedness, Training and Resource Development, Contingency Planning, Points to remember in BCM Plan Testing, Birmingham City Council's BCM Assessment Template, Greenwich Council - Emergency and BCM Plan
Configuration audits confirm that the configuration identification for a configured item is accurate, complete, and will meet the specified program needs. Configuration audits are broken into functional and physical configuration audits. They occur either at delivery or at the moment of effecting the change. A functional configuration audit ensures that the functional and performance attributes of a configuration item are achieved, while a physical configuration audit ensures that a configuration item is installed in accordance with the requirements of its detailed design documentation.
83
Physical Configuration Audit (PCA) is one of the practices used in Software Configuration Management for Software Configuration Auditing. The purpose of the software PCA is to ensure that the design and reference documentation is consistent with the as-built software product. PCA checks and matches the really implemented layout with the documented layout.. The components addressed by the business continuity plan are as follows : Readiness: This part of the BCP covers the preparatory steps and provides a strong foundation for the remainder of the BCP. Prevention: This part covers limiting, preventing, or avoiding the impact of a crisis. Response : This part helps to respond effectively, appropriately, and quickly during a crisis. Recovery/resumption: This part helps organizations to assess the damages once the crisis management team is activated.
The responsibilities of an Emergency Planning Officer under the Greenwich Council are as follows: To coordinate and execute the emergency and the BCM plan To provide a first point contact if a major incident is declared To contact the Chief Executive Officer (CEO) or the deputy to decide what further action is required, including whether to convene the Strategic Group To commence borough-wide telephone cascade (agreed by CEO) to alert, place on standby, advise, or convene nominated emergency response staff
The responsibilities of a CEO under the Greenwich Council are as follows: To manage the overall strategic control of the emergency and BCM response To establish the policy framework for the Council's response To support the tactical and operational groups by providing resources
84 To prioritize demands on potentially limited resources, including rationing of resources To keep the members briefed To advice and reassure staff and the public, authorize all such communications to these groups To determine plans for a return to a state of normality
Contingency plan is prepared and documented for an emergency response, backup operations, and recovery maintained by an activity as the element of its security program that will ensure the availability of critical resources and facilitates the continuity of operations in an emergency situation. The responsibilities of a CEO under the Greenwich council are as follows: To manage the overall strategic control of the emergency and BCM response To establish the policy framework for the Council's response To support the tactical and operational groups, by providing resources To prioritize demands on potentially limited resources, including rationing of resources To keep the members briefed To advice and reassure the staff and public, and authorize all such communications to these groups To determine plans for a return to a state of normality
The responsibilities of an Emergency Planning Officer under the Greenwich Council are as follows: To coordinate and execute the emergency and BCM plan To provide first point contact if a major incident is declared To contact the Chief Executive Officer (CEO) or the deputy to decide on what further action is required, including whether to convene the Strategic Group
85
To commence the borough-wide telephone cascade (agreed by CEO) to alert, place on standby, advise or convene nominated emergency response staff
The components addressed by the business continuity plan are as follows: Readiness Prevention Response Recovery/resumption
A contingency plan is a plan devised for a specific situation when things go wrong. Contingency plans are often devised by the governments or businesses who want to be prepared for anything that could happen.
Pop Quiz
Q1: What is the process of getting ready for a pandemic called?
Ans: Preparedness
Q2: What is the state of complete preparedness to cope with a pandemic?
Ans: Readiness
86
Key Terms
Business Continuity Management is a management process that determines the potential impacts that are likely to threaten an organization. It provides a framework for promoting quick recovery and the capability for an effective response to protect the interest of its brand, reputation, and stakeholders. A conflict of interest occurs when a person is in a position to influence the decisions or other outcomes on behalf of one party when such decisions or outcomes could affect the party with which the person has competing loyalties. The take-grant protection model is a formal model used in the field of computer security to establish or disprove the safety of a given computer system that follows specific rules. A business impact analysis (BIA) is a crisis management and business impact analysis technique that identifies threats that can impact the business continuity of operations. Such threats can be either natural or man-made. The Eradication phase of the Incident handling process involves the cleaning-up of identified harmful incidents from the system. It includes analyzing the information that has been gathered for determining how the attack was committed. Certification and Accreditation (C&A or CnA) is a process for implementing information security. It is a systematic procedure for evaluating, describing, testing, and authorizing systems prior to or after a system is in operation. The crisis communication plan can be broadly defined as the plan for the exchange of information before, during, or after a crisis event. It is considered a sub-specialty of the public relations profession that is designed to protect and defend an individual, company, or organization facing a public challenge to its reputation. Information assurance (IA) is the process of organizing and monitoring information-related risks. It ensures that only the approved users have access to the approved information at the approved time. A border network is the network infrastructure area, which separates a network into two parts using an internet gateway router. It is the prime ingredient of a perimeter network that enhances the
87
security at the outermost inlet or gateway towards the enterprise network. SMART or the Self-Monitoring, Analysis, and Reporting Technology model, is a monitoring system for computer hard disks to detect and report on various indicators of reliability, in the hope of anticipating failures. Configuration audits confirm that the configuration identification for a configured item is accurate, complete, and will meet the specified program needs. A functional configuration audit ensures that the functional and performance attributes of a configuration item are achieved, while a physical configuration audit ensures that a configuration item is installed in accordance with the requirements of its detailed design documentation. Physical Configuration Audit (PCA) is one of the practices used in Software Configuration Management for Software Configuration Auditing.
88
Test Your Knowledge

Q1. Business Continuity Planning (BCP) determines the risks to the organizational processes and creates policies, plans, and procedures in order to minimize the impact of those risks. What are the different steps in the Business Continuity Planning process? Each correct answer represents a part of the solution. Choose all that apply. A. B. C. D. E. Q2. Project scope and planning Business Impact Assessment Business Analysis Approval and implementation Continuity planning
Business continuity management is a management process that determines potential impacts that are likely to threaten an organization. Which of the following elements are included in business continuity management? Each correct answer represents a part of the solution. Choose all that apply. A. B. C. D. E. F. G. Risk Mitigation plan Pandemic plan System development plan Contingency plan Business recovery Business continuity plan Audits
Q3.
A business impact analysis (BIA) is a crisis management and business impact analysis technique that identifies threats that can impact the business continuity of operations. What are the objectives defined by business impact analysis? Each correct answer represents a complete solution. Choose all that apply. A. B. C. Identifying the full business process Determining all potential financial, legal, and regulatory impacts Setting up time frames for recovery of all business-related processes
uCertify Study Guide for EC-Council Exam 312-76 D. E. Q4.
89
Defining the key inner and outer dealings and dependencies of each process Making a customer aware of the continuity plans
Which of the following plans assists organizations to achieve continuity of critical business processes and information flows under crisis, disaster, or event driven circumstances? A. B. C. D. Disaster recovery plan Crisis communication plan Contingency plan Business recovery plan
Q5.
Which of the following plans is documented and organized for emergency responses, backup operations, and recovery maintained by an activity as part of its security program that will ensure the availability of critical resources and facilitates the continuity of operations in an emergency situation? A. B. C. D. Contingency Plan Disaster Recovery Plan Continuity Of Operations Plan Business Continuity Plan
90
Answer Explanations
A1. Answer options A, B, D, and E are correct. Business Continuity Planning determines the risks to the organizational processes and creates policies, plans, and procedures in order to minimize the impact of those risks. The following are the steps in the Business Continuity Planning process:
Project scope and planning Business Impact Assessment Continuity planning Approval and implementation
Answer option C is incorrect. There is no such step in the Business Continuity Planning process. A2. Answer options A, B, D, E, F, and G are correct. Business Continuity Planning determines the risks to the organizational processes and creates policies, plans, and procedures in order to minimize the impact of those risks. The following are the steps in the Business Continuity Planning process:
Project scope and planning Business Impact Assessment Continuity planning Approval and implementation
Answer option C is incorrect. There is no such step in the Business Continuity Planning process. A3. Answer option A, B, C, and D are correct. The objectives defined by the business impact analysis are as follows:
Identifying the full business process Determining all potential financial, legal, and regulatory impacts
91

A4.
Setting up the time frame for the recovery of all business-related processes Defining the key inner and outer dealings and dependencies of each process Identifying the required resources for all processes to recover and their related recovery time frames Training the personnel in the recovery process Making the management aware of the continuity plans
Answer option B is correct. The crisis communication plan can be broadly defined as the plan for the exchange of information before, during, or after a crisis event. It is considered as a sub-specialty of the public relations profession that is designed to protect and defend an individual, company, or organization facing a public challenge to its reputation. The aim of the crisis communication plan is to assist organizations to achieve continuity of critical business processes and information flows under crisis, disaster or event driven circumstances. Answer option A is incorrect. A disaster recovery plan should contain data, hardware, and software that can be critical for a business. It should also include the plan for sudden loss such as a hard disc crash. The business should use the backup and data recovery utilities to limit the loss of data. Answer option C is incorrect. A contingency plan is a plan devised for a specific situation when things go wrong. Contingency plans are often devised by governments or businesses who want to be prepared for anything unforeseen that could happen. Contingency plans include specific strategies and actions to deal with specific variances to assumptions resulting in a particular problem, emergency, or state of affairs. They also include a monitoring process and "triggers" for initiating planned actions. They are required to help governments, businesses, or individuals to recover from serious incidents in the minimum time with minimum cost and disruption. Answer option D is incorrect. The business recovery plan is used to provide measures for recovery in business operations directly following a disaster. Unlike the BCP, it lacks procedures to ensure continuity of critical processes throughout an emergency or disruption.
92 A5. Answer option A is correct. A Contingency plan is prepared and documented for emergency responses, backup operations, and recovery maintained by an activity as the element of its security program that will ensure availability of critical resources and facilitates the continuity of operations in an emergency situation. A contingency plan is a plan devised for a specific situation when things go wrong. Contingency plans are often devised by governments or businesses who want to be prepared for anything that could happen. Contingency plans include specific strategies and actions to deal with specific variances to assumptions resulting in a particular problem, emergency, or state of affairs. They also include a monitoring process and "triggers" for initiating planned actions. They are required to help governments, businesses, or individuals to recover from serious incidents in the minimum time with minimum cost and disruption. Answer option B is incorrect. A disaster recovery plan should contain data, hardware, and software that can be critical for a business. It should also include the plan for a sudden loss such as a hard disc crash. The business should use backup and data recovery utilities to limit the loss of data. Answer option C is incorrect. Continuity Of Operation Plan (COOP) refers to the preparations and institutions maintained by the United States government, providing survival of federal government operations in the case of catastrophic events. It provides procedures and capabilities to sustain an organization's essential. COOP is the procedure documented to ensure persistent critical operations throughout any period where normal operations are unattainable. Answer option D is incorrect. Business Continuity Planning (BCP) is the creation and validation of a practiced logistical plan for how an organization will recover and restore partially or completely the interrupted critical (urgent) functions within a predetermined time after a disaster or extended disruption. The logistical plan is called a business continuity plan.
93
Chapter 6 - Disaster Recovery Planning Process

Overview
This Chapter helps you prepare for the EC-Council Certified Disaster Recovery Professional Exam by focusing on the Disaster Recovery Planning processes. Disaster Recovery Planning Process, Management Support, Organizing DR Team, Components of Disaster Recovery Team, Disaster Recovery Planning Team, Building a Planning Team, Establishing Team at the Departmental Level Risk Assessment, Conduct Business Impact Analysis, Critical Business Activities, Analysis Sheet, Example: Analysis Sheet for IT System Roles and Responsibilities of an Individual: Leader, Individual: Disaster Recovery Coordinator, Individual: IT Administrator, Individual: Network Manager, Individual: Disaster Recovery Manager, Individual: DR Team Member. Roles and Responsibilities of Team: Administration Team, Team: Technical Team, Team: Damage Evaluation and Salvage Team, Team: Physical Security Team, Team: Communications Team
Key Points
Disaster Recovery Planning Process, Management Support, Organizing DR Team, Components of Disaster Recovery Team, Disaster Recovery Planning Team, Building a Planning Team, Establishing Team at the Departmental Level
The responsibilities of the disaster recovery team are as follows: To develop, deploy, and monitor the implementation of appropriate disaster recovery plans after an analysis of business objectives and threats to organizations To notify the management, affected personnel, and third parties about the disaster To initiate the execution of the disaster recovery procedures
94 To monitor the execution of the disaster recovery plan and assess the results To return operations to the normal conditions To modify and update the disaster recovery plan according to the lessons learned from previous disaster recovery efforts To increase the level of the organization's disaster recovery preparedness by conducting mock drills, regular DR systems testing, and threat analysis To create awareness among various stakeholders of the organization by conducting training and awareness sessions
The points to develop an efficient disaster recovery team are as follows: The roles and responsibilities of each team member should be clearly defined and communicated. The reporting structure must be transparent and easy. The team members must be equipped with the required skills and tools.
Following are the various responsibilities of the Operations Recovery Director before a disaster: To approve the final Disaster Recovery Plan (DRP) and the procedures To maintain procedures the Disaster Recovery Plan (DRP) and the
To conduct disaster recovery training To authorize periodic testing of the Disaster Recovery Plan (DRP)
Following are the various responsibilities of the Operations Recovery Director after a disaster: To declare the occurrence of a disaster To define the execution of strategy if more than one strategy exists
95
To authorize the travel and housing arrangements for team members To administer and monitor the overall recovery process To provide updates on the status of disaster recovery efforts to the senior and user management To coordinate with media and press releases
The various tiers of the disaster recovery plan are as follows: Tier 0: No off-site data Tier 1: Data backup with no hot site Tier 2: Data backup with a hot site Tier 3: Electronic vaulting Tier 4: Point-in-time copies Tier 5: Transaction integrity Tier 6: Zero or near-Zero data loss Tier 7: Highly automated, business integrated solution
Functional Configuration Audit or FCA is one of the practices used in Software Configuration Management for Software Configuration Auditing. FCA occurs either at delivery or at the moment of effecting the change. A Functional Configuration Audit ensures that the functional and performance attributes of a configuration item are achieved. Critical Path Method, abbreviated CPM, or Critical Path Analysis, is a mathematically based algorithm for scheduling a set of project activities. It is an important tool for effective project management. It provides the following benefits: The graphical view of the project. Predicts the time required to complete the project. Shows which activities are critical to maintain the schedule and which are not.
CPM models the activities and events of a project as a network. Activities are depicted as nodes on the network, and events that
96 signify the beginning or ending of activities are depicted as arcs or lines between the nodes.
Pop Quiz
Q1: Which DRP test is plan distributed, and reviewed by business units for its thoroughness and effectiveness?
Ans: Checklist review

Q2: Which team is responsible for participating in disaster recovery plan testing?
Ans: Communication Team
Risk Assessment, Conduct Business Impact Analysis, Critical Business Activities, Analysis Sheet, Example: Analysis Sheet for IT System
The objectives defined by business impact analysis are as follows: Identifying the full business process Determining all potential financial, legal, and regulatory impacts Setting up time frames for the recovery of all business-related processes Defining the key inner and outer dealings and dependencies of each process Identifying the required resources for all processes to recover and their related recovery time frames Training the personnel in the recovery process Making the management aware of the continuity plans
There are five phases in the SDLC. The characteristics of each of these phases are enumerated below: Phase 1: Phase 1 of the SDLC is known as initiation. In this phase, the need for an IT system is expressed and the purpose and scope of the IT system is documented.
97
Phase 2: Phase 2 of the SDLC is known as development or acquisition. In this phase, the IT system is designed, purchased, and programmed. Phase 3: Phase 3 of the SDLC is known as implementation. This phase involves the system security features. The system security features should be configured, enabled, tested, and verified. Phase 4: Phase 4 of the SDLC is known as operation or maintenance. This phase describes that the system should be modified on a regular basis through the addition of hardware and software. Phase 5: Phase 5 of the SDLC is known as disposal. This phase involves disposition of information, hardware, and software.
Risk assessment is the first process of risk management. It helps in determining the extent of potential threats and risks associated with an IT system throughout its SDLC. The output of the risk assessment process helps in identifying appropriate controls to reduce risks during the risk mitigation process. The risk assessment methodology covers nine steps which are as follows: Step 1 - System Characterization Step 2 - Threat Identification Step 3 - Vulnerability Identification Step 4 - Control Analysis Step 5 - Likelihood Determination Step 6 - Impact Analysis Step 7 - Risk Determination Step 8 - Control Recommendations Step 9 - Results Documentation
According to NIST SP 800-100, system characterization is the first step of risk analysis. Characterizing an IT system establishes the following: Scope: It is used to define the scope of risk assessment efforts. Boundaries: It is used to identify the boundaries of the IT system, along with the resources.
98 Information: It provides information that constitute the system.
Security Test and Evaluation (ST&E) is a component of risk assessment. It is useful in discovering system vulnerabilities. According to NIST SP 800-42 (Guideline on Network Security Testing), ST&E is used for the following purposes: To assess the degree of consistency documentation and its implementation between system
To determine the adequacy of security mechanisms, assurances, and other properties to enforce the security policy To uncover the design, implementation, and operational flaws that may allow the violation of the security policy
Business impact analysis (BIA) is a crisis management and business impact analysis technique that identifies threats that can impact the business continuity of operations. Risk assessment is the first process of risk management and covers nine steps to determine the extent of potential threats and risks associated with an IT system. Security Test and Evaluation (ST&E) is a component of risk assessment. The Change Manager authorizes and documents all the changes in the IT Infrastructure and its components (Configuration Items) in order to maintain a minimum amount of interruptive effects upon the running operation.
Pop Quiz
Q1: Which sources is the best for developing Recovery Time Objectives (RTO)?
Ans: Business impact analysis

Q2: Which term describes the determination of the effects of changes to the information system on the security of the information system?
Ans: Impact analysis
Roles and Responsibilities of an Individual: Leader, Individual: Disaster Recovery Coordinator, Individual: IT Administrator, Individual: Network Manager,
99
Individual: Disaster Recovery Manager, Individual: DR Team Member

The responsibilities of an operations recovery director are as follows: At the pre-disaster stage Approving the final DRP and procedures Maintaining the DRP and procedures Conducting DR training Authorizing periodic testing of the DRP
At the post-disaster stage Declaring the occurrence of a disaster Defining the implementation of strategies, if more than one strategy exists Authorizing the travel and housing arrangements for the team members Managing and monitoring the overall recovery process Providing updates on the status of disaster recovery efforts to the senior and user management Coordinating media and press releases
The responsibilities of an operations recovery manager are as follows: At the pre-disaster stage Developing, maintaining, and updating the DRP Appointing the recovery personnel Assigning parts of the DRP to individual recovery teams and their members Coordinating plan testing Training the disaster implementation recovery team members on plan
100 At the post-disaster stage Obtaining required approvals to activate the disaster recovery plan and the recovery teams Informing all recovery team leaders or alternates about the disaster declaration Determining the degree of outage due to the disaster Coordinating and summarizing damage reports from all the teams Informing the organization's directors of the disaster's severity Conducting briefings with all recovery teams Coordinating all recovery teams Requesting remote data backup, documentation, and required resources from the IT technical team
Pop Quiz
Q1: Who is responsible for conducting disaster recovery training?
Ans: Operations Recovery Director

Q2: Which team is responsible for preparing alternate site with hardware and supplies?
Ans: Facility Recovery Team
Roles and Responsibilities of Team: Administration Team, Technical Team, Damage Evaluation and Salvage Team, Physical Security Team, Communications Team
The responsibilities performed by the Damage Assessment and Salvage Team are as follows: At the pre-disaster stage Understanding DR roles and responsibilities
101
Working closely with disaster recovery teams to minimize the occurrence of a disaster in the data center Training employees emergencies to be well prepared in the case of
Participating in DRP testing as needed
At the post-disaster stage Determining damages and accessibility to the organization's resources Determining the level of the damage to the data center in the organization Assessing the need for physical security Estimating the assessment recovery time according to the damage
Identifying hardware and other equipments that can be repaired Explaining to the disaster recovery team the extent of damages, estimated recovery time, physical safety, and repairable equipment
Following are the responsibilities of the communication team after a disaster: To evaluate communication coordinating with other teams equipment requirements by
To recover communication configuration from off-site storage units To plan, coordinate, and install communication equipments at alternate sites To plan, coordinate, and install network cabling at the alternate site
Following are the responsibilities of the IT Operations Teams before a disaster: To understand disaster recovery roles and responsibilities To work with the disaster recovery team to assure physical safety of the existing systems
102 To train employees for emergencies To assure complete backups as per the schedule To assure that backups are sent to remote locations as per the schedule To participate in the disaster recovery plan testing as required
Following are the responsibilities of the IT Operations Team after a disaster: To support the IT technical team as required To send and receive off-site storage containers To assure that backup tapes are sent to off-site storage To maintain a sign-in/sign-out procedure for all resources at the alternate location To assure the security of alternate locations and its LAN network To coordinate with other teams for the transfer of systems, resources, and people to the alternate location
Following are the responsibilities of the Administration Team after a disaster: To prepare, coordinate, and obtain proper sanctions for all procurement requests To maintain logs of all procurements in process and scheduled deliveries To process payment requests for all invoices of the recovery procedure To arrange travel and lodging for the recovery teams To provide alternate communication solutions for recovery team members To perform provisional clerical and managerial duties as required by the disaster recovery teams
103
Pop Quiz
Q1: Which capability provides a means of predicting the outcome of the next software project conducted by an organization?
Ans: Software process capability

Q2: Which SSE-CMM security engineering Process Area (PA) provides the security input?
Ans: PA09
104
Key Terms
Functional Configuration Audit or FCA is one of the practices used in Software Configuration Management for Software Configuration Auditing. FCA occurs either at the delivery or at the moment of effecting the change. Firewalking is a technique of gathering information about a remote network protected by a firewall. This technique can be used effectively to perform information gathering attacks. A malicious attacker can use firewalking to determine the types of ports/protocols that can bypass the firewall. Critical Path Method, abbreviated as CPM, or Critical Path Analysis, is a mathematically based algorithm for scheduling a set of project activities. Risk assessment is the first process of risk management. It helps in determining the extent of potential threats and risks associated with an IT system throughout its SDLC.
105
Test Your Knowledge

Q1. You work as a security manager for SoftTech Inc. You, along with your team are doing disaster recovery for your project. Which of the following steps are performed by you for a secure recovery based on the extent of the disaster and the organization's recovery ability? Each correct answer represents a part of the solution. Choose three. A. B. C. D. Q2. Recover at the primary operating site Recover to an alternate site for critical functions Restore the full system after a catastrophic loss Restore the full system at an alternate operating site
A business impact analysis (BIA) is a crisis management and business impact analysis technique that identifies threats that can impact the business continuity of operations. Which of the following are the objectives defined by the business impact analysis? Each correct answer represents a complete solution. Choose all that apply. A. B. C. D. Determining all potential financial, legal, and regulatory impacts Setting up time frames for recovery of all business-related processes Defining the key inner and outer dealings and dependencies of each process Ensuring system dependability before storing backups
Q3.
System characterization is the first step of risk analysis. Which of the following can be established by characterizing an IT system? Each correct answer represents a complete solution. Choose all that apply. A. B. C. D. Scope Boundaries Assets Information
Q4.
Which of the following are the responsibilities of an operations recovery director in the pre-disaster stage? Each correct answer represents a complete solution. Choose all that apply.
106 A. B. C. D. Q5. Approving the final DRP and procedures Maintaining the DRP and procedures Conducting DR training Appointing recovery personnel
Which of the following BCP teams is the first responder and deals with immediate effects of a disaster? A. B. C. D. Emergency management team Damage assessment team Emergency action team Off-site storage team
107
Answer Explanations
A1. Answer options A, B, and C are correct. The steps performed for a secure recovery in disasters is based on the extent of the disaster and the organization's recovery ability. The steps performed for a secure recovery are as follows :
Recover at the primary operating site. Recover to an alternate site for critical functions. Restore full system after a catastrophic loss.
Answer option D is incorrect. This is not a valid answer for this question. A2. Answer options A, B, and C are correct. The objectives defined by the business impact analysis are as follows:
Identifying the full business process Determining all potential financial, legal, and regulatory impacts Setting up time frames for recovery of all business-related processes Defining the key inner and outer dealings and dependencies of each process Identifying the required resources for all processes to recover and their related recovery time frames Training the personnel in the recovery process Making the management aware of the continuity plans
Answer option D is incorrect. This objective is defined by the disaster recovery planning. A3. Answer options A, B, and D are correct. According to NIST SP 800-100, system characterization is the first step of risk analysis. Characterizing an IT system establishes the following:
108

A4.
Scope: It is used to define the scope of risk assessment efforts. Boundaries: It is used to identify the boundaries of the IT system, along with the resources. Information: It provides information that constitute the system.
Answer options A, B, and D are correct. The responsibilities of an operations recovery director are as follows: At the pre-disaster stage
Approving the final DRP and procedures Maintaining the DRP and procedures Conducting DR training Authorizing the periodic testing of the DRP
At the post-disaster stage
Declaring the occurrence of a disaster Defining the implementation of strategies, if more than one strategy exists Authorizing the travel and housing arrangements for team members Managing and monitoring the overall recovery process Providing updates on the status of disaster recovery efforts to the senior and user management Coordinating media and press releases
Answer option D is incorrect. This is the responsibility of an operation recovery manager during the pre-disaster stage. A5. Answer option C is correct. The crucial aim of the emergency action team is to evacuate the personnel and secure human life. It is the first responder for any disaster and deals with the immediate effects of the disaster.
109
Answer option A is incorrect. The emergency management team deals with key decision making and guides the recovery teams and business personnel. It also handles financial arrangement, public relations, and media inquiries. Answer option B is incorrect. The damage assessment team assesses the damage of the disaster in order to provide an estimate of time required to recover. Answer option D is incorrect. The offsite storage team is responsible for obtaining, packaging, and shipping media and records to the recovery facilities.
110
Chapter 7 - Responsibilities Common to all Disaster Recovery Teams Overview

The chief objective of a disaster recovery plan is to provide a planned way to make decisions if a disruptive event occurs. The reason behind the disaster recovery plan test is to find flaws in the plan. Every plan has some weak points. After the test has been conducted, all parties are informed of the results and the plan is updated to reflect the latest information. The disaster recovery team is built for the recovery of damages to the resources and facilities.This chapter includes the following objectives: Developing Charts of Responsibilities Need for Disaster Recovery Planning, Disaster Recovery Plan Development, Disaster Recovery & Management: Budgeting, Centralized Office of DR Planning: Budget, Safety and Health Procedures Procedures for Internal and External Communication, Containment and Property Protection, Recovering and Resuming Operations, Assessing Insurance Requirements & Coverage Needs. Need for Insurance, Evaluating Insurance Policies, Testing and Training, DRP Testing (Rehearsal Process, Advantages, Methods, Steps, Flow Charts). Training DR Teams, Commence Training Programs for Disaster Recovery, Training for Executives, Training for Middle Managers, Training for Supervisors, Training for Disaster Response Teams, Training for Employees Documentation of DR Procedures, Need for Documentation of Plans, Important Documentations in Disaster Recovery Process, Writing Disaster Recovery Plans, Best Practices for Documentation, Managing Records, DRP Maintenance Monitoring Processes, Monitoring Procedures, Evaluating Latest Technologies, Conducting Regular Reviews, Conducting Training Programs for Updated Plans, DRP Implementation, DR Plan Implementation, Internal and External Awareness Campaigns.
111
Key Points
Developing Charts of Responsibilities, Facility Disaster Recovery Chart, Department Disaster Recovery Chart, Business Process Disaster Recovery Chart, Developing Policies and Procedures, Assumptions for DR Planning
The chief objective of a disaster recovery plan is to provide a planned way to make decisions if a disruptive event occurs. The reason behind the disaster recovery plan test is to find flaws in the plan. Every plan has some weak points. After the test has been conducted, all parties are informed of the results and the plan is updated to reflect the latest information.A disaster recovery plan consists of the following phases: Emergency response phase Recovery phase Return to normal operations phase
The organizational chart reviews method of the identifying appropriate BIA interviewees' process consists of reviewing the organizational chart of the enterprise to understand different functional positions. This method helps to determine which organizational structures will be directly involved in the overall efforts and the ones that will be the recipients of the benefits of the finished recovery plans. The Cyber Incident Response Plan is used to address cyber attacks against an organization's IT system through various procedures.
Pop Quiz
Q1: Which team is responsible for testing applications for vulnerabilities before a disaster?
Ans: Application Recovery Team

Q2: Which team is responsible for repairing and rebuilding the primary site after a disaster?
Ans: Facility Recovery Team
112
Need for Disaster Recovery Planning, Disaster Recovery Plan Development, Disaster Recovery & Management: Budgeting, Centralized Office of DR Planning: Budget, Safety and Health Procedures
Businesses of all types need to understand the importance of disaster recovery solutions. Unforeseen events happen, whether man made or natural, and when they do, the entire business operation can be disrupted. The need of DRP ensures that the organization is aware that risks, speed of recovery, and completeness of recovery are balanced against costs. The steps performed for secure recovery in disasters are based on the extent of the disaster and the organization's recovery abilities. The steps performed for secure recovery are as follows :
Recover at the primary operating site. Recover to an alternate site for critical functions. Restore full system after a catastrophic loss.
Pop Quiz
Q1: Which maturity level of the software CMM focuses on competent people and heroics?
Ans: Initiating level

Q2: Which maturity level of the software CMM focuses on the product and process improvement?
Ans: Managed level
Procedures for Internal and External Communications, Containment and Property Protection, Recovering and Resuming Operations, Assessing Insurance Requirements & Coverage Needs
Internal communication involves communication that exists within a company and can take many forms. The key to the success of an organization is effective communication from within. In order to effectively engage in two-way symmetrical communication, (the goal of public relations practitioners), communication is essentially internally.
113
External communication covers how a provider interacts with those outside their own organization. This may be with the public, employers, community organizations, local authorities, job centers, careers offices, funding bodies, specialist agencies, and other training providers. Containment and property protection ensures that the property is properly secured, and containing the disaster impact to local areas or section of facilities, when possible. A contingency plan is a plan devised for a specific situation when things could go wrong. Contingency plans are often devised by governments or businesses who want to be prepared for anything unforeseen that could happen. Contingency plans include specific strategies and actions to deal with specific variances to assumptions resulting in a particular problem, emergency, or state of affairs. They also include a monitoring process and "triggers" for initiating planned actions. They are designed to help governments, businesses, or individuals to recover from serious incidents in the minimum time with minimum costs and disruption. Business Continuity Planning (BCP) is the creation and validation of a practiced logistical plan for how an organization will recover, and restore, partially or completely, interrupted critical (urgent) functions within a predetermined time after a disaster or extended disruption. The logistical plan is also called a business continuity plan. Disaster recovery planning is a subset of a larger process known as business continuity planning and should include planning for resumption of applications, data, hardware, communications (such as networking), and other IT infrastructure. A business continuity plan (BCP) includes planning for the non-IT related aspects such as the key personnel, facilities, crisis communication, and reputation protection, and should refer to the disaster recovery plan (DRP) for IT-related infrastructure recovery/continuity. The Continuity Of Operation Plan (COOP) refers to the preparations and institutions maintained by the United States government, providing survival of federal government operations in the case of catastrophic events. It provides procedures and capabilities to sustain an organization's essentials. COOP is the procedure documented to ensure persistent critical operations throughout the period during which normal operations are unattainable.
Need for Insurance, Evaluating Insurance Policies, Testing and Training, DRP Testing (Rehearsal Processes, Advantages, Methods, Steps, Flow Charts)
114 DRP testing indicates the effectiveness of a plan. So, it is important that as much care be exercised in testing the plan as in developing it. Some benefits of testing consists of: Determining the feasibility of the recovery process Verifying the compatibility of backup facilities Ensuring the adequacy of procedures related teams working in the recovery process Identifying deficiencies in the existing procedures Training of various team managers and members Demonstrating the ability of the organization to recover Providing a mechanism for maintaining and updating the recovery plan to the various
A full-interruption test includes operations that shut down at the primary site and are shifted to the recovery site according to the disaster recovery plan. It operates just like a parallel test. The fullinterruption test is very expensive and difficult to arrange. Sometimes, it causes a major disruption of operations if the test fails. A simulation test is a method used to test the disaster recovery plan. It operates just like a structured walk-through test. In a simulation test, the members of a disaster recovery team present a disaster scenario and then, discuss appropriate responses. These suggested responses are measured and some of them are adopted by the team. The range of the simulation test should be defined carefully to avoid excessive disruption of normal business activities. A parallel test includes the next level in the testing procedure, and relocates employees to an alternate recovery site and implements the site activation procedures. These employees present their disaster recovery responsibilities as they would in case of an actual disaster. The disaster recovery sites have full responsibilities of conducting the organization's day to day business. A checklist test is a test in which disaster recovery checklists are distributed to the members of the disaster recovery team. All the members are asked to review the assigned checklist.
115
The structured walk-through test is also known as the table-top exercise. In a structured walk-through test, the team members walkthrough the plan to identify and correct the weaknesses and present how they will respond to the emergency scenarios by stepping in the course of the plan.
Training DR Teams, Commence Training Programs for Disaster Recovery, Training for Executives, Training for Middle Managers, Training for Supervisors, Training for Disaster Response Teams, Training for Employees
The administrative support team provides clerical support to the other teams and serves as a message center for the user-recovery site. It also controls the accounting and payroll functions, as well as ongoing facilities management. The security team monitors the security of systems and communication links. The goals of a Disaster Recovery Plan include the following : It protects an organization from major computer services failures. It minimizes risks to the organization from delays in providing services. It guarantees the reliability of standby systems through testing and simulation. It minimizes decision-making required by personnel during a disaster. The Logistics/Transportation team is included in the BCP teams. This team has the following responsibilities: Arrange personnel alternate sites. transportation, lodging, and dining at
Arrange and ensure delivery of offsite storage items.
116
Pop Quiz
Q1: Which process measures the maturity level of the security program?
Ans: GAP analysis

Q2: Which components in a TCB act as the boundary that separates the TCB from the remainder of the system?
Ans: Security perimeter
Documentation of DR Procedures, Need for Documentation of Plans, Important Documentations in the Disaster Recovery Process, Writing a Disaster Recovery Plan, Best Practices for Documentation, Managing Records, DRP Maintenance
DRP testing indicates the effectiveness of a plan. So, it is important that as much care be exercised in testing the plan as in developing it. The subphases of the maintenance phase in the life cycle model are as follows: Request control: This phase manages users' requests for changes to the software product and gathers information that can be used for managing this activity. Change control: This phase is the most important step in the maintenance phase. Various issues are addressed by the change control phase. Some of them are as follows : Recreating and analyzing the problem Developing the changes and corresponding tests Performing quality control
Release control: It is associated with issuing the latest release of the software. The release control phase involves deciding which requests will be included in the new release, archiving of the release, configuration management, quality control, distribution, and acceptance testing. Executive summary is a simple document that provides a high-level view of the entire organization's disaster recovery efforts. It is useful
117
for the security managers and DRP leaders as well as the public relations personnel who require a non-technical perspective on disaster recovery efforts.
Pop Quiz
Q1: Which term represents the percentage of loss that a realized threat event would have on a specific asset?
Ans: Exposure factor (EF)

Q2: Which term describes the annual expected financial loss to an organization from a threat?
Ans: Annualized Loss Expectancy (ALE)
The Monitoring Process, Monitoring Procedures, Evaluate Latest Technologies, Conducting Regular Reviews, Conducting Training Programs for Updated Plans, DRP Implementation, DR Plan Implementation, Internal and External Awareness Campaigns
DRP testing indicates the effectiveness of a plan. So, it is important that as much care be exercised in testing the plan as in developing it. A checklist test is a test in which disaster recovery checklists are distributed to the members of the disaster recovery team. All members are asked to review the assigned checklist. The checklist test is a simple test and it is easy to conduct this test. It allows to accomplish the following three goals: It ensures that the employees are aware of their responsibilities and they have updated knowledge. It provides an individual with an opportunity to review the checklists for obsolete information and update any items that require modification during the changes in the organization. It ensures that the assigned members of the disaster recovery team are still working for the organization.
The different types of DRP (disaster recovery plan) documents are as follows:
118 Executive summary: It is a simple document that provides a high-level view of the entire organization's disaster recovery efforts. It is useful for the security managers and DRP leaders as well as the public relations personnel who require a nontechnical perspective on disaster recovery efforts. Department-specific plan: It helps the IT personnel in refreshing themselves on disaster recovery procedures that affect various parts of the organization. Technical guide: It helps the IT personnel in getting the alternate sites up and running. Checklist: It helps the critical disaster recovery team members in guiding their actions along with the chaotic atmosphere of a disaster.
The following are examples of administrative controls that involve all levels of employees within an organization and determine which users have access to what resources and information: Training and awareness Policy enforcement Personnel registration and accounting Disaster preparedness and recovery plans
119
Key Terms
The organizational chart reviews method of the identifying appropriate BIA interviewees' process consists of reviewing the organizational chart of the enterprise to understand different functional positions. The Cyber Incident Response Plan is used to address cyber attacks against an organization's IT system through various procedures. Internal communication involves communication that exists within a company and can take many forms. The key to the success of an organization is communication from within. External communication covers how a provider interacts with those outside their own organization. A contingency plan is a plan devised for a specific situation when things go wrong. Contingency plans are often devised by governments or businesses who want to be prepared for anything that could happen. Business Continuity Planning (BCP) is the creation and validation of a practiced logistical plan of how an organization will recover and restore the partially or completely interrupted critical (urgent) functions within a predetermined time after a disaster or an extended disruption. Disaster recovery planning is a subset of a larger process known as business continuity planning and should include planning for resumption of applications, data, hardware, communications (such as networking), and other IT infrastructure. The Continuity Of Operation Plan (COOP) refers to the preparations and institutions maintained by the United States government, providing survival of federal government operations in the case of catastrophic events. A full-interruption test includes operations that shut down at the primary site and are shifted to the recovery site according to the disaster recovery plan. A simulation test is a method used to test the disaster recovery plans. It operates just like a structured walk-through test. In a simulation test, the members of a disaster recovery team present a disaster scenario and then discuss appropriate responses.
120 A parallel test includes the next level in the testing procedure, and relocates employees to an alternate recovery site and implements the site activation procedures. The structured walk-through test is also known as the table-top exercise. In structured walk-through test, the team members walkthrough the plan to identify and correct the weaknesses and how they will respond to the emergency scenarios by stepping in the course of the plan.
121
Test Your Knowledge

Q1. Which of the following statements best describes the consequences of the disaster recovery plan test? A. B. C. D. Q2. If no deficiencies were found during the test, then the plan is probably perfect. The results of the test should be kept a secret. If no deficiencies were found during the test, then the test is probably flawed. The plan should not be changed, no matter what the results of the test are .
Which of the following fire suppression agents causes least damage to equipments in a data center? A. B. C. D. Halon Carbon dioxide (CO2) Water (H2O) FM-200.
Q3.
In which of the following types of tests are disaster recovery checklists distributed to the members of the disaster recovery team and they are asked to review the assigned checklist? A. B. C. D. Checklist test Simulation test Parallel test Full-interruption test
Q4.
Which of the following BCP teams provides clerical support to the other teams and serves as a message center for the user-recovery site? A. B. C. D. Administrative support team Data preparation and records team Emergency operations team Security team
122 Q5. Which of the following BCP teams oversees the additional data-entry personnel and assists in record-salvage efforts in acquiring primary documents and other input information sources? A. B. C. D. Administrative support team Data preparation and records team Emergency operations team Security team
123
Answer Explanations
A1. Answer option C is correct. The chief objective of a disaster recovery plan is to provide a planned way to make decisions if a disruptive event occurs. The reason behind the disaster recovery plan test is to find flaws in the plan. Every plan has some weak points. After the test has been conducted, all parties are informed of the results and the plan is updated to reflect the latest information. Answer options A, B, and D are incorrect. These are not valid answers because no plan exists with zero deficiencies and if it exists, it should not be kept a secret. It should be discussed and sorted out. The plan should be changed according to the results of the DRP tests because this will be beneficial for the project. A2. Answer options A, B, and D are correct. Halon, carbon dioxide (CO2), and FM-200 can be used as a fire suppression agent at the data center. These fire suppression agents cause the least damage to equipments in a data center. Answer option C is incorrect. Using water as a fire suppression agent at the data center is harmful for the equipments. A3. Answer option A is correct. A checklist test is a test in which disaster recovery checklists are distributed to the members of the disaster recovery team. All the members are asked to review the assigned checklist. The checklist test is a simple test and it is easy to conduct this test. It allows to accomplish the following three goals: It ensures that the employees are aware of their responsibilities and they have updated knowledge. It provides an individual with an opportunity to review checklists for obsolete information and update any items that require modification during changes in the organization. It ensures that the assigned members of the disaster recovery team are still working for the organization. Answer option B is incorrect. A simulation test is a method used to test disaster recovery plans. It operates just like a structured walkthrough test. In the simulation test, the members of a disaster recovery team present a disaster scenario and then discuss appropriate responses. These suggested responses are measured and
124 some of them are adopted by the team. The range of the simulation test should be defined carefully for avoiding excessive disruption of normal business activities. Answer option C is incorrect. A parallel test includes the next level in the testing procedure, and relocates employees to an alternate recovery site and implements the site activation procedures. These employees present their disaster recovery responsibilities as they would for an actual disaster. The disaster recovery sites have full responsibilities to conduct the organization's day to day business. Answer option D is incorrect. A full-interruption test includes operations that shut down at the primary site and are shifted to the recovery site according to the disaster recovery plan. It operates just like a parallel test. The full-interruption test is very expensive and difficult to arrange. Sometimes, it causes a major disruption of operations if the test fails. A4. Answer option A is correct. The administrative support team provides clerical support to the other teams and serves as a message center for the user-recovery site. It also controls the accounting and payroll functions, as well as ongoing facilities management. Answer option B is incorrect. The data preparation and records team oversees the additional data-entry personnel and assists in recordsalvage efforts in acquiring primary documents and other input information sources. Answer option C is incorrect. The responsibility of the emergency operations team is to coordinate hardware installation if a hot site or other equipment-ready facility has not been designated as the recovery center. Answer option D is incorrect. The security team monitors the security of system and communication links. The team also resolves any security conflicts that impede expeditious recovery of the system, and ensures proper installation and functioning of the security software package. A5. Answer option B is correct. The data preparation and records team oversees the additional dataentry personnel and assists in record-salvage efforts in acquiring primary documents and other input information sources.
125
Answer option A is incorrect. The administrative support team provides clerical support to the other teams and serves as a message center for the user-recovery site. It also controls the accounting and payroll functions, as well as ongoing facilities management. Answer option C is incorrect. The responsibility of the emergency operations team is to coordinate hardware installation, if a hot site or other equipment-ready facility has not been designated as the recovery center. Answer option D is incorrect. The security team monitors the security of systems and communication links. The team also resolves any security conflicts that impede expeditious recovery of the system, and ensures proper installation and functioning of the security software package.
126
Chapter 8 - Risk Management

Overview
Risk management is the method of identifying, controlling, and minimizing the impacts of uncertain events. It is a method of reducing risks to an acceptable level that can be handled easily without causing too much problems. Supporting this process by the senior management is part of their due diligence. This chapter helps users to understand the following objectives: Risk, Introduction to Risk Management Project Risk Management, IT Security Risk Management, Risk Management Standards, Financial Risk Management Basel II and Risk Management, Pillar I: Minimum Capital Requirement, Pillar II: Supervisory Review Process, Pillar III: Market Discipline, Quantitative Risk Management, Best Practices in Risk Management
Key Points
What is a Risk, Introduction to Risk Management, Functions of Risk Management, Analytic Process of Risk Management, Risk Analysis, Risk Reduction Analysis, Management Decision, Risk Reduction Planning, Reviews and Audit
A risk is an event or situation that may have adverse impacts on a project if it occurs. Risks can turn into issues if they are not addressed effectively. By actively identifying, analyzing, and addressing project issues and risks, a user can help guide the project to a successful conclusion. A residual risk is the risk or danger of an action or an event, a method or a (technical) process that still conceives these dangers even if all theoretically possible safety measures are applied. The formula to calculate a residual risk is (inherent risk) x (control risk) where inherent risk is (threats vulnerability). Risk management is a continuous process. The process from the threats to risks and then finally to the security measures is known as risk management. In this process, risks are first identified, then
127
examined, and then finally reduced to an acceptable level. The process is applied to all aspects of operational processes. The following are the two major tasks of risk management: Risk identification Risk control
Risk analysis is a method or a technique that can be used to identify and assess factors that may hinder the successful completion of a project or the achievement of a goal. It is also known as Project Impact Analysis or PIA. Risk analysis can also be used to determine the business needs to start a project. The Data Protection Act 1998 (DPA) is a United Kingdom Act of Parliament that defines the UK law on the processing of data on identifiable living people. It is the main piece of legislation that governs protection of personal data in the UK. Although the Act does not mention privacy, in practice it provides a way in which individuals can control information about themselves. Most of the Act does not apply to domestic use. Anyone holding personal data for other purposes is legally obliged to comply with this Act, subject to some exemptions. The Act defines eight data protection principles, which are as follows: Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless: at least one of the conditions in Schedule 2 is met, and in the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met. Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes. Personal data shall be adequate, relevant, and not excessive in relation to the purpose or purposes for which they are processed. Personal data shall be accurate and, where necessary, kept up to date. Personal data processed for any purpose/ purposes shall not be kept for longer than is necessary for that purpose/ purposes. Personal data shall be processed in accordance with the rights of data subjects under this Act.
128 Appropriate technical and organizational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data. Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedom of data subjects in relation to the processing of personal data.
Acceptance response is a part of the Risk Response planning process. Acceptance response delineates that the project plan will not be changed to deal with the risk. Management may develop a contingency plan if the risk does occur. Acceptance response to a risk event is a strategy that can be used for risks that pose either threats or opportunities. Acceptance response can be of two types: Passive acceptance: It is the strategy in which no plans are made to try or avoid or mitigate the risk. Active acceptance: Such responses include developing contingency reserves to deal with the risks, in case they occur. Acceptance is opportunities. the only response for both threats and
Vulnerability is a weakness or lack of safeguard that can be exploited by a threat, thus causing harm to the information systems or networks. It can exist in hardware, operating systems, firmware, applications, and configuration files. Vulnerability has been variously defined in the current context as follows: A security weakness in Target of Evaluation due to failures in analysis, design, implementation, or operation and such. Weakness in an information system or components (e.g. system security procedures, hardware design, or internal controls that could be exploited to produce an information-related misfortune.) The existence of a weakness, design, or implementation error that can lead to an unexpected, undesirable event compromising the security of the system, network, application, or protocol involved.
129
Pop Quiz
Q1: Which security procedure is related to the SDLC's implementation?
Ans: Security accreditation

Q2: Which term describes the determination of the effect of changes to the information system on the security of the information system?
Ans: Impact analysis
Project Risk Management, IT Security Risk Management, Risk Management Standards, Financial Risk Management
A project risk is concerned with the expected value of one or more results of one or more future events in a project. It is an uncertain condition that, if it occurs, has an effect on at least one project objective. Objectives can be the scope, schedule, cost, and quality. A project risk is always in the future. Risk transfer is the practice of passing risks from one entity to another . In other words, if a company is covered under a liability insurance policy providing various liability coverage for information security risks, including any physical damage of assets, hacking attacks, etc., it means it has transferred its security risks to the insurance company. Risk avoidance is the practice of not performing an activity that could carry a risk. Risk acceptance is the practice of accepting certain risk(s), typically based on a business decision that may also weigh the cost versus the benefits of dealing with the risk in another way. Risk mitigation is the practice of reducing the severity of the loss or the likelihood of loss from occurring.
130
Pop Quiz
Q1: Which process is used by organizations to set risk tolerance, identify potential risks, and prioritize tolerance for the risk?
Ans: Risk management

Q2: Which individual considers risk management in IT planning, budgeting, and meeting system performance requirements?
Ans: Chief information officer
Basel II and Risk Management, Pillar I: Minimum Capital Requirement, Pillar II: Supervisory Review Process, Pillar III: Market Discipline, Quantitative Risk Management, Best Practices in Risk Management
Basel II accord describes the minimum regulatory capital to be allocated by each bank based on its risk profile of assets. A capital adequacy ratio (CAR) of minimum 8 percent is maintained by the banks. Basel II works on the three pillars concept, which are as follows: Pillar I-Minimum capital requirement: It is concerned with the maintenance of regulatory capital intended for three major components of risks that a bank faces, which are credit risk, operational risk, and market risk. Pillar 2-Supervisory review process: It is concerned with the regulatory response to the first pillar, giving the regulators much improved tools over those available under Basel I. Pillar 3-Market discipline requirements: It aims at greater stability in the financial system. promoting
Quantitative Risk Analysis is the process to assess the probability of achieving particular project objectives, to quantify the effects of risks on the whole project objective, and to prioritize risks based on the impact to the overall project risk. The quantitative Risk Analysis process analyzes the effects of a risk event deriving a numerical value. It also presents a quantitative approach to build decisions in the presence of uncertainty. The inputs for Quantitative Risk Analysis are : Organizational process assets Project Scope Statement
uCertify Study Guide for EC-Council Exam 312-76 Risk Management Plan Risk Register Project Management Plan
131
132
Key Terms
Risk analysis is the method or technique that can be used to identify and assess factors that may hinder successful completion of a project or the achievement of a goal. It is also known as Project Impact Analysis or PIA. The Data Protection Act 1998 (DPA) is a United Kingdom's Act of Parliament, which defines the UK law on the processing of data on identifiable living people. Acceptance response is a part of the Risk Response planning process. Acceptance response delineates that the project plan will not be changed to deal with the risk. Vulnerability is a weakness or lack of safeguard that can be exploited by a threat, thus causing harm to the information systems or networks. It can exist in the hardware, operating systems, firmware, applications, and configuration files. Basel II accord describes the minimum regulatory capital to be allocated by each bank based on its risk profile of assets. A capital adequacy ratio (CAR) of minimum 8 percent is maintained by the banks.
133
Test Your Knowledge

Q1. Which of the following are the major tasks of risk management? Each correct answer represents a complete solution. Choose two. A. B. C. D. Q2. Risk identification Building Risk free systems Assuring the integrity of organizational data Risk control
Which of the following statements is true about residual risks? A. B. C. D. It is the probabilistic risk after implementing all security measures. It can be considered as an indicator of threats coupled with vulnerability. It is a weakness or lack of safeguard that can be exploited by a threat. It is the probabilistic risk before implementing all security measures.
Q3.
Your company is covered under the liability insurance policy which provides various liability coverages for information security risks, including any physical damage of assets, hacking attacks, etc. Which of the following risk management techniques is your company using? A. B. C. D. Risk avoidance Risk transfer Risk mitigation Risk acceptance
Q4.
You work as the project manager for Bluewell Inc. There has been a delay in your project work that is adversely affecting the project schedule. You decide, with your stakeholders' approval, to fast track the project work to get the project done faster. When you fast track the project, which of the following is likely to increase? A. B. C. D. Quality control concerns Risks Costs Human resource needs
134 Q5. Which of the following pillars of Basel II is concerned with maintenance of regulatory capital intended for the three major components of risks that a bank faces, which are credit risk, operational risk, and market risk? A. B. C. D. Pillar 1 Pillar 2 Pillar 3 Pillar 4
135
Answer Explanations
A1. Answer options A and D are correct. The following are the two major tasks of risk management: Risk identification Risk control
Risk identification is the task of examining and documenting the security posture of an organization's information technology and the risks it faces. Risk control is the task of applying controls to reduce risks to an organization's data and information systems. Answer options B and C are incorrect. Building risk free systems and assuring the integrity of organizational data are the tasks related to the implementation of security measures. A2. Answer options A is correct. Residual risk is the risk or danger of an action or an event, a method or a (technical) process that still conceives these dangers even if all theoretically possible safety measures are applied. The formula to calculate residual risk is (inherent risk) x (control risk) where inherent risk is (threats vulnerability). Answer option B is incorrect. In information security, security risks are considered as an indicator of threats coupled with vulnerability. In other words, security risk is a probabilistic function of a given threat agent exercising a particular vulnerability and the impact of that risk on the organization. Security risks can be mitigated by reviewing and taking responsible actions based on possible risks. Answer option C is incorrect. Vulnerability is a weakness or lack of safeguard that can be exploited by a threat, thus causing harm to the information systems or networks. It can exist in the hardware , operating systems, firmware, applications, and configuration files. Vulnerability has been variously defined in the current context as follows: A security weakness in a Target of Evaluation due to failures in analysis, design, implementation, or operation and such. Weakness in an information system or components (e.g. system security procedures, hardware design, or internal controls that could be exploited to produce an information-related misfortune.)
136 The existence of a weakness, design, or implementation error that can lead to an unexpected, undesirable event compromising the security of the system, network, application, or the protocol involved. A3. Answer option B is correct. Risk transfer is the practice of passing risks from one entity to another . In other words, if a company is covered under the liability insurance policy providing various liability coverages for information security risks, including any physical damage of assets, hacking attacks, etc., it means it has transferred its security risks to the insurance company. Answer option A is incorrect. Risk avoidance is the practice of not performing an activity that could carry a risk. Avoidance may seem an answer to all risks, but avoiding risks also means losing out on the potential gain that accepting (retaining) the risk may have allowed. Answer option C is incorrect. Risk mitigation is the practice of reducing the severity of the loss or the likelihood of the loss from occurring. Answer option D is incorrect. Risk acceptance is the practice of accepting certain risk(s), typically based on a business decision that may also weigh the cost versus the benefit of dealing with the risk in another way. A4. Answer option B is correct. Fast tracking allows entire phases of the project to overlap and generally increases risks within the project. Fast tracking is a technique for compressing the project schedule. In fast tracking, phases are overlapped that would normally be done in a sequence. It implies shortening the project schedule without reducing the project scope. Answer option A is incorrect. Quality control concerns usually are not affected by fast tracking decisions. Answer option C is incorrect. Costs do not generally increase based on fast tracking decisions. Answer option D is incorrect. Human resources are not affected by fast tracking decisions in most scenarios. A5. Answer options A,B, and C are correct.
137
Basel II accord describes the minimum regulatory capital to be allocated by each bank based on its risk profile of assets. A capital adequacy ratio (CAR) of minimum 8 percent is maintained by the banks. Basel II works on the three pillars concept, which are as follows: Pillar I-Minimum capital requirement: It is concerned with maintenance of regulatory capital intended for the three major components of risks that a bank faces, which are credit risk, operational risk, and market risk. Pillar 2-Supervisory review process: It is concerned with the regulatory response to the first pillar, giving the regulators much improved tools over those available under Basel I. Pillar 3-Market discipline requirements: It aims to promote greater stability in the financial system. Answer option D is incorrect. This is not a valid answer.
138
Chapter 9 - Facility Protection Overview

This Chapter helps in the preparations for the 312-76 Exam by covering the following EC-Council objectives, which address facility protection. This chapter includes the following objectives: Facility Protection, Water Supply, Protecting Water Supply, Fire, Types of Fire Extinguishers, APW Extinguishers, Dry Chemical Extinguishers, Carbon Dioxide Extinguishers, Using a Fire Extinguisher. Fire Suppression for Companies, Fire exits, Power Supply, Common Power Supply Problems, Ensuring a Steady Power Supply, Ventilation, Kinds of Ventilation, Measures for Proper Ventilation. Air Conditioners, Measures for Proper Working of Air Conditioners, Building and Premises, Checklist for Securing Facility.
Key Points
Facility Protection: Protecting Water Supply, Fire, Types of Fire Extinguishers, APW Extinguishers, Dry Chemical Extinguisher, Carbon Dioxide Extinguishers, Using a Fire Extinguisher
Facility Protection specializes in protecting businesses and resources from a damage. Fire refers to the visible effects of the process of combustion. It is a special type of chemical reaction. It takes place between oxygen in the air and some variety of fuels. The output of the chemical reaction is totally different from the original material. For combustion to occur, the fuel must be heated to its ignition temperature. The reaction continues until there is enough heat, fuel, and oxygen. These three constitute the fire triangle. The following are the five types of fire: Class A: This type of fires constitutes ordinary materials such as burning paper, plastics, lumber, cardboard, etc.
139
Class B: This type of fire constitutes combustible and flammable liquids such as gasoline, kerosene, and basic organic solvents used in laboratories. Class C: This type of fire constitutes energized electrical equipments like power tools, hot plates, appliances, etc. Class D: This type of fire constitutes combustible metals like magnesium, titanium, potassium, and sodium as well as the pyrophoric organometallic reagents like alkyllithiums, grignards, and diethylzinc. Class K: This type of fires constitutes the kitchen fire.
Dry chemical extinguishers are very useful for extinguishing electrical fires. They can either be used for class ABC or class BC fires. These extinguishers are filled with a flame-retardant powder (pressurized with nitrogen) that helps in separating the fuel from oxygen. However, these extinguishers make up a terrible mesh. There are two types of dry chemical extinguishers. They are as follows: Type BC: This is a common type of dry chemical extinguisher that is filled with sodium bicarbonate or potassium bicarbonate. This extinguisher leaves a mildly corrosive residue that should be cleaned immediately to prevent any damage to the material. Type ABC: This is a multipurpose dry chemical extinguisher that is filled with mono-ammonium phosphate (a yellow powder that leaves a sticky residue, which may damage electrical appliances).
Nowadays, the color coding system for most fire extinguishers is red , with a block of color corresponding to the extinguisher type on the top of operating instructions. The color codes for the different types of extinguishers are as follows:
Extinguisher Water Carbon Dioxide Foam

Color code Red Black Cream
140
Dry Powder Wet Chemical Vaporizing Liquid
Blue Yellow Green
Water fire extinguishers are extinguishers mostly suitable for use on solid materials such as textile, wood, paper etc. These extinguishers are used for directing a jet of water onto a fire. This stream of water onto the fire minimizes the temperature of the burning material below the ignition point; however, these extinguishers should not be used on live electrical equipments. The color code of the water fire extinguisher is red. These extinguishers are only suitable for Class A (solid burning) fires. Carbon-dioxide fire extinguishers are used for class B and C fires. These extinguishers contain a non-flammable gas (carbon-dioxide) at a very high pressure. These fire extinguishers extinguish fire easily without causing any additional damage to the equipments (apart from electronics, IT, etc.). The color code of these fire extinguishers is black. These extinguishers are not used for class A fires as they cannot displace enough oxygen to put the fire out, causing it to reignite. AFFF (Aqueous Film Forming Foam) fire extinguishers are highly recommended for office environments. These extinguishers are best suited for use on class A and B fires, i.e., fires involving combustible organic materials and flammable liquids (such as petrol or oils). Its dual A and B rating capability makes it useful for both solid burning and liquid burning fires. These extinguishers are best suited for petrol and diesel fires. These extinguishers are less suitable for fires in deep fat fryers. Although these extinguishers are not designed for electrical fires, they resist electricity due to their conductivity rating of 35kV. These extinguishers blanket the fuel and thereby reduce the oxygen supply so that the fuel cannot continue to burn . The color code of AFFF extinguishers is cream. Dry powder fire extinguishers are one of the most versatile fire extinguishers commonly used on Class A, B, and C fires and fires involving electrical equipments. These extinguishers are not suitable for confined places as they may affect the visibility and people with breathing problems. These extinguishers, however, are suitable for use with flammable liquids and can also be used on flammable gases. The color code for dry powder fire extinguishers is blue.
141
Wet chemical fire extinguishers are basically used for cooking fires. It is the only type of fire extinguisher that should be used on burning cooking oil and other fats, such as butter, lard, etc. These extinguishers are very efficient, as they can quickly quench the flames, cooling down the burning oil and reacting chemically to cover the surface of oil with a soap-type substance, which stops it from reigniting. The color code for the wet chemical fire extinguishers is yellow. An APW (Air Pressurized Water) extinguisher is also known as a class A fire extinguisher. It is used to put out fire from the burning material by absorbing the heat. It uses water and pressure to stifle the heat of the fire. It is a silver color extinguisher that is filled with about 2.5 gallons (approx. 9 liters) of ordinary tap water and then pressurized with normal air. This extinguisher should only be used for class A fires. This extinguisher should never be used on grease fires, electrical fires, or class D fires as it may help the flame to spread and make the fire bigger. This extinguisher is less expensive to use and causes minimal damage and clean-up.
Pop Quiz
Q1: Which type of fire constitutes ordinary materials such as burning paper, plastics, lumber, cardboard, etc?
Ans: Class A
Q2: Which type of fire constitutes energized electrical equipment such as power tools, hot plates, appliances, etc?
Ans: Class C
Fire Suppression for Companies, Fire exits, Power Supply, Common Power Supply Problems, Ensuring Steady Power Supply, Ventilation, Kinds of Ventilation, Measures for Proper Ventilation
Fire suppression systems are used in conjunction with smoke detectors and fire alarm systems to improve and increase public safety. A power surge is a condition that arises when the voltage gets 110% above normal. The most common reason for this condition is heavy electrical equipment being turned off. A computer system may face memory loss, data errors, flickering lights, and equipment shutoff during this condition.
142 High voltage spikes take place when there is an abrupt, fast voltage peak of up to 6,000 volts. The most common reason for these spikes is nearby lightning strikes, but there can be other reasons as well. Due to these spikes, vulnerable electronic systems may experience loss of data and burning of circuit boards. A power sag is a condition that occurs when the voltage gets 80 to 85 percent below normal for short periods of time. The common causes that lead to power sags are heavy equipment being turned on, large electrical motors being started, and the switching of power mains (internal or utility). A power sag can lead to many adverse effects, such as memory loss, data errors, flickering lights, and equipment shutoff. Ventilation is the process of moving air from outside a building to the inside. Ventilation is used to provide acceptable indoor air quality inside the buildings. The process of ventilation comprises both the exchange of air to the outside in addition to circulation of air inside the building. The methods for ventilating a building may be categorized into mechanical/forced and natural types.
Air Conditioners, Measures for Proper Working of Air Conditioners, Building and Premises, Checklist for Securing Facility
An air conditioner is an equipment that is used for cooling the indoor air by removing the heat and depositing it outside. It is used for circulating the indoor air and prohibiting the outside air from entering inside. It works as a device that simultaneously controls the air temperature, purity, relative humidity, and motion in an enclosed space. The cooling of the enclosed space is done through a simple refrigeration cycle. It dehumidifies an enclosed area. It consists of a cooling coil or an evaporator, and an electrically driven compressor and condenser combination. It is essential to take proper care and maintenance of the air conditioning device otherwise there are chances that the device will breakdown suddenly or will not work efficiently. Its important that one must be having an air conditioning repair service that will provide repair and maintenance services. The dust particles and pollutants trapped inside the air conditioning units are the leading cause of allergies in many people. So, there is proper cleaning and ventilation of the air conditioning unit.
143
Key Terms
Fire refers to the visible effects of the process of combustion. It is a special type of chemical reaction. It takes place between oxygen in the air and some variety of fuels. Dry chemical extinguishers are very useful for extinguishing electrical fires. They can either be used for class ABC or class BC fires. Water fire extinguishers are extinguishers most suitable for use on solid materials such as textile, wood, paper etc. These extinguishers are used for directing a jet of water onto a fire. Carbon-dioxide fire extinguishers are used for class B and C fires. These extinguishers contain a non-flammable gas (carbon-dioxide) at a very high pressure. AFFF (Aqueous Film Forming Foam) fire extinguishers are highly recommended for office environments. These extinguishers are best suited for use on class A and B fires, i.e., fires involving combustible organic materials and flammable liquids (such as petrol or oils). Dry powder fire extinguishers are one of the most versatile fire extinguishers commonly used on Class A, B, and C fires and fires involving electrical equipments. These extinguishers are not suitable for confined places, as they may affect the visibility and people with breathing problems. Wet chemical fire extinguishers are basically used for cooking fires. It is the only type of fire extinguisher that should be used on burning cooking oil and other fats, such as butter, lard, etc.
144
Test Your Knowledge

Q1. Which of the following statements are true about a fire? Each correct answer represents a complete solution. Choose all that apply. A. B. C. D. Q2. It refers to the visible effects of the process of combustion. It is a special type of chemical reaction. It takes place between oxygen in the air and some variety of fuels. The three components of the fire triangle are fuel, heat, and carbon.
Which of the following types of fire constitutes combustible and flammable liquids such as gasoline, kerosene, and basic organic solvents used in laboratories? A. B. C. D. Class A Class B Class C Class D
Q3.
Which of the following statements are true about power surge? Each correct answer represents a complete solution. Choose all that apply. A. B. C. D. It is a condition that arises when the voltage gets 110% above normal. It is a condition that arises when the voltage gets 110% below normal. The most common reason for a power surge is heavy electrical equipments being turned off. A computer system may face memory loss, data errors, flickering lights, and equipment shutoff during a power surge.
Q4.
Which of the following statements are true about high voltage spikes? Each correct answer represents a complete solution. Choose all that apply. A. High voltage spikes take place when there is an abrupt, fast voltage peak of up to 6,000 volts.
uCertify Study Guide for EC-Council Exam 312-76 B. C. D. Q5. The most common reason for high voltage spikes is nearby lightning strikes. Due to high voltage spikes, vulnerable electronic systems may experience loss of data and burning of circuit boards. The most common reason for high voltage spikes is heavy electrical equipments being turned off.
145
Which of the following statements are true about an air conditioner? Each correct answer represents a complete solution. Choose all that apply. A. B. C. D. It is an equipment that is used for cooling the indoor air by removing the heat and depositing it outside. It is used for circulating the indoor air and prohibiting the outside air from entering inside. It works as a device that simultaneously controls the air temperature, purity, and motion in an enclosed space. It humidifies an enclosed area.
146
Answer Explanations
A1. Answer options A, B, and C are correct. Fire refers to the visible effects of the process of combustion. It is a special type of chemical reaction. It takes place between oxygen in the air and some variety of fuels. The output of a chemical reaction is totally different from the original material. For combustion to occur, the fuel must be heated to its ignition temperature. The reaction continues until there is enough heat, fuel, and oxygen. A2. Answer option B is correct. The following are the five types of fire:
Class A: This type of fires constitutes ordinary materials such as burning paper, plastics, lumber, cardboard, etc. Class B: This type of fires constitutes combustible and flammable liquids such as gasoline, kerosene, and basic organic solvents used in laboratories. Class C: This type of fire constitutes energized electrical equipments like power tools, hot plates, appliances, etc. Class D: This type of fire constitutes combustible metals like magnesium, titanium, potassium, and sodium as well as pyrophoric organometallic reagents like alkyllithiums, grignards and diethylzinc. Class K: This type of fire constitutes the kitchen fire.
A3.
Answer options A,C, and D are correct. A power surge is a condition that arises when the voltage gets 110% above normal. The most common reason for this condition is heavy electrical equipments being turned off. A computer system may face memory loss, data errors, flickering lights, and equipment shutoff during this condition..
A4.
Answer options A, B, and C are correct. High voltage spikes take place when there is an abrupt, fast voltage peak of up to 6,000 volts. The most common reason for these spikes is nearby lightning strikes, but there can be other reasons as well. Due to these spikes, vulnerable electronic systems may experience loss of data and burning of circuit boards.
147
Answer option D is incorrect. A power surge is a condition that arises when the voltage gets 110% above normal. The most common reason for this condition is heavy electrical equipments being turned off. A computer system may face memory loss, data errors, flickering lights, and equipment shutoff during this condition. A5. Answer options A, B, and C are correct. An air conditioner is an equipment that is used for cooling the indoor air by removing the heat and depositing it outside. It is used for circulating the indoor air and prohibiting the outside air from entering inside. It works as a device that simultaneously controls the air temperature, purity, relative humidity, and motion in an enclosed space. The cooling of the enclosed space is done through a simple refrigeration cycle. It dehumidifies an enclosed area. It consists of a cooling coil or evaporator, and an electrically driven compressor and condenser combination.
148
Chapter 10 - Data Recovery Overview

This Chapter helps in preparing for the 312-76 Exam by covering the following EC-Council objectives, which address data recovery. This chapter includes the following objectives: Types of Data Recovery, Logical Data Recovery, Physical Data Recovery, Disk-to-Disk-to Disaster Recovery (3DR) Concept, Steps in Data Recovery, Recovery Management, Recovery Management Evaluation Metrics, Recovery Time Objective (RTO), Role of RTO in Disaster recovery. Recovery Point Objective (RPO), Network Recovery Objective (NRO), Recovery Management Model Layers, Data Protection Continuum, Do's and Don'ts, Lumigent's Log Explorer, Best Practices in Data Recovery.
Key Points
Types of Data Recovery, Disk-to-Disk-to Disaster Recovery (3DR) Concept, Steps in Data Recovery, Recovery Management, Recovery Management Evaluation Metrics, Recovery Time Objective (RTO), Role of RTO in Disaster recovery
Facility Protection specializes in protecting business and resources from damage. Logical data recovery is the process of rebuilding files that are damaged or corrupted by user errors or virus attacks, rather than repairing the physically damaged hard drives. In this situation, the BIOS still recognizes the drive, but returns a read error when trying to access data. Physical data recovery is used if a hard drive is not accessible by software, such as the system BIOS, Windows Disk Management, or other disk utilities. In other words, it is used when a hard drive is considered as truly dead and in need of physical data recovery. A dead drive often displays other symptoms, such as not spinning, clicking, or making unusual noises.
149
A drive with the above problems may have a damaged electronic board, read heads, motor, or magnetic media. Repair of drives is generally done by a data recovery company equipped with clean room facilities. This can be accomplished by imaging the drives, performing a logical file reconstruction if required, and replacing the damaged components. Recovery Management is the process of planning, testing, and implementing recovery procedures and standards required to restore services in the case of a component failure. It is done either by returning the component to normal operation or taking alternative actions to restore services. It is the recognition that failures will occur regardless of how well the system is designed. The purpose is to anticipate and minimize the impact of these failures by implementing predefined, pretested, documented recovery plans and procedures. The principal objective of Recovery Management is to assure that the service level requirements are achieved. It is accomplished by having recovery procedures in place that will restore services to a failing component as quickly as possible.
Pop Quiz
Q1: Which value must ensure that the Maximum Tolerable Period of Disruption (MTPD) for each activity is not exceeded?
Ans: Recovery Time Objective

Q2: Which value specifies the acceptable latency of data that will be recovered?
Ans: Recovery Point Objective
Recovery Point Objective (RPO), Network Recovery Objective (NRO), Recovery Management Model Layers, Data Protection Continuum, Do's and Don'ts, Lumigent's Log Explorer, Best Practices in Data Recovery
The Recovery Point Objective (RPO) is used to determine the maximum amount of time between the last available backup and the potential failure point. It helps in determining the amount of data that the business can manage to lose in the event of a failure.
150 The Recovery Point Objective (RPO) describes the acceptable amount of data loss measured in time. It is the point in time to which data must be recovered as defined by the organization. The RPO is generally a definition of what an organization determines as an "acceptable loss" in a disaster situation. If the RPO of a company is 2 hours and the time it takes to get the data back into production is 5 hours, the RPO is still 2 hours. Based on this RPO, the data must be restored within 2 hours of the disaster. The Network Recovery Objective (NRO) describes how long it will take to switch over the network, which ensures that the end user is able to access the disaster recovery site. Telecom line costs at various bandwidths are needed to be determined for the NRO. The Network Recovery Objective (NRO) specifies the time needed to recover the network operations. It should be kept in mind that systems level recovery is incomplete if customers cannot access the application services via network connections. Hence, NRO includes the time required to bring alternate communication links online, reconfigure routers and name servers (DNS), and revise client system parameters for alternative TCP/IP addresses. Comprehensive network failover planning is equally important to data recovery in a Disaster Recovery scenario. Lumigent Log Explorer is the first and only product that can use the log information to recover data, analyze user and application problems, and audit activities ; all without run-time overheads. The SQL Servers transaction log contains solutions to a number of database problems, as the transaction log is an undocumented binary file. This product can analyze the database with complete access to the transaction log. It uses powerful filters to quickly find and solve user and application errors. It can recover a single row or an entire table while the database remains online. The following service levels are developed to back up and restore a messaging environment: Service Level Agreement (SLA): It is used to determine for how long a mail service can be down before its restoration. Recovery-Point Objective (RPO): It is used to determine how much data can be lost (measured in minutes). Recovery-Time Objective (RTO): It is used to define the maximum time allotted for recovering each service (measured in minutes).
151
Key Terms
Logical data recovery is the process of rebuilding files that are damaged or corrupted by user errors or virus attacks, rather than repairing the physically damaged hard drives. Physical data recovery is used if a hard drive is not accessible by software, such as the system BIOS, Windows Disk Management, or other disk utilities. Recovery Management is the process of planning, testing, and implementing the recovery procedures and standards required to restore services in the case of a component failure. The Recovery Point Objective (RPO) is used to determine the maximum amount of time between the last available backup and potential failure point. It helps in determining the amount of data that the business can manage to lose in the event of a failure. The Network Recovery Objective (NRO) describes how long it will take to switch over the network, which ensures that the end user is able to access the disaster recovery site. Lumigent Log Explorer is the first and only product that can use log information to recover data, analyze user and application problems, and audit activities ; all without run-time overheads.
152
Test Your Knowledge

Q1. Which of the following is the duration of time and a service level within which a business process must be restored after a disaster in order to avoid unacceptable consequences associated with a break in business continuity? A. B. C. D. Q2. RTO RTA RCO RPO.
Which of the following is established during the Business Impact Analysis by the owner of a process in the accepted business continuity planning methodology? A. B. C. D. Recovery Time Objective Recovery Time Actual Recovery Consistency Objective Recovery Point Objective
Q3.
The Recovery Time Objective (RTO) is the duration of time and a service level within which a business process must be restored after a disaster or disruption in order to avoid unacceptable consequences associated with a break in business continuity. Which of the following statements are true about Recovery Time Objective (RTO)? Each correct answer represents a complete solution. Choose all that apply. A. It includes the time for trying to fix the problem without a recovery, the recovery itself, tests, and the communication to the users. It includes decision time for user representative. The RTO is established during the Business Impact Analysis (BIA) by the owner of a process. The RTO attaches to the business process and not to the resources required in order to support the process.
B. C. D. Q4.
Which of the following describes the acceptable amount of data loss measured in time? A. Recovery Point Objective (RPO)
uCertify Study Guide for EC-Council Exam 312-76 B. C. D. Q5. Recovery Time Objective (RTO) Recovery Time Actual (RTA) Recovery Consistency Objective (RCO)
153
Which of the following parameters is used to determine the maximum amount of time between the last available backup and the potential failure point? A. B. C. D. RPO RTO NRO PRO
154
Answer Explanations
A1. Answer option A is correct. The Recovery Time Objective (RTO) is the duration of time and a service level within which a business process must be restored after a disaster or disruption in order to avoid unacceptable consequences associated with a break in business continuity. It includes the time for trying to fix the problem without a recovery, the recovery itself, tests and the communication to the users. The decision time for user representative is not included. The business continuity timeline usually runs parallel with an incident management timeline and may start at the same, or different, points. In the accepted business continuity planning methodology, the RTO is established during the Business Impact Analysis (BIA) by the owner of a process (usually in conjunction with the Business Continuity planner). The RTOs are then presented to the senior management for acceptance. The RTO attaches to the business process and not to the resources required to support the process. Answer option B is incorrect. The Recovery Time Actual (RTA) is established during an exercise, actual event, or is predetermined based on the recovery methodology the technology support team develops. This is the time frame the technology support takes to deliver the recovered infrastructure to the business. Answer option C is incorrect. The Recovery Consistency Objective (RCO) is used in Business Continuity Planning in addition to Recovery Point Objective (RPO) and Recovery Time Objective (RTO). It applies data consistency objectives to Continuous Data Protection services. Answer option D is incorrect. The Recovery Point Objective (RPO) describes the acceptable amount of data loss measured in time. It is the point in time to which data must be recovered as defined by the organization. RPO is generally a definition of what an organization determines as an "acceptable loss" in a disaster situation. If the RPO of a company is 2 hours and the time it takes to get the data back into production is 5 hours, the RPO is still 2 hours. Based on this RPO, the data must be restored within 2 hours of the disaster. A2. Answer option A is correct. The Recovery Time Objective (RTO) is the duration of time and a service level within which a business process must be restored after a disaster or disruption, in order to avoid unacceptable
155
consequences associated with a break in the business continuity. It includes the time for trying to fix the problem without a recovery, the recovery itself, tests and the communication to the users. The decision time for the user representative is not included. The business continuity timeline usually runs parallel with an incident management timeline and may start at the same, or different, points. In the accepted business continuity planning methodology, RTO is established during the Business Impact Analysis (BIA) by the owner of a process (usually in conjunction with the Business Continuity planner). RTOs are then presented to the senior management for acceptance. RTO attaches to the business process and not to the resources required to support the process. Answer option B is incorrect. The Recovery Time Actual (RTA) is established during an exercise, actual event, or is predetermined based on the recovery methodology that the technology support team develops. This is the time frame the technology support takes to deliver the recovered infrastructure to the business. Answer option C is incorrect. The Recovery Consistency Objective (RCO) is used in Business Continuity Planning in addition to Recovery Point Objective (RPO) and Recovery Time Objective (RTO). It applies data consistency objectives to the Continuous Data Protection services. Answer option D is incorrect. The Recovery Point Objective (RPO) describes the acceptable amount of data loss measured in time. It is the point in time to which data must be recovered as defined by the organization. RPO is generally a definition of what an organization determines as an "acceptable loss" in a disaster situation. If the RPO of a company is 2 hours and the time it takes to get the data back into production is 5 hours, the RPO is still 2 hours. Based on this RPO, the data must be restored within 2 hours of the disaster. A3. Answer options A, C, and D are correct. The Recovery Time Objective (RTO) is the duration of time and a service level within which a business process must be restored after a disaster or disruption in order to avoid unacceptable consequences associated with a break in the business continuity. It includes the time for trying to fix the problem without a recovery, the recovery itself, tests and the communication to the users. The decision time for user representative is not included. The business continuity timeline usually runs parallel with an incident management timeline and may start at the same, or different, points. In the accepted business continuity planning methodology, the RTO is established during the Business Impact Analysis (BIA) by the
156 owner of a process (usually in conjunction with the Business Continuity planner). The RTOs are then presented to the senior management for acceptance. The RTO attaches to the business process and not to the resources required to support the process. Answer option B is incorrect. representative is not included. A4. Answer option A is correct. The Recovery Point Objective (RPO) describes the acceptable amount of data loss measured in time. It is the point in time to which data must be recovered as defined by the organization. The RPO is generally a definition of what an organization determines as an "acceptable loss" in a disaster situation. If the RPO of a company is 2 hours and the time it takes to get the data back into production is 5 hours, the RPO is still 2 hours. Based on this RPO, the data must be restored within 2 hours of the disaster. Answer option B is incorrect. The Recovery Time Objective (RTO) is the duration of time and the service level within which a business process must be restored after a disaster or disruption, in order to avoid unacceptable consequences associated with a break in business continuity. It includes the time for trying to fix the problem without a recovery, the recovery itself, tests and the communication to the users. The decision time for user representative is not included. The business continuity timeline usually runs parallel with an incident management timeline and may start at the same, or different, points. In the accepted business continuity planning methodology, RTO is established during the Business Impact Analysis (BIA) by the owner of a process (usually in conjunction with the Business Continuity planner). RTOs are then presented to the senior management for acceptance. RTO attaches to the business process and not to the resources required to support the process. Answer option C is incorrect. The Recovery Time Actual (RTA) is established during an exercise, actual event, or is predetermined based on the recovery methodology the technology support team develops. This is the time frame that the technology support takes to deliver the recovered infrastructure to the business. Answer option D is incorrect. The Recovery Consistency Objective (RCO) is used in Business Continuity Planning in addition to Recovery Point Objective (RPO) and Recovery Time Objective (RTO). It applies data consistency objectives to the Continuous Data Protection services.
The decision time for user
uCertify Study Guide for EC-Council Exam 312-76 A5. Answer option A is correct.
157
The Recovery Point Objective (RPO) is used to determine the maximum amount of time between the last available backup and the potential failure point. It helps in determining the amount of data that the business can manage to lose in the event of a failure. The Recovery Point Objective (RPO) describes the acceptable amount of data loss measured in time. It is the point in time to which data must be recovered as defined by the organization. RPO is generally a definition of what an organization determines as an "acceptable loss" in a disaster situation. If the RPO of a company is 2 hours and the time it takes to get the data back into production is 5 hours, the RPO is still 2 hours. Based on this RPO, the data must be restored within 2 hours of the disaster. Answer option B is incorrect. The Recovery Time Objective (RTO) is the duration of time and a service level within which a business process must be restored after a disaster or disruption in order to avoid unacceptable consequences associated with a break in the business continuity. It includes the time for trying to fix the problem without a recovery, the recovery itself, tests and the communication to the users. The decision time for user representative is not included. The business continuity timeline usually runs parallel with an incident management timeline and may start at the same, or different, points. In the accepted business continuity planning methodology, RTO is established during the Business Impact Analysis (BIA) by the owner of a process (usually in conjunction with the Business Continuity planner). RTOs are then presented to the senior management for acceptance. RTO attaches to the business process and not to the resources required to support the process. Answer option C is incorrect. The Network Recovery Objective (NRO) describes how long it will take to switch over the network, which ensures that the end user is able to access the disaster recovery site. Telecom line costs at various bandwidths are needed to be determined for the NRO. The Network Recovery Objective (NRO) specifies the time needed to recover the network operations. It should be kept in mind that systems level recovery is incomplete if customers cannot access the application services via network connections. Hence, NRO includes the time required to bring online alternate communication links, reconfigure routers and name servers (DNS), and revise client system parameters for alternative TCP/IP addresses. Comprehensive network failover planning is equally important to data recovery in a Disaster Recovery scenario.
158 Answer option D is incorrect. This is an invalid option.digipower.
Chapter 11 - System Recovery Overview

This Chapter helps in the prepration of 312-76 Exam by covering the following EC-Council objectives, which address system recovery. This chapter includes the following objectives: System Restore in Windows XP, Linux System Recovery, Linux System Crash Recovery, Crash Recovery Kit for Linux, Mac System Recovery, Restoring Windows Server 2003, Recovering from Boot problems in Windows Server 2003 Active Directory Recovery, Sysvol Recovery, Recovery of Global Catalog, Server, Recovery of an Operations Master, Domain Controller Recovery, Database Integrity Testing, Rights Management Services Restoration, Rights Management Services Database Restoration, Tools for Active Directory Disaster Recovery: Recovery Manager, Restoring IIS Configurations: iisback.vbs Restoring Microsoft IIS Metabase Backup, WANSync IIS, WANSync IIS: Working, Restoring Exchange Server 2003, Data Recovery Scenarios, Exchange Data Recovery Preparation, Single Mailbox Recovery, Single Item Recovery using Deleted Items Retention, Single Item Recovery using Third-party Brick Backup Programs Full-Server Recovery: Preparation, Full-Server Recovery: Option 1, Full-Server Recovery: Option 2, Full-Server Recovery: Option 3,FullServer Recovery: Option 4, Exchange Server Backup/Recovery Solution: SonaSafe, Recovering Blackberry Enterprise Server IBM WebSphere Application Server Recovery, Recovering Coldfusion Application Server: CFMAIL Bug, Recovering Coldfusion Application Server: Variable Deadlocks, Recovering Coldfusion Application Server: ODBC Errors, Recovering Coldfusion Application Server:500 IIS Internal Server Error Recovering Coldfusion Application Server: System Registry Access Problem, Recovering from Domino Server Crashes, Tool: SteelEye LifeKeeper, Restoring MySQL Server, Restoring MS SQL Server: Option 1, 2, 3, 4, 5, 6, 7, 8. Restoring My SQL Server, Recovering Cisco IOS
159
Key Points
System Restore in Windows XP, Linux System Recovery, Linux System Crash Recovery, Crash Recovery Kit for Linux, Mac System Recovery, Restoring Windows Server 2003, Recovering from Boot problems in Windows Server 2003
System Restore is a recovery component of Windows XP Professional. It is used to restore a Windows XP Professional computer to a previous state without losing any personal data files. System Restore automatically creates restore points while monitoring changes made to the computer and application files. These restore points are used to revert the system to a previous state. Note: Restore points are created daily and at the time of major system events such as the installation of an application or driver. Restore points can be created and named manually at any time. Crash Recovery Kit for Linux is a handy tool used in case of some hardware failure, such as a broken disk. It can recover a trashed LILO boot record. It can recover a trashed LILO boot record. It provides backup over the network in the form of tar.gz tarballs. This tool is based on RedHat Linux and used to recover a misconfigured or hacked Linux system. It is licensed under the GNU Public License (GPL).
Pop Quiz
Q1: Which event occurs in a system when there is a TCB failure and the recovery procedures cannot return the system to a secure state?
Ans: Cold start

Q2: Which is a freeware tool developed to recover a misconfigured or hacked Linux system?
Ans: Crash Recovery Kit for Linux
Active Directory Recovery, Sysvol Recovery, Recovery of Global Catalog, Server, Recovery of an Operations Master, Domain Controller Recovery, Database Integrity Testing, Rights Management Services
160
Restoration, Rights Management Services Database Restoration, Tools for Active Directory Disaster Recovery: Recovery Manager, Restoring IIS Configurations: iisback.vbs
Database integrity test techniques validate that data is being stored by the system in a manner where the data is not compromised by updating, restoration, or retrieval processing. It is proposed to uncover design flaws that may result in data corruption, unauthorized data access, lack of data integrity across multiple tables, and lack of adequate transaction performance Agile testing is a software testing practice. It follows the principles of agile software development. This testing does not accentuate testing procedures and focuses on ongoing testing against newly developed code until quality software from an end customer's perspective results. It is built upon the philosophy that testers need to adapt to rapid deployment cycles and changes in testing patterns.
Pop Quiz
Q1: Which is intended to uncover design flaws that may result in data corruption?
Ans: Database integrity testing

Q2: Which tool is used for Active Directory Disaster Recovery?
Ans: Recovery Manager
Restoring Microsoft IIS Metabase Backup, WANSync IIS, WANSync IIS: Working, Restoring Exchange Server 2003, Data Recovery Scenarios, Exchange Data Recovery Preparation, Single Mailbox Recovery, Single Item Recovery using Deleted Items Retention, Single Item Recovery using Third-party Brick Backup Programs
The steps to create a portable backup where password is required are as follows: Right-click the local computer in IIS Manager, click All Tasks, and then click Backup/Restore Configuration.
uCertify Study Guide for EC-Council Exam 312-76 Click Create Backup.
161
Type a name for the backup file in the Configuration backup name box. Select the Encrypt backup using password check box, type a password into the Password box, and then type the same password in the Confirm password box. Click the OK button, and then click the Close button. The IIS metabase is created systemroot\system32\inetsrv\MetaBack folder. in the
Brick-Level mailbox backup is a method that uses MAPI (just like Outlook does) to log on the backup programs into each mailbox on the store and then backs-up the contents of the mailboxes to the tape device. This method backs-up each mailbox individually, and thus easily restores a specific mailbox in case it has been deleted and purged from the database.
Pop Quiz
Q1: Which is a backup program that logs on into each mailbox on the store and backs up the contents of the mailbox?
Ans: Brick-Level Mailbox backup
Full-Server Recovery: Preparation, Full-Server Recovery: Option 1, Full-Server Recovery: Option 2, Full-Server Recovery: Option 3,Full-Server Recovery: Option 4, Exchange Server Backup/Recovery Solution: SonaSafe, Recovering Blackberry Enterprise Server
To perform a full server recovery, a user should recover all volumes from the backup set to the server. The procedure to perform the full server recovery of a domain controller is the same as for any server running Windows Server 2008. The user performs a non-authoritative restore of Active Directory Domain Services (AD DS) during a full server recovery of a domain controller. A user can use these procedures to perform full server recovery of a domain controller by using Windows Complete PC Restore that is a graphical user interface (GUI) tool and Wbadmin.exe from the command line
162 SonaSafe recommends total safety and provides the capability to work quickly in case of system failure or total disaster. The SonaSafe application allows rapid recovery of e-mails to the point of failure with no loss of even a single e-mail, calendar, contact, and other information. Sonasoft's disk-to-disk backup application provides data to be stored as often as required. In the case of a hardware or software failure, the application can recover the information to a new server or a backup device at disk-transfer and LAN speeds.
IBM WebSphere Application Server Recovery, Recovering Coldfusion Application Server: CFMAIL Bug, Recovering Coldfusion Application Server: Variable Deadlocks, Recovering Coldfusion Application Server: ODBC Errors, Recovering Coldfusion Application Server:500 IIS Internal Server Error
The CFMAIL bug occurs when a CFMail tag is called, and the mail file that has the CFMAIL extension, is stored in a folder on the local drive of the CF Server c:\cfusion\mail\spool. Variable deadlock arises when numerous processes or users make an effort to update the same memory in a Server, Application, or Session variable at the same time. On a site that receives a large amount of traffic, variable deadlocks on one site can cripple performance for the entire server. The steps taken for recovering from the variable deadlock are as follows: Log in to the CF Administrator > enable "Full Checking" on the Server, Application, and Session scopes in the Locking section of the configuration. OR Use Studio's multiple file search for the strings Server, Session, and Application, and ensure to use CFLOCK with all of the shared variables. This may take some time, but consider it a painful reminder that you must lock your code. Quickly browsing the Application.log (\cfusion\log\ application.log) will reveal which CFM files and variables are causing the problem. Disable "Full Checking" and fix the code within the application causing the problem.
163
Variable deadlock arises when numerous processes or users make an effort to update the same memory in a Server, Application, or Session variable at the same time. ODBC error causes ColdFusion to stop processing one or all MS Access databases on the server. The type of ODBC errors are as follows: The Microsoft Jet database engine cannot open the file "(unknown)". Not enough space on temp drive Memory allocation error
Recovering Coldfusion Application Server: System Registry Access Problem, Recovering from Domino Server Crashes, Tool: SteelEye LifeKeeper, Restoring MySQL Server, Restoring MS SQL Server: Option 1, 2, 3, 4, 5, 6, 7, 8. Restoring My SQL Server, Recovering Cisco IOS
The System Registry Access problem occurs when the "Cannot access the system registry" message is generated. This error occurs if the server is configured to store client variables in the system registry. The variables are not purged for up to 90 days by default. The registry can become full quite quickly on a server that earlier received moderate to heavy traffic. No applications on the server will be able to write additional data into the registry once Windows' maximum allowable registry size is reached.
164
Key Terms
System Restore is a recovery component of Windows XP Professional. It is used to restore a Windows XP Professional computer to a previous state without losing any personal data files Crash Recovery Kit for Linux is a handy tool used in case of some hardware failure, such as a broken disk. It can recover a trashed LILO boot record. Database integrity test techniques validate that data is being stored by the system in a manner where the data is not compromised by updating, restoration, or retrieval processing. Agile testing is a software testing practice. It follows the principles of agile software development. Brick-Level mailbox backup is a method that uses MAPI (just like Outlook does) to log on the backup programs into each mailbox on the store and then backs-up the contents of the mailboxes to the tape device. SonaSafe recommends total safety and provides the capability to work quickly in case of system failure or total disaster. The SonaSafe application allows rapid recovery of e-mails to the point of failure with no loss of even a single e-mail, calendar, contact, and other information. The CFMAIL bug occurs when a CFMail tag is called, and the mail file that has the CFMAIL extension, is stored in a folder on the local drive of the CF Server c:\cfusion\mail\spool. Variable deadlock arises when numerous processes or users make an effort to update the same memory in a Server, Application, or Session variable at the same time. The System Registry Access problem occurs when the "Cannot access the system registry" message is generated. This error occurs if the server is configured to store client variables in the system registry.
165
Test Your Knowledge

Q1. You work as a Desktop Support Technician for ABC Inc. A user in accounts department installs an application on his Windows XP Professional computer. He observes that the system performance has deteriorated. Therefore, he uninstalled the application but the system performance did not improve. What should you do resolve this issue? A. B. C. D. Q2. Use the Last Known Good Configuration feature. Use Disk Defragmenter. Restore the computer to the most current restore point. Use Automated System Recovery (ASR).
You work Which of the following is a testing intended to uncover design flaws that may result in data corruption? A. B. C. D. Gray box testing Unit testing Database integrity testing Agile testing
Q3.
Which of the following errors occurs in ColdFusion application when several processes or users try to update the same memory in a Server, Application, or Session variable at the same time? A. B. C. D. CFMAIL bug Variable deadlock ColdFusion and Microsoft SQL Server installed on the same server ODBC Errors
Q4.
Which of the following errors occurs if your server is configured to store client variables in the system registry? A. B. C. D. CFMAIL bug Variable deadlock ODBC Error System Registry Access Problem
166 Q5. You work Which of the following are the types of ODBC errors generated in ColdFusion applications? Each correct answer represents a complete solution. Choose all that apply. A. B. C. D. The Microsoft Jet database engine cannot open the file "(unknown)". Not enough space on temp drive Memory allocation error CFMail bug
167
Answer Explanations
A1. Answer option C is correct. In the above scenario, the system performance has deteriorated due to an application so you should use System Restore to go back to the previous state. System Restore is a component of Microsoft's Windows Me, Windows XP and Windows Vista operating systems that allows for the rolling back of system files, registry keys, installed programs, etc., to a previous state in the event of malfunctioning or failure. Answer option A is incorrect. Last Known Good Configuration is an advanced boot option. It starts a Windows operating system by using the Registry information that was saved at the last successful logon. This will not be helpful in the above scenario. Answer option B is incorrect. Disk Defragmenter is a system tool used to consolidate the fragmented files stored on the hard disk of a computer. This will certainly improve disk performance but is not much effective for improving the system performance. Answer option D is incorrect. Automated System Recovery (ASR) is a feature of Windows XP Professional. It is used to perform a restore of the system state data and services in the event of a major system failure. A2. Answer option C is correct. Database integrity test techniques validate that data is being stored by the system in a manner where the data is not compromised by updating, restoration, or retrieval processing. It is proposed to uncover design flaws that may result in data corruption, unauthorized data access, lack of data integrity across multiple tables, and lack of adequate transaction performance. Answer option A is incorrect. Gray box testing is a combination of black box and white box testing. It is non-intrusive and impartial, as it does not require that a tester have access to the source code. It treats a system as a black box in the sense that it must be analyzed from the outside. Basically, it is used to find out defects related to bad design or bad implementation of the system. This type of testing is more commonly used with Web applications, as the Internet has a pretty stable interface. Answer option B is incorrect. Unit testing is a type of testing in which each independent unit of an application is tested separately. During
168 unit testing, a developer takes the smallest unit of an application, isolates it from the rest of the application code, and tests it to determine whether it works as expected. Unit testing is performed before integrating these independent units into modules. The most common approach to unit testing requires drivers and stubs to be written. Drivers and stubs are programs. A driver simulates a calling unit, and a stub simulates a called unit. Answer option D is incorrect. Agile testing is a software testing practice. It follows the principles of agile software development. This testing does not accentuate testing procedures and focuses on ongoing testing against newly developed code until quality software from an end customer's perspective results. It is built upon the philosophy that testers need to adapt to rapid deployment cycles and changes in testing patterns. A3. Answer option B is correct. Variable deadlock arises when numerous processes or users make an effort to update the same memory in a Server, Application, or Session variable at the same time. On a site that receives a large amount of traffic, variable deadlocks on one site can cripple performance for the entire server. The steps taken for recovering from the variable deadlock are as follows: Log in to the CF Administrator > enable "Full Checking" on the Server, Application, and Session scopes in the Locking section of the configuration. OR Use Studio's multiple file search for the strings Server, Session, and Application, and ensure to use CFLOCK with all of the shared variables. This may take some time, but consider it a painful reminder that you must lock your code. Quickly browsing the Application.log (\cfusion\log\ application.log) will reveal which CFM files and variables are causing the problem. Disable "Full Checking" and fix the code within the application causing the problem.
Answer option A is incorrect. The CFMAIL bug occurs when a CFMail tag is called and the mail file that has the CFMAIL extension is stored in a folder on the local drive of the CF Server c:\cfusion\mail\spool. If ColdFusion is not capable of writing this
169
file completely, then it creates a file less than 1Kb, which has no data or just empty spaces. At this instant, the server uses the dart.dll in order to access and send mail. The dart.dll is locked up and goes into an infinite loop. This causes the cfserver.exe to lock at 90-100 % CPU utilization. Restarting the ColdFusion Application Server service or rebooting the computer seems to have no effect, since the affected file remains in the mail spooler's folder. The solution of the CFMAIL bug is as follows: Open the Services dialog: NT40 Control Panel -> Services OR Windows 2000 -> Control Panel -> Administrative Tools -> Services Stop the ColdFusion Application Server Service. Stop the ColdFusion Executive Service. Open a DOS window and cd to your \cfusion\mail\spool folder. Remove all of the files from this location (del *. *) or move them to a different folder for a later review. Restart the ColdFusion Application Server Service. Restart the ColdFusion Executive Service. Review the files in the temp folder just created, removing any invalid files (these files may be opened with NotePad).
Answer option C is incorrect. The error ColdFusion and Microsoft SQL Server installed on the same server occurs when ColdFusion and MS SQL server acts as very resource intensive applications. Both applications start to contend for the available resources on a server in a high-traffic environment. Answer option D is incorrect. ODBC errors cause ColdFusion to stop processing one or all MS Access databases on the server. The type of ODBC errors are as follows: The Microsoft Jet database engine cannot open the file "(unknown)".
170 A4. Not enough space on temp drive Memory allocation error
Answer option D is correct. The System Registry Access problem occurs when the "Cannot access the system registry" message is generated. This error occurs if the server is configured to store client variables in the system registry. The variables are not purged for up to 90 days by default. The registry can become full quite quickly on a server that earlier received moderate to heavy traffic. No applications on the server will be able to write additional data into the registry once Windows' maximum allowable registry size is reached. Answer option A is incorrect. The CFMAIL bug occurs when a CFMail tag is called and the mail file that has the CFMAIL extension is stored in a folder on the local drive of the CF Server c:\cfusion\mail\spool. If ColdFusion is not capable of writing this file completely, then it creates a file less than 1Kb, which has no data or just empty spaces. At this instant, the server uses the dart.dll in order to access and send mail. The dart.dll is locked up and goes into an infinite loop. This causes the cfserver.exe to lock at 90-100 % CPU utilization. Restarting the ColdFusion Application Server service or rebooting the computer seems to have no effect, since the affected file remains in the mail spooler's folder. The solution of the CFMAIL bug is as follows: Open the Services dialog: NT40 Control Panel -> Services OR Windows 2000 -> Control Panel -> Administrative Tools -> Services Stop the ColdFusion Application Server Service. Stop the ColdFusion Executive Service. Open a DOS window and cd to your \cfusion\mail\spool folder. Remove all of the files from this location (del *. *) or move them to a different folder for a later review.
uCertify Study Guide for EC-Council Exam 312-76 Restart the ColdFusion Application Server Service. Restart the ColdFusion Executive Service.
171
Review the files in the temp folder just created, removing any invalid files (these files may be opened with NotePad).
Answer option B is incorrect. Variable deadlock arises when numerous processes or users make an effort to update the same memory in a Server, Application, or Session variable at the same time. On a site that receives a large amount of traffic, variable deadlocks on one site can cripple performance for the entire server. The steps taken for recovering from the variable deadlock are as follows: Log in to the CF Administrator > enable "Full Checking" on the Server, Application, and Session scopes in the Locking section of the configuration. OR Use Studio's multiple file search for the strings Server, Session, and Application, and ensure to use CFLOCK with all of the shared variables. This may take some time, but consider it a painful reminder that you must lock your code. Quickly browsing the Application.log (\cfusion\log\ application.log) will reveal which CFM files and variables are causing the problem. Disable "Full Checking" and fix the code within the application causing the problem. Answer option C is incorrect. ODBC errors cause ColdFusion to stop processing one or all MS Access databases on the server. The type of ODBC errors are as follows: A5. The Microsoft Jet database engine cannot open the file "(unknown)". Not enough space on temp drive Memory allocation error.
Answer option A is correct. ODBC errors cause ColdFusion to stop processing one or all MS Access databases on the server. The type of ODBC errors are as follows:
172 The Microsoft Jet database engine cannot open the file "(unknown)". Not enough space on temp drive Memory allocation error
Answer option D is incorrect. The CFMAIL bug occurs when a CFMail tag is called and the mail file that has the CFMAIL extension is stored in a folder on the local drive of the CF Server c:\cfusion\mail\spool. If ColdFusion is not capable of writing this file completely, then it creates a file less than 1Kb, which has no data or just empty spaces. At this instant, the server uses the dart.dll in order to access and send mail. The dart.dll is locked up and goes into an infinite loop. This causes the cfserver.exe to lock at 90-100 % CPU utilization. Restarting the ColdFusion Application Server service or rebooting the computer seems to have no effect, since the affected file remains in the mail spooler's folder. The solution of the CFMAIL bug is as follows: Open the Services dialog: NT40 Control Panel -> Services OR Windows 2000 -> Control Panel -> Administrative Tools -> Services Stop the ColdFusion Application Server Service. Stop the ColdFusion Executive Service. Open a DOS window and cd to your \cfusion\mail\spool folder. Remove all of the files from this location (del *. *) or move them to a different folder for a later review. Restart the ColdFusion Application Server Service. Restart the ColdFusion Executive Service. Review the files in the temp folder just created, removing any invalid files (these files may be opened with NotePad).
173
Chapter 12 - Backup and Recovery Overview

This Chapter helps in the prepration of 312-76 Exam by covering the following EC-Council objectives, which address backup and recovery. This chapter includes the following objectives: Backup, Need for Backup, Types of Backup: Full Backup, Incremental Backup, Differential Backup, Hot Backup, Hot Backup Sample Code, Cold Backup, Cold Backup Sample Code Backup Sites, Hot Site/ Cold Site, Redundant Array of Inexpensive Disks (RAID), RAID: Some Important Levels, Wide Area File Services (WAFS), Backup for UNIX, Bare Metal Recovery for LINUX, Bucky Backup for Mac OS X System Backup Administrator, NanoCopy Technology, Backup4all, Backup4all Features, ABC Backup Software, Genie Backup Manager, NTI BackupNow, High Availability Disaster Recovery (HADR), Best Practices in Backup & Recovery
Key Points
Backup, Need for Backup, Types of Backup: Full Backup, Incremental Backup, Differential Backup, Hot Backup, Hot Backup Sample Code, Cold Backup, Cold Backup Sample Code
Backup or the process of backing up refers to making copies of data so that these additional copies may be used to restore the original after a data loss event. A backup can be taken locally, centrally, or both. The advantages of a local backup are as follows: It provides quick backup. It uses minimal bandwidth. It provides quick restore in minor recovery situation. It has low security risks.
174 Incremental backup backs up files that are created or changed since the last full or incremental backup. Incremental backup provides a faster method of backing up data than most other backup methods. Restoring data from an incremental backup requires the last full backup and all subsequent incremental backups. Incremental backups must be restored in the same order as they were created. If any incremental backup in the incremental backup set is damaged or becomes corrupt, the data backed up after corruption cannot be restored. Differential backup backs up files that are created or changed since the last full backup. It requires minimum space to backup data. Differential backup requires only the last full backup tape and the last differential backup tape to restore data. It is faster as compared to full backup. A differential backup is a backup of any file that has changed since the last full backup. Differential backups find all archive bits that are set to 1 and then it backups all those files. When the backup process finishes, the archive bits do not get reset. This is the reason why differential backups back up from the last full backup. A differential backup is not supported by the Windows Server 2008 Backup utility. Previous versions of Windows Server did support differentials. Many third-party backup utilities do support the differential backup process. An incremental backup is a Recovery Manager (RMAN) backup in which only data blocks that were modified since the last incremental backup are backed up. Incremental backups are classified by levels. The baseline backup for an incremental backup is a level 0 incremental backup. A level 0 incremental backup, like a full backup, backs up all data blocks that have ever been used. However, a full backup cannot be used as the baseline backup for subsequent incremental backups. Incremental backups at levels greater than 0 back up only data blocks modified since the last incremental backup. For example, a level 1 incremental backup will back up only those data blocks that have changed since the level 0 incremental backup. Furthermore, a level 2 incremental backup will back up only those data blocks that have changed since the level 1 incremental backup. Incremental backups are quicker, and they occupy less space because they do not contain all data blocks. Incremental backups can be applied to the baseline backup, when required, in order to form a complete backup.
175
Full backup backs up the entire database including the transaction log. Taking a full backup daily is impractical, as it is time consuming. Instead, a well-defined backup strategy should be implemented as a weekly full backup and a daily differential backup. Hot backup is a type of backup, which is performed when data is actively accessible to users and is in a state of update. It is useful in multi-user systems.
Pop Quiz
Q1: In which scenario is database backup transferred to a remote site in a bulk transfer fashion?
Ans: Electronic vaulting
Backup Sites, Hot Site/ Cold Site, Redundant Array of Inexpensive Disks (RAID), RAID: Some Important Levels, Wide Area File Services (WAFS), Backup for UNIX, Bare Metal Recovery for LINUX, Bucky Backup for Mac OS X
Backup site can be another location operated by the organization, or contracted via a company that specializes in disaster recovery services. In some cases, one organization will have an agreement with a second organization to operate a joint backup site. A cold backup site takes the longest recovery time. It is the most inexpensive type of backup site for an organization to operate. It does not include backed up copies of data and information from the original location of the organization, nor does it include hardware already set up. Although the lack of hardware contributes to the minimal startup costs of the cold backup site, it requires additional time subsequent to the disaster to have the operation running at a capacity close to that prior to the disaster. A hot backup site is a replica of the original site of an organization with full computer systems as well as near-complete backups of user data. Real time synchronization between the two sites is usually used to completely represent the data environment of the original site using wide area network links and specialized software. Preferably, a hot backup site will be up and running within a matter of hours or even less.
176 RAID-5 supports striped-with-parity. It contains a minimum of three disks. In this disk system, data along with its parity bits is stored across multiple disks. When a file is written to a RAID-5 volume, the file splits to all the disks in the set excluding the final disk. The final disk contains the parity information. This parity information allows the disks in the array to keep functioning, in case a disk in the set fails. Due to data redundancy, RAID-5 provides fault tolerance.
Pop Quiz
Q1: Which is a compromise between hot and cold sites?
Ans: Warm site

Q2: Which is a non-mainstream alternative to a traditional recovery site?
Ans: Mobile site
System Backup Administrator, NanoCopy Technology, Backup4all, Backup4all Features, ABC Backup Software, Genie Backup Manager, NTI BackupNow, High Availability Disaster Recovery (HADR), Best Practices in Backup & Recovery
The system backup administrator program provides system backup and recovery of Linux systems.This program manages backups of a standalone system or all Linux systems on a network. It offers backup scheduling, tape labels, tape striping, overwrite and retention policies, performance statistics reporting, and support for sequential and random auto-loaders.The system installation process allocates restoration onto the same or a completely different hardware configuration. The NanoCopy technology is a PiT copy solution, which permits clients to capture a PiT copy (picture) of data with no interruptions in the application accessing the data. It is the only storage-based solution from any vendor that performs this function. The NanoCopy technology is also available on TrueCopy asynchronous software for Windows and all open systems platforms, although the source data must reside on a single Lightning 9900TM V Series system. ABC backup software is used to copy, upload, and download data on schedule from a PC to various storages, such as network disks, remote FTP servers, etc. The program copies the data "as is" or create archived files or directories for copying. ABC backup software uses the zip algorithm to archive data. It is fully gzip compatible. ABC
177
backup software has no limitations on the number of scheduled tasks. Genie Backup Manager Home is an ideal solution for data protection. It is a user friendly tool to backup personal data to a safe location. It allows novice and expert users to backup and recover data swiftly and reliably. It is used to backup photos, media, e-mail, and personal files and folders. A user can perform a complete backup of their computer system or simply backup their personal data. NTI Backup Now is a complete backup and restore solution for SMB MIS, LAN, SOHO, desktop computer, and Notebook. It has an easy step user interface that guides a user to back up the complete computer system or specific files and folders. A user can manually perform the backup operation or can schedule it at a specific time. Backup4all is backup software for Windows operating system developed by Softland. It allows files to be backed-up to any local or network drive, FTP server, CD/DVD, or other removable media. It protects the data from partial or total loss. The application supports an XML plugin system that allows backing up the data and settings of different software applications. It also gives the user the option to compress backed-up files using open-source standards. HADR stands for High Availability Disaster Recovery. It is a data replication feature that provides a high availability solution for both partial and complete site failures. It protects against data loss by replicating data changes from a source database, called the primary, to a target database, called the standby. HADR uses TCP/IP for communication between the primary and standby databases. A user can choose the level of protection by specifying one of three synchronization modes: synchronous, near synchronous, or asynchronous.
Pop Quiz
Q1: Which type of storage requires some direct human action in order to make access to the storage media physically possible?
Ans: Off-line
178
Key Terms
A hot backup site is a replica of the original site of an organization with full computer systems as well as near-complete backups of user data. RAID-5 supports striped-with-parity. It contains a minimum of three disks. In this disk system, data along with its parity bits is stored across multiple disks. The system backup administrator program provides system backup and recovery of Linux systems.This program manages backups of a stand-alone system or all Linux systems on a network. It offers backup scheduling, tape labels, tape striping, overwrite and retention policies, performance statistics reporting, and support for sequential and random auto-loaders. The NanoCopy technology is a PiT copy solution, which permits clients to capture a PiT copy (picture) of data with no interruptions in the application accessing the data. ABC backup software is used to copy, upload, and download data on schedule from a PC to various storages, such as network disks, remote FTP servers, etc. Genie Backup Manager Home is an ideal solution for data protection. It is a user friendly tool to backup personal data to a safe location. It allows novice and expert users to backup and recover data swiftly and reliably. Backup4all is backup software for Windows operating system developed by Softland. It allows files to be backed-up to any local or network drive, FTP server, CD/DVD, or other removable media. It protects the data from partial or total loss. HADR stands for High Availability Disaster Recovery. It is a data replication feature that provides a high availability solution for both partial and complete site failures.
179
Test Your Knowledge

Q1. Which of the following is a backup method that clears the archive bit of files after performing backup? Each correct answer represents a complete solution. Choose two. A. B. C. D. Q2. Differential Sequential Full Incremental
Which of the following is a Recovery Manager (RMAN) backup in which only data blocks that were modified since the last incremental backup are backed up? A. B. C. D. Incremental backup Differential backup Full backup Hot backup
Q3.
Which of the following disaster recovery backup alternatives requires less hardware? Each correct answer represents a complete solution. Choose all that apply. A. B. C. D. Local backup Central backup Coordinated central backup Coordinated local backup
Q4.
Which of the following backup sites takes the longest recovery time? A. B. C. D. Mobile backup site Hot backup site Warm backup site Cold backup site
Q5.
Which HADR stands for High Availability Disaster Recovery. Which of the following statements are true about HADR? Each correct answer represents a complete solution. Choose all that apply.
180 A. It is a data replication feature that provides a high availability solution for both partial and complete site failures. It uses TCP/IP for communication between the primary and standby databases. It protects against data loss by replicating data changes from a source database, called the primary, to a target database, called the standby. It has five synchronization modes to define level of protection.
B. C.
D.
181
Answer Explanations
A1. Answer options C and D are correct. The Recovery Time Objective (RTO) Full and incremental backup methods clear the archive bit of files after performing backup. Windows maintains a marker, for each file, called the archive bit to allow backup programs to mark the files after backing them up. When a file changes later, Windows marks the file as requiring to be backed up again. Answer option A is incorrect. Differential backup does not mark files as having been backed up, i.e., it does not set the archive bit. Answer option B is incorrect. There is no backup method such as sequential backup. A2. Answer option A is correct. The Recovery Time An incremental backup is a Recovery Manager (RMAN) backup in which only data blocks that were modified since the last incremental backup are backed up. Incremental backups are classified by levels. The baseline backup for an incremental backup is a level 0 incremental backup. A level 0 incremental backup, like a full backup, backs up all data blocks that have ever been used. However, a full backup cannot be used as the baseline backup for subsequent incremental backups. Incremental backups at levels greater than 0 back up only data blocks modified since the last incremental backup. For example, a level 1 incremental backup will back up only those data blocks that have changed since the level 0 incremental backup. Furthermore, a level 2 incremental backup will back up only those data blocks that have changed since the level 1 incremental backup. Incremental backups are quicker, and they occupy less space because they do not contain all data blocks. Incremental backups can be applied to the baseline backup, when required, in order to form a complete backup. Answer option B is incorrect. A differential backup is a backup of any file that has changed since the last full backup. Differential backups find all archive bits that are set to 1 and then it backups all those files. When the backup process finishes, the archive bits do not get reset. This is the reason why differential backups back up from the last full backup. A differential backup is not supported by the Windows Server 2008 Backup utility. Previous versions of Windows
182 Server did support differentials. Many third-party backup utilities do support the differential backup process. Answer option C is incorrect. Full backup backs up the entire database including the transaction log. Taking a full backup daily is impractical, as it is time consuming. Instead, a well-defined backup strategy should be implemented as a weekly full backup and a daily differential backup. Answer option D is incorrect. Hot backup is a type of backup, which is performed when data is actively accessible to users and is in a state of update. It is useful in multi-user systems. A3. Answer option B is correct. Backups can be accomplished locally, centrally, or both. A central backup requires less hardware. Answer options A, C, and D are incorrect. A local backup, coordinated central backup, and coordinated local backup require more hardware. A4. Answer option D is correct. A cold backup site takes the longest recovery time. It is the most inexpensive type of backup site for an organization to operate. It does not include backed up copies of data and information from the original location of the organization, nor does it include hardware already set up. Although the lack of hardware contributes to the minimal startup costs of the cold backup site, it requires additional time subsequent to the disaster to have the operation running at a capacity close to that prior to the disaster. Answer option A is incorrect. Although a mobile backup site provides rapid recovery, it does not provide full recovery in time. Hence, a hot backup site takes the shortest recovery time. Answer option B is incorrect. A hot backup site is a replica of the original site of an organization with full computer systems as well as near-complete backups of user data. Real time synchronization between the two sites is usually used to completely represent the data environment of the original site using wide area network links and specialized software. Preferably, a hot backup site will be up and running within a matter of hours or even less. Answer option C is incorrect. A warm backup site is a compromise between hot and cold. These sites will have hardware and
183
connectivity already established, though on a smaller scale than the original production site or even a hot backup site. Warm backup sites will have backups on hand, but they may not be complete. They may be between several days and a week old, for example, backup tapes sent to the warm backup site by courier A5. Answer option A, B, and C are correct. HADR stands for High Availability Disaster Recovery. It is a data replication feature that provides a high availability solution for both partial and complete site failures. It protects against data loss by replicating data changes from a source database, called the primary, to a target database, called the standby. HADR uses TCP/IP for communication between the primary and standby databases. A user can choose the level of protection by specifying one of three synchronization modes: synchronous, near synchronous, or asynchronous.
184
Chapter 13 - Centralized and Decentralized System Recovery Overview

This Chapter helps in the prepration of EDRP Exam by covering the following EC-Council objectives, which address Centralized and Decentralized System Recovery. This chapter includes the following objectives: Distributed computing: Distributed computing computer science that studies distributed systems. is a field of
Data consolidation: Data consolidation means the consolidation of data from multiple sources into a centralized system. Centralized backup: Centralized backup can increase reliability as well as provide hardware and administrative cost savings.
Key Points
Distributed computing, Centralized backup, LAN-free backup, Data consolidation
Distributed computing is a field of computer science that studies distributed systems. It also refers to the use of distributed systems to solve computational problems. In distributed computing, a problem is divided into many tasks, each of which is solved by one computer. A distributed system consists of multiple autonomous computers that communicate through a computer network. The computers interact with each other in order to achieve a common goal. Centralized backup: If a user is performing a backup of desktops or workstations, centralized backups are an excellent way to ensure that the data is well protected. Rather than relying on others to perform the backups, a centralized backup solution, such as a tape library, puts the user in control. Centralized backup is usually a good thing, but there is no one-sizefits-all solution. Although there are numerous different approaches from a lot of different vendors, deciding which approach is the best and selecting the right vendor requires careful consideration.
uCertify Study Guide for EC-Council Exam 312-76 The following are the advantages of a centralized backup:
185
Centralized backup allows backup of up to 10 PCs using Singleinstance storage technology to avoid multiple copies of the same file, even if that file exists on multiple PCs. Centralized backup is very important today, as most of the storage management companies, including Computer Associates International Inc., Veritas, and EMC Corp., and suppliers like Arkiea Corp. and CommVault Systems Inc., offer options for this process. Centralized backup can increase reliability and provide hardware and administrative cost savings.
A LAN-free backup is a backup of server data to a shared, central storage device without sending the data over the local area network (LAN). It is usually achieved by using a storage area network (SAN). The objective of LAN-free backup is to reduce the load on LAN and reduce the time it takes to complete the backup. It provides an alternative way of backup than a simple data copy to networkattached storage (NAS) over LAN. Data consolidation means the consolidation of data from multiple sources into a centralized system. It is used to define the process of summarizing large quantities of information, usually in the form of spreadsheets, into one large worksheet that reflects all of the involved data. This operation is performed by a computer with Microsoft Excel, which contains an automated tool used for data consolidation.
Pop Quiz
Q1: Who has the ultimate responsibility for the protection of the organization's information?
Ans: Senior Management

Q2: Which step has the goal to reduce the level of risk to the IT system and its data to an acceptable level?
Ans: Recommended Controls
186
Key Terms
Distributed computing is a field of computer science that studies distributed systems. It also refers to the use of distributed systems to solve computational problems. LAN-free backup is a backup of server data to a shared, central storage device without sending the data over the local area network (LAN). It is usually achieved by using a storage area network (SAN). Data consolidation means the consolidation of data from multiple sources into a centralized system. It is used to define the process of summarizing large quantities of information, usually in the form of spreadsheets, into one large worksheet that reflects all of the involved data.
187
Test Your Knowledge

Q1. Distributed computing is a field of computer science that studies distributed systems. Which of the following statements are true about distributed computing? Each correct answer represents a complete solution. Choose all that apply. A. B. C. D. Q2. Distributed computing refers to the use of distributed systems to solve computational problems. In distributed computing, a problem is divided into many tasks, each of which is solved by a Programmer. A distributed system consists of multiple autonomous computers that communicate through a computer network. In distributed computing, the computers interact with each other in order to achieve a common goal.
Data consolidation means the consolidation of data from multiple sources into a centralized system. Which of the following statements are true about data consolidation? Each correct answer represents a complete solution. Choose two. A. It is used to define the process of summarizing large quantities of information, usually in the form of spreadsheets, into one large worksheet that reflects all of the involved data. It is performed by a computer with Microsoft Excel, which contains an automated tool used for data consolidation. It is used to better organize the work. It is used to provide complex security to the data.
B. C. D. Q3.
Which of the following is a backup that can increase reliability and provide hardware and administrative cost savings? A. B. C. D. Centralized backup LAN-free backup Server-free backup Data-free backup following tools is used to attack the Digital
Q4.
Which of the Watermarking?
188 A. B. C. D. Q5. 2Mosaic Gifshuffle Active Attacks Steg-Only Attack
You work as a technician for Secure Net Inc. You receive an e-mail from your software vendor. The e-mail contains information about a critical fix that needs to be installed on your computer. It further states that if this patch is not installed right away, your system will crash and you will lose all your data. Now they require your maintenance account password. Which of the following types of security attacks do you think it is? A. B. C. D. Man-in-the-middle Spoofing Hacking Social engineering
189
Answer Explanations
A1. Answer options A, C, and D are correct. Distributed computing is a field of computer science that studies distributed systems. It also refers to the use of distributed systems to solve computational problems. In distributed computing, a problem is divided into many tasks, each of which is solved by one computer. A distributed system consists of multiple autonomous computers that communicate through a computer network. The computers interact with each other in order to achieve a common goal. A2. Answer options A, B, and C are correct. Data consolidation means the consolidation of data from multiple sources into a centralized system. It is used to define the process of summarizing large quantities of information, usually in the form of spreadsheets, into one large worksheet that reflects all of the involved data. This operation is performed by a computer with Microsoft Excel, which contains an automated tool used for data consolidation. Answer option D is incorrect. Data consolidation is not used to provide complex security to the data. A3. Answer option D is correct. Centralized backup can increase reliability and provide hardware and administrative cost savings. Centralized backup allows backup of up to 10 PCs using Single-instance storage technology to avoid multiple copies of the same file, even if that file exists on multiple PCs. Centralized backup is very important today, as most of the storage management companies, including Computer Associates International Inc., Veritas, and EMC Corp., and suppliers like Arkiea Corp. and CommVault Systems Inc., offer options for this process. If a user is performing a backup of desktops or workstations, centralized backups are an excellent way to ensure that the data is well protected. Rather than relying on others to perform the backups, a centralized backup solution, such as a tape library, puts the user in control. Centralized backup is usually a good thing, but there is no one-sizefits-all solution. Although there are numerous different approaches from a lot of different vendors, deciding which approach is the best and selecting the right vendor requires careful consideration.
190 Answer option B is incorrect. A LAN-free backup is a backup of server data to a shared, central storage device without sending the data over the local area network (LAN). It is usually achieved by using a storage area network (SAN). The objective of LAN-free backup is to reduce the load on LAN and reduce the time it takes to complete the backup. It provides an alternative way of backup than a simple data copy to network-attached storage (NAS) over LAN. Answer option C is incorrect. Server-free backup cannot increase reliability. These backups do not provide hardware and administrative cost savings. Answer option D is incorrect. It is an invalid option. A4. Answer option A is correct. 2Mosaic is a tool used for watermark breaking. It is an attack against a digital watermarking system. In this type of attack, an image is chopped into small pieces and then placed together. When this image is embedded into a web page, the web browser renders the small pieces into one image. This image looks like a real image with no watermark in it. This attack is successful, as it is impossible to read watermark in very small pieces. Answer option B is incorrect. Gifshuffle is used to hide message or information inside GIF images. It is done by shuffling the colormap. This tool also provides compression and encryption. Answer options C and A are incorrect. Active Attacks and Steg-Only Attacks are used to attack Steganography. A5. Answer option D is correct. Social engineering is the art of convincing people and making them disclose useful information such as account names and passwords. This information is further exploited by hackers to gain access to a user's computer or network. This method involves mental ability of the people to trick someone rather than their technical skills. A user should always distrust people who ask him for his account name or password, computer name, IP address, employee ID, or other information that can be misused. Answer option A is incorrect. Man-in-the-middle attacks occur when an attacker successfully inserts an intermediary software or program between two communicating hosts. The intermediary software or program allows attackers to listen to and modify the communication packets passing between the two hosts. The software intercepts the communication packets and then sends the information to the
191
receiving host. The receiving host responds to the software, presuming it to be the legitimate client. Answer option B is incorrect. Spoofing is a technique that makes a transmission appear to have come from an authentic source by forging the IP address, email address, caller ID, etc. In IP spoofing, a hacker modifies packet headers by using someone else's IP address to hide his identity. However, spoofing cannot be used while surfing the Internet, chatting on-line, etc. because forging the source IP address causes the responses to be misdirected. Answer option C is incorrect. Hacking is a process by which a person acquires illegal access to a computer or network through a security break or by implanting a virus on the computer or network.
192
Chapter 14 - Windows Data Recovery Tools Overview

This Chapter helps in the prepration of EDRP Exam by covering the following EC-Council objectives, which address Windows Data Recovery Tools. This chapter includes the following objectives: Winternals Recovery Manager: Winternals Recovery Manager is an enterprise recovery solution for Windows servers, workstations, and mobile PCs that provide customized protection at multiple levels. ADRC Data Recovery Software Tool: ADRC Data Recovery Software Tool contains a collection of DIY data recovery tools. Digital Signatures: Data Advisor is a simple powerful diagnostic software tool for assessing the condition of a computer system.
Key Points
Digital Photo Recovery, Active@ UNERASER, Test Disk, PhotoRec, BadCopy Pro, Directory Snoop, Data Advisor, Fast File Undelete, File Scavenger, GetDataBack, Kernel Recovery for FAT+NTFS, R-Mail, R-Studio, Recover4all, Recover It All, Recover My Files Data Recovery Algorithms
Digital Photo Recovery refers to recovering images from the camera's memory card. Digital photo recovery software recovers lost photos, files, and data from all media types. It is a wide-ranging digital photo recovery utility for any type of Digital Media. Digital Photo Recovery software reclaims pictures that are lost. It offers rescue of digital camera cards images, damaged or lost data recovery, recovery after an unintentional deletion, a format or corrupt media. A TestDisk is powerful free data recovery software. It was mainly designed to facilitate recovery of lost partitions, and to make nonbooting disks bootable again when these symptoms occur due to faulty software, certain types of viruses, or human error (such as unintentionally deleting a Partition Table). A Partition Table recovery using TestDisk is actually simple. TestDisk performs the following tasks:
uCertify Study Guide for EC-Council Exam 312-76 It can fix partition tables. It can recover deleted partitions. It can recover the FAT32 boot sector from its backup. It can rebuild the FAT12/FAT16/FAT32 boot sectors. It can rebuild the NTFS boot sector.
193
It can recover the NTFS boot sector from its backup.It can fix MFT using MFT mirror. It can locate ext2/ext3/ext4 Backup SuperBlocks. It can undelete files from FAT, NTFS, and ext2 filesystems. It can copy files from deleted FAT, NTFS, and ext2/ext3/ext4 partitions.
Rmail is an Emacs subsystem that is used to read and dispose the received mails. Rmail stores mail messages in files called Rmail files. The reading of the messages is done in a special major mode in an Rmail file. Rmail mode redefines most letters to run commands for managing mails. R-Studio is a family of robust and cost-effective undelete and data recovery software. It is empowered by new unique data recovery technologies and is the most comprehensive data recovery solution for recovery files from FAT12/16/32/exFAT, NTFS, NTFS5, and HFS/HFS+ (Macintosh). It functions on local and network disks, even if such partitions are formatted, damaged, or deleted. Recover4all is software that can easily recover (undelete) files that were accidentally deleted under Windows. It can recover files that were directly deleted or deleted through the Recycle Bin. This tool is fast and very easy to use. It is very easy to restore deleted files with a few mouse clicks. Recover4all does not require installation and can be run directly from a USB disk, flash drive, etc. to prevent files that were already deleted from becoming overwritten. Recover It All is effective data recovery software that is used for restoration of data lost due to accidental format, deleted files, and virus attacks. It can recover and restore deleted or damaged partition or boot sectors. It is designed for FAT, FAT 32, and Windows 2000. It is a true 32-bit file recovery application. It can even recover lost directories and sub-directories.
194 Recover My Files data recovery software recovers deleted files. It can recover files even if emptied from the Recycle Bin, or lost due to the format or corruption of a hard drive, virus or Trojan infection, unexpected system shutdown, and software failure. It can also recover documents, photos, video music, and e-mail. It can even recover data from hard drive, camera card, USB, Zip, floppy disk, or other media. BadCopy Pro performs the following tasks: It can recover data from floppy disk, CDs/DVDs, flash drive, digital media recovery, etc. It provides automatic data recovery process in just a few clicks. It can recover lost files such as documents, images, applications, and more. It provides rescue and recovery of files and data on floppy disk, Zip disk, CD, DVD, and flash drive. It provides post-processing of recovered files and smart data filling technology. It can recover data from digital media such as SD, CF, xD, SmartMedia card, and MemoryStick. Directory Snoop is a cluster-level search tool. It allows Windows users to snoop through their FAT and NTFS formatted disk drives to see what data may be hiding in the cracks. Following are the different features of Directory Snoop: It supports both FAT and NTFS modules. It can recover deleted files, including those emptied from the recycle bin. It can destroy sensitive files with the secure wiping fuctions. It can copy open and locked files via the cluster copy function. It can examine the FAT and Master File Tables. Active@ UNERASER is powerful hard drive recovery software for DOS and Windows. It is used to recover deleted files and folders on the FAT12, FAT16, FAT32, and NTFS file systems. Active@ UNERASER can even restore files from deleted and reformatted
195
partitions. It is not necessary to install this tool on a system's hard drive, as it fits on a boot floppy disk. PhotoRec is file data recovery software. It is designed to recover lost files including video, documents, and archives from hard disks, CD-ROMs, and lost pictures from the digital camera memory. It ignores the file system and goes after the underlying data; so it will work even if a media's file system has been severely damaged or reformatted. PhotoRec is a free open source multi-platform tool and distributed under GNU General Public License (GPL). BadCopy Pro is leading data recovery software for floppy disks, CDs, DVDs, memory cards, Zip disks, USB flash drives, etc. It can effectively recover and rescue corrupted or lost data from damaged, unreadable, formatted, or defective disks. It supports Microsoft Windows 95/98/2000/NT/ME/XP/2003/Vista. It can be used for damaged floppy disk repair, floppy data recovery, damaged or defective CD/DVD data recovery, lost photo recovery from a memory card, etc. Directory Snoop is a cluster-level search tool. It allows Windows users to snoop through their FAT and NTFS formatted disk drives to see what data may be hiding in the cracks. Directory Snoop can be used to recover deleted files, or a user can permanently erase sensitive files so that no one knows they ever existed. It includes local hard drives, floppy disks, Zip disks, MO disks, and flashcard devices. Directory Snoop requires non-compressed FAT12, FAT16, FAT32, or NTFS formatted volume, local hard drive, or removable media device (network and CD drives not supported). It supports Windows 95, 98, ME, NT, 2000, XP, Vista, or 7 for FAT module and Windows NT, 2000, XP, Vista, or 7 for the NTFS module. Data Advisor is a simple powerful diagnostic software tool for assessing the condition of a computer system. It assesses the health of a hard disk drive, file structures, and computer memory by identifying problems that could cause data loss. It is self-booting, so it runs even when a system does not boot to Windows. This diagnostic tool can be used to both diagnose current problems and/or as part of the regular maintenance program. The regular maintenance program identifies potential problems that could lead to data loss. Fast File Undelete is a tool that provides a quick and effective way to retrieve valuable data lost due to deletion. It allows retrieval of files which have been deleted from a disk and have been removed from the Recycle Bin. Fast File Undelete is easy to
196 use and requires no special knowledge. It can be used with Windows NT, 2000, or 2000 advanced server. A File Scavenger is a file undelete and data recovery tool for Windows XP, Windows 7, Vista, Windows Server 2003, Windows 2000, Windows NT, and Windows ME/98/95. It can recover files that have been accidentally deleted, including files removed from the Recycle Bin. The recovery is attempted before the files are permanently overwritten by a new data. File Scavenger supports both basic and dynamic disks, NTFS compression, alternate data streams, sparse files, unicode filenames, etc. It can also recover files from a reformatted or corrupted volume. This tool uses advanced algorithms to handle disks with bad sectors and badly corrupted partitions. R-mail is an e-mail recovery tool. It is used to restore deleted email messages. It is designed to restore Outlook Express e-mail. This tool is based on the highly effective IntelligentRebuild e-mail recovery technology. This technology allows R-Mail software users to repair damaged *.pst (Outlook) and *.dbx (Outlook Express) files and restore lost e-mail messages in three steps.
Quick Recovery for Windows, Restorer2000, File Recovery, EasyRecovery DataRecovery, EasyRecovery Professional, RecoverSoft Media Tools Professional, RecoverSoft Data Rescue PC, ADRC Data Recovery Software Tool, SalvageRecovery for Windows, Disk Doctors Email Recovery, Winternals Recovery Manager Signatures
RecoverSoft Media Tools Professional is a professional data recovery suite. This software can extract raw data from mechanically failing drives, automatically rebuild the file to recover files and folders to a reliable media, boot partition repair, automatically rebuild the boot sectors, and mount the file system to rebuild it to recover files and folders to a reliable media. ADRC Data Recovery Software Tool contains a collection of DIY data recovery tools. It supports a wide variety of drives and file systems. It incorporates extremely simple GUI with novice users in mind. This tool provides users full control to undelete files, disk image back up, restore a backup image, copy files from hard disk with bad sectors, disk cloning, backup, edit and restore the boot parameters. ADRC Data Recovery Software Tool is absolutely free.
197
SDRW stands for SalvageData Recovery for Windows. It is the best solution for recovering files from a crashed or virus-corrupted hard drive. It focuses on salvaging and recovering files quickly off the failing or degrading drive. SDRW is the best option to recover important data. It is the best logical data recovery solution to quickly salvage data. Winternals Recovery Manager is developed by Winternals Software LP. It is used by 2 users of Software Informer and the most popular version of this product, i.e., 3.0. RecoveryCenter.exe is the executable file of this program. It is an enterprise recovery solution for Windows servers, workstations, and mobile PCs that provide customized protection at multiple levels (including the operating system, application, user data, and user settings), which are centrally managed for all sites throughout the enterprise. Restorer2000 is unformat and file recovery software for Windows 95/98/Me/NT/2000/XP/2003/Vista. It is leading file recovery software and used by both experts and novice users. It is ideal software for home and small office users who need to recover accidentally deleted files or files from deleted/corrupted logical disks. EasyRecovery Professional is a recovery tool developed by Ontrack. It provides complete data recovery solution for data recovery needs. It also includes advanced data recovery options and Data Advisor diagnostic features. It can repair files and recover data. It can be used in any operating system and media type.
Pop Quiz
Q1: Which tool is used to recover data from corrupted CDs and DVDs?
Ans: BadCopy Pro

Q2: Which tool is used to recover deleted files?
Ans: File Scavenger
198
Key Terms
TestDisk is powerful free data recovery software. It was mainly designed to facilitate recovery of lost partitions, and to make nonbooting disks bootable again when these symptoms occur due to faulty software, certain types of viruses, or human error (such as unintentionally deleting a Partition Table). R-Studio is a family of robust and cost-effective undelete and data recovery software. It is empowered by new unique data recovery technologies and is the most comprehensive data recovery solution for recovery files from FAT12/16/32/exFAT, NTFS, NTFS5, and HFS/HFS+ (Macintosh). Directory Snoop is a cluster-level search tool. It allows Windows users to snoop through their FAT and NTFS formatted disk drives to see what data may be hiding in the cracks. Active@ UNERASER is powerful hard drive recovery software for DOS and Windows. It is used to recover deleted files and folders on the FAT12, FAT16, FAT32, and NTFS file systems. BadCopy Pro is leading data recovery software for floppy disks, CDs, DVDs, memory cards, Zip disks, USB flash drives, etc. It can effectively recover and rescue corrupted or lost data from damaged, unreadable, formatted, or defective disks. Data Advisor is a simple powerful diagnostic software tool for assessing the condition of a computer system. It assesses the health of a hard disk drive, file structures, and computer memory by identifying problems that could cause data loss. File Scavenger is a file undelete and data recovery tool for Windows XP, Windows 7, Vista, Windows Server 2003, Windows 2000, Windows NT, and Windows ME/98/95. It can recover files that have been accidentally deleted, including files removed from the Recycle Bin.
199
Test Your Knowledge

Q1. Which of the following is powerful free data recovery software that is mainly designed to facilitate the recovery of lost partitions? A. B. C. D. Q2. Digital Photo Recovery TestDisk THC Hydra PhotoRec
TestDisk is powerful free data recovery software. What are the tasks performed by TestDisk? Each correct answer represents a complete solution. Choose all that apply.. A. B. C. D. It can fix partition tables. It can recover deleted partitions. It can rebuild the NTFS boot sector. It can undelete files from FAT, NTFS, and ext2 filesystems.
Q3.
Active@ UNERASER is powerful hard drive recovery software. Which of the following statements are true about Active@ UNERASER? Each correct answer represents a complete solution. Choose all that apply. A. B. C. D. It can restore files from deleted and reformatted partitions. It is used to recover deleted files and folders on FAT12, FAT16, FAT32, and NTFS file systems. It is compatible with Linux. It is not necessary to install Active@ UNERASER on a system's hard drive.
Q4.
Which of the following data recovery tools can recover files that have been accidentally deleted, including files removed from the Recycle Bin? Each correct answer represents a complete solution. Choose all that apply. A. B. C. D. File Scavenger Recover4all Pwdump Fast File Undelete
200 E. Q5. Recover It All
Which of the following is leading data recovery software for floppy disks, CDs, DVDs, memory cards, Zip disks, and USB flash drives? A. B. C. D. BadCopy Pro Directory Snoop Data Advisor GetDataBack
201
Answer Explanations
A1. Answer option B is correct. A TestDisk is powerful free data recovery software. It was mainly designed to facilitate recovery of lost partitions, and to make nonbooting disks bootable again when these symptoms occur due to faulty software, certain types of viruses, or human error (such as unintentionally deleting a Partition Table). A Partition Table recovery using TestDisk is actually simple. Answer option A is incorrect. Digital Photo Recovery refers to recovering images from the camera's memory card. Digital photo recovery software recovers lost photos, files, and data from all media types. It is a wide-ranging digital photo recovery utility for any type of Digital Media. Digital Photo Recovery software reclaims pictures that are lost. It offers rescue of digital camera cards images, damaged or lost data recovery, recovery after an unintentional deletion, a format or corrupt media. Answer option C is incorrect. THC Hydra is a fast network authentication cracker that supports many different services. Hydra was a software project developed by a German organization called The Hacker's Choice (THC). THC Hydra uses a dictionary attack to test for weak or simple passwords on one or many remote hosts running a variety of different services. It was designed as a proof-ofconcept utility to demonstrate the ease of cracking poorly chosen passwords. The project supports a wide range of services and protocols: TELNET, FTP, HTTP, HTTPS, HTTP-PROXY, SMB, SMBNT, MS-SQL, MYSQL, REXEC, RSH, RLOGIN, CVS, SNMP, SMTP-AUTH, SOCKS5, VNC, POP3, IMAP, NNTP, PCNFS, ICQ, SAP/R3, LDAP, PostgreSQL, Teamspeak, Cisco auth, Cisco enable, and Cisco AAA. Answer option D is incorrect. PhotoRec is file data recovery software. It is designed to recover lost files including video, documents, and archives from hard disks, CD-ROMs, and lost pictures from the digital camera memory. It ignores the file system and goes after the underlying data; so it will work even if a media's file system has been severely damaged or reformatted. PhotoRec is a free open source multi-platform tool and distributed under GNU General Public License (GPL). A2. Answer options A, B, C, and D are correct. TestDisk performs the following tasks: It can fix partition tables.
202 A3. It can recover deleted partitions. It can recover the FAT32 boot sector from its backup. It can rebuild the FAT12/FAT16/FAT32 boot sectors. It can rebuild the NTFS boot sector. It can recover the NTFS boot sector from its backup. It can fix MFT using MFT mirror. It can locate ext2/ext3/ext4 Backup SuperBlocks. It can undelete files from FAT, NTFS, and ext2 filesystems. It can copy files from deleted FAT, NTFS, and ext2/ext3/ext4 partitions.
Answer options A, B, and D are correct. Active@ UNERASER is powerful hard drive recovery software for DOS and Windows. It is used to recover deleted files and folders on the FAT12, FAT16, FAT32, and NTFS file systems. Active@ UNERASER can even restore files from deleted and reformatted partitions. It is not necessary to install this tool on a system's hard drive, as it fits on a boot floppy disk. Answer option C is incorrect. Active@ UNERASER is not compatible with Linux.
A4.
Answer options A, B, D, and E are correct. A File Scavenger is a file undelete and data recovery tool for Windows XP, Windows 7, Vista, Windows Server 2003, Windows 2000, Windows NT, and Windows ME/98/95. It can recover files that have been accidentally deleted, including files removed from the Recycle Bin. The recovery is attempted before the files are permanently overwritten by a new data. File Scavenger supports both basic and dynamic disks, NTFS compression, alternate data streams, sparse files, unicode filenames, etc. It can also recover files from a reformatted or corrupted volume. This tool uses advanced algorithms to handle disks with bad sectors and badly corrupted partitions. Recover4all is software that can easily recover (undelete) files that were accidentally deleted under Windows. It can recover files that were directly deleted or deleted through the Recycle Bin. This tool is fast and very easy to use. It is very easy to restore deleted files with a few mouse clicks. Recover4all does not require installation and can be run directly from a USB disk, flash drive, etc. to prevent files that were already deleted from becoming overwritten.
203
Fast File Undelete is a tool that provides a quick and effective way to retrieve valuable data lost due to deletion. It allows retrieval of files which have been deleted from a disk and have been removed from the Recycle Bin. Fast File Undelete is easy to use and requires no special knowledge. It can be used with Windows NT, 2000, or 2000 advanced server. Recover It All is effective data recovery software that is used for restoration of data lost due to accidental format, deleted files, and virus attacks. It can recover and restore deleted or damaged partition or boot sectors. It is designed for FAT, FAT 32, and Windows 2000. It is a true 32-bit file recovery application. It can even recover lost directories and sub-directories. Answer option C is incorrect. Pwdump is a Windows password recovery tool. A5. Answer option A is correct. BadCopy Pro is leading data recovery software for floppy disks, CDs, DVDs, memory cards, Zip disks, USB flash drives, etc. It can effectively recover and rescue corrupted or lost data from damaged, unreadable, formatted, or defective disks. It supports Microsoft Windows 95/98/2000/NT/ME/XP/2003/Vista. It can be used for damaged floppy disk repair, floppy data recovery, damaged or defective CD/DVD data recovery, lost photo recovery from a memory card, etc. Answer option B is incorrect. Directory Snoop is a cluster-level search tool. It allows Windows users to snoop through their FAT and NTFS formatted disk drives to see what data may be hiding in the cracks. Directory Snoop can be used to recover deleted files, or a user can permanently erase sensitive files so that no one knows they ever existed. It includes local hard drives, floppy disks, Zip disks, MO disks, and flashcard devices. Directory Snoop requires non-compressed FAT12, FAT16, FAT32, or NTFS formatted volume, local hard drive, or removable media device (network and CD drives not supported). It supports Windows 95, 98, ME, NT, 2000, XP, Vista, or 7 for FAT module and Windows NT, 2000, XP, Vista, or 7 for the NTFS module. Answer option C is incorrect. Data Advisor is a simple powerful diagnostic software tool for assessing the condition of a computer system. It assesses the health of a hard disk drive, file structures, and computer memory by identifying problems that could cause data loss. It is self-booting, so it runs even when a system does not boot to Windows. This diagnostic tool can be used to both diagnose current problems and/or as part of the regular maintenance
204 program. The regular maintenance program identifies potential problems that could lead to data loss. Answer option D is incorrect. GetDataBack is a tool that is used to recover data if the hard drive's partition table, boot record, FAT/MFT, or root directory are lost or damaged, data was lost due to a virus attack, the drive was formatted, fdisk has been run, a power failure caused a system crash, files were lost due to a software failure, and files were accidentally deleted. GetDataBack can even recover data when the drive is no longer recognized by Windows.
205
Chapter 15 - Linux, Mac and Novell Netware Data Recovery Tools Overview
This Chapter helps in the prepration of EDRP Exam by covering the following EC-Council objectives, which address Linux, Mac and Novell Netware Data Recovery Tools. This chapter includes the following objectives: R-Linux: R-Linux is a free Ext2/Ext3/Ext4 FS file system. file recovery utility for the
SalvageData Recovery for Mac: SalvageData Recovery for Mac is a robust, easy to use, and effective professional data recovery software tool. ReiserFS: ReiserFS is a general-purpose computer file system designed and implemented by a team at Namesys led by Hans Reiser. DiskInternals Linux Reader: DiskInternals Linux Reader is a freeware Linux reader for Windows. A user can read Linux's files from Windows.
Key Points
Kernel Recovery for Linux, ReiserFS, JFS, Macintosh, Novell-Netware; Stellar Phoenix Linux, R-Linux, Quick Recovery for Linux, Quick Recovery for Macintosh, SalvageRecovery for Linux
Kernel Recovery for Linux data recovery software supports Linux data recovery from Ext2, Ext3 file system based Linux operating systems, for example, Red Hat, Mandrake, Turbo, SuSe, Debian, Ubuntu, SCO, etc. It can recover data from corrupted Linux partitions and can restore deleted files from the hard drive. This tool can even recover the data from the deleted Linux partitions. It also supports the new Ext3 file system. Kernel Recovery for ReiserFS is advanced Linux data recovery software. It recovers missing/deleted data from the Linux based Reiserfs File system. This software is secure, simple, and easy to use data recovery software. It can recover data lost due to accidental file deletion, partition deletion, partition corruption, internal node or iNode corruption, journal corruption, super block corruption, and
206 directory corruption. Kernel Recovery for ReiserFS software uses quick and advanced algorithm to search and restore the lost partitions, files and folders from the corrupt and damaged Linux partitions. Kernel Recovery for JFS recovers corrupt Linux JFS partition data. It can recover lost due to accidental file deletion, partition deletion, internal node corruptions, leaf node corruptions, journal corruptions, super block corruptions, and directory corruptions. It completely scans the damaged hard drive and locates lost partitions, files and folders of the JFS partition. This software is secure, easy and simple to access from the damaged, corrupt IBM JFS Linux partitions on all flavors of Linux. Kernel Recovery for Macintosh is a MAC data recovery software tool that helps in recovering deleted files and data from the Macintosh operating system. The most common reasons contributing in data files and folders getting corrupt are partition table corruption, disk initialization, bad sectors, master directory block or volume header corruption, catalog file corruption, and catalog files node corruptions. It recovers lost, missing, and deleted partition of Mac Drives. Kernel Recovery for Novell-Netware is a data recovery software tool. It can recover lost and deleted data of traditional and NSS volumes of NWFS, Net386, and NSS file system installed on the hard disk drive or the data storage media. The Novell OS gets corrupt due to partition table deletion or corruption, operating system corruption, volume table and HotFix table damage, DET or FAT corruption, etc. R-Linux is a free file recovery utility for the Ext2/Ext3/Ext4 FS file system. It is used in the Linux operating system and several UNIX operating systems. This utility uses InteligentScan technology and flexible parameter settings that provides real control over the fastest data recovery ever seen. It can recover files from existing logical disks even when file records are lost. R-Linux does not have any network capabilities or ability to reconstruct damaged RAIDs or stripe sets. Stellar Phoenix Linux is Linux data recovery software. It is used to recover the lost data, deleted data, formatted data, or inaccessible data from Ext4, Ext3, Ext2, FAT16, and FAT12 file system based volumes. It can recover all lost files, directories, and hard drive volumes. It has user-friendly interface and it does not require any technical expertise. ReiserFS is a general-purpose computer file system designed and implemented by a team at Namesys led by Hans Reiser. This file system is currently supported on Linux. It was introduced in version
207
2.4.1 of the Linux kernel. It was the first journaling file system to be included in the standard kernel. It is the default file system on the Elive, Xandros, Linspire, GoboLinux, and Yoper Linux distributions. SalvageData Recovery for Linux is a Windows-based data recovery software tool. It is used to recover data files from crashed Ext2, Ext3, and ReiserFS Linux hard disk drives and volumes. SalvageData Recovery for Linux can be used on any Windows platform. It can access Linux drives via the system even if not detected by Windows. SalvageData Recovery for Mac is a robust, easy to use, and effective professional data recovery software tool. It provides quick and easy data recovery from MacOS HFS & HFS+ volumes from a Windowsbased PC. It runs on Native Mac OSX and is a complete data recovery software solution for HFS and HFS+ Mac systems with enhanced data recovery options. SalvageData recovery for Novell is a robust, yet easy to use, and cost effective data recovery software tool for quick and easy data recovery from logical media volume failures. It is a Windows-based data recovery software tool used for the recovery of data from Novell systems. It is used in a computer system to recover data from damaged, deleted, or corrupted Novell formatted disk volumes.
SalvageRecovery for Mac, SalvageRecovery for Netware, Disk Doctors Linux Data Recovery Software, DiskInternals Linux Reader
DiskInternals Linux Reader is a freeware Linux reader for Windows. A user can read Linux's files from Windows. This tool plays the role of a bridge between Windows and Ext2/Ext3/Ext4, HFS, and ReiserFS file systems. DiskInternals Linux Reader provides for read-only access. It does not allow to make records in file system partitions. Disk Doctors Linux Data Recovery software is a user-friendly Linux recovery tool. It performs data recovery from the Linux Ext2, Ext3, and Ext4 file systems created on any Linux distribution. It supports all the most prevailing Linux distributions such as Redhat Linux, Suse Linux, Mandriva Linux, Ubuntu Linux, Caldera Linux, Slackware Linux, Gentoo Linux, Kubuntu Linux, and many more. EasyRecovery Professional is a recovery tool developed by Ontrack. SalvageRecovery products are available for Mac OS, Novell Netware, Microsoft Windows, and Linux.
208
Pop Quiz
Q1: Which task is prioritized the most by the information security strategy?
Ans: Business goals and objectives

Q2: Which tool uses IntelligentScan technology and flexible parameter settings for the fastest data recovery solutions?
Ans: R-Linux
209
Key Terms
R-Linux is a free file recovery utility for the Ext2/Ext3/Ext4 FS file system. It is used in the Linux operating system and several UNIX operating systems. Stellar Phoenix Linux is Linux data recovery software. It is used to recover the lost data, deleted data, formatted data, or inaccessible data from Ext4, Ext3, Ext2, FAT16, and FAT12 file system based volumes. ReiserFS is a general-purpose computer file system designed and implemented by a team at Namesys led by Hans Reiser. This file system is currently supported on Linux. Disk Doctors Linux Data Recovery software is a user-friendly Linux recovery tool. It performs data recovery from the Linux Ext2, Ext3, and Ext4 file systems created on any Linux distribution. Kernel Recovery for Macintosh is a MAC data recovery software tool that helps in recovering deleted files and data from the Macintosh operating system.
210
Test Your Knowledge

Q1. Which of the following software are used for data recovery in Linux operating system? Each correct answer represents a complete solution. Choose all that apply. A. B. C. D. Q2. R-Linux R-Mail Stellar Phoenix Linux SalvageData Recovery
Which of the following software tools is used for quick and easy data recovery from MacOS HFS and HFS+ volumes from a Windows-based computer system? A. B. C. D. SalvageData Recovery Data Advisor GetDataBack Restorer2000
Q3.
ReiserFS is a general-purpose computer file system designed and implemented by a team at Namesys led by Hans Reiser. Which of the following statements are true about ReiserFS? Each correct answer represents a complete solution. Choose all that apply. A. B. C. D. This file system is currently supported on Linux. It introduced in version 2.4.1 of the Linux kernel. It was the first journaling file system to be included in the standard kernel. It is the default file system on the Elive, Xandros, Linspire, GoboLinux, and Yoper Linux distributions.
Q4.
Which of the following software is used to recover lost and deleted data of traditional and NSS volumes of NWFS, Net386, and NSS file system installed on the hard disk drive or the data storage media? A. B. C. Kernel Recovery for Novell-Netware Restorer2000 SDRW
uCertify Study Guide for EC-Council Exam 312-76 D. Q5. Kernel Recovery for Linux
211
Which of the following software plays the role of a bridge between Windows and Ext2/Ext3/Ext4, HFS, and ReiserFS file systems? A. B. C. D. Kernel Recovery for ReiserFS Disk Doctors Linux Data Recovery software DiskInternals Linux Reader Kernel Recovery for JFS
212
Answer Explanations
A1. Answer options A, C, and D are correct. R-Linux is a free file recovery utility for the Ext2/Ext3/Ext4 FS file system. It is used in the Linux operating system and several UNIX operating systems. This utility uses InteligentScan technology and flexible parameter settings that provides real control over the fastest data recovery ever seen. It can recover files from existing logical disks even when file records are lost. R-Linux does not have any network capabilities or ability to reconstruct damaged RAIDs or stripe sets. Stellar Phoenix Linux is Linux data recovery software. It is used to recover the lost data, deleted data, formatted data, or inaccessible data from Ext4, Ext3, Ext2, FAT16, and FAT12 file system based volumes. It can recover all lost files, directories, and hard drive volumes. It has user-friendly interface and it does not require any technical expertise. SalvageData Recovery for Linux is a Windows-based data recovery software tool. It is used to recover data files from crashed Ext2, Ext3, and ReiserFS Linux hard disk drives and volumes. SalvageData Recovery for Linux can be used on any Windows platform. It can access Linux drives via the system even if not detected by Windows. Answer option B is incorrect. R-mail is an e-mail recovery tool. It is used to restore deleted e-mail messages. It is designed to restore Outlook Express e-mail. This tool is based on the highly effective IntelligentRebuild e-mail recovery technology. This technology allows R-Mail software users to repair damaged *.pst (Outlook) and *.dbx (Outlook Express) files and restore lost e-mail messages in three steps. A2. Answer option A is correct. SalvageData Recovery for Mac is a robust, easy to use, and effective professional data recovery software tool. It provides quick and easy data recovery from MacOS HFS & HFS+ volumes from a Windowsbased PC. It runs on Native Mac OSX and is a complete data recovery software solution for HFS and HFS+ Mac systems with enhanced data recovery options. Answer option B is incorrect. Data Advisor is a simple powerful diagnostic software tool for assessing the condition of a computer system. It assesses the health of a hard disk drive, file structures, and computer memory by identifying problems that could cause data loss. It is self-booting, so it runs even when a system does not boot
213
to Windows. This diagnostic tool can be used to both diagnose current problems and/or as part of the regular maintenance program. The regular maintenance program identifies potential problems that could lead to data loss. Answer option C is incorrect. GetDataBack is a tool that is used to recover data if the hard drive's partition table, boot record, FAT/MFT, or root directory are lost or damaged, data was lost due to a virus attack, the drive was formatted, fdisk has been run, a power failure caused a system crash, files were lost due to a software failure, and files were accidentally deleted. GetDataBack can even recover data when the drive is no longer recognized by Windows. Answer option D is incorrect. Restorer2000 is unformat and file recovery software for Windows 95/98/Me/NT/2000/XP/2003/Vista. It is leading file recovery software and used by both experts and novice users. It is ideal software for home and small office users who need to recover accidentally deleted files or files from deleted/corrupted logical disks. A3. Answer options A, B, C, and D are correct. ReiserFS is a general-purpose computer file system designed and implemented by a team at Namesys led by Hans Reiser. This file system is currently supported on Linux. It was introduced in version 2.4.1 of the Linux kernel. It was the first journaling file system to be included in the standard kernel. It is the default file system on the Elive, Xandros, Linspire, GoboLinux, and Yoper Linux distributions. A4. Answer option A is correct. Kernel Recovery for Novell-Netware is a data recovery software tool. It can recover lost and deleted data of traditional and NSS volumes of NWFS, Net386, and NSS file system installed on the hard disk drive or the data storage media. The Novell OS gets corrupt due to partition table deletion or corruption, operating system corruption, volume table and HotFix table damage, DET or FAT corruption, etc. Answer option B is incorrect. Restorer2000 is unformat and file recovery software for Windows 95/98/Me/NT/2000/XP/2003/Vista. It is leading file recovery software and used by both experts and novice users. It is ideal software for home and small office users who need to recover accidentally deleted files or files from deleted/corrupted logical disks. Answer option C is incorrect. SDRW stands for SalvageData Recovery for Windows. It is the best solution for recovering files from a crashed or virus-corrupted hard drive. It focuses on salvaging and recovering files quickly off the failing or degrading drive. SDRW is the best
214 option to recover important data. It is the best logical data recovery solution to quickly salvage data. Answer option D is incorrect. Kernel Recovery for Linux data recovery software supports Linux data recovery from Ext2, Ext3 file system based Linux operating systems, for example, Red Hat, Mandrake, Turbo, SuSe, Debian, Ubuntu, SCO, etc. It can recover data from corrupted Linux partitions and can restore deleted files from the hard drive. This tool can even recover the data from the deleted Linux partitions. It also supports the new Ext3 file system. A5. Answer option C is correct. DiskInternals Linux Reader is a freeware Linux reader for Windows. A user can read Linux's files from Windows. This tool plays the role of a bridge between Windows and Ext2/Ext3/Ext4, HFS, and ReiserFS file systems. DiskInternals Linux Reader provides for readonly access. It does not allow to make records in file system partitions. Answer option A is incorrect. Kernel Recovery for ReiserFS is advanced Linux data recovery software. It recovers missing/deleted data from the Linux based Reiserfs File system. This software is secure, simple, and easy to use data recovery software. It can recover data lost due to accidental file deletion, partition deletion, partition corruption, internal node or iNode corruption, journal corruption, super block corruption, and directory corruption. Kernel Recovery for ReiserFS software uses quick and advanced algorithm to search and restore the lost partitions, files and folders from the corrupt and damaged Linux partitions. Answer option B is incorrect. Disk Doctors Linux Data Recovery software is a user-friendly Linux recovery tool. It performs data recovery from the Linux Ext2, Ext3, and Ext4 file systems created on any Linux distribution. It supports all the most prevailing Linux distributions such as Redhat Linux, Suse Linux, Mandriva Linux, Ubuntu Linux, Caldera Linux, Slackware Linux, Gentoo Linux, Kubuntu Linux, and many more. Answer option D is incorrect. Kernel Recovery for JFS recovers corrupt Linux JFS partition data. It can recover lost due to accidental file deletion, partition deletion, internal node corruptions, leaf node corruptions, journal corruptions, super block corruptions, and directory corruptions. It completely scans the damaged hard drive and locates lost partitions, files and folders of the JFS partition. This software is secure, easy and simple to access from the damaged, corrupt IBM JFS Linux partitions on all flavors of Linux.
215
Chapter 16 - Incident Response Overview

This Chapter helps in the prepration of EDRP Exam by covering the following EC-Council objectives, which address Incident Response. This chapter includes the following objectives: Incident response policy: Incident response policy is a document that defines an incident and helps people to respond appropriately to that incident. Incident management: Incident management is the process of restoring normal service operation as fast as possible while reducing unfavorable impact on business operations. Eradication: Eradication is the phase in which the Incident Handler analyzes the information gathered to determine how the attack took place Access Pass View: Access Pass View is an application available in Windows Live side of the Helix.
Key Points
Incident, Category of Incidents, Low Level, Mid Level, High Level
The following are the basic types of incidents: Level 1 or Low-level Incident Level 2 or Mid-level Incident Level 3 or High-level Incident Level 4 or Crisis Incident Level 5 or Catastrophic Incident
A low-level (or level 1) incident is referred to as a minor departmental, building, or individual/personal incident. These types of incidents can be easily resolved using a responding service unit designated to handle emergency situations, such as facilities staff called to respond to a broken electric wire or a broken pipe.
216 A mid-level or level 2 incident signifies to a departmental, building, or personal incident. Such an incident can be resolved using existing available resources and/or limited additional support. A level 2 incident is generally a one-dimensional event of short duration, such as a fire contained in a residence hall room, a small scale chemical spill in a laboratory, etc. These incidents have restricted impact on the space/building in which it occurs or the persons involved. A high-level or level 3 incident is referred to as an emergency that impacts people on a larger scale. Such an incident becomes drastically complex due to its nature and severity. Some common examples of high-level incidents are civil disobedience, bomb threats, etc. A crisis or level 4 incident refers to major emergencies. These incidents may have impact on a large portion of the physical or human resources of a campus. They can also affect the external communities, which call for response from multiple or all campus units. These incidents can be a single or multi-hazard situation, real or imminent, natural or artificial, and frequently require considerable management both within and outside an organization, such as black-out, tornado, flood, contagious disease outbreak, etc. A catastrophic or level 5 incident is an emergency that covers the entire campus and surrounding communities. Such incidents are generally multi-hazard and beyond the crisis response capabilities of the campus and local resources, such as bioterrorism, plane crash on campus, etc.
How to Identify an Incident?, How to Prevent an Incident?, Relationship between Incident Response, Incident Handling, and Incident Management, Incident Management Plan, Incident Handling, Information Security Life Cycle, Incident Response
Forensic Acquisition Utilities (FAU) is an Incident Response tool that is used to make an image of the system's memory and any devices attached to the system. FAU contained a modified Windows version of the Unix utility dd that could image not only the hard drives but also memory. With the help of Forensic Acquisition Utilities (FAU), forensic investigators can use the search tools to find text in the memory image, IP addresses, URLs, and passwords. The risk management is considered as the identification, assessment, and prioritization of risks. It is followed by coordinated and economical application of resources to minimize, monitor, and
217
control the probability and/or impact of unfortunate events or to maximize the realization of opportunities. Risks can come from uncertainty in financial markets, project failures, legal liabilities, credit risk, accidents, natural causes and disasters as well as deliberate attacks from an adversary. Transference is a strategy to mitigate negative risks or threats. In this strategy, consequences and the ownership of a risk is transferred to a third party. This strategy does not eliminate the risk but transfers responsibility of managing the risk to another party. Insurance is an example of transference. Incident Management (IcM) refers to the activities of an organization to identify, analyze, and correct hazards. For instance, a fire in a factory would be a risk that realized, or an incident that happened. An Incident Response Team (IRT) or an Incident Management Team (IMT), specifically designated for the task beforehand or on the spot, would then manage the organization through the incident. Usually as part of the wider management process in private organizations, Incident Management is followed by post-incident analysis where it is determined why the incident happened despite precautions and controls. This information is then used as feedback to further develop the security policy and/or its practical implementation. In the USA, the National Incident Management System, developed by the Department of Homeland Security, integrates effective practices in emergency management into a comprehensive national framework. Incident management is the process of restoring normal service operation as fast as possible while reducing unfavorable impact on business operations. Incident management is a reactive, temporary focus on restoring service. The process of incident management includes the following activities: Incident detection and recording Classification and initial support Investigation and diagnosis Resolution and recovery Closure
The Cyber Incident Response Plan is used to address cyber attacks against an organization's IT system through various procedures. These procedures enable security personnel to identify, mitigate, and recover from malicious computer incidents, such as denial-of-service
218 attacks, unauthorized accessing of a system or data, or unauthorized changes to system hardware, software, or data. Incident handling is a process that includes three important functions, which are as follows: Incident reporting: This function permits a CSIRT to act as a central point for reporting local problems. This allows all incident reports and activities to be accumulated and analyzed in one location. Then information can be reviewed and correlated across the organization. This information can then be utilized in determining the trends and patterns of malicious intruder activities. Incident analysis: It involves in-depth investigation of the incident report or incident activity to establish the priority and threat of the incident. Incident analysis is also used in researching possible response and mitigation strategies. Incident response: This function can take many forms. A CSIRT sends out their recommendations and solutions for recovery and prevention to the systems and network administrators at the site of incident, who then perform the appropriate response steps specified by CSIRT. A CSIRT may also carry out these steps themselves on the affected systems. The response may also involve sharing information and lessons learned with other response teams and other appropriate organizations and sites. The objectives of security incident handling are as follows: It makes sure that there are sufficient resources to deal with the incidents, including manpower, technology, etc. It makes sure that all concerned parties understand the tasks that they perform during an incident by using predefined procedures. It makes sure that there is a systematic and efficient response, and the compromised systems have quick recovery. It makes sure that the response activities are identified and coordinated. It reduces the possible impacts of an incident in terms of information leakage, corruption, system disruption, etc. It reduces further attacks and damages. It handles the related legal issues.
219
Incident response policy is a document that defines an incident and helps people to respond appropriately to that incident. It provides information about people who are responsible for handling security incidents and how they can be contacted. The incident response policy also provides instructions to deal with documenting and disseminating incident-related information.
Incident Response Policy, Risk Analysis, Risk Analysis and Incident Response, Incident Response Methodology, Preparation, Identification, Containment, Eradication, Recovery, Follow up
Risk analysis is a method or a technique that can be used to identify and assess factors that may hinder the successful completion of a project or the achievement of a goal. It is also known as Project Impact Analysis or PIA. Risk analysis can also be used to determine business needs to start a project. The preparation phase of the Incident handling process is responsible for defining rules, collaborating human workforce, creating a back-up plan, and testing the plans for an enterprise. Preparation is the phase of the Incident handling, which involves different processes that are as follows: Establishing applicable policies Building relationships with key players Building a response kit Establish communication plan Creating incident checklists Performing threat modeling Building an incident response team.
Eradication is the phase in which the Incident Handler analyzes the information gathered to determine how the attack took place. It is important to understand the process of the attack to prevent it from occurring again. Eradication basically refers to the process of ending the attack of the intruder on the network of an organization. It also involves restoring systems to a secure baseline configuration. After restoring the system, the Incident Handler performs vulnerability analysis on the system to ensure successful
220 eradication. The Incident Handler also makes sure that these new vulnerabilities are not introduced in the system again. Eradication step of the incident handling process ensures that the problem is removed and system turns immune to the vulnerabilities that cause an incident. Actions performed in the Eradication step are as follows: Isolating the attack and determining its method of execution. Implementing appropriate protection techniques. Performing vulnerability analysis. Removing the cause of the incident. Locating the most recent clean back up.
The following are the steps in risk analysis: The value of all the assets of an organization are evaluated. An exhaustive list of all threats and risks is prepared. Each threat and the risk related to it should be individually evaluated. A list including the threat-specific countermeasures is prepared. safeguards and
A cost/benefit analysis of each safeguard is performed.
Risk analysis provides the higher management the details necessary to determine the risks that should be mitigated, transferred, and accepted. It recognizes risks, quantifies the impact of threats, and supports budgeting for security. It adjusts the requirements and objectives of the security policy with the business objectives and motives. The following are the stages in the risk analysis process. Inventory Threat assessment Evaluation of control Management Monitoring
221
CERT (Computer Emergency Response Team), CSIRT (Computer Security Incident Response Team), General Categories of CSIRTs, Members of CSIRT Team, Building an Effective CSIRT, FIRST (Forum of Incident Response and Security Teams)
Computer Security Incident Response Team (CSIRT) is a name given to expert groups that handle computer security incidents. Most groups append the abbreviation CSIRT or CERT to their designation where the latter stands for Computer Emergency Response Team. For some teams, the spelling of CERT refers to Computer Emergency Readiness Team while handling the same tasks. In the English-speaking parts of the world, some teams took on the more specific name of CSIRT to point out the task of handling security incidents instead of other tech support work. The history of CSIRTs is linked to the existence of computer worms. Whenever a new technology arrives, its misuse is not long in following - the first worm in the IBM VNET was covered up. Shortly later, a worm hit the Internet on 3 November 1988 when the so-called Morris Worm paralyzed a good percentage of it. This led to the formation of the first Computer Emergency Response Team at Carnegie Mellon University under U.S. Government contract. Interior Gateway Routing Protocol (IGRP) is a Cisco proprietary distance vector Interior Gateway Protocol (IGP). It is used by Cisco routers to exchange routing data within an autonomous system (AS). This is a classful routing protocol and does not support variable length subnet masks (VLSM). IGRP supports multiple metrics for each route, including bandwidth, delay, load, MTU, and reliability. There are some pre-defined steps for searching data on a Windows system, which are necessary for a proper and efficient investigation and analysis of the data collected. FIRST (Forum of Incident Response and Security Team) aims to foster cooperation and coordination in incident prevention, to prompt rapid reaction to incidents, and to promote information sharing among members and the community at large. Classless routing protocols extend the IP addressing scheme using a variable length subnet mask. These protocols include subnet masks in routing updates. Classless routing protocols provide flexibility and reduce routing overhead. RIPv2, OSPF, EIGRP, and BGP are classless routing protocols.
Request Tracker for Incident Response, Helix Incident Response & Computer Forensics Live CD
222 Helix is a live acquisition tool that is used to collect volatile information. It presents a portable forensic environment, providing access to many Windows-based tools. Helix contains static binaries for Linux, Solaris, and Windows using GNU utilities and Cygwin tools. These tools include Sysinternal's tools, Garners Forensic Acquisition Utilities suite, Windows Toolchest, and Windows Debugger. One of the important advantages of the Helix tool is that it maintains the integrity of the command line by ensuring that Windows built-in command-line tools do not run from the compromised system. Windows command-line tools present in Helix are as follows: .cab extractor ipconfig kill netstat Process explorer
THE FARMER'S BOOT CD (FBCD) is a Linux boot CD developed by Thomas Rude. It provides a safe and quick forensic environment to preview the data stored within various storage media. This CD is designed and optimized for previewing systems before acquiring. It contains a number of programs that can be utilized by forensic practitioners to preview both Windows and Linux systems in a forensically sound manner. THE FARMER'S BOOT CD is designed and optimized for previewing systems before acquiring. Following tasks can be accomplished in a simple GUI on this CD: Mount file systems read-only, including journalled file system types Obtain a list of deleted files for ext2, FAT12/16/32, and NTFS file system types Undelete deleted files from NTFS file systems Read Windows event log files (AppEvent.Evt, SecEvent.Evt, SysEvent.Evt) Read many log files from Linux systems (shell histories, system logs, security logs, accounting logs, etc.)
223
Parse Internet cache files from IE, Mozilla, and Opera, pulling cookies and histories Catalog target file system, selecting files of interest by extension or header Convert date/time between UNIX 32bit, UNIX hex, human readable, Windows 64bit, and Windows hex Obtain drive information (serial number, make/model, firmware, HPA status, etc.) Obtain system BIOS table information (serial numbers, dates, UUIDs, etc.)
Pop Quiz
Q1: Which workforce works to handle the incidents in an enterprise?
Ans: Computer Emergency Response Team

Q2: Which is the phase of Incident handling process in which the distinction between an event and an incident is made?
Ans: Identification phase
224
Key Terms
Incident management is the process of restoring normal service operation as fast as possible while reducing unfavorable impact on business operations. Risk analysis provides the higher management the details necessary to determine the risks that should be mitigated, transferred, and accepted. It recognizes risks, quantifies the impact of threats, and supports budgeting for security. Computer Security Incident Response Team (CSIRT) is a name given to expert groups that handle computer security incidents. Most groups append the abbreviation CSIRT or CERT to their designation where the latter stands for Computer Emergency Response Team. Helix is a live acquisition tool that is used to collect volatile information. It presents a portable forensic environment, providing access to many Windows-based tools. Helix contains static binaries for Linux, Solaris, and Windows using GNU utilities and Cygwin tools. THE FARMER'S BOOT CD (FBCD) is a Linux boot CD developed by Thomas Rude. It provides a safe and quick forensic environment to preview the data stored within various storage media.
225
Test Your Knowledge

Q1. Which of the following are the basic types of incidents? Each correct answer represents a complete solution. Choose all that apply. A. B. C. D. Q2. Crisis Incident High-level Incident Catastrophic Incident Counterfeit Incident
Which of the following types of incidents can be resolved using existing available resources and/or limited additional support? A. B. C. D. Catastrophic incident Mid-level incident High-level incident Crisis incident
Q3.
Which of the following types of incidents is generally multi-hazard and beyond the crisis response capabilities of a campus? A. B. C. D. Catastrophic incident Low-level incident Counterfeit-level incident Crisis incident
Q4.
Configuration Management (CM) is an Information Technology Infrastructure Library (ITIL) IT Service Management (ITSM) process. Configuration Management is used for which of the following? Each correct answer represents a part of the solution. Choose all that apply. A. B. C. D. To account for all IT assets To provide precise information support to other ITIL disciplines To verify configuration records and correct any exceptions To provide a solid base only for Incident and Problem Management
Q5.
Which of the following are the phases of an Incident handling process?
226 Each correct answer represents a complete solution. Choose all that apply. A. B. C. D. Preparation phase Containment phase Recovery phase Backup phase
227
Answer Explanations
A1. Answer options A, B, and C are correct. The following are the basic types of incidents: Level 1 or Low-level Incident Level 2 or Mid-level Incident Level 3 or High-level Incident Level 4 or Crisis Incident Level 5 or Catastrophic Incident
Answer option D is incorrect. Counterfeit Incident is an invalid type of incident. A2. Answer option B is correct. A mid-level or level 2 incident signifies to a departmental, building, or personal incident. Such an incident can be resolved using existing available resources and/or limited additional support. A level 2 incident is generally a one-dimensional event of short duration, such as a fire contained in a residence hall room, a small scale chemical spill in a laboratory, etc. These incidents have restricted impact on the space/building in which it occurs or the persons involved. Answer option A is incorrect. A catastrophic or level 5 incident is an emergency that covers the entire campus and surrounding communities. Such incidents are generally multi-hazard and beyond the crisis response capabilities of the campus and local resources, such as bioterrorism, plane crash on campus, etc. Answer option C is incorrect. A high-level or level 3 incident is referred to as an emergency that impacts people on a larger scale. Such an incident becomes drastically complex due to its nature and severity. Some common examples of high-level incidents are civil disobedience, bomb threats, etc. Answer option D is incorrect. A crisis or level 4 incident refers to major emergencies. These incidents may have impact on a large portion of the physical or human resources of a campus. They can also affect the external communities, which call for response from multiple or all campus units. These incidents can be a single or multi-hazard situation, real or imminent, natural or artificial, and frequently require considerable management both within and outside
228 an organization, such as black-out, tornado, flood, contagious disease outbreak, etc. A3. Answer option A is correct. A catastrophic or level 5 incident is an emergency that covers the entire campus and surrounding communities. Such incidents are generally multi-hazard and beyond the crisis response capabilities of the campus and local resources, such as bioterrorism, plane crash on campus, etc. Answer option B is incorrect. A low-level (or level 1) incident is referred to as a minor departmental, building, or individual/personal incident. These types of incidents can be easily resolved using a responding service unit designated to handle emergency situations, such as facilities staff called to respond to a broken electric wire or a broken pipe. Answer option C is incorrect. A counterfeit-level incident is an invalid type of incident. Answer option D is incorrect. A crisis or level 4 incident refers to major emergencies. These incidents may have impact on a large portion of the physical or human resources of a campus. They can also affect the external communities, which call for response from multiple or all campus units. These incidents can be a single or multi-hazard situation, real or imminent, natural or artificial, and frequently require considerable management both within and outside an organization, such as black-out, tornado, flood, contagious disease outbreak, etc. A4. Answer options A, B, and C are correct. Configuration Management is used for the following: To account for all IT assets To provide precise information support to other ITIL disciplines To provide a solid base for Incident, Problem, Change, and Release Management To verify configuration records and correct any exceptions
Answer option D is incorrect. Configuration Management is used to provide a solid base for Incident, Problem, Change, and Release Management. A5. Answer options A, B, and C are correct.
229
There are six different phases of the Incident handling process, which are as follows: Preparation phase Identification phase Containment phase Eradication phase Recovery phase Lessons Learned phase
Answer option D is incorrect. Backup phase is an invalid phase.
230
Chapter 17 - Role of Public Services in Disaster Overview

This Chapter helps in the prepration of EDRP Exam by covering the following EC-Council objectives, which addresses Role of Public Services in Disaster. This chapter includes the following objectives: Health Maintenance Organizations: Health Maintenance Organizations focus on preventive care and controlling health costs.. Corrective controls: Corrective controls are used after a security breach.
Key Points
Public Services, State and Local Governments, Public Utilities and Departments, Hospitals, Blood Banks, Medical Laboratories, Food Banks, Fire Fighting Service, Waste/ Debris Management
Halon, carbon dioxide (CO2), and FM-200 can be used as a fire suppression agent at the data center. These fire suppression agents cause the least damage to equipments in a data center. The six standards as defined by OSHA are hazard communication standard, emergency action plan standard, fire safety standard, exit routes standard, walking/working surfaces standard, and the medical and first aid standard. The General Duty Standard, Section 5 is the general purpose of OSHA: to provide employees with a safe working environment with safety standards. Health Maintenance Organizations focus on preventive care and controlling health costs. They determine whether patients need to be seen by a specialist.
231
Pop Quiz
Q1: Which is the best type of water-based fire suppression system for a computer facility?
Ans: Preaction system

Q2: Which is considered as the weakest form of DES?
Ans: DES ECB
232
Key Terms
Health Maintenance Organizations focus on preventive care and controlling health costs. They determine whether patients need to be seen by a specialist. The General Duty Standard, Section 5 is the general purpose of OSHA: to provide employees with a safe working environment with safety standards.
233
Test Your Knowledge

Q1. Which of the following fire suppression agents cause the least damage to equipments in a data center? Each correct answer represents a complete solution. Choose all that apply. A. B. C. D. Q2. Halon Carbon dioxide (CO2) Water (H2O) FM-200
OSHA has identified six standards that apply to almost all general industry employers. All of the following are standards as defined by OSHA that apply to employers except for which one? A. B. C. D. Exit routes standard Equity pay standard Fire safety standard Emergency action plan standard
Q3.
Which of the following focuses on preventive care and controlling health costs? A. B. C. D. Preferred Provider Organization Physician Hospital Organization Health Maintenance Organization Exclusive Provider Organization
Q4.
Which of the following techniques are used after a security breach and are intended to limit the extent of any damage caused by the incident? A. B. C. D. Preventive controls Detective controls Corrective controls Safeguards
234
Q5.
Software Development Life Cycle (SDLC) is a logical process used by the programmers to develop software. Which SDLC phase meets the following audit objectives? A. B. C. D. System and data are validated. System meets all user requirements. System meets all control requirements? Initiation Evaluation and acceptance Definition Programming and training
235
Answer Explanations
A1. Answer options A, B, and D are correct. Halon, carbon dioxide (CO2), and FM-200 can be used as a fire suppression agent at the data center. These fire suppression agents cause the least damage to equipments in a data center. Answer option C is incorrect. Using water as a fire suppression agent at the data center is harmful for the equipments. A2. Answer option B is correct. Payment of employees is not something covered by OSHA so this choice is incorrect. The six standards as defined by OSHA are hazard communication standard, emergency action plan standard, fire safety standard, exit routes standard, walking/working surfaces standard, and the medical and first aid standard. Answer option A is incorrect. The exit routes standard is one of the six standards defined by OSHA. Answer option C is incorrect. The fire safety standard is one of the six standards defined by OSHA. Answer option D is incorrect. The emergency action plan standard is one of the six standards defined by OSHA. A3. Answer option C is correct. Health Maintenance Organizations focus on preventive care and controlling health costs. They determine whether patients need to be seen by a specialist. Answer option A is incorrect. Preferred Provider Organization (PPO) utilizes a network of health-care providers for patient services. Answer option B is incorrect. Physician Hospital Organization is an entity formed by physicians and hospitals whose objective is to negotiate contracts with payer organizations. Answer option D is incorrect. In the Exclusive Provider Organization (EPO), physicians may see only those patients who are part of this organization. A4. Answer option C is correct.
236 Corrective controls are used after a security breach. After security has been breached, corrective controls are intended to limit the extent of any damage caused by the incident, e.g. by recovering the organization to normal working status as efficiently as possible. Answer option A is incorrect. Before the event, preventive controls are intended to prevent an incident from occurring, e.g. by locking out unauthorized intruders. Answer option B is incorrect. During the event, detective controls are intended to identify and characterize an incident in progress, e.g. by sounding the intruder alarm and alerting the security guards or the police. Answer option D is incorrect. Safeguards are those controls that provide some amount of protection to an asset. A5. Answer option B is correct. It is the evaluation and acceptance phase of the SDLC, which meets the following audit objectives:
System and data are validated. System meets all user requirements. System meets all control requirements
Answer option A is incorrect. During the initiation phase, the need for a system is expressed and the purpose of the system is documented. Answer option C is incorrect. During the definition phase, users' needs are defined and the needs are translated into requirements statements that incorporate appropriate controls. Answer option D is incorrect. During the programming and training phase, software and other components of the system are faithfully incorporated into the design specifications. Proper documentation and training are provided in this phase.
237
Chapter 18 - Organizations Providing Services during Disasters Overview

This Chapter helps in the prepration of EDRP Exam by covering the following EC-Council objectives, which address Organizations Providing Services during Disasters. This chapter includes the following objectives: IFRC: The International Federation of Red Cross and Red Crescent Societies (IFRC) is the biggest charitable organization in the world. It provides assistance with no discrimination of class, political opinions, nationality, race or religious beliefs. NERT: The National Emergency Response Team (NERT) is a nonprofit, volunteer-based organization, which develops disaster preparedness educational programs and delivers response services to areas affected by a disaster. Snooping: Snooping is an activity of observing the content that appears on a computer monitor or watching what a user is typing. MMC: The Mennonite Central Committee (MCC) deals with peace, service, and relief agency representing 15 Mennonite, Brethren in Christ, and Amish bodies in North America.
Key Points
Organizations Providing Services during Disasters, Relief Organizations, International Committee of the Red Cross (ICRC), International Federation of Red Cross and Red Crescent Societies (IFRC), United Nations Children's Fund (UNICEF), National Emergency Response Team (NERT)
The International Committee of the Red Cross (ICRC) is an unbiased, neutral, and autonomous organization. Its mission is to look after the lives and dignity of victims of war and internal violence, and to provide them assistance with care. It also directs and coordinates international relief and works to promote and strengthen humanitarian law and universal humanitarian principles.
238 The ICRC describes seven fundamental principles, which are humanity, impartiality, neutrality, independence, volunteerism, unity, and universality. The International Federation of Red Cross and Red Crescent Societies (IFRC) is the biggest charitable organization in the world. It provides assistance with no discrimination of class, political opinions, nationality, race, or religious beliefs. The main objective of IFRC is to motivate, encourage, assist, and promote at all times all forms of humanitarian activities by National Societies, including the vision to prevent and alleviate human suffering, thereby contributing to the maintenance and promotion of human dignity and peace in the world. The United Nations Children's Fund (UNICEF) was formed by the United Nations General Assembly. UNICEF offers enduring humanitarian and developmental support to mothers and children in developing countries. Its programs emphasize on developing community-level services for encouraging the health and well-being of children. UNICEF was awarded the Nobel Peace Prize in 1965 and the Prince of Asturias Award of Concord in 2006. The National Emergency Response Team (NERT) is a non-profit, volunteer-based organization that develops disaster preparedness educational programs and delivers response services to areas affected by a disaster. NERT consists of volunteers who donate their time, talents, and resources, which allow for every charitable contribution to directly assist those in needs. Many volunteers nationwide, with a wide spectrum of talents, donate their time and energy assisting in a variety of NERT programs.
CARE, Ananda Marga Universal Relief Team (AMURT), Action Against Hunger (AAH), Emergency Nutrition Network (ENN), Doctors Without Borders, Hunger Plus, Inc, InterAction, International Rescue Committee (IRC)
The Ananda Marga Universal Relief Team (AMURT) is a private international voluntary organization originated in India. It has set up teams in thirty-four countries so far to build a network, which can meet disaster and development needs of the world. Its goals included longterm development. AMURT plays a vital role in helping weak communities break the cycle of poverty and achieve greater control over their lives. For
239
AMURT, growth is human exchange, people sharing wisdom, knowledge, and experience to build a better world. Action Against Hunger (AAH) is a global humanitarian organization, which has committed to end world hunger. AAH has the objective to save lives by eradicating hunger through prevention, detection, and treatment of malnutrition, particularly during and after emergency situations of conflict, war, and natural disaster. With the help of institutional contributor and concerned persons worldwide, AAH is working to put the negative effects of severe malnutrition together with polio and the plague as a measure of humanity's progress in defeating unnecessary suffering and death. The Emergency Nutrition Network (ENN) works as a humanitarian group of investigator that supports and assists activities to enhance the efficiency of emergency food and nutrition interventions. ENN is the result of a shared commitment to improve knowledge, stimulate learning, and provide vital support and encouragement to food and nutrition workers involved in emergencies. The International Rescue Committee (IRC) is a nonsectarian, nongovernmental international relief and development organization established in the United States. The IRC's key goal is to provide emergency relief, post-conflict development and resettlement services; to work for the protection of human rights; and to advocate for those uprooted or affected by violent conflict and oppression. The IRC delivers many services together with emergency response, health care, fighting gender-based violence, post-conflict development projects, offspring and youth protection and education programs, water and sanitation systems, strengthening the capacity of local organizations, and supporting civil society and goodgovernance initiatives. The Ananda Marga Universal Relief Team (AMURT) is a private international voluntary organization originated in India. It has set up teams in thirty-four countries so far to build a network, which can meet disaster and development needs of the world. Its goals included long-term development. Action Against Hunger (AAH) is a global humanitarian organization, which has committed to end world hunger. AAH has the objective to save lives by eradicating hunger through prevention, detection, and treatment of malnutrition, particularly during and after emergency situations of conflict, war, and natural disaster. The International Rescue Committee (IRC) is a nonsectarian, nongovernmental international relief and development organization
240 established in the United States. The IRC's key goal is to provide emergency relief, post-conflict development and resettlement services, to work for the protection of human rights, and to advocate for those uprooted or affected by violent conflict and oppression. Snooping is an activity of observing the content that appears on a computer monitor or watching what a user is typing.
Mennonite Central Committee (MCC), Mercy Corps (MC), Refugees International, Relief International, Save the Children, Project HOPE
The Mennonite Central Committee (MCC) deals with peace, service, and relief agency representing 15 Mennonite, Brethren in Christ, and Amish bodies in North America. It concentrates on basic human needs like water, food, and shelter; and works together with churches and communities in a variety of efforts to build peace. MCC is involved with local churches and community groups to allow them to better respond to the requirements within their own communities. MCC builds bridges to join people and ideas across cultural, political, and economic divides: Mercy Corps is concerned with helping public to turn the crises they meet into the opportunities they deserve. The programs of Mercy Corps provide communities in the world's toughest places with the tools and support they need to transform their own lives. Mercy Corps works to lessen suffering, poverty, and oppression by helping people build secure, productive, and just communities. Refugees International works for lifesaving support and protection for dislocated people and promotes solutions to dislocation crises. It is due to the efforts of Refugees International that deserted refugees receive food, medicine, and education; displaced families return home; peacekeepers are sent to protect displaced people from harm; and stateless people obtain legal status. Refugees International works to become the important advocacy organization that incites action from global leaders to resolve refugee crises. It does not admit government or UN funding, allowing its support to be fearless and independent. Relief International works as a humanitarian non-profit organization to provide emergency relief, rehabilitation, development support, and program services to weak communities worldwide. Relief International is only devoted to reduce human suffering and is non-
241
political and non-sectarian in its mission. Relief International's objectives are as follows: To serve the needs of the weak section, particularly women and children, victims of natural disasters and civil conflicts, and the poor with a specific focus on neglected groups and cases To provide holistic, multi-sectored, sustainable, and pro-poor programs that bridge emergency relief and long-term growth at the grassroots level To empower communities by building capacity and by maximizing local resources in both program design and implementation To promote self-reliance, peaceful coexistence, and reintegration of marginalized communities To protect lives from physical injury or death and psychological trauma where present To uphold the highest professional norms in program delivery, including accountability to beneficiaries and donors alike
Save the Children is an autonomous organization that deals with the creation of enduring change in the lives of children in need in the United States and other parts of the world. It works with other organizations, governments, non-profits, and a variety of local partners while maintaining their own independence without political agenda or religious orientation. Save the Children works to save lives with food, health concerns, and education, and remains to help the society to reconstruct through lasting recovery programs if a disaster hits around the world. Save the Children takes action to tsunamis and civil conflict as quickly as it can. It works to resolve the ongoing struggles that children face every day, such as poverty, hunger, illiteracy, and disease, and provides them with hope for the future.
242
Pop Quiz
Q1: Which organization provides support without discrimination of class, political opinions, nationality, race, or religious beliefs?
Ans: IFRC
Q2: Which organization offers humanitarian and developmental support to mothers and children in developing countries?
Ans: UNICEF
243
Key Terms
The International Committee of the Red Cross (ICRC) is an unbiased, neutral, and autonomous organization. Its mission is to look after the lives and dignity of victims of war and internal violence, and to provide them assistance with care. The United Nations Children's Fund (UNICEF) was formed by the United Nations General Assembly. UNICEF offers enduring humanitarian and developmental support to mothers and children in developing countries. The National Emergency Response Team (NERT) is a non-profit, volunteer-based organization that develops disaster preparedness educational programs and delivers response services to areas affected by a disaster. The Ananda Marga Universal Relief Team (AMURT) is a private international voluntary organization originated in India. It has set up teams in thirty-four countries so far to build a network, which can meet disaster and development needs of the world. The Emergency Nutrition Network (ENN) works as a humanitarian group of investigator that supports and assists activities to enhance the efficiency of emergency food and nutrition interventions. Mercy Corps is concerned with helping public to turn the crises they meet into the opportunities they deserve. The programs of Mercy Corps provide communities in the world's toughest places with the tools and support they need to transform their own lives. Relief International works as a humanitarian non-profit organization to provide emergency relief, rehabilitation, development support, and program services to weak communities worldwide.
244
Test Your Knowledge

Q1. Which of the following organizations describes seven fundamental principles, i.e., humanity, impartiality, neutrality, independence, volunteerism, unity, and universality? A. B. C. D. Q2. ICRC IFRC UNICEF NERT
Which of the following organizations aims to motivate, encourage, assist and promote at all times all forms of humanitarian activities by National Societies, including the vision to prevent and alleviate human suffering? A. B. C. D. ICRC IFRC UNICEF NERT
Q3.
Which of the following organizations has the motto "growth is human exchange, people sharing wisdom, knowledge, and experience to build a better world"? A. B. C. D. AAH AMURT ENN IRC
Q4.
Which of the following organizations objective is to save lives by eradicating hunger through prevention, detection, and treatment of malnutrition, particularly during and after emergency situations of conflict, war, and natural disaster? A. B. C. D. AAH AMURT ENN IRC
uCertify Study Guide for EC-Council Exam 312-76 Q5.
245
Which of the following options is an activity of observing the content that appears on a computer monitor or watching what a user is typing? A. B. C. D. Copyright Snooping Utility model Patent
246
Answer Explanations
A1. Answer option A is correct. The International Committee of the Red Cross (ICRC) is an unbiased, neutral, and autonomous organization. Its mission is to look after the lives and dignity of victims of war and internal violence, and to provide them assistance with care. It also directs and coordinates international relief and works to promote and strengthen humanitarian law and universal humanitarian principles. The ICRC describes seven fundamental principles, which are humanity, impartiality, neutrality, independence, volunteerism, unity, and universality. Answer option B is incorrect. The Cross and Red Crescent Societies organization in the world. It discrimination of class, political religious beliefs. International Federation of Red (IFRC) is the biggest charitable provides assistance with no opinions, nationality, race, or
The main objective of IFRC is to motivate, encourage, assist, and promote at all times all forms of humanitarian activities by National Societies, including the vision to prevent and alleviate human suffering, thereby contributing to the maintenance and promotion of human dignity and peace in the world. Answer option C is incorrect. The United Nations Children's Fund (UNICEF) was formed by the United Nations General Assembly. UNICEF offers enduring humanitarian and developmental support to mothers and children in developing countries. Its programs emphasize on developing community-level services for encouraging the health and well-being of children. UNICEF was awarded the Nobel Peace Prize in 1965 and the Prince of Asturias Award of Concord in 2006. Answer option D is incorrect.The National Emergency Response Team (NERT) is a non-profit, volunteer-based organization that develops disaster preparedness educational programs and delivers response services to areas affected by a disaster. NERT consists of volunteers who donate their time, talents, and resources, which allow for every charitable contribution to directly assist those in needs. Many volunteers nationwide, with a wide spectrum of talents, donate their time and energy assisting in a variety of NERT programs. A2. Answer option B is correct.
247
The International Federation of Red Cross and Red Crescent Societies (IFRC) is the biggest charitable organization in the world. It provides assistance with no discrimination of class, political opinions, nationality, race, or religious beliefs. The main objective of IFRC is to motivate, encourage, assist, and promote at all times all forms of humanitarian activities by National Societies, including the vision to prevent and alleviate human suffering, thereby contributing to the maintenance and promotion of human dignity and peace in the world. Answer option A is incorrect. The International Committee of the Red Cross (ICRC) is an unbiased, neutral, and autonomous organization. Its mission is to look after the lives and dignity of victims of war and internal violence, and to provide them assistance with care. It also directs and coordinates international relief and works to promote and strengthen humanitarian law and universal humanitarian principles. The ICRC describes seven fundamental principles, which are humanity, impartiality, neutrality, independence, volunteerism, unity, and universality. Answer option C is incorrect. The United Nations Children's Fund (UNICEF) was formed by the United Nations General Assembly. UNICEF offers enduring humanitarian and developmental support to mothers and children in developing countries. Its programs emphasize on developing community-level services for encouraging the health and well-being of children. UNICEF was awarded the Nobel Peace Prize in 1965 and the Prince of Asturias Award of Concord in 2006. Answer option D is incorrect. The National Emergency Response Team (NERT) is a non-profit, volunteer-based organization that develops disaster preparedness educational programs and delivers response services to areas affected by a disaster. NERT consists of volunteers who donate their time, talents, and resources, which allow for every charitable contribution to directly assist those in needs. Many volunteers nationwide, with a wide spectrum of talents, donate their time and energy assisting in a variety of NERT programs. A3. Answer option B is correct. The Ananda Marga Universal Relief Team (AMURT) is a private international voluntary organization originated in India. It has set up teams in thirty-four countries so far to build a network, which can meet disaster and development needs of the world. Its goals included long-term development.
248 AMURT plays a vital role in helping weak communities break the cycle of poverty and achieve greater control over their lives. For AMURT, growth is human exchange, people sharing wisdom, knowledge, and experience to build a better world. Answer option A is incorrect. Action Against Hunger (AAH) is a global humanitarian organization, which has committed to end world hunger. AAH has the objective to save lives by eradicating hunger through prevention, detection, and treatment of malnutrition, particularly during and after emergency situations of conflict, war, and natural disaster. With the help of institutional contributor and concerned persons worldwide, AAH is working to put the negative effects of severe malnutrition together with polio and the plague as a measure of humanity's progress in defeating unnecessary suffering and death. Answer option C is incorrect. The Emergency Nutrition Network (ENN) works as a humanitarian group of investigator that supports and assists activities to enhance the efficiency of emergency food and nutrition interventions. ENN is the result of a shared commitment to improve knowledge, stimulate learning, and provide vital support and encouragement to food and nutrition workers involved in emergencies. Answer option D is incorrect. The International Rescue Committee (IRC) is a nonsectarian, nongovernmental international relief and development organization established in the United States. The IRC's key goal is to provide emergency relief, post-conflict development and resettlement services; to work for the protection of human rights; and to advocate for those uprooted or affected by violent conflict and oppression. The IRC delivers many services together with emergency response, health care, fighting gender-based violence, post-conflict development projects, offspring and youth protection and education programs, water and sanitation systems, strengthening the capacity of local organizations, and supporting civil society and goodgovernance initiatives. A4. Answer option A is correct. Action Against Hunger (AAH) is a global humanitarian organization, which has committed to end world hunger. AAH has the objective to save lives by eradicating hunger through prevention, detection, and treatment of malnutrition, particularly during and after emergency situations of conflict, war, and natural disaster.
249
With the help of institutional contributor and concerned persons worldwide, AAH is working to put the negative effects of severe malnutrition together with polio and the plague as a measure of humanity's progress in defeating unnecessary suffering and death. Answer option B is incorrect. The Ananda Marga Universal Relief Team (AMURT) is a private international voluntary organization originated in India. It has set up teams in thirty-four countries so far to build a network, which can meet disaster and development needs of the world. Its goals included long-term development. AMURT plays a vital role in helping weak communities break the cycle of poverty and achieve greater control over their lives. For AMURT, growth is human exchange, people sharing wisdom, knowledge, and experience to build a better world. Answer option C is incorrect. The Emergency Nutrition Network (ENN) works as a humanitarian group of investigator that supports and assists activities to enhance the efficiency of emergency food and nutrition interventions. ENN is the result of a shared commitment to improve knowledge, stimulate learning, and provide vital support and encouragement to food and nutrition workers involved in emergencies. Answer option D is incorrect. The International Rescue Committee (IRC) is a nonsectarian, nongovernmental international relief and development organization established in the United States. The IRC's key goal is to provide emergency relief, post-conflict development and resettlement services; to work for the protection of human rights; and to advocate for those uprooted or affected by violent conflict and oppression. The IRC delivers many services together with emergency response, health care, fighting gender-based violence, post-conflict development projects, offspring and youth protection and education programs, water and sanitation systems, strengthening the capacity of local organizations, and supporting civil society and goodgovernance initiatives. A5. Answer option B is correct. Snooping is an activity of observing the content that appears on a computer monitor or watching what a user is typing. Snooping also occurs by using software programs to remotely monitor activity on a computer or network device. Hackers or attackers use snooping techniques and equipment such as keyloggers to monitor keystrokes, capture passwords and login information, and to intercept e-mail and other private communications. Sometimes, organizations also
250 snoop their employees legitimately to monitor organizations' computers and track Internet usage. their use of
Answer option A is incorrect. A copyright is a form of intellectual property, which secures to its holder the exclusive right to produce copies of his or her works of original expression, such as a literary work, movie, musical work or sound recording, painting, photograph, computer program, or industrial design, for a defined, yet extendable, period of time. It does not cover ideas or facts. Copyright laws protect intellectual property from misuse by other individuals. Answer option C is incorrect. A utility model is an intellectual property right to protect inventions. Answer option D is incorrect. A patent is a set of exclusive rights granted by a state to an inventor or his assignee for a fixed period of time in exchange for the disclosure of an invention.
251
Chapter 19 - Organizations Providing Disaster Recovery Solutions Overview

This Chapter helps in the prepration of EDRP Exam by covering the following EC-Council objectives, which address Organizations Providing Disaster Recovery Solutions. This chapter includes the following objectives: Veritas Storage Foundation: Veritas Storage Foundation is a product developed by Symantec. It provides a complete solution for heterogeneous online storage management. Human capital resiliency: Human capital resiliency is defined as an organization's skill to respond and adapt rapidly to threats posed to its employees. Planned e-mail outages: Planned e-mail outages are the periods when the e-mail system is down (out of order) or inoperative for maintenance or for an upgrade. Replication Server: Replication Server permits DBAs to build redundant disaster recovery and rapid failover sites, and to make sure that the transactional integrity of all replicated information.
Key Points
Organizations Providing Disaster Recovery Solutions, Symantec, System Sizing, Disk-based Backup, Manual System Recovery, Disadvantages, Automated System Recovery
System sizing is the process used to determine the capacity requirements of a planned system in order to fulfill a given future workload and service level requirement. This includes processing capacity, amount of memory and I/O capacity for servers, and the network bandwidth and network hardware for the network infrastructure. System availability, throughput, and response time criteria determine the customer-facing service level for any service. The advantages of system sizing are as follows:
252 It determines the optimum hardware solution to fulfill the future workload and service level requirements. It ensures that the delivery of insufficient capacity does not lead to service impacting performance problems. It avoids over-provisioning, potentially resulting in stranded capital.
The challenges faced while performing system sizing are as follows: Service level requirements are defined inadequately. System workloads are difficult to understand. Meaningful test results are difficult to obtain. System architecture are insufficiently defined or understood. Target infrastructure are insufficiently defined or understood.
Veritas Cluster Server is a product developed by Symantec. It provides high availability for the most important applications in a data center. If it finds a fault, it takes an action, recovering applications automatically. If the entire site goes down, it restarts those applications at another data center. It does so in order to keep the IT services running even during a disaster. Backup Exec 2010 is a product developed by Symantec. It delivers reliable backup and recovery designed for the growing business. It can easily protect more data, while a user reduce storage and management costs through integrated deduplication and archiving technology. Reduce business downtime and ensure critical information on virtual or physical systems is always protected and restored in few seconds. Veritas Storage Foundation is a product developed by Symantec. It provides a complete solution for heterogeneous online storage management. It is based on the industry-leading Veritas Volume Manager and Veritas File System, and provides a standard set of integrated tools to manage unstable data growth, maximize storage hardware investments, provide data protection, and adapt to changing business requirements. NetBackup PureDisk is the deduplication engine for NetBackup. It enables storage-optimized data protection for the data center, remote office, and virtual environments. It is a software-based deduplication
253
solution that is tightly integrated with NetBackup. It is ideal for unique environments that require high performance and scalability. Veritas Volume Replicator provides an outstanding foundation for continuous data replication, enabling fast and consistent recovery of critical applications at remote recovery sites. As an alternative to Veritas Storage Foundation by Symantec, Volume Replicator facilitates efficient replication of data over IP networks, offering a very flexible, high-performance alternative to usual array-based replication architectures.
IBM, Human Capital Resilience, Human Capital Risks in Crisis Situations, Business Resilience, Elements of Business Resilience, Framework for Business Resilience
Human capital resiliency is defined as an organization's skill to respond and adapt rapidly to threats posed to its employees. Organizations that can build resiliency into their human capital are more likely to defend their most valuable resources and maintain continuous operations in the occurrence of a crisis. Business resilience planning is a process implemented by any business to counter attack unexpected situations. It helps in expansion of business to other countries. Following are the benefits of business resilience planning: Mitigate unexpected circumstances Forecasting the dangers Protecting the values of shareholders/investors Increase in the number of clients/customers Quick and Easy Business Expansion
IBM has identified the following six imperatives for a successful business resilience strategy: Integrated risk management: It identifies risks to the business operations and utilizes technology to understand, respond to, and manage those risks. Continuity of business operations: It maintains business operations in the event of an outage with processes and
254 infrastructures scalable. that are responsive, highly available, and
Regulatory compliance: It complies with current government and industry regulations and standards, especially regarding the integrity and availability of information. Security, privacy, and data protection: It assures the security and privacy of data, information, systems, and people with the right policies, methods, tools, and overall governance. Knowledge, expertise, and skills: It addresses the resilience of a business by ensuring that one should have the right resources in the right place at the right time. Market readiness: It enhances the ability to sense and respond to shifting customer demands and new market opportunities.
Causes of E-Mail Outages, E-Mail Continuity, DELL, Oracle Data Guard Utility, RMAN Utility for Database Backup, NAS (Network Attached Storage), Sun Microsystems
Daily, the citizens of the Internet send each other billions of e-mail messages. Obviously, the e-mail has become an extremely popular communication tool. When the e-mail is unable to work, it is termed as an e-mail outage. If the e-mail is not working, it doesn't matter whether the user is running a business or task, the user is losing information. The fact is that most businesses experience at least one e-mail outage every year. This downtime together with the recovery costs can put in hundreds and even thousands of dollars. There are many reasons behind the e-mail system failure. The e-mail outages are of the following two types: Planned e-mail outages Unplanned e-mail outages
Planned e-mail outages are the periods when the e-mail system is down (out of order) or inoperative for maintenance or for an upgrade. Patch management, repositioning the servers to another datacenter, or simply bringing the system down for tests can also be included in the planned outages. Unlike planned e-mail downtime, unplanned e-mail outages occur when the user is unprepared. They are also much harder to identify. When such a problem occurs, the reasons can range from hardware
255
or software problems, a direct attack, or a human error that causes system overload. Natural events and human accidents are also included. The following technology failures can be a reason behind unplanned e-mail outages: Natural disaster SAN failure Database corruption Connectivity loss Server hardware failure
An externally hosted e-mail continuity service permits an organization to avoid lost productivity, lost business, and other outcomes that arise from e-mail outages. The three services that fall under this category are as follows: Queuing only Continuity via queuing and integrated mail service Rolling continuity
Integrated Solutions of Sun and Vignette, Sun Cluster Geographic Edition, Infosys Business Continuity Planning Solution, Infosys BCP solution
Infosys is the leading solution provider for disaster recovery and business continuity planning. Infosys offers the following services for disaster recovery and business continuity planning: Risk assessment Mitigation planning DR solution DR solution implementation BCP solution
Smart enterprise services deliver complete information lifecycle management applications and infrastructure services. This initiative is in response to high worldwide customer demand for Enterprise
256 Content Management (ECM) solutions. It drives business efficiency and ensures that business processes meet regulatory compliance. Smart enterprise services are provided by Vignette Corporation, Sun Microsystems, and DaimlerChrysler Consult Graz (DCCG), which are a subsidiary of DaimlerChrysler. Sun Cluster Geographic Edition is the name given by Sun for their world-wide clustering solution. The three nodes are respectively located in America, Asia, and Europe. It provides solutions for different types of problems. For example: data access by multiple nodes (obtained through Storage Array Data Replication), new types of private interconnect (latency), remote control, etc. The following are the salient features of the first release of the Sun Cluster Geographic Edition: It provides disaster failover support It provides switchover support It provides complete, secure, and remote lights out operational control It has no distance restrictions It provides data replication for Sun Storedge Availability Suite and Hitachi Truecopy It supports Solaris 8 and Solaris 9 (SPARC only)
Sybase Business Continuity Planning Solution, Sybase Model, HP Business Continuity and Availability solutions, HP 3-tiered Service Levels Balance Investment with Risk, PricewaterhouseCoopers Fast Track BCP, AT&T's Business Continuity and Disaster Recovery
The AT&T's NDR function consists of over 300 technologies and support trailers to rapidly deploy to take action against disaster conditions, such as hurricanes, wildfires, and floods. It performs readiness drills all through the year to ensure that the networks and personnel are ready to respond at a moment's notice. Its goal is to ensure that all communications, whether wireless or wired, are maintained or restored as soon as possible. It pursues opportunity to integrate and reorganize processes with the NDR organization and local network personnel, helping ensure a highly
257
proficient, centrally managed disaster response process from global to local levels. The HP Business Continuity and Recovery solution assists to prepare, design, examine, and deploy end-to-end solutions, which helps to protect the operations against various downtime threats and ease recovery in the event of a site outage. The benefits of the solution of HP Business Continuity and Recovery are as follows: It evaluates preparedness and identify operational risks. It defines specific continuity needs and objectives. It deploys solutions to meet requirements. It provides continuous data center and work area facilities to meet requirements.
PricewaterhouseCoopers suite of BCP products are developed to interact with each other to make sure that they can provide the most efficient solution for the organization. The various suites are as follows: Traditional BCP: This methodology includes five phases and takes an organization from evaluating the likely failure scenarios and prioritizing core business processes through developing recovery strategies and creating plans for the critical business units. PricewaterhouseCoopers FastTrack BCP: This methodology offers the organizations a more rapid, less detail-oriented approach. It is very fast, profitable, and has low risk. Both Traditional BCP and FastTrack BCP are designed to take the organization through the whole cycle and deliver working continuity plans at the end of the process. The Sybase business continuity focused technologies are developed to collect the business continuity solutions to help protect the customers from various kinds of unwanted publicity. The Sybase business continuity focused technologies are as follows: Adaptive Server Enterprise (ASE) HA Option: It provides near continuous database access by controlling cluster architecture creating ASE "companion" databases. Client connections and database operations are directly moved from one server to another without interrupting end-users.
258 Replication Server: It permits DBAs to build redundant disaster recovery and rapid failover sites and to make sure that the transactional integrity of all replicated information is done. Mirror Activator: It ensures zero data loss, lowers time to recovery, and activates secondary site systems. It controls storage replication systems as well as EMC SRDF, IBM PPRC, Hitachi TrueCopy, Veritas Volume Replicator, and Network Appliance SnapMirror. Open Switch: It effortlessly routes end-users from the primary system to a back-up system when an outage is detected. During a planned downtime, a simple flip of a software switch transfers client connections to backup servers.
Pop Quiz
Q1: Which system commonly resides on a discrete network segment and monitors the traffic on that network segment?
Ans: Network-Based ID system

Q2: Which system monitors the operating system detecting inappropriate activity, writing to log files, and triggering alarms?
Ans: Host-based ID system
259
Key Terms
System sizing is the process used to determine the capacity requirements of a planned system in order to fulfill a given future workload and service level requirement. Veritas Cluster Server is a product developed by Symantec. It provides high availability for the most important applications in a data center. If it finds a fault, it takes an action, recovering applications automatically. Backup Exec 2010 is a product developed by Symantec. It delivers reliable backup and recovery designed for the growing business. It can easily protect more data, while a user reduce storage and management costs through integrated deduplication and archiving technology. Human capital resiliency is defined as an organization's skill to respond and adapt rapidly to threats posed to its employees. Business resilience planning is a process implemented by any business to counter attack unexpected situations. It helps in expansion of business to other countries. Planned e-mail outages are the periods when the e-mail system is down (out of order) or inoperative for maintenance or for an upgrade. Smart enterprise services deliver complete information lifecycle management applications and infrastructure services. This initiative is in response to high worldwide customer demand for Enterprise Content Management (ECM) solutions. Sun Cluster Geographic Edition is the name given by Sun for their world-wide clustering solution. The three nodes are respectively located in America, Asia, and Europe. It provides solutions for different types of problems.
260
Test Your Knowledge

Q1. System sizing is the process used to determine the capacity requirements of a planned system in order to fulfill a given future workload and service level requirement. Which of the following are the advantages of system sizing? Each correct answer represents a complete solution. Choose all that apply. A. B. C. D. Q2. It determines the optimum hardware solution to fulfill the future workload and service level requirements. It determines the required system architecture for the company. It ensures that the delivery of insufficient capacity does not lead to service impacting performance problems. It avoids over-provisioning, potentially resulting in stranded capital.
Which of the following products is based on the industry-leading Veritas Volume Manager and Veritas File System, and provides a standard set of integrated tools to manage unstable data growth? A. B. C. D. Veritas Volume Replicator Veritas Storage Foundation NetBackup PureDisk Backup Exec 2010
Q3.
Symantec is a leading provider of the products and services for disaster recovery. Which of the following products are developed by Symantec? Each correct answer represents a complete solution. Choose all that apply. A. B. C. D. E. NetBackup PureDisk Veritas Volume Replicator Backup Exec 2010 R-Studio Veritas Cluster Server
261
Business resilience planning is a process implemented by any business to counter attack unexpected situations. What are the benefits of business resilience planning? Each correct answer represents a complete solution. Choose all that apply. A. B. C. D. Protect the values of shareholders/investors Quick and Easy Business Expansion Increase in the number of employees Mitigate unexpected circumstances
Q5.
Which of the following processes is defined as an organization's skill to respond and adapt rapidly to threats posed to its employees? A. B. C. D. Business resilience planning Human capital resiliency Risk management Risk analysis
262
Answer Explanations
A1. Answer options A, C, and D are correct. The advantages of system sizing are as follows: A2. It determines the optimum hardware solution to fulfill the future workload and service level requirements. It ensures that the delivery of insufficient capacity does not lead to service impacting performance problems. It avoids over-provisioning, potentially resulting in stranded capital.
Answer option B is correct. Veritas Storage Foundation is a product developed by Symantec. It provides a complete solution for heterogeneous online storage management. It is based on the industry-leading Veritas Volume Manager and Veritas File System, and provides a standard set of integrated tools to manage unstable data growth, maximize storage hardware investments, provide data protection, and adapt to changing business requirements. Answer option A is incorrect. Veritas Volume Replicator provides an outstanding foundation for continuous data replication, enabling fast and consistent recovery of critical applications at remote recovery sites. As an alternative to Veritas Storage Foundation by Symantec, Volume Replicator facilitates efficient replication of data over IP networks, offering a very flexible, high-performance alternative to usual array-based replication architectures. Answer option C is incorrect. NetBackup PureDisk is the deduplication engine for NetBackup. It enables storage-optimized data protection for the data center, remote office, and virtual environments. It is a software-based deduplication solution that is tightly integrated with NetBackup. It is ideal for unique environments that require high performance and scalability. Answer option D is incorrect. Backup Exec 2010 is a product developed by Symantec. It delivers reliable backup and recovery designed for the growing business. It can easily protect more data, while a user reduce storage and management costs through integrated deduplication and archiving technology. Reduce business downtime and ensure critical information on virtual or physical systems is always protected and restored in few seconds.
uCertify Study Guide for EC-Council Exam 312-76 A3. Answer options A, B, C, and E are correct.
263
NetBackup PureDisk, Veritas Volume Replicator, Backup Exec 2010, and Veritas Cluster Server are developed by Symantec. Answer option D is incorrect. R-Studio is a family of robust and costeffective undelete and data recovery software. It is empowered by new unique data recovery technologies and is the most comprehensive data recovery solution for recovery files from FAT12/16/32/exFAT, NTFS, NTFS5, and HFS/HFS+ (Macintosh). It functions on local and network disks, even if such partitions are formatted, damaged, or deleted. It is not developed by Symantec. A4. Answer options A, B and D are correct. Business resilience planning is a process implemented by any business to counter attack unexpected situations. It helps in expansion of business to other countries. Following are the benefits of business resilience planning: A5. Mitigate unexpected circumstances Forecasting the dangers Protecting the values of shareholders/investors Increase in the number of clients/customers Quick and Easy Business Expansion.
Answer option B is correct. Human capital resiliency is defined as an organization's skill to respond and adapt rapidly to threats posed to its employees. Organizations that can build resiliency into their human capital are more likely to defend their most valuable resources and maintain continuous operations in the occurrence of a crisis. Answer option A is incorrect. Business resilience planning is a process implemented by any business to counter attack unexpected situations. It helps in expansion of business to other countries. Following are the benefits of business resilience planning:
Mitigate unexpected circumstances Forecasting the dangers Protecting the values of shareholders/investors
264
Increase in the number of clients/customers Quick and Easy Business Expansion
Answer option C is incorrect. The risk management is considered as the identification, assessment, and prioritization of risks. It is followed by coordinated and economical application of resources to minimize, monitor, and control the probability and/or impact of unfortunate events or to maximize the realization of opportunities. Risks can come from uncertainty in financial markets, project failures, legal liabilities, credit risk, accidents, natural causes and disasters as well as deliberate attacks from an adversary. Answer option D is incorrect. Risk analysis provides the higher management the details necessary to determine the risks that should be mitigated, transferred, and accepted. It recognizes risks, quantifies the impact of threats, and supports budgeting for security. It adjusts the requirements and objectives of the security policy with the business objectives and motives. The following are the stages in the risk analysis process. Inventory Threat assessment Evaluation of control Management Monitoring
265
Section C Full length Practice Test
266
Full Length Practice Test Questions

Q1. Which of the following is a disaster recovery site option that provides the least expensive disaster recovery solution? A. B. C. D. Q2. Cold site Warm site Hot site Strong site
Which of the following measures of a disaster recovery plan aims at avoiding an event from occurring? A. B. C. D. Preventive measures Detective measures Corrective measures Supportive measures
Q3.
Which of the following features of disaster recovery planning details the responsibilities and procedures to follow during disaster recovery events, including how to contact key employees, vendors, customers, and the press? A. B. C. D. Impact and risk assessment Disaster recovery plan Disaster recovery policy Service-level agreement
Q4.
Which of the following plans provides procedures for recovering business operations immediately following a disaster? A. B. C. D. Business continuity plan Business recovery plan Disaster recovery plan Continuity of operation plan
Q5.
Which of the following factors can cause a tsunami? Each correct answer represents a complete solution. Choose three. A. An underwater earthquake
uCertify Study Guide for EC-Council Exam 312-76 B. C. D. Q6. A volcanic eruption A sub-marine rockslide A hurricane
267
Which of the following type of landslides refers to the movement of saturated soil material, mostly at very high rates? A. B. C. D. Slides Falls Topples Flows
Q7.
Which of the following are the direct impacts of a drought? Each correct answer represents a complete solution. Choose all that apply. A. B. C. D. Damage to wildlife and fish habitat Increased fire hazard Increased livestock and wildlife death rates Increased volcanic eruptions
Q8.
Which of the following type of terrorism is a form of collective violence interfering with the peace, security, and normal functioning of the community? A. B. C. D. Civil disorder Cyber terrorism Eco-terrorism Arson
Q9.
You work as an emergency manager for BlueWell Inc. You have to create plans of action to manage and counter risks and take actions to build the necessary capabilities needed to implement such plans. In which of the following phases of emergency management are you working? A. B. C. D. Mitigation Preparedness Response Recovery
268 Q10. Which of the following phases of emergency management incorporates mobilization of the required emergency services and first responder in the disaster region, and consists of the first wave of core emergency services, such as the police and ambulance squad? A. B. C. D. Q11. Preparedness Mitigation Response Recovery
Which of the following programs are provided by FEMA? Each correct answer represents a complete solution. Choose all that apply. A. B. C. D. It provides training and research information programs on the latest mitigation measures. It provides financial assistance. It provides coordination of services for disaster response and recovery activities. It provides mitigation measures such as building codes, zoning ordinances, or land-use management programs.
Q12.
Which of the following organizations is acknowledged as the authority for counter terrorism through the Nunn-Lugar-Domenici amendment under the Weapons of Mass Destruction Act of 1996? A. B. C. D. IAEM FEMA IFRC EMA
Q13.
Which of the following sections of the Data protection act 1998 makes it an offence to process private information devoid of registration or to fail to abide by the notification regulations? A. B. C. D. Section 28 Section 21 Section 55 Section 56
269
Which of the following acts defines the UK law on the processing of data on identifiable living people, and is the main piece of legislation that governs the protection of personal data in the UK? A. B. C. D. Data Protection Act 1998 Computer Misuse Act 1990 Digital Millennium Copyright Act Freedom of Information Act 2000
Q15.
Which of the following acts provides information of assured transactions and transfers to the Australian Transaction Reports and Analysis Centre (AUSTRAC), and entails assured obligations related to accounts? A. B. C. D. HIPAA Act FTR Act HRIP Act Spam Act
Q16.
Which of the following ensures that the confidentiality, integrity, and availability of services are maintained to the levels approved on the Service Level Agreement (SLA)? A. B. C. D. The Service Level Manager The IT Security Manager The Change Manager The Configuration Manager
Q17.
Every business should have a continuity plan in place, as it provides the company a map to follow in case of a disaster. What are the different steps in business continuity planning? Each correct answer represents a complete solution. Choose all that apply. A. B. C. D. E. F. Analysis Solution design Development Implementation Testing and organization acceptance Maintenance
270 Q18. Which of the following processes is used extensively in the U.S. Federal Government for evaluating, describing, testing, and authorizing systems prior to or after a system is in operation? A. B. C. D. Q19. Accreditation and Authorization Certification and Accreditation Certification and Authentication Authentication and Authorization
Which of the following processes is used by an organization to handle the main event warning to damage the organization, stakeholders, and the common people? A. B. C. D. Risk management Crisis management Business continuity management Incident management
Q20.
Which of the following are the responsibilities of the CEO under the Greenwich Council-Emergency and BCM Plan? Each correct answer represents a complete solution. Choose all that apply. A. B. C. D. To manage the overall strategic control of the emergency and BCM response To establish the policy framework for the Council's response To support tactical and operational groups by providing resources To coordinate and execute the emergency and the BCM plan
Q21.
Which of the following BCP teams deals with the key decision making and guides the recovery teams and business personnel? A. B. C. D. Emergency management team Damage assessment team Emergency action team Off-site storage team
Q22.
System characterization implies determining the scope of the risk assessment. Which of the following parameters are identified by system characterization? Each correct answer represents a complete solution. Choose all that apply.
uCertify Study Guide for EC-Council Exam 312-76 A. B. C. D. E. Q23. System criticality System sensitivity System optimization Data criticality Data sensitivity
271
Which of the following are the responsibilities of recovery manager at the pre-disaster stage?
an operations
Each correct answer represents a complete solution. Choose all that apply. A. B. C. D. Q24. Developing, maintaining, and updating the DRP Appointing recovery personnel Assigning parts of the DRP to the individual recovery teams and their members Coordinating media and press releases
The BCP team is organized in a number of teams and all teams have different responsibilities. What are the responsibilities of the Logistics/Transportation team? Each correct answer represents a complete solution. Choose two. A. B. C. D. Arrange personnel transportation, lodging, and dining at alternate sites. Assist in the activation of Business Continuity Plan. Arrange and ensure delivery of offsite storage items. Coordinate salvage operations if they are required.
Q25.
Which of the following procedures is designed to enable the security personnel to identify, mitigate, and recover from malicious computer incidents, such as unauthorized access to a system or data, denialof-service attacks, or unauthorized changes to the system hardware, software, or data? A. B. C. D. Cyber Incident Response Plan Disaster Recovery Plan Occupant Emergency Plan Crisis Communication Plan
Q26.
Which of the following phases are contained in the disaster recovery plan?
272 Each correct answer represents a complete solution. Choose all that apply. A. B. C. D. Q27. Emergency response phase Recovery phase Return to normal operations phase Implementation phase
You work as a CSO (Chief Security Officer) for Tech Perfect Inc. You have a disaster scenario and you want to discuss it with your team members for getting appropriate responses for the disaster. In which of the following disaster recovery tests can this task be performed? A. B. C. D. Structured walk-through test Full-interruption test Simulation test Parallel test
Q28.
Della works as a security manager for SoftTech Inc. She is training some of the newly recruited personnel in the field of security management. She is giving a tutorial on DRP. She explains that the major goal of the disaster recovery plan is to provide an organized way to make decisions if a disruptive event occurs and asks for the other objectives of DRP. If you are among the newly recruited personnel in SoftTech Inc, what will be your answer to her question? Each correct answer represents a part of the solution. Choose three. A. B. C. D. Protect an organization from major computer services failures. Minimize risks to the organization from delays in providing services. Guarantee the reliability of standby systems through testing and simulation. Maximize the decision-making required by the personnel during a disaster.
Q29.
Gary is the project manager for his organization. He is working with project stakeholders on the project requirements and how risks may affect their project. One of the stakeholders is confused about what constitutes risks in the project. Which of the following is the most accurate definition of a project risk?
uCertify Study Guide for EC-Council Exam 312-76 A. B. C. D. Q30. It is an unknown event that can affect the project scope. It is an uncertain event or condition within the project execution. It is an uncertain event that can affect the project costs. It is an uncertain event that can affect at least one project objective.
273
Diane is the project manager of the HGF Project. A risk that has been identified and analyzed in the project planning processes is now coming into fruition. Who amongst the following should respond to the risk with the preplanned risk response? A. B. C. D. Diane Project sponsor Risk owner Subject matter expert
Q31.
Which of the following are the major tasks of risk management? Each correct answer represents a complete solution. Choose two. A. B. C. D. Risk identification Building Risk free systems Assuring the integrity of organizational data Risk control
Q32.
Which of the following procedures is used to reduce the risk to the personnel, property, and other assets while minimizing work disorders in the event of an emergency? A. B. C. D. Cyber Incident Response Plan Disaster Recovery Plan Occupant Emergency Plan Crisis Communication Plan
Q33.
What is the color code for the wet chemical type fire extinguishers? A. B. C. D. Red Black Cream Yellow
274 Q34. Which of the following statements are true about water fire extinguishers? Each correct answer represents a complete solution. Choose all that apply. A. B. C. D. Q35. These extinguishers are mostly suitable for use on solid materials such as textile, wood, paper, etc. These extinguishers are used for directing a jet of water onto a fire. These extinguishers should not be used on live electrical equipment. The color code of a water fire extinguisher is orange.
Which of the following statements are true about power sag? Each correct answer represents a complete solution. Choose all that apply. A. B. C. It is a condition that occurs when the voltage gets 80 to 85 percent below normal for short time periods. It is a condition that occurs when the voltage gets 80 to 85 percent above normal for short time periods. Most common causes that lead to power sags are heavy equipments being turned on, large electrical motors being started, and the switching of power mains (internal or utility). It can lead to many adverse effects, such as memory loss, data errors, flickering lights, and equipment shutoff.
D. Q36.
Which of the following governance bodies provides management, operational, and technical controls to satisfy the security requirements? A. B. C. D. Information Security Steering Committee Chief Information Security Officer Business Unit Manager Senior Management
Q37.
Harry works as a Disaster Recovery professional for BlueWells Inc. The company has a Windows-based network. Recently, the company has lost their important data due to earthquakes. The DVDs on which the backups have been taken are also missing, but they have few dead hard drives. Harry has been assigned a project to recover data from these dead hard drives. Which of the following is a data recovery method that Harry will use to accomplish this task?
uCertify Study Guide for EC-Council Exam 312-76 A. B. C. D. Q38. Logical data recovery Physical data recovery TestDisk Digital data recovery
275
Recovery Management is the process of planning, testing, and implementing the recovery procedures and standards required to restore services in the case of a component failure. Which of the following statements are true about Recovery Management? Each correct answer represents a complete solution. Choose all that apply. A. Recovery Management is done either by returning the component to the normal operation or taking alternative actions to restore services. Recovery Management is the recognition that failures will occur regardless of how well the system is designed. The principal objective of Recovery Management is to assure that service level requirements are achieved. The principal objective is accomplished by having recovery procedures in place that will restore services to a failing component as quickly as possible.
B. C. D.
Q39.
Which of the following parameters specifies the time needed to recover the network operations? A. B. C. D. NRO RPO RTO NSO
Q40.
Which of the following products uses powerful filters to quickly find and solve user and application errors, and can analyze the database with complete access to the transaction log? A. B. C. D. Data Advisor Lumigent Log Explorer Directory Snoop File Scavenger
Q41.
Which of the following utilities can be used to create restore points in Windows XP?
276 A. B. C. D. Automated System Recovery DEFRAG CHKDSK System Restore
Q42.
Which of the following is a graphical user interface (GUI) tool that is used to perform a full server recovery of a domain controller? A. B. C. D. Windows Complete PC Restore Restorer2000 Data Advisor GetDataBack
Q43.
In which of the following errors does the server uses dart.dll in order to access and send mails, while dart.dll is locked up and goes into an infinite loop causing cfserver.exe to lock at 90-100% CPU utilization? A. B. C. D. CFMAIL bug Variable Deadlocks ColdFusion and Microsoft SQL Server installed on the same server ODBC Errors
Q44.
Which of the following methods is a means of ensuring that system changes are approved before being implemented, and the implementation is complete and accurate? A. B. C. D. Configuration auditing Configuration control Configuration identification Documentation control
Q45.
Which of the following cryptographic system services ensures that the information will not be disclosed to any unauthorized person on a local network? A. B. Integrity Authentication
uCertify Study Guide for EC-Council Exam 312-76 C. D. Q46. Non-repudiation Confidentiality
277
Which of the following backup types backs up files that have been added and all data that has been modified since the most recent backup was performed? A. B. C. D. Full backup Differential backup Incremental backup Daily backup
Q47.
Which of the following backup sites is a replica of the original site of an organization with full computer systems as well as near-complete backups of the user data? A. B. C. D. Mobile backup site Hot backup site Warm backup site Cold backup site
Q48.
Which of the below mentioned software are used to take a backup of a computer system? Each correct answer represents a complete solution. Choose all that apply. A. B. C. D. Backup4all Genie Backup Manager BadCopy Pro NTI BackupNow
Q49.
Which of the following data recovery tools can recover files that have been accidentally deleted, including files removed from the Recycle Bin? Each correct answer represents a complete solution. Choose all that apply. A. B. C. D. E. File Scavenger Recover4all Pwdump Fast File Undelete Recover It All
278 Q50. Which of the following is leading data recovery software for floppy disks, CDs, DVDs, memory cards, Zip disks, and USB flash drives? A. B. C. D. BadCopy Pro Directory Snoop Data Advisor GetDataBack
279
Answer Explanations
A1. Answer option A is correct. It is a nightmare for an organization if its data center is struck with a disaster. The losses are high and the time wasted in recovering from the disaster is immense. A company must think of a plan to recover from such disasters. Without such plans, a company can be totally out of business in case its headquarters' building is totally burned down from fire or any such disaster. To combat such situations, companies create sites at which the data center of the company can be recreated. These sites are of three types: cold site, warm site, and hot site. Cold sites A cold site provides the least expensive disaster recovery solution. Such sites usually have only a single room with no equipments. All equipments are brought to the site after any disaster. It can be on site or off site. Recovery from the disaster takes a lot of time. Warm sites A warm site contains numerous equipments to create a semiduplicate of the current data center. In the case of a disaster, it is required to take offsite backups and some restoration works for making the data center up and running. A warm site becomes online in much less time than a cold site. It is more expensive than the cold site to create and maintain a warm site. Warm sites can either be off site or on site. Hot sites A hot site is located off site and provides the best protection. It is an exact replica of the current data center. In case a disaster strikes a data center, administrators just need to take a backup of the recent data in hot site and the data center is online in a very short time. It is very expensive to create and maintain a hot site. There are many third party companies that provide disaster recovery solutions by maintaining hot sites at their end. Answer option D is incorrect. There is no such disaster recovery site option. A2. Answer option A is correct. There are three control measures to consider disaster recovery plan. They are as follows:
while creating a
280 Preventive measures: These controls are aimed at preventing an event from occurring. Detective measures: These controls are aimed at detecting or discovering unwanted events. Corrective measures: These controls are aimed at correcting or restoring the system after a disaster or event. By the above description, it is clear that preventive measures are aimed at avoiding an event from occurring. Answer option D is incorrect. This option is not recognized as a measure for a disaster recovery plan. A3. Answer option C is correct. The salient features of disaster recovery planning are as follows: Impact and risk assessment: It helps to determine the magnitude and criticality of service and data failures to figure out the forms of recovery planning and preparations to be implemented. It is important to establish the order of recovery in the event of a catastrophic failure. Disaster recovery plan: It must be created, including details, for contingency planning in the event that catastrophic events preclude the use of previous network resources. Disaster recovery policy: It helps to detail the responsibilities and procedures to follow during the disaster recovery events, including how to contact key employees, vendors, customers, and the press. Service-level agreement: It determines the contracts with ISPs, utilities, facilities managers, and other suppliers that explain the minimum level of support that is provided in the event of a failure. A4. Answer option B is correct. A business recovery plan is used to provide measures for recovery in business operations directly following a disaster. Unlike the BCP, it lacks procedures to ensure continuity of critical processes throughout an emergency or disruption. Answer option A is incorrect. Business Continuity Planning (BCP) is the creation and validation of a practiced logistical plan on how an organization will recover and restore partially or completely interrupted critical (urgent) functions within a predetermined time
281
after a disaster or extended disruption. The logistical plan is called a business continuity plan. Answer option C is incorrect. A disaster recovery plan should contain data, hardware, and software that can be critical for a business. It should also include plans for a sudden loss such as hard disc crash. The business should use the backup and data recovery utilities to limit the loss of data. Answer option D is incorrect. The Continuity of Operation Plan (COOP) refers to the preparations and institutions maintained by the United States government, providing survival of federal government operations in the case of catastrophic events. It provides procedures and capabilities to sustain an organization's essentials. COOP is the procedure documented to ensure persistent critical operations throughout the period when normal operations are unattainable. A5. Answer options A, B, and C are correct. A Tsunami refers to a series of huge waves that cause great devastation and loss of life when they strike a coast. The following are the causes of a Tsunami: A6. An underwater earthquake A volcanic eruption A sub-marine rockslide An asteroid crashing into water from the space A meteoroid crashing into water from the space Answer option D is incorrect. A hurricane cannot cause a tsunami.
Answer option D is correct. The following are the types of landslides: Slides: These refer to mass movements where a distinctive zone of weakness is present that separates the slide material from the more stable underlying material. Falls: These refer to the abrupt movement of masses of geologic materials, for example, boulders and rocks that become detached from steep slopes or cliffs. Topples: These refer to landslides that occur when a rock or soil material becomes detached from an exposed face.
282 Flows: These refer to the movement of saturated soil material, mostly at very high rates. A7. Answer options A, B, and C are correct. A drought generates a large number of impacts affecting the environmental, social, and economic standards of living. The impacts of a drought can be seen far beyond the physical effects of the drought itself. Some of the direct impacts of a drought are as follows: Damage to the wildlife and fish habitat Reduced water levels Increase in fire hazards Increased livestock and wildlife death rates Reduced crop, rangeland, and forest productivity
Answer option D is incorrect. A drought may lead to wildfires, but cannot cause volcanic eruptions. A8. Answer option A is correct. Civil disorder terrorism is a category of terrorism. It is a form of collective violence interfering with the peace, security, and normal functioning of the community. Civil disorder is also known as civil unrest or civil strife. It is a broad term that is typically used by law enforcement to describe one or more forms of disturbance caused by a group of people. Answer option B is incorrect. Cyberterrorism is the leveraging of a target's computers and information, particularly via the Internet, to cause physical, real-world harm or severe disruption of infrastructure. In other words, cyberterrorism can be defined as an activity that is well-planned, committed, and coordinated in cyberspace. Cyberterrorism includes terrorists' recruitment done through Web sites and using e-mail communications for violent activities. It could include damaging an air traffic control computer system resulting in a plane crash, infiltrating water treatment plant computer systems to contaminate water supplies, and destroying an electric power system to disrupt power supplies. Answer option C is incorrect. Eco-terrorism is an act of terrorism, violence, or sabotage committed in support of ecological, environmental, or animal rights caused against persons or their property. It is defined by the Federal Bureau of Investigation as "the use or threatened use of violence of a criminal nature against people or property by an environmentally oriented, sub-national group for
283
environmental-political reasons, or aimed at an audience beyond the target, often of a symbolic nature." Answer option D is incorrect. Arson is defined as the wilful act of setting something on fire. Arson is the crime of purposely or maliciously setting fire to structures or wildland areas. It may be distinguished from other causes such as spontaneous combustion and natural wildfires. It generally describes fires deliberately set to the property of another or to one's own property in order to collect insurance compensation. A9. Answer option B is correct. The various phases of emergency management are as follows: Mitigation: This phase emphasizes on the long-term actions for reducing or eliminating risks. Mitigation techniques are of two types, structural and non-structural. Mitigation is the most cost-effective technique to reduce the impact of hazards, though it is not always suitable. Preparedness: This phase works as a continuous cycle to plan, organize, guide, implement, estimate, and develop events to ensure effectual organization and improvement of abilities to prevent, protect, respond, recover, and mitigate the effects of natural disasters, acts of terrorism, and other man-made disasters. In the preparedness phase, emergency managers create plans of action to manage and counter their risks and take actions to build necessary capabilities needed to implement such plans. Response: This phase incorporates mobilization of the required emergency services and first responder in the disaster region. Response consists of the first wave of core emergency services, such as the police, ambulance squad, and firefighters. Organizational response to any significant disaster- natural or terrorist-born is based on the existing emergency management organizational systems and processes such as the Federal Response Plan (FRP) and the Incident Command System (ICS). Recovery: This phase restores the affected area to its preceding state. Recovery efforts are concerned with the problems and decisions that must be made after the instant needs are addressed. Recovery efforts are primarily concerned with actions that involve rebuilding the destroyed property, re-employment, and repair of other essential infrastructure. A10. Answer option C is correct. The various phases of emergency management are as follows:
284 Mitigation: This phase emphasizes on long-term actions for reducing or eliminating risks. Mitigation techniques are of two types, structural and non-structural. Mitigation is the most cost-effective technique to reduce the impact of hazards, though it is not always suitable. Preparedness: This phase works as a continuous cycle to plan, organize, guide, implement, estimate, and develop events to ensure effectual organization and the improvement of abilities to prevent, protect, respond, recover, and mitigate the effects of natural disasters, acts of terrorism, and other man-made disasters. In the preparedness phase, emergency managers create plans of action to manage and counter their risks and take actions to build necessary capabilities needed to implement such plans. Response: This phase incorporates mobilization of the required emergency services and first responder in the disaster region. Response consists of the first wave of core emergency services, such as the police, ambulance squad, and firefighters. Organizational response to any significant disasters like natural or terrorist-born is based on existing emergency management organizational systems and processes such as the Federal Response Plan (FRP) and the Incident Command System (ICS). Recovery: This phase restores the affected area to its preceding state. Recovery efforts are concerned with the problems and decisions that must be made after the instant needs are addressed. Recovery efforts are primarily concerned with actions that involve rebuilding the destroyed property, re-employment, and repair of other essential infrastructure. A11. Answer options A, B, and C are correct. The Federal Emergency Management Agency (FEMA) is concerned with mitigation, preparedness, response, and recovery activities. FEMA is the major source of federal support for learning in disaster management. The various programs provided by FEMA are as follows: It provides training and research information programs on the latest mitigation measures. It provides coordination and review of the State emergency plans. It provides financial assistance. It provides flood insurance to individuals and businesses in communities that join the National Flood Insurance Program (NFIP).
285
It provides subsidies to the state and local offices of emergency management for maintaining emergency management programs. It provides guidance and coordination for plans to warn and protect the nation in national security emergencies. It provides coordination of services for disaster response and recovery activities.
Answer option D is incorrect. Mitigation measures such as building codes, zoning ordinances, or land-use management programs are provided by the state government. A12. Answer option B is correct. The Federal Emergency Management Agency (FEMA) is concerned with the mitigation, preparedness, response, and recovery activities. FEMA is the major source of federal support for learning in disaster management. FEMA is acknowledged as the authority to counter terrorism through the Nunn-Lugar-Domenici amendment under the Weapons of Mass Destruction Act of 1996. FEMA also assists individuals and businesses with low interest loans. Answer option A is incorrect. The aim of IAEM is to provide to its associates the information, opportunities in networking and professional field, and to progress in the emergency management profession. Answer option C is incorrect. The IFRC aims to recover the lives of vulnerable people by activating the influence of humanity. The federation guides and organizes, in close cooperation with the national societies, relief assistance missions responding to largescale emergencies on an international level. Answer option D is incorrect. The EMA aims to coordinate governmental responses to emergency incidents. It works as an Australian federal government agency. A13. Answer option B is correct. Section 21 makes it an offence to process private information devoid of registration, or to fail to abide by the notification regulations. Answer option A is incorrect. Section 28 provides the exception on national security. Answer option C is incorrect. Section 55 makes it an offence for the public and others like hackers and imitators, external to the organization, to acquire illegal access to private data.
286 Answer option D is incorrect. Section 56 makes it an illegal offence to involve a person to make a Subject Access Request concerning cautions or assurances for the use of recruitment, continued employment, or the provision of services. A14. Answer option A is correct. The Data Protection Act 1998 (DPA) is a United Kingdom Act of Parliament, which defines the UK law on processing of data on identifiable living people. It is the main piece of legislation that governs the protection of personal data in the UK. Although the Act does not mention privacy, in practice it provides a way in which individuals can control information about themselves. Most of the Act does not apply to domestic use. Anyone holding personal data for other purposes is legally obliged to comply with this Act, subject to some exemptions. The Act defines eight data protection principles, which are as follows: Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless: at least one of the conditions in Schedule 2 is met, and in the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met.
Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes. Personal data shall be adequate, relevant, and not excessive in relation to the purpose or purposes for which they are processed. Personal data shall be accurate and, where necessary, kept up to date. Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes. Personal data shall be processed in accordance with the rights of data subjects under this Act.
Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data. Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedom of data subjects in relation to the processing of personal data.
287
Answer option B is incorrect. The Computer Misuse Act 1990 is an act of the UK Parliament which states the following statement: Unauthorized access to the computer material is punishable by 6 months imprisonment or a fine "not exceeding level 5 on the standard scale" (currently 5000). Unauthorized access with the intent to commit or facilitate commission of further offences is punishable by 6 months/maximum fine on summary conviction or 5 years/fine on indictment. Unauthorized modification of computer material is subject to the same sentences as section 2 offences. Answer option C is incorrect. The Digital Millennium Copyright Act (DMCA) is a United States copyright law that implements two 1996 treaties of the World Intellectual Property Organization (WIPO). It criminalizes production and dissemination of technology, devices, or services intended to circumvent measures (commonly known as digital rights management or DRM) that control access to copyrighted works. It also criminalizes the act of circumventing an access control, whether or not there is actual infringement of copyright itself. In addition, the DMCA heightens the penalties for copyright infringement on the Internet. Answer option D is incorrect. The Freedom of Information Act 2000 is an Act of the Parliament of the United Kingdom. It is the implementation of freedom of information legislation in the United Kingdom on a national level. It is an Act of Parliament that introduces a public "right to know" in relation to public bodies. The Act implements a manifesto commitment of the Labor Party in the 1997 general elections. The final version of the Act is believed to have been diluted from that proposed while the Labor Party was in opposition. The full provisions of the act came into force on 1 January 2005. The Act is the responsibility of the Lord Chancellor's Department. The Act led to the renaming of the Data Protection Commissioner, who is now known as the Information Commissioner. The Office of the Information Commissioner oversees the operation of the Act. A15. Answer option B is correct. The Financial Transaction Report (FTR) Act provides information of assured transactions and transfers to the Australian Transaction Reports and Analysis Centre (AUSTRAC), and entails assured obligations related to accounts and for other related purposes.
288 Australia's anti-money laundering and counter-terrorism financing program places obligations on financial institutions and other financial intermediaries. These obligations are included in the Financial Transaction Reports Act 1988 as well as the Anti-Money Laundering and CounterTerrorism Financing Act 2006. Answer option A is incorrect. The Health Insurance Portability and Accountability Act (HIPAA) of 1996 was enacted by the U.S. Congress in 1996. According to the Center for Medicare and Medicaid Services (CMS) Website, Title I of HIPAA protects health insurance coverage for workers and their families when they change or lose their jobs. Title II of HIPAA, known as Administrative Simplification (AS) provisions, requires establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers. This is intended to help people keep their information private, though in practice it is normal for providers and health insurance plans to require the waiver of HIPAA rights as a condition of service. Administration Simplification provisions also address the security and privacy of health data. The standards are meant to improve the efficiency and effectiveness of the nation's health care system by encouraging widespread use of electronic data interchange in the U.S. health care system. Answer option C is incorrect. The Health Records and Information Privacy Act (HRIP) protects the privacy of health information in New South Wales. It deals with managing health information in both the public and private sectors in New South Wales. This consists of hospitals, whether public or private, doctors, and other health care organizations. It also incorporates other organizations that have any type of health information. It can be as diverse as a university that conducts research programs, or a fitness center that records information about a person's health and injuries. The HRIP Act includes fifteen health privacy principles (HPPs), which summarize how the health information should be collected, stored, used, and disclosed. This Act sets out how complaints regarding managing of health information can be dealt with. Answer option D is incorrect. The Spam Act prevents the sending of spam, which is recognized as the commercial electronic message sent without the permission of the address via e-mails, short message service (SMS), multimedia message service (MMS), and instant messaging. A16. Answer option B is correct.
289
The IT Security Manager ensures the confidentiality, integrity, and availability of an organization's assets, information, data, and IT services. He is generally involved in an organizational approach to Security Management, which has a wider scope than the IT service provider, and includes handling of paper, building access, phone calls, etc. for the entire organization. Answer option A is incorrect. The Service Level Manager is responsible for negotiating Service Level Agreements and ensuring that these are met. He makes sure that all IT Service Management processes, Operational Level Agreements, and Underpinning Contracts are appropriate for the agreed service level targets. The Service Level Manager also monitors and reports on service levels. Answer option C is incorrect. The Change Manager authorizes and documents all changes in the IT Infrastructure and its components (Configuration Items) in order to maintain a minimum amount of interruptive effects upon the running operation. In the case of further-reaching changes, he involves the Change Advisory Board (CAB). Answer option D is incorrect. The Configuration Manager is responsible for maintaining information about Configuration Items that are required to deliver IT services. He also maintains a logical model, containing the components of the IT infrastructure (CIs) and their associations. A17. Answer options A, B, D, E, and F are correct. Every business should have a continuity plan in place, as it provides the company a map to follow in case of a disaster. There are a number of risks that can permanently close down a business such as a disease, fire, flood, earthquake, terrorism, and cyber-attack. Business continuity planning comprises five steps. If these steps are followed properly, then the risks of these disasters will be mitigated. The business continuity planning steps are as follows: Analysis Solution design Implementation Testing and organization acceptance Maintenance
Answer option C is incorrect. There is no such type of step in business continuity planning.
290 A18. Answer option B is correct. Certification and Accreditation (C&A or CnA) is the process for implementing information security. It is a systematic procedure for evaluating, describing, testing, and authorizing systems prior to or after a system is in operation. The C&A process is used extensively in the U.S. Federal Government. Some C&A processes include FISMA, NIACAP, DIACAP, and DCID 6/3. Certification is a comprehensive assessment of the management, operational, and technical security controls in an information system, made in support of security accreditation to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system. Accreditation is the official management decision given by a senior agency official to authorize operation of an information system and to explicitly accept the risk to agency operations (including mission, functions, image, or reputation), agency assets, or individuals, based on the implementation of an agreed-upon set of security controls. Answer options A, C, and D are incorrect. These are invalid options. A19. Answer option B is correct. The crisis management process is used by an organization to handle the main event warning to damage the organization, stakeholders, and the common people. Crisis management is used to deal with threats after their occurrence. It consists of skills and techniques required to identify, assess, understand, and cope with a severe situation, particularly from the instant its first occurrence to the point where recovery procedures start. Answer option A is incorrect. Risk management is a continuous process. The process right from threats to risks and then finally to the security measures is known as risk management. In this process, risks are first identified, then examined, and then finally reduced to an acceptable level. The process is applied to all aspects of the operational process. Answer option C is incorrect. Business Continuity Management is a management process that determines potential impacts that are likely to threaten an organization. It provides the framework for promoting quick recovery and the capability for an effective response to protect the interests of its brand, reputation, and stakeholders. Business continuity management includes disaster recovery, business recovery, crisis management, incident management, emergency management, product recall, contingency planning, etc.
291
Answer option D is incorrect. Incident Management (IcM) refers to the activities of an organization to identify, analyze, and correct hazards. For instance, a fire in a factory would be the risk that realized, or an incident that happened. An Incident Response Team (IRT) or an Incident Management Team (IMT) specifically designated for the task beforehand or on the spot, would then manage the organization through the incident. Usually, as part of the wider management process in private organizations, Incident Management is followed by post-incident analysis where it is determined why the incident happened despite precautions and controls. This information is then used as a feedback to further develop the security policy and/or its practical implementation. In the USA, the National Incident Management System developed by the Department of Homeland Security integrates effective practices in emergency management into a comprehensive national framework. A20. Answer options A, B, and C are correct. The responsibilities of the CEO under the Greenwich Council are as follows: To manage the overall strategic control of the emergency and the BCM response To establish the policy framework for the Council's response To support resources tactical and operational groups by providing
To prioritize demands on potentially limited resources, including rationing of resources To keep the members briefed To advice and reassure the staff and the public, and authorize all such communications to these groups To determine plans for a return to a state of normality
Answer option D is incorrect. To coordinate and execute the emergency and the BCM plan is the responsibility of the emergency planning officer (EPO). A21. Answer option A is correct. The emergency management team deals with the key decision making and guides the recovery teams and business personnel. It also handles financial arrangement, public relations, and media inquiries.
292 Answer option B is incorrect. The damage assessment team assesses the damage of the disaster in order to provide the estimate of time required to recover. Answer option C is incorrect. The crucial aim of the emergency action team is to evacuate the personnel and secure human life. It is the first responder for any disaster and deals with the immediate effects of the disaster. Answer option D is incorrect. The offsite storage team is responsible for obtaining, packaging, and shipping media and records to the recovery facilities. A22. Answer options A, B, D, and E are correct. Characterization implies determining the scope of the risk assessment. System characterization identifies system criticality, data criticality, system sensitivity, and data sensitivity. A23. Answer options A, B, and C are correct. The responsibilities of an operations recovery manager are as follows: At the pre-disaster stage: Developing, maintaining, and updating the DRP Appointing the recovery personnel Assigning parts of the DRP to the individual recovery teams and their members Coordinating plan testing Training disaster implementation recovery team members on plan
At the post-disaster stage: Obtaining the required approvals to activate the disaster recovery plan and the recovery teams Informing all the recovery team leaders or alternates about the disaster declaration Determining the degree of outage due to the disaster Coordinating and summarizing the damage reports from all teams Informing the organization's directors of the disaster's severity Conducting briefings with all recovery teams
uCertify Study Guide for EC-Council Exam 312-76 Coordinating all recovery teams
293
Requesting remote data backup, documentation, and required resources from the IT technical team an
Answer option D is incorrect. This is the responsibility of operations recovery director at the post-disaster stage. A24. Answer options A and C are correct.
The Logistics/Transportation team is included in the BCP teams. This team has the following responsibilities: Arrange personnel alternate sites. transportation, lodging, and dining at
Arrange and ensure delivery of offsite storage items.
Answer option B is incorrect. Business Continuity Coordinator is responsible for assisting in the activation of the Business Continuity Plan. Answer option D is incorrect. The Damage assessment/Salvage team is responsible for the coordinating salvage operations. A25. Answer option A is correct. The Cyber Incident Response Plan is used to address cyber attacks against an organization's IT system through various procedures. These procedures enable the security personnel to identify, mitigate, and recover from malicious computer incidents, such as denial-ofservice attacks, unauthorized accessing of a system or data, or unauthorized changes to the system hardware, software, or data. Answer option B is incorrect. A disaster recovery plan should contain data, hardware, and software that can be critical for a business. It should also include the plan for a sudden loss such as hard disc crash. The business should use the backup and data recovery utilities to limit the loss of data. Answer option C is incorrect. The Occupant Emergency Plan (OEP) is used to reduce the risk to the personnel, property, and other assets while minimizing work disorders in the event of an emergency. It is the response procedure for occupants of a facility on the occurrence of a situation, which is posing a potential threat to the health and safety of personnel, the environment, or property. OEPs are developed at the facility level, specific to the geographic site and the structural design of the building. Answer option D is incorrect. The crisis communication plan can be broadly defined as the plan for the exchange of information before,
294 during, or after a crisis event. It is considered as the sub-specialty of the public relations profession that is designed to protect and defend an individual, company, or organization facing a public challenge to its reputation. The aim of the crisis communication plan is to assist organizations to achieve continuity of critical business processes and information flows under crisis, disaster or event driven circumstances. A26. Answer options A, B, and C are correct. A disaster recovery plan consists of the following phases: Emergency response phase Recovery phase Return to normal operations phase
Answer option D is incorrect. It is not a valid phase contained in a disaster recovery plan. A27. Answer option C is correct. A simulation test is a method used to test the disaster recovery plans. It operates just like a structured walk-through test. In a simulation test, the members of a disaster recovery team present with a disaster scenario and then, discuss on appropriate responses. These suggested responses are measured and some of them are taken by the team. The range of the simulation test should be defined carefully for avoiding excessive disruption of normal business activities. Answer option A is incorrect. The structured walk-through test is also known as the table-top exercise. In structured walk-through test, the team member's walkthrough the plan to identify and correct the weaknesses and how they will respond to the emergency scenarios by stepping in the course of the plan. It is the most effective and competent way to identify the areas of overlap in the plan before conducting more challenging training exercises. Answer option B is incorrect. A full-interruption test includes operations that shut down at the primary site and are shifted to the recovery site according to the disaster recovery plan. It operates just like a parallel test. The full-interruption test is very expensive and difficult to arrange. Sometimes, it causes a major disruption of operations if the test fails. Answer option D is incorrect. A parallel test includes the next level in the testing procedure, and relocates the employees to an alternate
295
recovery site and implements site activation procedures. These employees present with their disaster recovery responsibilities as they would for an actual disaster. The disaster recovery sites have full responsibilities to conduct the day-to-day organization's business. A28. Answer options A, B, and C are correct. The goals of the Disaster Recovery Plan include the following: A29. It protects an organization from major computer services failures. It minimizes the risk to the organization from delays in providing services. It guarantees the reliability of standby systems through testing and simulation. It minimizes decision-making required by the personnel during a disaster.
Answer option D is correct. A Risk is an uncertain event or condition that, if it occurs, has an effect on at least one project objective. A Project risk is concerned with the expected value of one or more results of one or more future events in a project. It is an uncertain condition that, if it occurs, has an effect on at least one project objective. Objectives can be the scope, schedule, cost, and quality. Project risk is always in the future. Answer option A is incorrect. Risk is not unknown, it is uncertain; in addition, the event can affect at least one project objective - not just the project scope. Answer option B is incorrect. This statement is almost true, but the event does not have to happen within the project execution. Answer option C is incorrect. Risks can affect time, costs, or scope not just the costs.
A30.
Answer option C is correct. The risk owner is the individual on the project team that is closest to the risk event. The risk owner can be an individual or an organization responsible for implementing risk responses or the contingency plan. The risk owner should be empowered with the ability to respond to the risk as it was planned.
296 Answer option A is incorrect. Diane is the project manager and likely won't be the risk owner as well. Answer option B is incorrect. The project sponsor authorizes the project but does not participate in the execution of the project. Answer option D is incorrect. While a subject matter expert may be the risk owner on some occasions, s/he won't be the risk owner on every occasion. A31. Answer options A and D are correct. The following are the two major tasks of risk management: Risk identification is the task of examining and documenting the security posture of an organization's information technology and the risks it faces. Risk control is the task of applying controls to reduce risks to an organization's data and information systems. Answer options B and C are incorrect. Building risk free systems and assuring the integrity of organizational data are the tasks related to the implementation of security measures. A32. Answer option C is correct. The Occupant Emergency Plan (OEP) is used to reduce the risk to the personnel, property, and other assets while minimizing work disorders in the event of an emergency. It is the response procedure for occupants of a facility on the occurrence of a situation, which is posing a potential threat to the health and safety of the personnel, the environment, or property. OEPs are developed at the facility level, specific to the geographic site and structural design of the building. Answer option A is incorrect. The Cyber Incident Response Plan is used to address cyber attacks against an organization's IT system through various procedures. These procedures enable the security personnel to identify, mitigate, and recover from malicious computer incidents, such as denial-of-service attacks, unauthorized accessing of a system or data, or unauthorized changes to system hardware, software, or data. Answer option B is incorrect. A disaster recovery plan should contain data, hardware, and software that can be critical for a business. It should also include the plan for a sudden loss such as hard disc crash. The business should use the backup and data recovery utilities to limit the loss of data.
297
Answer option D is incorrect. The crisis communication plan can be broadly defined as the plan for the exchange of information before, during, or after a crisis event. It is considered as a sub-specialty of the public relations profession that is designed to protect and defend an individual, company, or organization facing a public challenge to its reputation. The aim of the crisis communication plan is to assist organizations to achieve continuity of critical business processes and information flows under crisis, disaster or event driven circumstances. A33. Answer option D is correct. Nowadays, the color coding system for most fire extinguishers is red , with a block of color corresponding to the extinguisher type on top of the operating instructions. The color codes for the different types of extinguishers are as follows: Extinguisher Water Carbon Dioxide Foam Dry Powder Wet Chemical Vaporizing Liquid Color code Red Black Cream Blue Yellow Green
A34.
Answer options A, B, and C are correct. Water fire extinguishers are extinguishers mostly suitable for use on solid materials such as textile, wood, paper etc. These extinguishers are used for directing a jet of water onto a fire. This stream of water onto the fire minimizes the temperature of the burning material below the ignition point; however, these extinguishers should not be
298 used on live electrical equipments. The color code of water fire extinguisher is red. These extinguishers are only suitable for Class A (solid burning) fires. A35. Answer options A, C, and D are correct. Power sag is a condition that occurs when the voltage gets 80 to 85 percent below normal for short periods of time. The common causes that lead to power sags are heavy equipment being turned on, large electrical motors being started, and the switching of power mains (internal or utility). Power sag can lead to many adverse effects, such as memory loss, data errors, flickering lights, and equipment shutoff. A36. Answer option D is correct. The Senior management provides management, operational, and technical controls to satisfy the security requirements. The governance roles and responsibilities are mentioned below in the table: Governance Body Information Security Steering Commitee
Membership
Responsibilities
CFO, CEO, COO, CTO, VP Business It establishes and supports units chaired by the security programs CISO It provides management, C-level, unit VPs operational and technical controls to satisfy security and senior VPs requirements.
Senior Management
Chief Information Security Officer
CISO and staff
It directs and coordinates implementations of the information security program.
Business Managers
They Classify and establish for Unit Department heads requirements safeguarding information and supervisors assets.
uCertify Study Guide for EC-Council Exam 312-76 A37. Answer option B is correct.
299
Physical data recovery is used if a hard drive is not accessible by software, such as the system BIOS, Windows' Disk Management, or other disk utilities. In other words, it is used when a hard drive is considered as truly dead and in need of physical data recovery. A dead drive often displays other symptoms, such as not spinning, clicking, or making unusual noises. A drive with the above problems may have a damaged electronic board, read heads, motor, or magnetic media. Repair of drives is generally done by a data recovery company equipped with clean room facilities. This can be accomplished by imaging the drives, performing a logical file reconstruction if required, and replacing the damaged components. Answer option A is incorrect. Logical data recovery is the process of rebuilding files that are damaged or corrupted by user errors or virus attacks, rather than repairing the physically damaged hard drives. In this situation, the BIOS still recognizes the drive, but returns a read error when trying to access data. Answer option C is incorrect. TestDisk is a powerful free data recovery software. It was mainly designed to facilitate recovery of lost partitions, and to make non-booting disks bootable again when these symptoms occur due to faulty software, certain types of viruses, or human errors (such as unintentionally deleting a Partition Table). A Partition Table recovery using TestDisk is actually simple. Answer option D is incorrect. There is no such type of a method. A38. Answer options A, B, C, and D are correct. Recovery Management is the process of planning, testing, and implementing the recovery procedures and standards required to restore services in the case of a component failure. It is done either by returning the component to normal operation or taking alternative actions to restore services. It is the recognition that failures will occur regardless of how well the system is designed. The purpose is to anticipate and minimize the impact of these failures by implementing predefined, pretested, documented recovery plans and procedures. The principal objective of Recovery Management is to assure that service level requirements are achieved. It is accomplished by having recovery procedures in place that will restore services to a failing component as quickly as possible. A39. Answer option A is correct.
300 The Network Recovery Objective (NRO) describes how long it will take to switch over the network, which ensures that the end user is able to access the disaster recovery site. Telecom line costs at various bandwidths are needed to be determined for the NRO. The Network Recovery Objective (NRO) specifies the time needed to recover the network operations. It should be kept in mind that systems level recovery is incomplete if customers cannot access the application services via network connections. Hence, the NRO includes the time required to bring online alternate communication links, re-configure routers and name servers (DNS), and revise client system parameters for alternative TCP/IP addresses. Comprehensive network failover planning is equally important to data recovery in a Disaster Recovery scenario. Answer option B is incorrect. The Recovery Point Objective (RPO) is used to determine the maximum amount of time between the last available backup and potential failure point. It helps in determining the amount of data that the business can manage to lose in the event of a failure. The Recovery Point Objective (RPO) describes the acceptable amount of data loss measured in time. It is the point in time to which data must be recovered as defined by the organization. The RPO is generally a definition of what an organization determines is an "acceptable loss" in a disaster situation. If the RPO of a company is 2 hours and the time it takes to get the data back into production is 5 hours, the RPO is still 2 hours. Based on this RPO, the data must be restored to within 2 hours of the disaster. Answer option C is incorrect. The Recovery Time Objective (RTO) is the duration of time and a service level within which a business process must be restored after a disaster or disruption in order to avoid unacceptable consequences associated with a break in business continuity. It includes the time for trying to fix the problem without a recovery, the recovery itself, tests and the communication to the users. The decision time for user representative is not included. The business continuity timeline usually runs parallel with an incident management timeline and may start at the same, or different, points. In the accepted business continuity planning methodology, the RTO is established during the Business Impact Analysis (BIA) by the owner of a process (usually in conjunction with the Business Continuity planner). The RTOs are then presented to the senior management for acceptance. The RTO attaches to the business process and not the resources required to support the process. Answer option D is incorrect. This is an invalid option.
uCertify Study Guide for EC-Council Exam 312-76 A40. Answer option B is correct.
301
Lumigent Log Explorer is the first and only product that can use the log information to recover data, analyze user and application problems, and audit activity; all without run-time overheads. The SQL Servers transaction log contains the solution to a number of database problems, as the transaction log is an undocumented binary file. This product can analyze the database with complete access to the transaction log. It uses powerful filters to quickly find and solve user and application errors. It can recover a single row or an entire table while the database remains online. Answer option A is incorrect. Data Advisor is a simple powerful diagnostic software tool for assessing the condition of a computer system. It assesses the health of a hard disk drive, file structures, and the computer memory by identifying problems that could cause data loss. It is self-booting, so it runs even when a system does not boot to Windows. This diagnostic tool can be used to both diagnose the current problems and/or as part of the regular maintenance program. The regular maintenance program identifies potential problems that could lead to data loss. Answer option C is incorrect. Directory Snoop is a cluster-level search tool. It allows Windows users to snoop through their FAT and NTFS formatted disk drives to see what data may be hiding in the cracks. Directory Snoop can be used to recover deleted files, or a user can permanently erase sensitive files so that no one knows they ever existed. It includes local hard drives, floppy disks, Zip disks, MO disks, and flashcard devices. Directory Snoop requires non-compressed FAT12, FAT16, FAT32, or NTFS formatted volume, local hard drive, or removable media device (network and CD drives not supported). It supports Windows 95, 98, ME, NT, 2000, XP, Vista, or 7 for FAT module and Windows NT, 2000, XP, Vista, or 7 for the NTFS module. Answer option D is incorrect. A File Scavenger is a file undelete and data recovery tool for Windows XP, Windows 7, Vista, Windows Server 2003, Windows 2000, Windows NT, and Windows ME/98/95. It can recover files that have been accidentally deleted, including files removed from the Recycle Bin. The recovery is attempted before the files are permanently overwritten by a new data. File Scavenger supports both basic and dynamic disks, NTFS compression, alternate data streams, sparse files, unicode filenames, etc. It can also recover files from a reformatted or corrupted volume. This tool uses advanced algorithms to handle disks with bad sectors and badly corrupted partitions. A41. Answer option D is correct.
302 The System Restore utility is used to create restore points in Windows XP. System Restore is a recovery component of Windows XP Professional. It is used to restore a Windows XP Professional computer to a previous state without losing any personal data file. System Restore automatically creates restore points while monitoring changes made to the computer and application files. These restore points are used to revert the system to a previous state. Note: Restore points are created daily and at the time of major system events such as the installation of an application or driver. Restore points can be created and named manually at any time. Answer option A is incorrect. In the event of a system failure, the recovery of the system is difficult and tedious for administrators. Recovery involves reinstallation of the operating system, mounting and cataloguing the backup tape, and then performing the full restore. To make this process easier, Windows provides a feature called Automated System Recovery (ASR). ASR is used to perform a restore of the system state data and services in the event of a major system failure. An ASR restore includes the configuration information for devices. ASR backs up the system data and local system partition. Note: An ASR backup does not include folders and files. Answer option B is incorrect. DEFRAG is a system utility used to consolidate the fragmented files stored on the hard disk of a computer. Fragmented files are those files that are saved or stored in different locations of the hard disk. The tool arranges such files and stores them on the hard disk in contiguous blocks. The operating system can access these files at a faster rate than the fragmented ones. This utility can also be run on a computer through a command line interpreter. Syntax: defrag <volume> [-a] [-f] [-v] [-?] Switch -a -f Description Presents only an analysis. Forces defragmentation even if the free space is low.
303
-v -?
Gives verbose output. Displays help text.
Answer option C is incorrect. The CHKDSK command verifies the integrity of the hard disk installed on a computer. Using the command with different parameters can resolve a number of issues, which are described as follows: Switch Description
CHKDSK It fixes all errors on the hard disk of a computer. /f CHKDSK It displays the full path and name of every file on /v the disk. CHKDSK It locates the bad sectors and recovers readable /r information. It changes the log file size to the specified number CHKDSK of kilobytes. If the size is not specified, it displays /l the current size. CHKDSK It performs a less vigorous check of index entries. /i CHKDSK It skips checking of cycles within the folder /c structure. A42. Answer option A is correct. To perform a full server recovery, a user should recover all volumes from the backup set to the server. The procedure to perform the full server recovery of a domain controller is the same as for any server running Windows Server 2008. The user performs a nonauthoritative restore of Active Directory Domain Services (AD DS) during a full server recovery of a domain controller. A user can use these procedures to perform a full server recovery of a domain controller by using Windows Complete PC Restore that is a graphical user interface (GUI) tool and Wbadmin.exe from the command line. Answer option B is incorrect. Restorer2000 is an unformat and file recovery software for Windows 95/98/Me/NT/2000/XP/2003/Vista. It is a leading file recovery software and used by both experts and novice users. It is an ideal software for home and small office users
304 who need to recover accidentally deleted files or files from deleted/corrupted logical disks. Answer option C is incorrect. Data Advisor is a simple yet powerful diagnostic software tool for assessing the condition of a computer system. It assesses the health of a hard disk drive, file structures, and computer memory by identifying problems that could cause data loss. It is self-booting, so it runs even when the system does not boot to Windows. This diagnostic tool can be used to both diagnose current problems and/or as part of the regular maintenance program. The regular maintenance program identifies potential problems that could lead to data loss. Answer option D is incorrect. GetDataBack is a tool that is used to recover data if the hard drive's partition table, boot record, FAT/MFT, or root directory are lost or damaged, data was lost due to a virus attack, the drive was formatted, fdisk has been run, a power failure caused a system crash, files were lost due to a software failure, and files were accidentally deleted. GetDataBack can even recover data when the drive is no longer recognized by Windows. A43. Answer option A is correct. The CFMAIL bug occurs when a CFMail tag is called and the mail file that has the CFMAIL extension is stored in a folder on the local drive of the CF Server c:\cfusion\mail\spool. If ColdFusion is not capable of writing this file completely, then it creates a file less than 1Kb, which has no data or just has empty spaces. At this moment, the server uses dart.dll in order to access and send mails; dart.dll is locked up and goes into an infinite loop. This causes cfserver.exe to lock at 90-100 % CPU utilization. Restarting the ColdFusion Application Server service or rebooting the computer seems to have no effect, since the affected file remains in the mail spooler's folder. The solution of the CFMAIL bug is as follows: Open the Services dialog: NT40 Control Panel -> Services or Windows 2000 -> Control Panel -> Administrative Tools -> Services Stop the ColdFusion Application Server Service. Stop the ColdFusion Executive Service. Open a DOS window and cd to your \cfusion\mail\spool folder.
305
Remove all of the files from this location (del *. *) or move them to a different folder for a later review. Restart the ColdFusion Application Server Service. Restart the ColdFusion Executive Service. Review the files in the temp folder just created, removing any invalid files (these files may be opened with NotePad).
Answer option B is incorrect. A Variable deadlock arises when numerous processes or users make an effort to update the same memory in a Server, Application, or Session variable at the same time. On a site that receives a large amount of traffic, variable deadlocks on one site can cripple the performance of the entire server. The steps taken for recovering from the variable deadlock are as follows: Log in to the CF Administrator > enable "Full Checking" on the Server, Application, and Session scopes in the Locking section of the configuration. OR Use Studio's multiple file searches for the strings Server, Session, and Application, and ensure to use CFLOCK with all of the shared variables. This may take some time, but consider it a painful reminder that you must lock your code. Quickly browsing Application.log (\cfusion\log\ application.log) will reveal which CFM files and variables are causing the problem. Disable "Full Checking" and fix the code within the application causing the problem.
Answer option C is incorrect. The error ColdFusion and Microsoft SQL Server installed on the same server occurs when ColdFusion and MS SQL server act as very resource intensive applications. Both applications start to contend for the available resources on a server in a high-traffic environment. Answer option D is incorrect. ODBC errors cause ColdFusion to stop processing one or all MS Access databases on the server. The different types of ODBC errors are as follows: The Microsoft Jet database engine cannot open the file "(unknown)". Not enough space on temp drive Memory allocation error
306 A44. Answer option D is correct. Documentation control is a method of ensuring that system changes should be agreed upon before being implemented, only the proposed and approved changes are implemented, and the implementation is complete and accurate. Documentation control is involved in the strict events for proposing, monitoring, and approving system changes and their implementation. It helps the change process by supporting the person who synchronizes the analytical task, approves system changes, reviews the implementation of changes, and oversees other tasks such as documenting the controls. Answer option A is incorrect. Configuration auditing is the quality assurance element of configuration management. It is occupied in the process of periodic checks to establish the consistency and completeness of accounting information and to validate that all configuration management policies are being followed. Configuration audits are broken into functional and physical configuration audits. They occur either at delivery or at the moment of effecting the change. A functional configuration audit ensures that functional and performance attributes of a configuration item are achieved, while a physical configuration audit ensures that a configuration item is installed in accordance with the requirements of its detailed design documentation. Answer option B is incorrect. Configuration control is a procedure of the Configuration management. Configuration control is a set of processes and approval stages required to change a configuration item's attributes and to re-baseline them. It supports the change of the functional and physical attributes of software at various points in time, and performs systematic control of changes to the identified attributes. Answer option C is incorrect. Configuration identification is the process of identifying attributes that define every aspect of a configuration item. A configuration item is a product (hardware and/or software) that has an end-user purpose. These attributes are recorded in the configuration documentation and are baselined. Baselining an attribute forces formal configuration change control processes to be effected in the event that these attributes are changed. A45. Answer option D is correct.
307
The confidentiality service of a cryptographic system ensures that the information will not be disclosed to any unauthorized person on a local network. Answer option A is incorrect. The integrity service of a cryptographic system assures the receiver that the received message has not been altered. Answer option B is incorrect. The authentication service of a cryptographic system proves a user's identity. Answer option C is incorrect. The non-repudiation service of a cryptographic system proves that the sender really sent this message. A46. Answer option C is correct. Incremental backup type backs up files that have been added and all data that have been modified since the most recent backup was performed. Incremental backup backs up files that were created or changed since the last full or incremental backup; it provides a faster method of backing up data than most other backup methods. Restoring data from an incremental backup requires the last full backup and all subsequent incremental backups. Incremental backups must be restored in the same order as they were created. If any incremental backup in the incremental backup set is damaged or becomes corrupt, the data backed up after the corruption cannot be restored. Answer option A is incorrect. Full backup, also known as normal backup, involves backing up the entire hard disk and files of a machine. When the full backup type is set up, a user should choose which files, folders, and hard disks are to be backed up. After a full backup is performed, all archive bits are reset to 0. Answer option B is incorrect. A Differential backup backs up files that are created or changed since the last full backup. It requires the minimum space to backup data. Differential backup requires only the last full backup tape and the last differential backup tape to restore data. It is faster as compared to the full backup. Answer option D is incorrect. There is no such type of backup as daily backup.
308 A47. Answer option B is correct. A hot backup site is a replica of the original site of an organization with full computer systems as well as near-complete backups of user data. Real time synchronization between the two sites is usually used to completely represent the data environment of the original site using wide area network links and specialized software. Preferably, a hot backup site will be up and running within a matter of hours or even less. Answer option A is incorrect. Although a mobile backup site provides rapid recovery, it does not provide full recovery in time. Hence, a hot backup site takes the shortest recovery time. Answer option C is incorrect. A warm backup site is a compromise between hot and cold. These sites will have hardware and connectivity already established, though on a smaller scale than the original production site or even a hot backup site. Warm backup sites will have backups on hand, but they may not be complete. They may be between several days and a week old, for example, backup tapes sent to the warm backup site by courier. Answer option D is incorrect. A cold backup site takes the longest recovery time. It is the most inexpensive type of backup site for an organization to operate. It does not include backed up copies of data and information from the original location of the organization, nor does it include hardware already set up. Although the lack of hardware contributes to the minimal startup costs of the cold backup site, it requires additional time subsequent to the disaster to have the operation running at a capacity close to that prior to the disaster. A48. Answer options A, B, and D are correct. Backup4all is backup software for Windows operating system developed by Softland. It allows files to be backed-up to any local or network drive, FTP server, CD/DVD, or other removable media. It protects the data from partial or total loss. The application supports an XML plugin system that allows backing up the data and settings of different software applications. It also gives the user an option to compress the backed-up files using open-source standards. Genie Backup Manager Home is an ideal solution for data protection. It is a user friendly tool to backup personal data to a safe location. It allows novice and expert users to backup and recover data swiftly and reliably. It is used to backup photos, media, e-mails, and personal files and folders. A user can perform a complete backup of their computer system or simply backup their personal data.
309
NTI Backup Now is a complete backup and restore solution for SMB MIS, LAN, SOHO, desktop computer, and Notebook. It has an easy step user interface that guides a user to back up the complete computer system or specific files and folders. A user can manually perform the backup operation or can schedule it at a specific time. Answer option C is incorrect. BadCopy Pro is leading data recovery software for floppy disks, CDs, DVDs, memory cards, Zip disks, USB flash drives, etc. It can effectively recover and rescue corrupted or lost data from damaged, unreadable, formatted, or defective disks. It supports Microsoft Windows 95/98/2000/NT/ME/XP/2003/Vista. It can be used for damaged floppy disk repair, floppy data recovery, damaged or defective CD/DVD data recovery, lost photo recovery from a memory card, etc. A49. Answer options A, B, D, and E are correct. A File Scavenger is a file undelete and data recovery tool for Windows XP, Windows 7, Vista, Windows Server 2003, Windows 2000, Windows NT, and Windows ME/98/95. It can recover files that have been accidentally deleted, including files removed from the Recycle Bin. The recovery is attempted before the files are permanently overwritten by a new data. A File Scavenger supports both basic and dynamic disks, NTFS compression, alternate data streams, sparse files, unicode filenames, etc. It can also recover files from a reformatted or corrupted volume. This tool uses advanced algorithms to handle disks with bad sectors and badly corrupted partitions. Recover4all is software that can easily recover (undelete) files that were accidentally deleted under Windows. It can recover files that were directly deleted or deleted through the Recycle Bin. This tool is fast and very easy to use. It is very easy to restore the deleted files with a few mouse clicks. Recover4all does not require installation and can be run directly from a USB disk, flash drive, etc. to prevent files that were already deleted from becoming overwritten. Fast File Undelete is a tool that provides a quick and effective way to retrieve valuable data lost due to deletion. It allows retrieval of files which have been deleted from a disk and have been removed from the Recycle Bin. Fast File Undelete is easy to use and requires no special knowledge. It can be used with Windows NT, 2000, or 2000 advanced server. Recover It All is an effective data recovery software that is used for restoration of data lost due to accidental format, deleted files, and virus attacks. It can recover and restore deleted or damaged partition or boot sectors. It is designed for FAT, FAT 32, and Windows 2000. It is a true 32-bit file recovery application. It can even recover lost directories and sub-directories.
310 Answer option C is incorrect. Pwdump is a Windows password recovery tool. A50. Answer option A is correct. BadCopy Pro is leading data recovery software for floppy disks, CDs, DVDs, memory cards, Zip disks, USB flash drives, etc. It can effectively recover and rescue corrupted or lost data from damaged, unreadable, formatted, or defective disks. It supports Microsoft Windows 95/98/2000/NT/ME/XP/2003/Vista. It can be used for damaged floppy disk repair, floppy data recovery, damaged or defective CD/DVD data recovery, lost photo recovery from a memory card, etc. Answer option B is incorrect. Directory Snoop is a cluster-level search tool. It allows Windows users to snoop through their FAT and NTFS formatted disk drives to see what data may be hiding in the cracks. Directory Snoop can be used to recover deleted files, or a user can permanently erase sensitive files so that no one knows they ever existed. It includes local hard drives, floppy disks, Zip disks, MO disks, and flashcard devices. Directory Snoop requires non-compressed FAT12, FAT16, FAT32, or NTFS formatted volume, local hard drive, or removable media device (network and CD drives are not supported). It supports Windows 95, 98, ME, NT, 2000, XP, Vista, or 7 for FAT module and Windows NT, 2000, XP, Vista, or 7 for the NTFS module. Answer option C is incorrect. Data Advisor is a simple yet powerful diagnostic software tool for assessing the condition of a computer system. It assesses the health of a hard disk drive, file structures, and the computer memory by identifying problems that could cause data loss. It is self-booting, so it runs even when a system does not boot to Windows. This diagnostic tool can be used to both diagnose the current problems and/or as part of the regular maintenance program. The regular maintenance program identifies potential problems that could lead to data loss. Answer option D is incorrect. GetDataBack is a tool that is used to recover data if the hard drive's partition table, boot record, FAT/MFT, or root directory are lost or damaged, data was lost due to a virus attack, the drive was formatted, fdisk has been run, a power failure caused a system crash, files were lost due to a software failure, and files were accidentally deleted. GetDataBack can even recover data when the drive is no longer recognized by Windows.
311
Acronyms
AAH AMURT BCP BIA COOP DMZ Action Against Hunger Ananda Marga Universal Relief Team Business Continuity Planning Business impact analysis Continuity Of Operation Plan Demilitarized zone
ENN
Emergency Nutrition Network
FEMA
Federal Emergency Management Agency
HRIP
Health Records and Information Privacy Act
ICRC
International Committee of the Red Cross
MCC
Mennonite Central Committee
NERT
National Emergency Response Team
RAID
Redundant Array of Inexpensive Disks
IP
Internet Protocol
TCP
Transmission Control Protocol
312
UDP
User Datagram Protocol
ICMP
Internet Control Message Protocol
UDF
Universal Disk Format
313
Glossary
ABC backup software
ABC backup software is used to copy, upload, and download data on schedule from a PC to various storages, such as network disks, remote FTP servers, etc. The program copies the data "as is" or creates archived files or directories for copying. ABC backup software uses the zip algorithm to archive data.
Acceptance response
Acceptance response is a part of the Risk Response planning process. Acceptance response delineates that the project plan will not be changed to deal with the risk. Management may develop a contingency plan if the risk does occur. Acceptance response to a risk event is a strategy that can be used for risks that pose either threats or opportunities.
Action Against Hunger (AAH)

Action Against Hunger (AAH) is a global humanitarian organization that has committed to ending world hunger. AAH has the objective to save lives by eradicating hunger through prevention, detection, and treatment of malnutrition, particularly during and after emergency situations of conflict, war, and natural disaster.
Active@ UNERASER
Active@ UNERASER is powerful hard drive recovery software for DOS and Windows. It is used to recover deleted files and folders on the FAT12, FAT16, FAT32, and NTFS file systems. Active@ UNERASER can even restore files from deleted and reformatted partitions. It is not necessary to install this tool on a system's hard drive, as it fits on a boot floppy disk.
AFFF fire extinguishers

AFFF (Aqueous Film Forming Foam) fire extinguishers are highly recommended for any office environment. These extinguishers are best suited for use on class A and B fires, i.e., fires involving combustible organic materials and flammable liquids (such as petrol or oils). Its dual A and B rating capability makes it useful for both solid burning and liquid burning fires. These extinguishers are best suited for petrol and diesel fires. These extinguishers are less suitable for fires in deep fat fryers.
Agile testing
314 Agile testing is a software testing practice. It follows the principles of agile software development. This testing does not accentuate the testing procedures and focuses on ongoing testing against the newly developed code until quality software from an end customer's perspective results. It is built upon the philosophy that testers need to adapt to the rapid deployment cycles and changes in the testing patterns.
Air conditioner
An air conditioner is an equipment that is used for cooling the indoor air by removing heat and depositing it outside. It is used for circulating the indoor air and prohibiting the outside air from entering inside. It works as a device that simultaneously controls the air temperature, purity, relative humidity, and motion in an enclosed space. The cooling of the enclosed space is done through a simple refrigeration cycle. It dehumidifies an enclosed area. It consists of a cooling coil or evaporator, and an electrically driven compressor and condenser combination.
Ananda Marga Universal Relief Team (AMURT)

The Ananda Marga Universal Relief Team (AMURT) is a private international voluntary organization originated in India. It has set up teams in thirty-four countries so far to build a network, which can meet disaster and development needs of the world. Its goals included longterm development. AMURT plays a vital role in helping weak communities break the cycle of poverty and achieve greater control over their lives.
APW extinguisher
An APW (Air Pressurized Water) extinguisher is also known as a class A fire extinguisher. It is used to put out fire from the burning material by absorbing heat.
ARP spoofing
Address Resolution Protocol (ARP) spoofing, also known as ARP poisoning or ARP Poison Routing (APR), is a technique used to attack an Ethernet wired or wireless network. ARP spoofing may allow an attacker to sniff data frames on a local area network (LAN), modify the traffic, or stop the traffic altogether.
Arson
Arson is defined as the willful act of setting something on fire. Arson is the crime of purposely or maliciously setting fire to structures or wildland areas.
315
Backup4all
Backup4all is backup software for the Windows operating system developed by Softland. It allows files to be backed up to any local or network drive, FTP server, CD/DVD, or other removable media.
Basel II accord
The Basel II accord describes the minimum regulatory capital to be allocated by each bank based on its risk profile of assets. The capital adequacy ratio (CAR) of a minimum of 8 percent is maintained by the banks.
Border network
A border network is the network infrastructure area that separates a network into two parts using an Internet gateway router. It is the prime ingredient of a perimeter network that enhances the security at the outermost inlet or gateway towards the enterprise network.
Brick-Level Mailbox backup

Brick-Level mailbox backup is a method that uses MAPI (just like Outlook does) to log on the backup programs into each mailbox on the store and then backs up the contents of the mailboxes to the tape device.
BS 7799 Part 1
BS 7799 Part 1 was a standard originally published as BS 7799 by the British Standards Institute (BSI) in 1995. It was eventually adopted by ISO as ISO/IEC 17799, "Information Technology - Code of practice for information security management" in 2000.
BS 7799 Part 2
BS 7799 Part 2 of BS7799 was first published by BSI in 1999, known as BS 7799 Part 2, titled "Information Security Management Systems Specification with guidance for use".
Business Continuity
Business continuity is the activity performed by an organization to ensure that critical business functions will be available to customers, suppliers, regulators, and other entities that must have access to those functions.
316
Business Continuity Management

Business Continuity Management is a management process that determines potential impacts that are likely to threaten an organization. It provides a framework for promoting quick recovery and the capability for an effective response to protect the interests of its brand, reputation, and stakeholders.
Business Continuity Planning

Business Continuity Planning (BCP) is the creation and validation of a practiced logistical plan that defines how an organization will recover and restore partially or completely interrupted critical (urgent) functions within a predetermined time after a disaster or extended disruption. The logistical plan is called a Business Continuity Plan.
Business Impact Analysis (BIA)

A business impact analysis (BIA) is a crisis management and business impact analysis technique that identifies those threats that can impact the business continuity of operations.
CAN-SPAM Act of 2003

The CAN-SPAM Act of 2003 was signed into law by President George W. Bush on December 16, 2003. It establishes the United States' first national standards used for sending the commercial e-mail.
Carbon-dioxide fire extinguishers

Carbon-dioxide fire extinguishers are used for class B and C fires. These extinguishers contain a non-flammable gas (carbon-dioxide) at a very high pressure.
Catastrophic incident
A catastrophic or level 5 incident is an emergency that covers the entire campus and surrounding communities. Such incidents are generally multi-hazard and beyond the crisis response capabilities of the campus and local resources, such as bioterrorism, plane crash on campus, etc.
CBRN
CBRN is pronounced as C-BURN. It is an initialism for chemical, biological, radiological, and nuclear. It is commonly used worldwide to
317
refer to incidents or weapons in which any of these four hazards have presented themselves.
Certification and Accreditation

Certification and Accreditation (C&A or CnA) is a process for implementing information security. It is a systematic procedure for evaluating, describing, testing, and authorizing systems prior to or after a system is in operation.
CFMAIL bug
The CFMAIL bug occurs when a CFMail tag is called and the mail file that has the CFMAIL extension is stored in a folder on the local drive of the CF Server c:\cfusion\mail\spool.
Change Management
Change Management is used to ensure that standardized methods and procedures are used for efficient handling of all changes. A change is "an event that results in a new status of one or more configuration items (CI's)" approved by management, is cost effective, and enhances business process changes (fixes) - with a minimum risk to IT infrastructure.
Checklist test
A checklist test is a test in which the disaster recovery checklists are distributed to the members of the disaster recovery team.
Civil disorder terrorism

Civil disorder terrorism is a category of terrorism. Civil disorder is also known as civil unrest or civil strife. It is a broad term that is typically used by law enforcement to describe one or more forms of disturbance caused by a group of people.
Cold backup site

A cold backup site takes the longest recovery time. It is the most inexpensive type of a backup site available for an organization to operate. It does not include backed up copies of data and information from the original location of the organization, nor does it include hardware already set up.
318
Communications Management Plan

The Communications Management Plan aims to define the communication necessities for the project and how the information will be circulated. The Communications Management Plan sets the communication structure for the project.
Configuration audits
Configuration audits confirm that the configuration identification for a configured item is accurate, complete, and will meet specified program needs.
Configuration Management System

Configuration Management System is a subsystem of the overall project management system. It is a collection of formal documented procedures used to identify and document the functional and physical characteristics of a product, result, service, or component of the project.
Conflict of interest
A conflict of interest occurs when a person is in a position to influence decisions or other outcomes on behalf of one party when such decisions or outcomes could affect the party with which the person has competing loyalties.
Containment phase of the Incident handling process

The Containment phase of the Incident handling process is responsible for supporting and building up the incident combating process. It ensures the stability of the system and also confirms that the incident does not get any worse.
Contingency plan
A contingency plan is a plan devised for a specific situation when things could go wrong. Contingency plans are often devised by governments or businesses who want to be prepared for anything that could happen.
Continuity Of Operation Plan (COOP)

The Continuity Of Operation Plan (COOP) refers to the preparations and institutions maintained by the United States government, providing survival of federal government operations in the case of catastrophic events.
319
Crash Recovery Kit for Linux

Crash Recovery Kit for Linux is a handy tool used in case of some hardware failure, such as a broken disk. It can recover a trashed LILO boot record.
Crisis
A crisis is described as a major threat to operations that encompasses negative consequences if not dealt accurately. The crisis develops financial losses by disrupting operations, generating losses of market share/purchase intentions, or spawning lawsuits related to the crisis.
Crisis communication plan

The crisis communication plan can be broadly defined as the plan for the exchange of information before, during, or after a crisis event. It is considered as a sub-specialty of the public relations profession that is designed to protect and defend an individual, company, or organization facing a public challenge to its reputation.
Crisis management process

The crisis management process is used by the organization to handle the main event warning to damage the organization, stakeholders, and the common people.
Critical Path Method

Critical Path Method, abbreviated CPM, or Critical Path Analysis, is a mathematically based algorithm for scheduling a set of project activities. CPM models the activities and events of a project as a network. Activities are depicted as nodes on the network, and events that signify the beginning or ending of activities are depicted as arcs or lines between the nodes.
CSIRT
Computer Security Incident Response Team (CSIRT) is a name given to expert groups that handle computer security incidents. Most groups append the abbreviation CSIRT or CERT to their designation where the latter stands for Computer Emergency Response Team.
Cyber Incident Response Plan

The Cyber Incident Response Plan is used to address cyber attacks against an organization's IT system through various procedures. These
320 procedures enable security personnel to identify, mitigate, and recover from malicious computer incidents, such as denial-of-service attacks, unauthorized accessing of a system or data, or unauthorized changes to system hardware, software, or data.
Cyberstalking
Cyberstalking is the use of the Internet or other electronic means to stalk someone. It has been defined as the use of information and communications technology, particularly the Internet, by an individual or group of individuals, to harass another individual, group of individuals, or organization.
Cyberterrorism
Cyberterrorism is the leveraging of a target's computers and information, particularly via the Internet, to cause physical, real-world harm or severe disruption of infrastructure.
Data confidentiality
Data confidentiality is a security principle that ensures data privacy on the network system. It ensures that the data will be kept secret and will be accessed only by limited authorized users.
Data consolidation
Data consolidation means the consolidation of data from multiple sources into a centralized system.
Data Protection Act 1998

The Data Protection Act 1998 (DPA) is a United Kingdom Act of Parliament, which defines UK law on the processing of data on identifiable living people.
Database integrity test

Database integrity test techniques validate that data is being stored by the system in a manner where the data is not compromised by updating, restoration, or retrieval processing.
Differential backup
A differential backup backs up files that are created or changed since the last full backup. A differential backup is a backup of any file that has changed since the last full backup.
321
Digital Photo Recovery

Digital Photo Recovery refers to recovering images from the camera's memory card.
Directory Snoop
Directory Snoop is a cluster-level search tool. It allows Windows users to snoop through their FAT and NTFS formatted disk drives to see what data may be hiding in the cracks
Disaster recovery
Disaster recovery is a part of emergency management, which includes physical, environmental, and economic elements. It also has a psychosocial well-being. A recovery offers prospects to improve these aspects beyond previous conditions by enhancing social and natural environments, infrastructure, and economies, and thus contributing to a more flexible community.
Distributed computing
Distributed computing is a field of computer science that studies distributed systems. In distributed computing, a problem is divided into many tasks, each of which is solved by one computer.
Drought
Drought is the time period or condition of unusually dry weather within a geographic area where rainfall is generally present. During drought conditions, a region experiences a lack of precipitation.
Dry chemical extinguishers

Dry chemical extinguishers are very useful for extinguishing electrical fires. They can either be used for class ABC or class BC fires.
Dry powder fire extinguishers

Dry powder fire extinguishers are one of the most versatile fire extinguishers commonly used on Class A, B, and C fires and fires involving electrical equipment.
322
Eco-terrorism
Eco-terrorism is an act of terrorism, violence, or sabotage committed in support of ecological, environmental, or animal rights causes against persons or their property.
Emergency management
Emergency management is a field that deals with the strategic organizational management processes. It is used to protect the critical assets of an organization from hazard risks which are posed by disasters or catastrophes, and to ensure their continuance within their planned lifetime.
Emergency management team

The Emergency management team consists of executives and line managers to make strong decisions at the Emergency Operations Center. This team coordinates with the managers still operating on undamaged areas of the business and makes decisions about the allocation of personnel necessary to support the response and recovery efforts.
Emergency Nutrition Network (ENN)

The Emergency Nutrition Network (ENN) works as a humanitarian group of investigator that supports and assists activities to enhance the efficiency of emergency food and nutrition interventions.
Emergency situation
An emergency situation causes instant risks to life, health, property, environment. It requires immediate intervention to restrict deteriorating situation, while in some situations, mitigation is possible and agencies are only able to offer palliative care for consequences. and the not the
Eradication
Eradication is the phase in which the Incident Handler analyzes the information gathered to determine how the attack took place. It is important to understand the process of the attack to prevent it from occurring again.
323
Eradication phase of the Incident handling process

The Eradication phase of the Incident handling process involves the cleaning-up of the identified harmful incidents from the system. It includes the analyzing of the information that has been gathered for determining how the attack was committed.
Executive summary
The executive summary is a simple document that provides a high-level view of the entire organization's disaster recovery efforts.
FAU
Forensic Acquisition Utilities (FAU) is an Incident Response tool that is used to make an image of the system's memory and any devices attached to the system. FAU contained a modified Windows version of the Unix utility dd that could image not only the hard drives but also memory.
Federal Acquisition Regulation (FAR)

The Federal Acquisition Regulation (FAR) is the principal set of rules in the Federal Acquisition Regulation System.
Federal Emergency Management Agency (FEMA)

The Federal Emergency Management Agency (FEMA) is concerned with the mitigation, preparedness, response, and recovery activities. FEMA is the major source of federal support for learning in disaster management.
FFIEC
FFIEC stands for Federal Financial Institutions Examinations Council. The Federal Financial Institutions Examination Council (FFIEC) was established on March 10, 1979, in accordance with title X of the Financial Institutions Regulatory and Interest Rate Control Act of 1978 (FIRA), Public Law 95-630. In 1989, title XI of the Financial Institutions Reform, Recovery and Enforcement Act of 1989 (FIRREA) established The Appraisal Subcommittee (ASC) within the Examination Council.
File Scavenger
A File Scavenger is a file undelete and data recovery tool for Windows XP, Windows 7, Vista, Windows Server 2003, Windows 2000, Windows NT, and Windows ME/98/95.
324
Financial Groups Directive (FGD)

The Financial Groups Directive (FGD) is intended to collectively carry out supervision across sectors for financial organizations, which have significant activities in the banking, investment sectors, and insurance sectors.
Financial Transaction Report (FTR) Act

The Financial Transaction Report (FTR) Act provides the information of assured transactions and transfers to the Australian Transaction Reports and Analysis Centre (AUSTRAC), and entails assured obligations related to accounts and for other related purposes.
Fire
Fire refers to the visible effects of the process of combustion. It is a special type of chemical reaction. It takes place between oxygen in the air and some variety of fuels.
Flood
Floods are one of the most common hazards in the United States and other parts of the world. Flood refers to the swelling of the rivers during monsoons due to the excessive flow of water in the riverbed. Almost every nation is in danger due to the losses caused by this natural calamity.
Flood Disaster Protection Act of 1973

The Flood Disaster Protection Act was enacted in 1973 by Congress. It was introduced in order to protect homes that are most vulnerable to floods.
Foreign Corrupt Practices Act of 1977 (FCPA)

The Foreign Corrupt Practices Act of 1977 (FCPA) is a United States federal law.
Full backup
Full backup backs up the entire database including the transaction log.
Full-interruption test
A full-interruption test includes the operations that shut down at the primary site and are shifted to the recovery site according to the disaster recovery plan.
325
Functional Configuration Audit

Functional Configuration Audit or FCA is one of the practices used in Software Configuration Management for Software Configuration Auditing.
Genie Backup Manager Home

Genie Backup Manager Home is an ideal solution for data protection. It is a user friendly tool to backup personal data to a safe location.
GetDataBack
GetDataBack is a tool that is used to recover data if the hard drive's partition table, boot record, FAT/MFT, or root directory are lost or damaged, data was lost due to a virus attack, the drive was formatted, fdisk has been run, a power failure caused a system crash, files were lost due to a software failure, and files were accidentally deleted. GetDataBack can even recover data when the drive is no longer recognized by Windows.
HADR
HADR stands for High Availability Disaster Recovery. It is a data replication feature that provides a high availability solution for both partial and complete site failures.
Health Records and Information Privacy Act (HRIP)

The Health Records and Information Privacy Act (HRIP) protects the privacy of health information in New South Wales. It deals with managing of health information in both the public and private sectors in New South Wales.
Helix
Helix is a live acquisition tool that is used to collect volatile information. It presents a portable forensic environment, providing access to many Windows-based tools.
High voltage spikes

High voltage spikes take place when there is an abrupt, fast voltage peak of up to 6,000 volts.
326
HIPAA
The Health Insurance Portability and Accountability Act (HIPAA) of 1996 was enacted by the U.S. Congress in 1996. According to the Centers for Medicare and Medicaid Services (CMS) Website, Title I of HIPAA protects health insurance coverage for workers and their families when they change or lose their jobs.
Hot backup
Hot backup is a type of backup that is performed when data is actively accessible to users and is in a state of update.
Hot backup site

A hot backup site is a replica of the original site of an organization with full computer systems as well as near-complete backups of user data.
Hurricane
A hurricane is a tropical cyclone occurring in the North Atlantic Ocean or the Northeast Pacific Ocean, east of the International Dateline. A hurricane is also a wind storm like the tornado, but it is a tropical cyclone.
Incremental backup
An incremental backup backs up files that are created or changed since the last full or incremental backup. An incremental backup provides a faster method of backing up data than most other backup methods.
Information Assurance (IA)

Information assurance (IA) is the process of organizing and monitoring information-related risks. It ensures that only the approved users have access to the approved information at the approved time.
International Committee of the Red Cross (ICRC)

The International Committee of the Red Cross (ICRC) is an unbiased, neutral, and autonomous organization. Its mission is to look after the lives and dignity of victims of war and internal violence, and to provide them assistance with care.
327
International Federation of Red Cross and Red Crescent Societies (IFRC)

The International Federation of Red Cross and Red Crescent Societies (IFRC) is the biggest charitable organization in the world. It provides assistance with no discrimination of class, political opinions, nationality, race, or religious beliefs.
International Rescue Committee (IRC)

The International Rescue Committee (IRC) is a nonsectarian, nongovernmental international relief and development organization established in the United States.
Kernel Recovery for Macintosh

Kernel Recovery for Macintosh is a MAC data recovery software tool that helps in recovering deleted files and data from the Macintosh operating system.
Kernel Recovery for ReiserFS

Kernel Recovery for ReiserFS is advanced Linux data recovery software. It recovers missing/deleted data from the Linux-based Reiserfs File system.
Landslide
The term landslide is described as the gravitational movement of a mass of rock, debris, or earth down a slope. The classification of landslides is usually done on the basis of the material involved such as rock, debris, earth, mud and the type of movement such as fall, topple, avalanche, slide, flow, spread.
Load testing
Load testing involves end to end performance tests under anticipated load. Its main objective is to find out the response times for various time critical transactions and ensure that they are within documented prospects.
Logical data recovery

Logical data recovery is the process of rebuilding files that are damaged or corrupted by a user error or virus attack, rather than repairing the physically damaged hard drives.
328
Lumigent Log Explorer

Lumigent Log Explorer is the first and only product that can use the log information to recover data, analyze user and application problems, and audit activity - all without run-time overhead.
Man-made disasters
Man-made disasters are disasters resulting from man-made hazards. Man-made hazards or disasters are also known as anthropogenic. These disasters are major reasons for failure.
Mennonite Central Committee (MCC)

The Mennonite Central Committee (MCC) deals with peace, service, and relief agency representing 15 Mennonite, Brethren in Christ, and Amish bodies in North America.
Mercy Corps
Mercy Corps is concerned with helping public to turn the crises they meet into the opportunities they deserve.
Mitigation
Mitigation is a risk response planning technique associated with threats that seeks to reduce the probability of occurrence or impact of a risk to below an acceptable threshold.
NanoCopy technology
The NanoCopy technology is a PiT copy solution, which permits clients to capture a PiT copy (picture) of data with no interruptions in the application accessing the data.
National Emergency Response Team (NERT)

The National Emergency Response Team (NERT) is a non-profit, volunteer-based organization that develops disaster preparedness educational programs and delivers response services to areas affected by a disaster.
Natural disaster
A natural disaster refers to the results of the combination of natural hazards (physical events such as volcanic eruptions, landslides,
329
sinkholes, blizzards, drought, hailstorms, heat waves, hurricanes, tropical storms, typhoons, ice ages, tornadoes, etc.
Network Recovery Objective

The Network Recovery Objective (NRO) describes how long it will take to switch over a network, which ensures that the end user is able to access the disaster recovery site.
Network-based intrusion detection system (NIDS)

A network-based detection system (NIDS) analyzes data packets flowing through a network. It can detect malicious packets that are designed to be overlooked by a firewall's simplistic filtering rules.
NTI Backup Now

NTI Backup Now is a complete backup and restore solution for SMB MIS, LAN, SOHO, desktop computer, and Notebook.
Office of Thrift Supervision

The Office of Thrift Supervision (OTS) is a United States federal agency under the Department of the Treasury. It is the primary federal regulator of federally chartered and state chartered savings associations.
OODA loop
The OODA loop (for observe, orient, decide, and act) is a concept originally applied to the combat operations process, often at the strategic level in both military and business operations.
Organizational chart reviews method

The organizational chart reviews method of the identifying appropriate BIA interviewees' process consists of reviewing the organizational chart of the enterprise to understand the different functional positions.
Parallel test
A parallel test includes the next level in the testing procedure, and relocates the employees to an alternate recovery site and implements site activation procedures.
330
PERT chart
A PERT chart is a project management tool used to schedule, organize, and coordinate tasks within a project. PERT stands for Program Evaluation Review Technique, a methodology developed by the U.S. Navy in the 1950s to manage the Polaris submarine missiles.
Physical Configuration Audit

Physical Configuration Audit (PCA) is one of the practices used in Software Configuration Management for Software Configuration Auditing.
Physical data recovery

Physical data recovery is used if a hard drive is not accessible by software, such as the system BIOS, Windows' Disk Management, or other disk utilities.
PIPEDA
PIPEDA stands for Personal Information Protection and Electronic Documents Act. It is a Canadian law related to data privacy and it governs how private-sector organizations collect, use, and disclose personal information in the course of commercial business.
Power outage
A power outage is also known as blackout or power failure. It is a shortor long-term loss of the electric power to an area.
Power sag
A power sag is a condition that occurs when voltages get 80 to 85 percent below normal for short periods of time.
Power surge
A power surge is a condition that arises when the voltage gets 110% above normal.
Project risk
Project risk is concerned with the expected value of one or more results of one or more future events in a project.
331
RAID-5
RAID-5 supports striped-with-parity. It contains a minimum of three disks. In this disk system, data along with its parity bits is stored across multiple disks.
Recovery Mangement
Recovery Management is the process of planning, testing, and implementing the recovery procedures and standards required to restore service in the case of a component failure.
Recovery phase of the Incident handling process

The Recovery phase of the Incident handling process is the stage at which the enterprise or the system is settled back to its balanced production state.
Recovery Point Objective

The Recovery Point Objective (RPO) is used to determine the maximum amount of time between the last available backup and potential failure point.
Recovery Time Objective

The Recovery Time Objective (RTO) is the duration of time and a service level within which a business process must be restored after a disaster or disruption in order to avoid unacceptable consequences associated with a break in business continuity.
Release Management
Release Management is used for platform-independent and automated distribution of software and hardware, including license controls across the entire IT infrastructure.
Residual risk
The residual risk is the risk or danger of an action or an event, a method or a (technical) process that still conceives these dangers even if all theoretically possible safety measures would be applied.
332
Risk acceptance
Risk acceptance is the practice of accepting certain risk(s), typically based on a business decision that may also weigh the cost versus the benefit of dealing with the risk in another way.
Risk analysis
Risk analysis is the science of risks and their probability and evaluation in a business or a process. It is an important factor in security enhancement and prevention in a system.
Risk assessment
Risk assessment is the first process of risk management. It helps in determining the extent of potential threats and risks associated with an IT system throughout its SDLC.
Risk transfer
Risk transfer is the practice of passing risk from one entity to another entity.
R-Linux
R-Linux is a free file recovery utility for the Ext2/Ext3/Ext4 FS file system. It is used in the Linux operating system and several UNIX operating systems.
Rmail
Rmail is an Emacs subsystem that is used to read and dispose the received mails. Rmail stores mail messages in files called Rmail files.
Robert T. Stafford Disaster Relief and Emergency Assistance Act

The Robert T. Stafford Disaster Relief and Emergency Assistance Act is also known as the Stafford Act. It is a United States federal law designed to bring an arranged and systemic means of federal natural disaster assistance for state and local government.
SalvageData Recovery for Mac
333
SalvageData Recovery for Mac is a robust, easy to use, and effective professional data recovery software tool. It provides quick and easy data recovery from MacOS HFS & HFS+ volumes from a Windows-based PC.
Sarbanes-Oxley Act of 2002

The Sarbanes-Oxley Act of 2002 is also known as the 'Public Company Accounting Reform and Investor Protection Act' (in the Senate) and 'Corporate and Auditing Accountability and Responsibility Act' (in the House). It sets new enhanced standards for all U.S. public company boards, management and public accounting firms.
Save the Children

Save the Children is an autonomous organization that deals with the creation of enduring change in the lives of children in need in the United States and other parts of the world.
SDRW
SDRW stands for SalvageData Recovery for Windows. It is the best solution for recovering files from a crashed or virus-corrupted hard drive.
Security Test and Evaluation

Security Test and Evaluation (ST&E) is a component of risk assessment. It is useful in discovering system vulnerabilities.
Service Level Management

Service Level Management provides for continual identification, monitoring and review of the levels of IT services specified in the service level agreements (SLAs). It ensures that arrangements are in place with internal IT Support Providers and external suppliers in the form of Operational Level Agreements (OLAs) and Underpinning Contracts (UCs).
Sharing response
Sharing response is where two or more entities share a positive risk. Risk sharing deals with sharing of responsibility and accountability with others to facilitate the team with the best chance of seizing the opportunity.
Simulation test
A simulation test is a method used to test the disaster recovery plans. It operates just like a structured walk-through test.
334
Site network
A site network is the area where different events, structures and objects of a computer network are positioned.
SLA
A service level agreement (SLA) is a part of a service contract where the level of service is formally defined. It is a negotiated agreement between two parties where one is the customer and the other is the service provider.
SMART model
SMART or the Self-Monitoring, Analysis, and Reporting Technology model, is a monitoring system for computer hard disks to detect and report on various indicators of reliability, in the hope of anticipating failures.
SonaSafe
SonaSafe recommends total safety and provides the capability to work quickly in case of system failure or total disaster.
Stress testing
Stress testing simulates ever increasing load (i.e., more than the anticipated load). It checks for improper loss of data or service and often causes defects to come to light.
System Restore
System Restore is a recovery component of Windows XP Professional. It is used to restore a Windows XP Professional computer to a previous state without losing any personal data files.
Take-grant protection model

The take-grant protection model is a formal model used in the field of computer security to establish or disprove the safety of a given computer system that follows specific rules.
Tornado
A tornado is one of the most violent storms on the surface of the earth. It looks like a rotating, funnel shape cloud. These storms strike quickly without any prior warning.
335
Underpinning Contract
Underpinning Contract (UC) is a contract between an IT service provider and a third party. In another way, it is an agreement between the IT organization and an external provider about the delivery of one or more services.
United Nations Children's Fund (UNICEF)

The United Nations Children's Fund (UNICEF) was formed by the United Nations General Assembly. UNICEF offers enduring humanitarian and developmental support to mothers and children in developing countries.
Variable deadlock
Variable deadlock arises when numerous processes or users make an effort to update the same memory in a Server, Application, or Session variable at the same time.
Virus
A virus is an executable file that infects documents, has replacing ability, and avoids detection. Viruses are designed to corrupt or delete data files from the hard disk.
Volcano
A volcano is a mountain having an opening downwards to the reservoir of molten rocks towards the surface of the earth. Volcanoes are caused by the growth of igneous products.
Vulnerability
Vulnerability is a weakness or lack of safeguard that can be exploited by a threat, thus causing harm to the information systems or networks.
Water fire extinguishers

Water fire extinguishers are extinguishers mostly suitable for use on solid materials such as textile, wood, paper, etc. These extinguishers are used for directing a jet of water onto a fire.
Wet chemical fire extinguishers

Wet chemical fire extinguishers are basically used for cooking fires. It is the only type of fire extinguisher that should be used on burning cooking oil and other fats, such as butter, lard, etc.
336
White box testing

White box testing, also known as Clear box or Glass box testing, takes into account the internal mechanism of a system or application. The connotations of "Clear box" and "Glass box" indicate that a tester has full visibility of the internal workings of the system. It uses knowledge of the internal structure of an application.
Wildfire
A wildfire is any uncontrolled fire in combustible vegetation that occurs in the countryside or a wilderness area. The main problem faced by the people who live around forest areas is of wildfires.
337
Things to Practice: A Final Checklist

EC-Council has specified more than 64 objectives for the EDRP certification exam, which are grouped under 19 modules. Following are some important areas in which an individual should possess good knowledge before taking the EDRP exam: Understanding process. seven-step information gathering
Describing Disaster Recovery and Business Continuity Understanding Nature and Causes of Disasters Understanding Emergency Management Defining Laws and Acts Describing Business Continuity Management Understanding Disaster Recovery Planning Process Describing Risk Management Understanding Facility Protection Explaining Data Recovery Understanding Data Recovery Understanding System Recovery Providing Windows Data Recovery Tools Describing Incident Response Defining Organizations Services during Disasters Describing Organizations Providing Disaster Recovery Solutions
338
uCertify Test Prepration Software for EC-Council Exam 312-76

uCertify test preparation simulation software (PrepKit) is designed to efficiently help you pass the EC-Council Exam 312-76. Each PrepKit contains hundreds of practice questions modeled on real world scenarios. Each exam objective is covered with full explanations of key concepts and numerous study aids such as study guides, pop quizzes and flash cards help reinforce key concepts. Installation is simple and no internet connection is required once you have installed the PrepKit. To download a free trial please visit: Download link: http://www.ucertify.com/exams/EC-Council/312-76.html At the core of every uCertify Prepkit is our powerful PrepEngine that allows for a sophisticated level of customized learning. The folks at uCertify, understand that your time is important. We have created a unique blend of learning and test preparation, the foundation of which is working smarter. Years of experience has gone into the creation of detailed reference material that ensure your learning and practice questions that closely simulate real life technical problems to test your understanding of the subject. Our time tested and continuously improving methodology instantly gives you the benefit of separating the fluff from the real deal. Anticipating your needs and customizing the material to your strengths and weaknesses is at the core of our unique engine. We help you gain the skills you need not just to pass the test, but to actually use them on the job! uCertify's Prepkits have numerous built-in Study Aids such as Flash Cards, Study Notes, Tagging and more reduce the burden of trying to determine how to sift through vast study material by providing refresher or quick reference at any time. Studies have shown this raises the confidence level of students. The student can on the fly, customize Practice tests and learning, such that the content meets their current levels of knowledge. Immediate, Gap analysis reports tell the student what they need to learn to perform better in a particular subject area. Context sensitive study material and tips help enhance a students knowledge of a subject area, helping them truly learn the material. This helps improve student performance and productivity on the job for employees. The platform also has the capability for subject matter expertise to be captured and communicated in a consistent manner.
339
You can review your performance on the various tests you have taken using the test history feature. It is a chronological report of all the tests you have taken with their respective scores. The report also tells you where you stand in terms of whether your score is average, you need to review the material or the other. You then have the option to retake the test or go back to studying the material that you got wrong.
340
Top 12 features of our Award Winning Prepkits

Simple, intuitive, user-friendly interface One click dashboard makes it easy to find what you need Guided learning steps you through the process of learning and test preparation, including crucial information about the exam format and test preparation tips Reference Notes and Study Guides organized according to the actual test objectives Numerous study aids, including study notes, flash cards, pop Pop Quiz and more Useful Technical Articles section contains information written by industry experts and How Tos that help for easy look up to specific questions Collaboration Exhaustive practice questions and tests, starting with Diagnostic tests to determine your initial level Learning and test modes Customize your tests decide how many questions, combine one or more topics of your choice, quiz yourself on a study note, increase the level of difficulty based on your performance at any point in time, even create a test based on the amount of time you have to take a test! Feedback and assessment when you need it, including Gap Analysis that clearly indicate your areas of strength and weakness Full length Final Practice test that closely simulates those on the certification exam to gauge your preparation level for the actual exam
341
Contact us
Fax: 209 231 3841 US: 800 796 3062 International: 1 415 513 1125 India: 532 244 0503 Sales: sales@ucertify.com Support: support@ucertify.com
342
Useful Links
uCertify USA: http://www.ucertify.com/ uCertify India: http://www.ucertify.in/ Download PrepKits: http://www.ucertify.com/download/ PrepEngine Features: http://www.prepengine.com/ uCertify Blog: http://www.ucertify.com/blog

312 76 Study Guide 74b5fb7868

Caricato da

Informazioni sul documento

Descrizione originale:

Titolo originale

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

312 76 Study Guide 74b5fb7868

Caricato da

Copyright:

Formati disponibili

uCertify Study Guide for EC-Council Exam 312-76

EC-Council Disaster Recovery Professional (EDRP)

Pass your certification exam in first attempt

uCertify.com The fastest way to IT Certification

uCertify Study Guide for EC-Council Exam 312-76

uCertify.com Fastest way to IT Certification

uCertify Study Guide for EC-Council Exam 312-76

uCertify Study Guide for EC-Council Exam 312-76

uCertify.com Fastest way to IT Certification

How this book will help you

Lily Joshi Manish Kumar Avdhesh Jaiswal

uCertify Study Guide for EC-Council Exam 312-76

uCertify.com Fastest way to IT Certification

uCertify.com The fastest way to IT Certification

uCertify Study Guide for EC-Council Exam 312-76

About this Book

uCertify.com Fastest way to IT Certification

About Exam 312-76: EC-Council Disaster Recovery Professional (EDRP)

uCertify.com The fastest way to IT Certification

uCertify Study Guide for EC-Council Exam 312-76

Phone (US and Canada)

Phone (Other Countries)

Exam Objectives & Skills Expected

Who should take this exam?

uCertify.com The fastest way to IT Certification

uCertify Study Guide for EC-Council Exam 312-76

FAQ for EC-Council Exam 312-76

Q. What is the exam fee?

uCertify.com The fastest way to IT Certification

uCertify Study Guide for EC-Council Exam 312-76

Test Taking Tips

Before the test

The Big Day

uCertify.com The fastest way to IT Certification

uCertify Study Guide for EC-Council Exam 312-76

Section B Core Contents

uCertify.com Fastest way to IT Certification

Chapter 1 - Disaster Recovery and Business Continuity

The following are the two broad categories of disasters:

uCertify Study Guide for EC-Council Exam 312-76

uCertify.com The fastest way to IT Certification

uCertify Study Guide for EC-Council Exam 312-76

Disaster Recovery and Business Continuity Program

uCertify.com The fastest way to IT Certification

uCertify Study Guide for EC-Council Exam 312-76

Best Practices in Disaster Recovery & Business Continuity Program

uCertify Study Guide for EC-Council Exam 312-76

Ans: Business impact assessment (BIA)

Ans: Checklist test

uCertify.com Fastest way to IT Certification

uCertify.com The fastest way to IT Certification

uCertify Study Guide for EC-Council Exam 312-76

Test Your Knowledge

uCertify.com The fastest way to IT Certification

uCertify Study Guide for EC-Council Exam 312-76

uCertify Study Guide for EC-Council Exam 312-76

uCertify.com Fastest way to IT Certification

Chapter 2 - Nature and Causes of Disasters

uCertify Study Guide for EC-Council Exam 312-76

Ans: Human interference

Ans: Power failure

Landslides, Hurricanes, Floods, and Wildfires