A disaster recovery team typically includes executive leadership, IT personnel, legal representatives, and public relations staff. These roles are critical for decision-making, technical recovery, and external communication.

A billing clerk is unlikely to be part of the disaster recovery team because the role does not typically contribute to recovery strategy, system restoration, or crisis communication.

Risk tolerance, risk appetite, and acceptable risk are closely related terms describing how much risk an organization is willing to accept.

A hierarchical database organizes data in a tree-like structure where each parent record can have multiple child records, but each child has only one parent. This model resembles a file system hierarchy and is designed to represent one-to-many relationships efficiently.

Hierarchical databases were among the earliest database models and are still used in specific environments such as legacy systems and mainframe applications. Data access is fast when the hierarchy is well understood, but the model lacks flexibility when relationships become complex.

Relational databases use tables with rows and columns, object-oriented databases store objects, and network databases allow many-to-many relationships. Only the hierarchical model strictly enforces a tree structure.

Understanding database models is important for security professionals when evaluating access control, data exposure, and system design risks.

Risk transference is a risk management strategy in which an organization or individual shifts the financial impact of a risk to a third party. Purchasing insurance is a classic example of risk transference. In this scenario, Mark transfers the financial consequences of potential damage to the laptop screen to the insurance provider.

Risk acceptance involves acknowledging a risk and choosing to do nothing. Risk deterrence discourages risky behavior through controls or penalties. Risk mitigation reduces the likelihood or impact of a risk through safeguards such as protective cases or training.

Risk transference does not eliminate the risk itself; the laptop can still be damaged. However, it reduces the financial burden associated with the event. In cybersecurity, common examples include cyber insurance, outsourcing, and service-level agreements (SLAs).

This strategy is widely recognized in risk management frameworks such as NIST SP 800-30 and ISO 31000 as an appropriate option when mitigation is too costly or impractical.

An IP address is a logical identifier used to locate and route traffic to devices on a network.

Human safety always takes precedence over systems, data, and business operations.

Security benchmarks define baseline performance and configuration standards against which systems are measured.

Availabilityensures that authorized users can access information and systems when needed, a core element of the CIA triad.

Phishing uses deceptive messages—often emails or websites—to trick users into revealing sensitive information. Spoofing is often used as a technique within phishing attacks.

Network segmentation isolates systems and resources into separate security zones to limit lateral movement by attackers. By segmenting networks, organizations protect critical assets and reduce the impact of breaches.

If one segment is compromised, segmentation prevents attackers from easily accessing other systems. This approach supports defense-in-depth and zero trust architectures.

Network segmentation is implemented using VLANs, firewalls, and access controls and is a foundational security practice recommended by NIST and CIS.