Chapter 2: Incident Response, Business Continuity (BC), and Disaster Recov
ery (DR) Concepts
Study online at https://quizlet.com/_b2exhn
1. Adverse Events Events with a negative consequence, such as system crashes, network packet
floods, unauthorized use of system privileges, defacement of a web page or
execution of malicious code that destroys data.
2. Breach The loss of control, compromise, unauthorized disclosure, unauthorized acqui-
sition or any similar occurrence where: a person other than an authorized user
accesses or potentially accesses personally identifiable information; or an autho-
rized user accesses personally identifiable information for other than an authorized
purpose. Source: NIST SP 800-53 Rev. 5
3. Business Conti- Actions, processes and tools for ensuring an organization can continue critical
nuity (BC) operations during a contingency.
4. Business Conti- The documentation of a predetermined set of instructions or procedures that
nuity Plan (BCP) describe how an organization's mission/business processes will be sustained
during and after a significant disruption.
5. Business Impact An analysis of an information system's requirements, functions, and interde-
Analysis (BIA) pendencies used to characterize system contingency requirements and priori-
ties in the event of a significant disruption. Reference: https://csrc.nist.gov/glos-
sary/term/business-impact-analysis
6. Disaster Recov- In information systems terms, the activities necessary to restore IT and commu-
ery (DR) nications services to an organization during and after an outage, disruption or
disturbance of any kind or scale.
7. Disaster Recov- The processes, policies and procedures related to preparing for recovery or con-
ery Plan (DRP) tinuation of an organization's critical business functions, technology infrastructure,
systems and applications after the organization experiences a disaster. A disaster
is when an organization's critical business function(s) cannot be performed at an
acceptable level within a predetermined period following a disruption.
1/2
ery (DR) Concepts
Study online at https://quizlet.com/_b2exhn
1. Adverse Events Events with a negative consequence, such as system crashes, network packet
floods, unauthorized use of system privileges, defacement of a web page or
execution of malicious code that destroys data.
2. Breach The loss of control, compromise, unauthorized disclosure, unauthorized acqui-
sition or any similar occurrence where: a person other than an authorized user
accesses or potentially accesses personally identifiable information; or an autho-
rized user accesses personally identifiable information for other than an authorized
purpose. Source: NIST SP 800-53 Rev. 5
3. Business Conti- Actions, processes and tools for ensuring an organization can continue critical
nuity (BC) operations during a contingency.
4. Business Conti- The documentation of a predetermined set of instructions or procedures that
nuity Plan (BCP) describe how an organization's mission/business processes will be sustained
during and after a significant disruption.
5. Business Impact An analysis of an information system's requirements, functions, and interde-
Analysis (BIA) pendencies used to characterize system contingency requirements and priori-
ties in the event of a significant disruption. Reference: https://csrc.nist.gov/glos-
sary/term/business-impact-analysis
6. Disaster Recov- In information systems terms, the activities necessary to restore IT and commu-
ery (DR) nications services to an organization during and after an outage, disruption or
disturbance of any kind or scale.
7. Disaster Recov- The processes, policies and procedures related to preparing for recovery or con-
ery Plan (DRP) tinuation of an organization's critical business functions, technology infrastructure,
systems and applications after the organization experiences a disaster. A disaster
is when an organization's critical business function(s) cannot be performed at an
acceptable level within a predetermined period following a disruption.
1/2
