[Cisspstudy] Do you agree?
Lamey, Phillip
phillip.lamey at cgi.com
Mon Jun 22 11:13:17 EDT 2009
It is interesting to note that Shon Harris' LMS software indicates the
following in domain 1:
Business Continuity and disaster recovery fall under the compensating
category of security controls
So what is right?
It seems that these control classification seem to jump around from
domain to domain.
Is it just me or does anyone else notice this?
Phil Lamey, P.Eng.
CGI Senior Consultant
(506) 458-5020 ext. 5121
From: cisspstudy-bounces at cccure.org
[mailto:cisspstudy-bounces at cccure.org] On Behalf Of Sergio Pantoja
Sent: Monday, June 22, 2009 11:44 AM
To: The CISSP Study Mailing list
Subject: Re: [Cisspstudy] Do you agree?
Business Continuity Procedure it's a Recovery Control (recover
operations), you can't consider this procedure preventive because it
comes into scene after the disaster/disruption occur.
On Sun, Jun 21, 2009 at 6:21 PM, Belinda Foster <
belinda.foster at gmail.com> wrote:
Hey Phil --
I think the operative word is "procedure"...... The question is asking
about the Business Continuity Procedure, not the Business Continuity
Plan. (Just a thought!)
Of course, hindsight is always 20/20. I would have gotten this wrong
too.
On Sun, Jun 21, 2009 at 3:03 PM, Holland, Brandon <hollandb at frmaint.com>
wrote:
Yes that is correct. When u r restoring a control then its a
recovery control. They are specifically writing procedures to restore so
its recovery.
________________________________
From: cisspstudy-bounces at cccure.org <
cisspstudy-bounces at cccure.org>
To: cisspstudy at cccure.org <cisspstudy at cccure.org>
Sent: Sun Jun 21 11:39:41 2009
Subject: [Cisspstudy] Do you agree?
Please take a look at the question below:
I was under the impression that BCP was a preventative control
...
Is the overall BCP plan preventative but some of the procedures
within it considered recovery procedures?
How does that work? I am a little confused.
Also, in Domain 10 Operations Security there is a section on
Continuity Planning ... Is this not essentially BCP? Again, I am a
little confused and would like to clear this up since I am writing in
less than a week J
Thanks for any clarification,
Phil Lamey, P.Eng.
CGI Senior Consultant
(506) 458-5020 ext. 5121
_______________________________________________
cisspstudy mailing list
cisspstudy at cccure.org
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
_______________________________________________
cisspstudy mailing list
cisspstudy at cccure.org
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
--
Sergio Pantoja H.
spantoja at gmail.com
System, Network and Security Administrator
Linux User register #239475
Mandrake Club Member
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20090622/fef46f88/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 28172 bytes
Desc: image001.png
URL: <http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20090622/fef46f88/attachment-0001.png>
More information about the cisspstudy
mailing list