CISA Reviews Questions

 A business continuity plan (BCP) is a system of prevention and recovery from potential threats to a company. The plan ensures that personnel and assets are protected and are able to function quickly in the event of a disaster1. A core part of a BCP is the documentation of workaround processes to keep a business function operational during recovery of IT systems. Workaround processes are alternative methods or procedures that can be used to perform a business function when the normal IT systems are unavailable or disrupted2. For example, if an online payment system is down, a workaround process could be to accept manual payments or use a backup system. Workaround processes help to minimize the impact of IT disruptions on the business operations and ensure continuity of service to customers and stakeholders3.

References:

1 explains what is a business continuity plan and why it is important.

2 defines what is a workaround process and how it can be used in a BCP.

3 provides examples of workaround processes for different business functions.

Ransomware is a type of malicious software that encrypts the victim’s data and demands a ransom for its decryption1. Ransomware attacks can cause significant damage to an organization’s operations, reputation, and finances1. Therefore, it is important to mitigate the impact of ransomware attacks by implementing effective prevention and recovery strategies.

One of the best ways to mitigate the impact of ransomware attacks is to back up data frequently12345. Data backups are copies of the organization’s data that are stored in a separate location or medium, such as an external hard drive, cloud storage, or tape2. Data backups can help the organization restore its data in case of a ransomware attack, without paying the ransom or losing valuable information2. Data backups should be performed regularly, preferably daily or weekly, depending on the criticality and volume of the data2. Data backups should also be tested periodically to ensure their integrity and usability2.

The other options are not as effective as backing up data frequently in mitigating the impact of ransomware attacks. Invoking the disaster recovery plan (DRP) is a reactive measure that can help the organization resume its operations after a ransomware attack, but it does not prevent or reduce the damage caused by the attack3. Paying the ransom is not a recommended option, as it does not guarantee the decryption of the data or the deletion of the stolen data by the attackers. Paying the ransom also encourages further attacks and funds criminal activities14. Requiring password changes for administrative accounts is a good security practice, but it is not sufficient to prevent or recover from ransomware attacks. Ransomware attacks can exploit other vulnerabilities, such as phishing emails, outdated software, or weak network security15.

References: 1: How to Mitigate the Risk of Ransomware Attacks: The Definitive Guide 2: Mitigating malware and ransomware attacks - The National Cyber Security Centre 3: 3 steps to prevent and recover from ransomware 4: Ransomware Epidemic: Use these 8 Strategies to Mitigate Risk 5: Practical Steps to Mitigate Ransomware Attacks - ITSecurityWire

 The metric that best indicates the effectiveness of awareness training is the number of users reporting receipt of the email to the information security team. This shows that the users are able to recognize and report a phishing email, which is a common social engineering technique used by attackers to trick users into revealing sensitive information or installing malicious software. The other metrics do not demonstrate a high level of security awareness, as they either ignore, follow, or forward the phishing email, which could expose the organization to potential risks. References: CISA Review Manual, 27th Edition, page 326

 Coding standards provide field naming conventions, which are rules for naming variables, constants, functions, classes, and other elements in a program. Coding standards help to ensure consistency, readability, maintainability, and portability of code. Program documentation, access control tables, and data flow diagrams are not part of coding standards. References: CISA Review Manual (Digital Version), Chapter 4, Section 4.3.1