Clear Your Knowledge On IRP DRP BCP
Clear Your Knowledge On IRP DRP BCP
Clear Your Knowledge On IRP DRP BCP
Incident Terminology:
1. Breach: Loss of control, authorized disclosure, unauthorized acquisition, compromised
2. Event: An observable occurrence in the information system.
3. Exploit: A particular attack which happened because of system vulnerability.
4. Incident: An event that actually or potentially jeopardized the confidentiality, integrity and
availability of information systems.
5. Threat: Any circumstance or event with potential to adversely impact on organizational assets.
Component of Incident Response Plan: (An Incident Response Plan outlines the procedures and
protocols that an organization follows when a cybersecurity incident occurs.)
1. Preparation:
a. Develop policy
b. Incident response team
c. Practices Risk identification
d. Identify Roles and responsibilities
2. Detection & analysis:
a. Monitor all possible attack
b. Prioritize Incident Response
c. Standralize incident documentation
3. Containment & eradication:
a. Gather evidence
b. Choose containment strategy
c. Identify Attacker
d. Isolate the Attack
4. Post-Incident Activity:
a. Identify the documents that may need to be retained
b. Document lesson learned
BCP
Business Continuity Plan: (A Business Continuity Plan outlines the procedures and strategies that an
organization employs to ensure that essential business functions can continue or be rapidly restored
following a disruptive event.)
A major incident will interrupt business for an unacceptable length of time, and the organization cannot
just follow an incident plan but must move toward business continuity.
It focuses on the critical products & services that the organization provides & ensures those important
areas can continue to operate even at a reduced level of performance until business returns to normal.
DRP: (Disaster Recovery refers to the process of restoring IT systems, infrastructure, and data following a
disruptive event that affects the organization's ability to operate normally.)
Incident Response Plans focus on addressing security incidents and breaches, Business
Continuity Plans focus on maintaining essential business functions during disruptive events, and
Disaster Recovery plans focus on restoring IT systems and data following a disaster or
disruption.
● Incident Response Plans are often tested through simulated security incidents,
tabletop exercises, and red team/blue team exercises to evaluate the
organization's ability to detect, respond to, and recover from cyber threats.
● Business Continuity Plans are tested through exercises such as business impact
analysis, tabletop exercises, and full-scale simulations to assess the organization's
ability to maintain essential functions and services during disruptions.
● Disaster Recovery Plans are tested through disaster recovery drills, failover tests,
and data recovery exercises to validate the effectiveness of backup and recovery
procedures and ensure rapid restoration of IT systems and data.