Glossary

Search in book...
Toggle Font Controls
Create new playlist

Name your new playlist

Playlist description (optional)
Sign In

Email address

Password

Forgot Password?

or

Continue with Facebook

Continue with Google
Sign Up

Full Name

Email address

Confirm Email Address

Password

or

Continue with Facebook

Continue with Google

GLOSSARY

One value of creating a standard industry framework is that it will also create a language specific to business continuity planning. For a more definitive list of terms, refer to ISO standard 22300 “Societal security—Terminology.”

ACCEPTABLE USE POLICY A policy used by an organization to outline what can and cannot been done using the organization’s corporate network and access to the Internet. Employees are typically required to sign this policy before being granted access to the organization’s network.

ACL (ACCESS CONTROL LIST) A data file containing a list of the user IDs with permission to view or do something whenever someone tries to access a device or software component.

AFTER-ACTION REVIEW A response team self-assessment after resolving an incident or completing a plan test. Used to identify areas to improve recovery and team processes.

AVAILABILITY An information security requirement that data systems and data are available to authorized users whenever business needs require it.

BACKUP A copy of a file, directory, or volume placed on a separate storage device for the purpose of retrieval in case the original is accidentally erased, damaged, or destroyed.

BCP (BUSINESS CONTINUITY PLANNING) A plan that documents how an organization will respond in the case of a disaster. It includes the organization’s strategy for ensuring that it can continue to operate in the aftermath of a disaster.

BIA (BUSINESS IMPACT ANALYSIS) A top-to-bottom review of which business functions provide the greatest financial benefits to the company. The most critical functions and their associated IT systems should all be covered by disaster recovery plans and a proactive business continuity continuous improvement program.

BLUEJACKING Use of a device’s Bluetooth network to send spam messages to it. Cell phones of people walking past are a typical target.

BUSINESS CONTINUITY A proactive program to ensure that, despite significant business or IT problems, a company can still provide products and services to its customers.

BUSINESS INTERRUPTION Anything that disrupts the normal flow of business operations.

BUSINESS RESILIENCE Another term for Business Continuity that denotes that a company can still deliver its product or services despite a significant business or IT problem.

CAR WHISPERING When the Bluetooth connection between a cell phone and a car is monitored.

CERT (COMPUTER EMERGENCY RESPONSE TEAM) A group at Carnegie Mellon University that works closely with the Department of Homeland Security. CERT (www.cert.org) provides research, information, and training in all aspects of information security.

CLOUD COMPUTING A concept where IT-related resources are provided as a service over the Internet. Cloud services are often used to provide real-time data protection or as a hot recovery site.

CMMI (CAPABILITY MATURITY MODEL IMPROVED) Created by Carnegie Mellon University, a series of evaluations to assess the maturity of a company’s processes.

COBIT (CONTROL OBJECTIVES FOR INFORMATION AND RELATED TECHNOLOGIES) A governance framework that is promoted by the Information Systems Audit and Control Association (ISACA) and initially designed to assist financial auditors.

CONFIDENTIALITY IT security requirement that only authorized access is permitted to use data or to access specific software.

CONTINUOUS IMPROVEMENT PROGRAM A proactive program to constantly improve recovery plans and processes.

CONTROL A defensive measure that eliminates or minimizes a vulnerability. For example, the use of data mirroring reduces the likelihood of data loss if a disk drive physically fails.

DAT (DIGITAL AUDIO TAPE) An older, high-capacity tape backup format that can hold up to 320 gigabytes (GB) of data.

DATA REDUNDANCY The same data stored in more than one location. For example, updating a mirrored database at a cloud backup site at the same time changes are made to a local database.

DISASTER Any event that seriously disrupts a critical business or IT function. In most cases, some component of the business or IT systems must be moved to another location.

DISASTER RECOVERY The steps taken by a company to recover critical business and IT services from the damage of a disaster.

DISK DUPLEXING A method of safeguarding data whereby the data is copied simultaneously to two hard disks on separate channels. If one channel fails, the data on the other channel remains unharmed. When data is duplexed, read requests are sent to whichever disk in the pair can respond faster, decreasing the file server’s response time.

DISK MIRRORING A method of safeguarding data whereby the same data is copied to two hard disks on the same channel. If one of the disks fails, the data on the other disk is safe. Because the two disks are on the same channel, mirroring provides only limited data protection; a failure anywhere along the channel could shut down both disks and data would be lost. See also Disk Duplexing.

DOCUMENTATION Written (as opposed to online) explanations of something. For example, the instructions and references providing users with the necessary information to use computer programs and systems or to alter them at a later date.

DVD (DIGITAL VIDEO DISK) A high-density compact disk for storing large amounts of data, especially high-resolution audiovisual material. DVDs are often used to back up data on individual workstations. A typical DVD can hold up to 4.7 GB of data.

ELECTRONIC KEYS Short-range radio frequency devices, usually in the form of a card or key fob. The chip hidden in the key is energized when in close proximity to a reader, which queries it for its identification number.

ENCRYPTION The scrambling of information for transmission over a public communications system so that unauthorized access results in unreadable results. The receiver requires the same technology key to unscramble the coded information. Encryption is also used to store data.

FAULT TOLERANCE Resistance to system failure or data loss. For example, load sharing for servers. When one fails the other servers pick up the incoming transactions.

FILE SERVER A computer providing network stations with controlled access to shareable resources. The network operating system is loaded on the file server and most shareable devices, such as disk subsystems and printers, are attached to it. The file server controls system security. It also monitors station-to-station communications. A dedicated file server can be used online as a file server while it is on the network. A non-dedicated file server can be used simultaneously as a file server and a workstation.

FORENSIC DATA ANALYSIS The investigation into what happened to a data system or files and the identification of who may have done it. Essentially a technical detective that gathers traces left in system logs and other places to backtrack to the perpetrator.

IDS (INTRUSION DETECTION SYSTEM) A device and/or software that monitors a network for malicious activity. This includes threats from outside the organization as well as policy violations within the organization.

IM (INSTANT MESSAGING) A form of communication over the Internet that involves immediate messages between two or more users who are online simultaneously.

INTANGIBLE COSTS Lost opportunities, as some customers purchase from your competition while you’re down and may not return as customers.

INTEGRITY Information security requirement against unauthorized alteration of data (databases, files, email, software code, etc.)

INTEREXCHANGE CARRIER POINT OF PRESENCE The connection point where your company’s data network physically connects to the Internet.

INTERNET The largest network in the world. Successor to ARPANET, the Internet includes other large internetworks. The Internet uses the TCP/IP protocol suite and connects universities, government agencies, businesses, and individuals around the world.

INTERNET SERVICE PROVIDER (ISP) The vendor that connect your organization to the Internet.

ISO (INTERNATIONAL STANDARDS ORGANIZATION) A member-based series of standards that can be used to determine the thoroughness of a company’s plans and processes. ISO certifies compliance with its standards through the use of third-party auditors. Some companies’ customers find this certification comforting and may require it of major suppliers. ISO standard 22301 can be used to certify your disaster recovery/business continuity program.

ITIL (INFORMATION TECHNOLOGY INFRASTRUCTURE LIBRARY) A U.K.-originated effort that brings together the various components of IT operations into a single coordinated unit. ITIL is essentially a collection of best practices. Primarily used in the British Commonwealth, there are many large U.S. companies that now use some components of it. ITIL certifies individuals, not plans.

IT RECOVERY STRATEGY The company’s vision for how the IT systems will be recovered during a disaster. It will include an expected recovery time and the amount of data that can be lost from a catastrophic event. It is based on the BIA and risk assessment.

IVR (INTERACTIVE VOICE RESPONSE) An automated menu that redirects callers to another circuit based on the information that the caller enters using the telephone keypad.

KEY LOCKER A secure storage cabinet, normally in the security office, where copies of physical keys are maintained for access to all locked spaces in an emergency.

LAN (LOCAL AREA NETWORK) The linkage of computers within a limited area so that users can exchange information and share peripherals. This network can be wired or wireless.

MAINFRAME A large computer, generally with high-level and multiprocessing power and the capacity to support many users at once.

MAO (MAXIMUM ACCEPTABLE OUTAGE) The maximum length of time that a system or business process can be unavailable before its loss begins to affect the operation of the organization.

MULTIFACTOR AUTHENTICATION The use of multiple verification techniques to verify an identity. Typically this authentication is done using something the user knows, something they have, and something that they are. For example, a password (something that you know), a security access badge (something you have) and a biometric measurement like a fingerprint (something that you are).

PAAS (PLATFORM AS A SERVICE) Builds on the concept of SaaS (Software as a Service) to allow organizations to build entirely new applications directly on the Internet.

PAN (PERSONAL AREA NETWORK) The smallest network, also called a piconet. A PAN is often centered on a cellular telephone or tablet PC. It uses Bluetooth technology to communicate with nearby devices.

PANDEMIC An outbreak of disease that affects a large area. For example, the publicity surrounding the Zika virus diminished tourism in the Caribbean areas during 2015–2016.

PANDEMIC STRATEGY A proactive program to ensure that despite widespread illness among employees, the company can continue to provide products and services to its customers.

PBX (PRIVATE BRANCH EXCHANGE) A special-purpose computer used to route telephone calls inside and outside of a building. In most companies, this has been replaced by an Internet-based server. See also VoIP (Voice-over-Internet Protocol).

PHYSICAL SECURITY The term for physically secure access to IT assets and confidential company documents. It is the first line of defense in information security and business continuity. Theft of documents, computers, network devices, and servers will also include the loss data stored within them. The site of a company disaster must be promptly physically secured to avoid looting.

POLICY A general statement of direction from management that provides employees with guidance in the shared goal of supporting the mission of the organization.

PRIVATE CLOUD A type of cloud infrastructure that is operated solely for the benefit of a single organization. It may be managed by the organization or by a third party and may exist on premise or off premise.

PROCEDURE Specific instructions on how to perform an activity. Procedures give detailed instructions on how to perform a well-defined function to achieve a particular result.

PSTN (PUBLIC SWITCHED TELEPHONE NETWORK) The traditional telephone network, which is designed to only carry traffic from about 10 percent of all telephones in an area.

RECORDS RETENTION A company policy that states how long to retain certain types of documents and may reduce the volume of vital records that must be protected.

RAID (REDUNDANT ARRAY OF INDEPENDENT DISKS) a data infrastructure technique used to reduce the likelihood of data loss.

RISK The potential of a disaster occurring is called its risk. Risk is measured by how likely this incident is to happen and how seriously it will hurt the organization.

RISK ANALYSIS A process that identifies the probable threats to your business. Risks are then ranked based on their likelihood of occurrence, the impact if they do occur, and the amount of warning before they strike.

RPO (RECOVERY POINT OBJECTIVE) The amount of data that can be lost without causing serious damage to a function. This value will drive the data recovery approach, as any data between the last backup and the disaster will be lost.

RTO (RECOVERY TIME OBJECTIVE) The length of time that the organization can operate with a vital function disabled before the organization suffers serious financial harm.

SAAS (SOFTWARE AS A SERVICE) A process where software is deployed, hosted, and managed for multiple parties from a centrally managed facility. The applications are delivered over networks on a subscription basis.

SOCIAL ENGINEERING The use of deception and personal persuasion to obtain access or information useful for illegal penetration of the company’s data systems. Also known as “people hacking.”

TABLE-TOP TESTING The simplest test of a recovery plan where participants sit around a table and step through the plans to recovery from a hypothetical disaster scenario.

TABLET A portable personal computer that uses a touchscreen as a primary input device and is designed for individual use. The Apple iPad and Samsung Galaxy Tab are popular examples.

TANGIBLE COSTS Company funds lost (or spent) during a business interruption.

TECHNICAL SECURITY All types of hardware and software technical controls restricting access to equipment or data. Examples are antivirus software, firewalls, encryption, and access control lists.

THREATS Anything that might cause a business interruption or might attack your information systems. Threats are potential attackers and most will never occur.

UPS (UNINTERRUPTABLE POWER SUPPLY) A device providing electric backup power to a computer system or other devices when the normal electric power fails. This occurs so quickly that the operation of devices that depend on electricity is not interrupted.

VDI (VIRTUAL DESKTOP INFRASTRUCTURE) A form of desktop virtualization that emulates the PC hardware environment of the client by delivery to a thin client from a server.

VITAL BUSINESS FUNCTION An ITIL term for a business function that is essential for the company to deliver its products to customers. Each vital business function must have a disaster recovery plan.

VITAL BUSINESS RECORDS Important company documents that must be protected from damage or destruction. Examples are real estate deeds, contracts and software licensing records.

VOIP (VOICE-OVER-INTERNET PROTOCOL) A technology that routes voice traffic through the Internet rather than the public telephone system. Voice traffic is transmitted through the workstation’s data connection and then on through the internet. The VoIP telephone converts the audio of your voice to a digital signal and then handles it like any other IP packet. This packet is then routed to its destination.

VPN (VIRTUAL PRIVATE NETWORK) Software used to establish a secure network connection between two computers via the Internet. For example, a VPN between your laptop and your corporate network. A VPN encrypts all traffic between the devices.

VULNERABILITIES Weaknesses in your business continuity plan that can allow threats to break through your defenses. Vulnerabilities are identified, assessed, and ranked by risk analysis.

WAN (WIDE AREA NETWORK) Any network extending more than a few miles. It can use more than one form of message carrying.

WORK AREA RECOVERY Recovering a place where the lines of business can continue their work. Accountants, lawyers, sales call center, materials management staff, and others need a desk and workstation if the recovered IT systems are to be useful.

WORK AREA RECOVERY STRATEGY The company’s vision of how much space is needed, where and by whom, and what communications are needed at the office recovery area. This is determined by the level of service to be provided until everything is recovered.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.

Table of Contents for Glossary

Create new playlist

Sign In

Sign Up

GLOSSARY

Table of Contents for
Glossary