1. Secure Backups
Why do you think it is important to include end users in the process of
creating the contingency plan? What are the possible pitfalls of end user
There have been several incidents lately in which backup media containing
personal customer information were lost or stolen. How should backup media be
secured? What about off-site storage of backups?
What kind of user training should be conducted to deal with the issue of
How do you strike a balance between being overwhelmed with false positives
and the danger of ignoring true incidents?
How would you build a CSIRT? What are the components to building an
Visit the Web site http://www.first.com. Summarize the goals of the
organization and the benefits of becoming a member.
4. Freezing Evidence
Do you think these issues play a significant part in the decision to involve
law enforcement? Why or why not?
Can you name some situations in which you believe that large organizations
have decided not to involve law enforcement?
5. Key Execution
What will happen if a network administrator leaves?
What customers or contacts would the company lose if a sales representative
What other positions can you name where a loss would have a potentially
significant negative effect on the company?
6. Availability vs. Confidentiality
Discuss the issues of availability versus confidentiality of the DR and BC
plans. The recommendation is for all DR team members to have several copies of
these plans, at the office and at home, and perhaps even in their vehicles to
ensure that the plans are available for a sudden onset disaster. Consider the
confidential nature of these plans, and the financial damage that could occur
if competitors obtained these documents. How can an organization meet this
objective and also protect this sensitive information? Consider accidental
loss, employee resignation, theft, etc