DRP (Disaster Recovery Plan): Often the "how" and system specific, while the BCP is more "what" and non-system specific. This is the process of creating the short-term plans, policies, procedures and tools to enable the recovery or continuation of vital IT systems in a disaster. It focuses on the IT systems supporting critical business functions, and how we get those back up after a disaster. DRP is a subset of our BCP. We look at what we would do if a we get hit with a Distributed Denial Of Service (DDOS) attack, if a server gets compromised, if we experience a power outage, etc.

FAR (False accept rate) Type 2 error: Unauthorized user is granted access. This is a very serious error.

Something you are - Type 3 Authentication (Biometrics): Lost passwords and ID cards can be replaced with new different ones. Biometrics can’t. You can't change your fingerprints; once compromised they are always compromised.

Distributed Denial Of Service (DDOS) normally does not benefit an attacker financially, the motivation if often revenge, disagreement with a decision or just to prove the attacker can.

Salting is random data that is used as an additional input to a one-way function that hashes a password or passphrase.

The Clipper chip was a chipset that was developed and promoted by the United States National Security Agency (NSA) as an encryption device that secured “voice and data messages" with a built-in backdoor. It used SkipJack, a block cipher.

ITIL - Information Technology Infrastructure Library. IT Service Management (ITSM).

Preventative access control: Prevents action from happening – Least Privilege, Drug Tests, IPS, Firewalls, Encryption.

When we get hit by a Distributed Denial Of Service (DDOS), is disrupts our availability, but not integrity or confidentiality.

Overwriting is done by writing 0s or random characters over the data. As far as we know, there is no tool available that can recover even single pass overwriting (not possible on damaged media).