recovery controls, 4, 461, 706 recovery strategy, 545 alternative processing sites in, 547–550 business unit priorities in, 545–546 crisis management in, 546 database recovery, 551–552 emergency communications in, 546 Mutual Assistance Agreements in, 550–551 recovery vs. restoration, 558–559 workgroup recovery in, 546–547 recovery time objective RTO, 706 Red Book, 427 red boxes, 138 reducing risk, 195, 706 redundancy for failover servers, 543 knowledge, 177 Redundant Array of Independent Disks RAID, 110–111 redundant servers, 109 reference monitors, 245 defined, 706 in TCB, 417–418 reference profiles, 706 referential integrity, 218, 706 refreshing RAM, 384 regenerated keys asymmetric, 315 symmetric, 313 register addressing, 385, 706 registered trademarks, 581–582 registers, 384, 706 registration authorities RAs, 348, 706 registration with biometric devices, 16–17 regulatory policies, 183, 706 regulatory requirements, 514–515 reject risk, 195, 706 relational database management systems RDBMSs, 216 relational databases, 217–219, 706 relationships, 217, 266, 706 release control, 243 relevant evidence, 591, 707 remote access, 102–103 Remote Authentication Dial-In User Service RADIUS, 27–28, 106, 707 remote backup locations, 551–552 remote control technique, 107 remote journaling, 552, 707 remote mirroring, 552, 707 remote node operation, 107 Remote Procedure Call RPC, 76 repeatable phase in Capability Maturity Model, 239 repeaters, 83, 100 defined, 707 in Physical layer, 74 replay attacks, 57, 141, 360, 707 reporting in auditing, 481–482 incidents, 615–616 request control, 242 residual risk, 195, 707 resources in business continuity planning prioritizing, 519 requirements, 513–514 response teams for incidents, 612 restoration vs. recovery, 558–559 restricted interface model, 403, 707 retention in incidents, 615 retina scans, 14, 707 Reverse Address Resolution Protocol RARP, 74–75, 92, 707 reverse engineering, 707 reverse hash matching, 360, 707 review questions access control, 36–41 administrative management, 470–475 applied cryptography, 363–368 attacks, 62–67, 284–290 auditing, 502–507 Business Continuity Planning BCP, 528–533 communications security, 146–151 computer crime, 621–626 computer design, 408–413 cryptography, 328–333 Disaster Recovery Planning DRP, 564–569 employment policies and practices, 202–207 laws, 598–603 monitoring, 502–507 networks, 114–119 physical security, 652–657 security management, 168–173 security models, 443–448 system development controls, 250–255 revocation for certificates, 349–350, 707 RF radio frequency radiation, 490, 639–640