Security+ Exam Objectives 6.3

6.3 Differentiate between and execute appropriate incident response procedures.

Forensics – Forensics involves the legal collection, protection, and proper analysis of evidence from a crime scene so that facts can be used and presented in court. The most important part of forensics is ensuring that evidence is properly gathered and is protected. With forensics, the chain of custody may not be broken or else the evidence cannot be used in court.

Chain of custody – The chain of custody is used and needed to account for every person who had access to or handled crime scene evidence as well as to ensure that proper steps were taken during evidence storage. It’s the basic who, what, when, where, why, and how. Anyone who sees or touched the evidence must be documented as to prevent any type of tampering. The chain of custody must be followed or else evidence cannot be used legally in court. 

First responders – When a breach or incident is reported or detected, incident response must begin with the first responders. These responders are the first to arrive at a crime scene and are needed to ensure that damage can be limited and so that needed information can be gathered properly and in a timely manner in the incident that a court hearing or trial is sought. Those designated as the first responders should be well aware of the incident response procedure in place. The plan should include proper documenting, backing up and copying any files that are affected, collecting audit logs, and many other procedures.

The first responders are entirely in charge of ensuring that the crime scene and any volatile evidence are properly protected. The responder can be a police officer, an IT staff member, or someone from a set team.

Damage and loss control – A first responder is the main person involved in damage and loss control. The first responder should work very closely to ensure that not damage is done to any potential evidence and that no evidence is lost in the investigation process. Because evidence can be destroyed and tampered with, a first responder needs to be well trained and aware of the situation at hand. Any evidence that is damaged or tampered with may not be usable in court.

Damage and loss control is also important when attempting to minimize and reduce the impact of an incident. The incident response team should know what to do in the case of all sorts problems, such as a virus attack. Damage and loss control can involve knowing what servers need to be turned off or taken off the network and how business can continue while attempting to keep the problem at bay. Start up and shut down procedures should be in place as to prevent any further damage or loss.

Reporting – disclosure of – In an incident response policy, proper reporting and disclosure procedures should be in place and well mapped out. Whenever an incident occurs, it is up to a specific group of people to not only report the incident but to decide if the incident should be disclosed to the media and other related companies such as equipment, operating system, and application manufacturers. Legal authorities may also be needed to be told of the incident. 

Visit GetCertify4Less or our new site GetCertified4Less to save on your ITcertification

Security+ Exam Objectives 6.2

6.2 Implement disaster recovery procedures. 

Anytime business is negatively affected or halted, a disaster has occurred. The fact is that a disaster cannot be predicted but they are very common. Because of this, it’s highly important that businesses of all types, both large and small, take the necessary time and effect to have a plan that will allow for proper implementation of disaster recovery procedures if ever required. A business isn’t successful or dependable if the proper means are not in place to ensure that business can continue normally in the case of an unforeseen attack, intrusion, corruption, and so on. With disaster recovery, a business should be able to recover from any type of disaster as to avoid numeral loss.

Planning

 Planning is an important part disaster recovery. A business of any type will need to have a strong focus and understanding of business continuity, especially for inner and outer success to continue. Business continuity involves being able to maintain and upkeep with the IT infrastructure of a business to ensure that in the time of a disaster, attack or some other interruption to everyday business, that the company at hand is able to resume business in a short time frame.

Planning involves risk assessment and analysis, business impact analysis, mitigating risks, integrating and validating the disaster recovery plan, training, maintenance, and of course routine auditing of the plan at hand. Businesses will not only need to be aware of and prepared for disasters, but it’s important to find ways to attempt to ward off a disaster. While not everything can be stopped before doing damage to the systems in place, the best chance of saving any vital data is through proper planning, auditing, and maintenance. Employees should be properly trained and should be well aware of the disaster recovery procedure in place. As time goes on businesses want to audit their plans to ensure that they are still up-to-date and that they are still the best possible option.

Disaster recovery exercises

Disaster recovery exercises are exercises that many companies do not take the time, money, or effort to complete. However, they are truly an important part of any business’ success when it comes to perfecting a backup plan and technique. Disaster recovery exercises are needed to ensure that your plan not only works but is up to par with your business’ wants, needs, and expectations. These exercises should be routinely scheduled and need to be completed before a disaster. With these exercises a company is able to spot any flaws or miscommunications within the disaster recovery plan that can be fixed and modified as required. Any weaknesses that exist can also be addressed. Disaster recovery exercises also give those involved in implementing and using the plan a chance to become a little bit more familiar with the process in the case of a disaster.

Backup techniques and practices – storage

 If you think about it, backing up your information is truly the only way to insure that all of your data and documents along with your data resources are available to you in the event of a disaster, attack, intrusion, network disruption, and other problems that can occur without much before-hand notice.

However, before you can rely on your backup techniques you’ll first want to ensure that they work and are fully functional and reliable; otherwise your backup stands useless. Testing a backup technique merely requires you to restore data from the backup media which then verifies that necessary data can be restored. Without testing, there is nothing but doubt when it comes time to depend on your backup, allowing for a possibly successful or a failed back up plan.

When it comes to backups, companies have three main options, each are different when looking at the archive bit setting, the file header that flags a file as new or changed. Sometimes timestamps are also used to determine which files need to be backed up. The common three types are:

1.       Full back up – All files, including system files and software, are copied to the backup media no matter the archive bit setting. Archive bit is reset or cleared.

2.       Incremental – Files with a flagged or set archive bit are the only ones archived. Usually this includes only the files that have been changed or added after the last back-up. Incremental backups are quickest. Archive bit can be reset or cleared.

3.       Differential – Files with a flagged or set archive bit are the only ones archived. The archive bit cannot be reset or cleared.

It’s important that businesses make arrangements for these backups to be housed at an outside location to prevent any damage to this media. A combination of backups and can be used and backup type is based on preference, the amount of data, the type of data, and other factors.

Schemes

 At least one set of backup media should be kept at an offsite location. This ensures that a readily available and working backup is always within reach. If backups are located within the same location as the effected media, they too could become destroyed by a disaster. Rotating backups is a very common scheme in today’s business world. This means that media is rotated, ensuring that information is not always saved on the same data tapes each day. This is critical in the case that one of the media fails or is affected in some way that renders it not suitable for use. This also ensures that another backup is available elsewhere.

The Grandfather-Father-Son rotation scheme is often used. This scheme uses daily, weekly, and monthly data tapes that are all rotated in and out of use. With GFS one full backup is scheduled at least once a week and a mixture of incremental and differential backups occur on other days.

Restoration

With secure recovery and restoration, a business will have a plan to ensure that their classified, mission critical, secured, or sensitive information on servers can be easily and quickly restored without the worry of measurable loss or violations of set security code. With proper restoration, the effected system will be able to reboot into a secured state and that all security rules and settings are reset and in place.

Visit GetCertify4Less or our new site GetCertified4Less to save on your ITcertification

Green IT Trending Upward as a Priority for Organizations

More companies allocating dollars, developing comprehensive strategies for green IT initiatives 

Downers Grove, Ill., April 19, 2011 – Green IT initiatives will take on added importance in the next few years as more organizations commit financial resources and develop comprehensive strategies, according to a new study released this week by CompTIA, the non-profit association for the information technology (IT) industry.

Among organizational priorities, green IT initiatives tend to rank around the middle. But CompTIA’s Second Annual Green IT  Insights and Opportunities study suggests the trend line is headed upward. In 2009 only 9 percent of firms rated green IT as an upper half organizational priority. That figure stands at 37 percent in 2011 and is expected to rise to 54 percent in 2013 – a nearly five-fold increase from 2009.

“Given the intense cost‐cutting focus during the tough economic times of the past few years as well as periods of high energy costs, it’s likely many firms eyed green strategies as a means to help the bottom line,” said Tim Herbert, vice president, research, CompTIA.

One in five firms currently have dedicated budget allocated for green IT initiatives, but 44 percent indicate they are moving in that direction. That’s potentially good news for the IT industry, as it may indicate there is a growing market opportunity for technology products and services that have a green component.

The CompTIA study also reveals that 35 percent of organizations report having a comprehensive green strategy for practices such as reducing energy consumption, equipment usage/design, recycling/product disposal, carbon footprint and employee behaviors. Additionally, 42 percent have a partial green strategy, while 24 percent have no strategy in place, though these firms may still engage in some green behaviors.

Looking ahead, among firms without a comprehensive green strategy, 48 percent expect to have one within two years. The remaining firms either expect a longer time horizon for adopting a strategy or are uncertain. This suggests many organizations continue to wrestle with the return on investment in green initiatives. 

Part of the challenge is defining exactly what’s meant by the term green IT.

“Green IT remains a fuzzy concept for many,” said Herbert. “Use of the term and its interpretation vary widely.”

Reducing energy consumption – cited by 67 percent of respondents – and the recycling of obsolete IT products or e-waste (63 percent) are the practices most strongly associated with green initiatives, according to the CompTIA study.

“While technologies such as virtualization or cloud computing may go a long way towards optimizing resource use, fewer respondents currently make the association with green,” Herbert noted. “IT executives and respondents from large firms, those with more than 500 employees, are slightly more likely to view virtualization as a green strategy.

CompTIA’s Second Annual Green IT Insights and Opportunities study is based on an online survey of 650 IT and business executives involved in green initiatives or strategies in the United States, United Kingdom and Germany.  The complete report is available at no cost to CompTIA members who can access the information at www.CompTIA.org or by contacting research@comptia.org.

Visit GetCertify4Less or our new site GetCertified4Less to save on your Green IT certification.

Frequently Asked Questions

On a daily basis new customers ask “Who is GC4L?”, "What are vouchers?", "Do they expire?" and other FAQ's.  This post will hopefully answer some or all of those questions you may have.  If not, feel free to comment with a question, contact us or visit our live chat.

Who is GC4L?

Since 2001 GetCertified4Less ^® has helped over 50,000 valued customers save money on their certification exams. Whether you are a student, corporation, educational institute, IT professional or test center, our goal is the same: to provide outstanding customer service while helping you reach you certification goals at the lowest price possible.

IS Consultants, Inc. a Michigan corporation, operates under the trademarks GetCertify4Less, GetCertifyForLess, Getcertified4Less and GetcertifiedForLess. All rights reserved. Other trademarks or registered trademarks are used for educational purposes only and are owned by their respective companies.

GC4L is proud to be associated with the many great companies which enable us to deliver products and services at a great value to our customers.  GC4L partners can be found here.

IS Consultants is a long standing member of the Better Business Bureau.  Click here to view our BBB report.

What are vouchers?
	Vouchers are alpha numeric codes. Vouchers are 100% payment for your exam. Vouchers are 100% guaranteed Vouchers are available for Prometric, Pearson VUE or Certiport. Vouchers have an expiration date.

Do vouchers expire?

Yes, all vouchers have an expiration date.  You MUST take the exam on or before the expiration date. The voucher expiration date cannot be extended. Our regular vouchers typically have an expiration of around 10 months.  If the product is an EARLY EXPIRATION voucher there will be an expiration date listed on the product page.  When will my order ship and what are my shipping charges?   Vouchers are sent to your email address within 15-30 minutes of payment approval and capture during our normal business hours (Mon - Fri 9:00 AM - 7:00 PM EST and Saturday 10:00 AM to 4:00 PM EST) If you have placed an order outside of these hours, your order will be processed the next business day.   After placing your order, you may click the "My Account / Order Status" link at the top right hand side of our site to track the status of your order. Because all of our products are sent electronically, there is never a shipping fee.

         What are Prometric and Pearson VUE?   

Prometric and Pearson VUE are the two cheif providers of IT Certification exams. Testing centers are affiliated with either VUE, Prometric, or both. Vouchers are provider specific.  Pearson VUE vouchers can only be used at authorized VUE locations and Prometric at authorized Prometric locations.

We hope this helped answer some of your questions.  Please feel free to view some of our other FAQ or contact us if we can assist you in any way.

New CompTIA Exam to be Released in late 2011

CompTIA, the world leader in vendor-neutral IT credentials, and The Storage Networking Industry Association (SNIA), the global leader for the storage industry, are building a brand-new, vendor-neutral certification examination in storage networking and information management. It will be called “CompTIA Storage+ Powered by SNIA”, and it is scheduled to be released in late 2011. The new “CompTIA Storage+ Powered by SNIA” examination will be a global certification program validating skills and knowledge in the fast-growing field of storage networking and information management. This certification will also be the foundation for higher-level and specialty certifications within the SNIA credentials ecosystem.

Visit GetCertify4Less or our new site GetCertified4Less to save on your ITcertification

Security+ Exam Objectives 6.1

6.1 Explain redundancy planning and its components.

Disaster recovery plans are an important part of daily business to any type of organization. With proper disaster recovery plans the amount of downtime an organization experiences can be lessened if not avoided entirely. These plans ensure that daily activity can continue as necessary in the event of a disaster. It’s important for an organization to know how many failures can be tolerated, how to avoid them, and most importantly how to avoid single points of failure. Often time organizations use redundancy planning to come up with proper disaster recovery plans.

Hot site: In the event of an unplanned computer or equipment disaster a hot site can be relied upon to ensure that business can continue despite the disaster that has occurred. If a company’s data center were to become inaccessible or inoperable, a hot site will ensure that all of the information from the data center can be moved, viewed, and used in a hot site location. A hot site is completely equipped with not only hardware but office space, furniture, telephone jacks, and other necessities.

Cold site: A cold site, similar to a hot site in its purpose, is another kind of disaster recovery service that offers office space, but the customer must provide, install, and maintain all the necessary equipment. Generally cold sites are a lot less costly than hot sites but require more time and management, especially when it comes to recovering full operation.

Warm site: This is the best option as an alternative site in the event of the primary site going down. Warm sites have most of the equipment installed and ready to be operational, usually in less than a day. Before going back from the warm site to the primary site, the primary should be properly and professionally stress tested to determine whether or not the problem that put the site down in the first place has been resolved.

Backup generator: Gas operated generator in place in case of a power outage due to weather, a scheduled outage, or some other reason. They are required to keep networks and other pieces of hardware running.

Single point of failure: Single point of failures should be avoided in all costs. Usually through trial and error are these single points of failure realized. In an infrastructure a perfect example of a single point of failure is one part of an infrastructure that is critical to how the system runs, if this one part fails then the rest of the infrastructure will suffer as a result. In this case avoiding the single point of failure would be having a hot site or some other type of redundancy plan.

RAID: Redundant Array of Independent Disks. RAID is a technology, created in the 1980s, that provides an increased level of storage functions as well as reliability through the use of redundancy. When using RAID, this redundancy is achieved by combining multiple disk drive components into one unit. This unit is then used to distribute data across the drives in RAID levels. Nowadays RAID is mostly used when looking at computer data storage that can be divided and replicated on numerous disk drives.

Spare parts: Spare parts are a must have with any business or company that uses hardware equipment. Hardware is and will break, so having spare parts is necessary in order for everyday functioning to continue properly. It is best to have these parts in-house and readily available as opposed to having to order them and waiting for them to be delivered. Prompt access to these spare parts is important.

Redundant servers: Using redundant servers is a great way to reduce downtime. They can be used to reduce downtime as they are fitting in the case of hardware failure that causes an organization’s data center to become inoperable. With a downed data center a redundant server can be used to keep the site active and available. Redundant servers can even be used when a disaster completely renders an entire site to be unavailable.  Redundant servers also allow for little to no downtime in the case of schedule maintenance.

Redundant ISP: Just like redundant servers, a redundant ISP is a back-up service that can be consulted in the case of a problem with a company’s current ISP. Redundant ISPs are helpful when a company’s primary ISP link fails. With a redundant ISP there is a safety net and an alternate method to ensuring that communications can continue. Most organizations nowadays make use of having multiple-ISPs as to ensure that business continues in the event of a disaster, especially those that are weather related. With the growth of VOIP more and more companies have opted to use redundant ISP as a part of their disaster recovery plan.

UPS: Uninterruptible Power Supply, for a short amount of time a UPS can provide power when needed. They are generally used when an organization’s main input power source, fails, and needs to be temporarily replaced. Though plenty reliable, a UPS is not useful for long term issues. Generally a UPS is configured to be able to provide almost-instantaneous protection from input power interruptions.

Redundant connections: Redundant connections are needed to ensure that links between networks and sites remain active, even if one of the connections fails. This is usually done by leasing two lines from the same ISP or having multiple, readily available links up and running in the case of one of the links failing.

Visit GetCertify4Less or our new site GetCertified4Less to save on your ITcertification

Many Cisco Exams to Retire

A number of Cisco exams are scheduled to retire in the next month.  Some of these will be replaced with updated exams covering updated technology. If you are currently studying for one of the exams listed below, you must take the exam before it retires.

 

For more information visit Cisco.

Visit GetCertify4Less or our new site GetCertified4Less to save on your ITcertification