Categoria Top Downloads
Entrar Registrar Recobrar

CSEC 650 Individual Assignment 2

July 22, 2017 | Autor: Ambika Sample | Categoria: Cybersecurity
Share Embed
Denunciar este link


Descrição do Produto

1 " Page





Business Continuity Plan. IA2Business Continuity Plan. IA22015Ambika SampleCSEC6504/9/20152015Ambika SampleCSEC6504/9/2015
Business Continuity Plan. IA2
Business Continuity Plan. IA2
2015
Ambika Sample
CSEC650
4/9/2015
2015
Ambika Sample
CSEC650
4/9/2015


Table of Contents

Abstract…………………………………………………………………………….2
Introduction…………………………………………………………………………3
Contingency Plan…………………………………………………………………...4
Recovery Plan………………………………………………………………………6
Test Plan……………………………………………………………………………9
BCP 24-month Recommendations………………………………………………….11
Enclosing……………………………………………………………………………12
References…………………………………………………………………………...13




Abstract

When keeping information safe and secure from insider attacks or cyber – attacks organizations need to have a business continuity plan in place to help safe guard them against future attacks. The BCP discusses process and procedures such as having a contingency plan, testing requirements and recovering plan. Having this plan in place will ensure the organizations vital day to day operations will remain stable during an attack (Johnson, 2010). The plan outlines decisions that need to be made in regards to how to secure the networks and strategic concepts are on how to isolate the threat. Nowadays, security is at the height of the technology era and the risk of becoming hacked is more prone to happen. So, the contingency plan and test plan with the necessary analysis and training will effectively help any company during an attack.








Introduction

In this day and time, hacking is becoming the most common method of attack and having a business continuity plan will help in sustaining the situation at hand. Protecting the operating systems and networks that house confidential information is now becoming more difficult to maintain and if a disaster were to happen to those systems it may put a halt to all daily operations. In the earlier stages of the technology era companies did not have to worry about the security of their information being stolen. Having a contingency plan wasn't a high priory at the time and some companies did not have a plan in place at all. However, with the boom of the internet companies are now relying solely on the web to perform daily business operations and therefore, a security plan has become a necessity. Within the guidelines of the contingency plan the company will know the long term and short term recovery process if an attack occurs. They will also have the resources necessary to address the problem, know the goals of the mission at hand, develop a budget in which will be used in addressing the incident, and a forecasted plan to address any other attacks or issues. Also, the recommended training and testing of equipment and data will be address in the business contingency plan as well (Johnson, 2010).

When it comes to computer forensics or any other types of forensic, having a contingency place plan is very important. The plan will ensure all testing is performed correctly and there will not be and hiccups in processing the forensic evidence. If a business operation is halted do to any form of attack it can drastically hurt a forensic investigation. Therefore, a contingency plan will help keep the operations running so that the investigation can run smoothly. Having a continuity plan and contingency plan for forensic investigators to follow in case of an attack will help out in recovering evidence. Both plans are interrelated and need each other. The continuity plan offers an alternative location to continue operations for a short period of time while the normal operation site restores its networks. Those alternative sites or coop sites are sometimes called a hot, warm, or cold site. A continuity plan is also more frequently used in government agency's that can operate independent of a contingency plan. The contingency plan details procedures and processes on how to restore a network from an attack. It will also outline procedures on how to recover a program, application or the system itself (Johnson, 2010). Both plans play an important role in recovering daily business operations regardless of whether they are minor or major loses.

Contingency Plan
The contingency plan outlines the part in which an individual or group will play its part in bringing that organization back online such as what task and responsibilities will be given out, procedures for restoration of service as well as the technical requirements and resources. It will also detail what the normal procedures are for operating the business under normal conditions, how the business will be ran under emergency conditions and reveal the individuals that are to be contacted in a crisis situation. These include people in the IT department, HR department, Security department, and stakeholders. It will also detail how to record and make changes to the plan during the crisis event. The recovery section in the plan will include how the system will be brought back to normal operations and what data is needed for immediate recovery in order to function normally. The policies and procedures of the contingency plan should refer to the business current physical and IT security policies for handling data in an emergency event (Rouse, 2008). A contingency plan needs to consist of the following things (Rouse, 2008):

Administration - The business should create a disaster response team for each department that will be working in to regain operation of the business in case of an emergency event. Each department team should consist of at least the minimize of a two parties such as a manager and a team lead to support the response efforts. Those team members will assure the contingency plan is ran smoothly and effectively.
Operation - This procedure needs to involve a step by step guideline on what the process will be in case of an emergency shut-down event. This section of the plan should also refer to each individual or groups that have a role in the disaster response team.
Risk Factors – The business should address any risk that business will endure if their operations have to shut-down due to un-seen events. The risk assessment portion in the contingency plan will display key departments, applications or systems that will need immediate attention once an event have occurred. Without the risk assessment being part of the contingency plan and business may or may not have an effective plan in place.
Testing the plan – Every quarterly year testing of the contingency plan should take place during work hours. The test should be perform to keep individuals whom are on the response team abreast of the plan and any changes to the plan that would affect how timely a response should take the any situation.
Updates and Improvements – Before or after a test scenario is performed a timely audit of the plan should take place just to ensure everything is correct. Updates should be address and a new version of the plan should be given to those participant parties. A quarterly response team meeting should take place just to address and security concerns or other issues due to the current technology industry.
Recovery Plan
A recovery plan plays an important part when trying to figure out what network systems that are down need to be brought back up, what data that was backed up needs to be restored because it was deleted and what coop site needs remain active while the normal site is trying to recover. Now days, cyber security threats are at an all-time high and companies need to have an alternative recovery site plan in place. When restoring a site, the business must keep in mind how to safe guard the security while quickly and effectively accessing the networks without compromising the integrity of the business and allot time for the recovery efforts as well as costs. Figuring out how much it will cost the business to perform these recovery services will help determine which practices are the best for them to use (Castellano, 2005).
A recovery plan needs to consist of these following components (Walsh, 2013):
Business Impact
Risk Analysis
Creating/Implementing the Plan
Data Recovery
Training

The teams who are responsible for the recovery actions need to focus on restoring the following services (Walsh, 2013):
Network Servers
Database Servers
System Applications
Network Services
Hardware Applications
Software Applications
Other Alternate Recovery Sites

One way to save data and restore it effectively whenever an incident occurs is to back the data up on a regularly basis. Once the data is backed up it should be stored at an offsite so that it can be easily accessible when needed. Within a data recovery policy there are backup times which are created to determine when data should be backed up such as whether it should be performed daily, hourly, monthly or weekly. These times are determined by the classification of the data such as top secret, secret or unclassified and how critical the data need to be accessed. They are also determined by how often new data is stored on the network. The accessibility of the backup data at an alternate site needs to be available on a need-to-know basis so the data can remain confidential and the integrity of the mission will not be compromised (Castellano, 2005).

Businesses that are using an alternative site to store their backup data and network services have demonstrated how to create an effective and efficient strategy. Generally speaking an alternative site should be in a different state or somewhere far away from the current location that is being targeted. The cost to maintain the alternative sites and budget cost to staff those sites once they become active should be considered. Security requirements for those locations should vary depending on the data being accessed and maintained. The cost to ship additional hardware and software to maintain those sites need to also be considered. As mentioned before, the alternative sites are known as hot, warm or cold sites. A hot site is typically fully functional site that be up and running at a moment notice. The hot site is fully infrastructure site that is equipped with the latest hardware and software and fully staff with emergency personnel. A warm site is supported at the operational level meaning it is equipped with just the supported functions to keep the business running within a minimum timeframe while the actual site is down. A cold site only housed the equipment to support a site; therefore if a cold site needs to become active the support staff will have to bring the current systems their online (Castellano, 2005).

The recovery plan should be a well thought-out policy that can be deploy without a hitch. The recovery plan options are as easy as possible to deploy just in case a disaster event occurs all participants on the response team can access the data and facilities quickly as possible to take the business up and running. Having a contingency plan should be priority and having a recovery plan should be secondary because if businesses have an effective contingency plan the recovery plan may or may not need to be addressed. However it is still important to have a recovery plan in place (Swanson, 2010).
Test Plan:
The testing portion of the contingency plan and recovery plan is the most important part. Without the testing requirements when a disaster event happens the response team wouldn't know what procedures to follow. Testing requires all systems are properly functioning correctly and allows for any improvements to be address and implemented. Each system, application or device is tested to ensure there are no vulnerabilities that could cause the system to fail. Requirements for testing a system varies by the system type, however there are some standard test requirements that are in the contingency plan (Codmon, 2013).
Some standard test requirements are (Codmon, 2013):
Warning procedures
Backup storage
Network connectivity
Hardware and Software performance
Time constraints for restoring system operations

Mandatory testing and training on the company systems should be performed quarterly or annually to ensure performance availability. When testing is performed individuals should identify any inconsistencies in the contingency and recovery plan and carry out all of the requirements that are being tasked in the plans. Company testing will make sure at the minimum that warning notifications are accurate and distributed in a time fashion, the recovery efforts are coordinated correctly, data is backup and storage in the appropriate places and network connectivity is up and running properly. External equipment located at alternate sites is functioning correctly, time management of restoring business operations is tested to ensure properly availability times and risk assessment reporting will ensure testing performance is effective (Neal, 2013).
There are several types of testing exercises a company can perform to test out crisis situations. The first one is a stimulated exercise where individual can figure-out strategies to work through in a stress free environment. The type of exercise is a more cost efficient way to sort out different emergency situations that doesn't require disruptions during normal business hours. Depending on what type of emergency situation is being stimulated it can take anywhere from 1 to 8 hours to perform. A drill procedure should be used to perform any stimulated exercise. A drill procedure is perform repetitively and allows for individual to fully grasp any type of crisis situation under extreme pressure (Beck, 2014).
A company may also want to perform another test simulation in a real-time environment. In this environment all of the individual roles, policies and procedures are tested. This type of testing procedure may need to be performed after hours and require every response team personnel in attendance. Scripts may also be written for certain scenarios to be role played. Due to the full scaled re-enactment of an emergency situation personnel may have to not only perform the test procedures outside of normal business hours but also perform the live re-enactment at the alternate site as well to ensure every site is capable to handle the emergency events. Having a full scale disaster situation played out in a real-time environment will ensure the business their contingency plan and response team is fully aware and equipped to handle any crisis event (Beck, 2014).

By having those types of disaster situations tested out in a scaled down environment such as a simulated scenario performed online or in a more dramatized live scenario where employees actually perform their roles in a real-time environment the business should be able to efficiently assess and execute any type of the crisis event that may occur. Without test scenarios being performed a business maybe vulnerable to an unforeseen event that could cause a major shut down of operations. Once the testing portion is done, risk assessment should be analyzed and feedback from the test scenarios should be reported to management. Corrective measures should be put in place and the plan as well as the policies should be updated to ensure maximum performance of the business mission without any interruptions to the business daily operations (Castellano, 2005).

BCP 24-month Recommendations
Testing should be performed on a 24-month scale. The test should include online and real-time scenarios that pertain to cyber-attacks or other threats that may impact the business. The test plan should include the standard testing requirements mentioned in the paper. Test scenarios should be performed at the alternative sites to make sure they are ready and fully functional if needed. Management should review the plan periodically and incorporate and new changes that had been addressed. Backup of all the data stored on the primary site and alternate sites need to be backup increments of daily, weekly or monthly according to the policies in place. Realistically a 24-month BCP plan may not be need if the initial BCP is created, tested and implemented correctly according to the business operation needs (Collett, 2007).

Enclosing
A business contingency plan can help a business function smoothly through any emergency situation either it be a cyber-attack or other threats. The plan should be a well thought out plan that is tested and executed with trained employees that will be able to handle all types of crisis situations the business may occur. Testing will ensure the notification, response team procedures, operating systems and applications, backup media storage, network connections and alternate sites are functional and available at a moment notice. Some companies may not want to create and implement a BCP because of budget constraints but in today's time's majority of company operate their business online and some company's deals with critical data so having a BCP in place will ensure their company is safe guarded against attacks. A BCP doesn't have to be a complex or expensive plan. It should only be created and geared to cater the business essential needs to function under a threat (Swanson, 2010).







References

Beck, R. (2014, May 13). Contingency Planning-Developing a Good Plan B Leadership Training. Retrieved from MindTools: http://www.mindtools.com/pages/article/newLDR_51.htm
Castellano, P. (2005, October 5). How to build realistic disaster recovery options. Retrieved from ComputerWorld: http://www.computerworld.com/s/article/77236/How_to_build_realistic_disaster_recovery_options?taxonomyld=83&pageNumber=2
Codmon, B. (2013, August 16). Maintenance Schedules and Contingency Planning. Retrieved from Department of Environment and Primary Industries: http://www.dpi.vic.gov.au/agriculture/dairy/managing-waste/maintenance-schedules-contingency-planning
Collett, S. (2007, December 4). Evaluating business continuity Services. Retrieved from CSO Online: http://www.csoonline.com/article/221306/Five_Steps_to_Evaluating_Business
Johnson, D. (2010, April 14). The Purpose of Contingency Planning. Retrieved from Small Business Chron: http://smallbusiness.chron.com/purpose-contingency-planning-24864.html
Neal, A. (2013, August 2). Famine Early Warning Systems Network (FEWS NET). Retrieved from FEWS: http://fews.net/ml/en/info/Pages/plancpp.aspx
Rouse, M. (2008, November 12). Contingency Plan. Retrieved from Techtarget: http://whatis.techtarget.com/definition/contingency-plan
Swanson, e. a. (2010, May 25). Contingency Planning Guide for Federal Information Systems. Retrieved from CSRC.NIST.GOV: http://csrc.nist.gov/publicatins/nistpubs/800-34-rev1/sp800-34-rev1_errata-Nov24-2010.pdf
Walsh, D. (2013, November 26). The 5 Steps of Contingency Planning. Retrieved from Life Science Leader: http://lifescienceleader.com/magazine/past-issues3/item/4349-the-5-steps-of-contingency-planning?list=n



Lihat lebih banyak...

Comentários

Copyright © 2017 DADOSPDF Inc.