– Information Security and Risk Management

NOTE: BEFORE TURNING THIS IN, REMOVE THE HIGHLIGHTED TEXT.

 

Task 1.  Complete the BIA table below and use it for the remainder of the assignment.  You may want to review your Lab #07 assignment where you developed a BIA table.  Information needed to create the Business Functions and Processes below are in the “Project Management Plan” scenario and the “Project Health Network Visual”.  Hint: look at the processes that go from the customers and into the systems/applications in the “Project Health Network Visual”.

 

 

Business Function or Process Business Impact Factor Recovery Time Objective IT Systems/Apps Infrastructure Impacts
       
       
       
       
       
       
       
       
       
       
       

 

 

 

Task 1: Business Impact Analysis – extracts from the Boiler Plate

  1. Overview

This Business Impact Analysis (BIA) is developed as part of the contingency planning process for the HNetExchange Message system, HNetConnect Directory system and HNetPay Payment system.  It was prepared for Health Network, Inc (Health Network).

  1. System Description

<In this section, provide a general description of the system architecture (hardware, software, databases, etc) and functionality as provided in the scenario and visual.  Indicate the operating environment (i.e. Data Center, etc), physical location, general location of users, and partnerships with external organizations/systems.  Include information regarding any other technical considerations that are important for recovery purposes, such as backup procedures or the lack of backup procedures.>

 

3.1.1    Identify Outage Impacts and Estimated Downtime

Estimated Downtime

The table below identifies the MTD, RTO, and RPO for the organizational business processes that rely on the HNetExchange Message system, HNetConnect Directory system and HNetPay Payment system.

<Complete the tables below for each system using the RTO from your BIA table and estimating the MTD and RPO based on any drivers that might determine their values (e.g., mandate, workload, performance measure, etc.).>

 

Mission/Business Process

For HNetExchange

MTD RTO RPO
       
       

 

Mission/Business Process

For HNetConnect

MTD RTO RPO
       
       

 

Mission/Business Process

For HNetPay

MTD RTO RPO
       
       

 

Task 2: Business Continuity Plan – extracts from the Boiler Plate

<After discussions with management, the organization implemented the following Back-up Plan: all database files are backed-up to tape at the end of the day.  These tapes are then stored offsite.  The HNetPay data is backed-up daily and retained for 6 months.  The HNetMessage messages are backed-up daily and retained for 3 months.  All other data is backed-up weekly and retained for 60 days.  If the BCP is executed, the most current tapes are copied and mailed to the alternate site. 

Modify the statements below to reflect this decision.  FAILURE TO MODIFY THIS SECTION WILL RESULT IN DEDUCTED POINTS!!!!>

Emergency management standards

Data backup policy

Full and incremental backups preserve corporate information assets and should be performed on a regular basis for audit logs and files that are irreplaceable, have a high replacement cost, or are considered critical. Backup media should be stored in a secure, geographically separate location from the original and isolated from environmental hazards.

Department-specific data and document retention policies specify what records must be retained and for how long. All organizations are accountable for carrying out the provisions of the instruction for records in their organization.

IT follows these standards for its data backup and archiving:

Tape retention policy

Backup media is stored at locations that are secure, isolated from environmental hazards, and geographically separate from the location housing the system.

Billing tapes

  • Tapes greater than three years old are destroyed every six months.
  • Tapes less than three years old must be stored locally off-site.
  • The system supervisor is responsible for the transition cycle of tapes.

 

System image tapes

  • A copy of the most current image files must be made at least once per week.
  • This backup must be stored offsite.
  • The system supervisor is responsible for this activity.

 

Off-site storage procedures

  • Tapes and disks, and other suitable media are stored in environmentally secure facilities.
  • Tape or disk rotation occurs on a regular schedule coordinated with the storage vendor.

Access to backup databases and other data is tested annually

 

 

Task 3: Disaster Recovery Plan – extracts from the Boiler Plate

<There are 3 Systems Identified in the “Project Risk Management Plan”.  For this assignment, fill out the following Appendixes for each SYSTEM. Complete all areas below that are highlighted.>

 

Disaster Recovery Plan for <HNetPay>

 

OVERVIEW
 
      PRODUCTION SERVER Location: Enter location

 

IT INFRASTRUCTURE Provide details on what systems, applications, databases and equipment are involved.

 

 

BACKUP STRATEGY FOR SYSTEM ONE
 
Daily / Monthly / Quarterly
Choose which strategy on the left is use.

 

<For each Risk below, 1. Explain how the risk impacts the critical IT Infrastructure, 2. Explain how the Loss impacts the company, and 3. Explain the steps needed to resolve the problem>

 

DISASTER RECOVERY PROCEDURE
 
 
Risk #1: Loss of company data due to HNetPay hardware removed from production systems.
 

Provide details

 
Risk #2: Loss of customers due to production outages.
 

Provide details

 

 

 

 

Disaster Recovery Plan for <HNetConnect>

 

OVERVIEW
 
      PRODUCTION SERVER Location: Enter location

 

IT INFRASTRUCTURE Provide details on what systems, applications, databases and equipment are involved.

 

 

BACKUP STRATEGY FOR SYSTEM ONE
 
Daily / Monthly / Quarterly
Choose which strategy on the left is use.

 

<For each Risk below, 1. Explain how the risk impacts the critical IT Infrastructure, 2. Explain how the Loss impacts the company, and 3. Explain the steps needed to resolve the problem>

 

DISASTER RECOVERY PROCEDURE
 
 
Risk #1: Loss of company data due to HNetConnect hardware removed from production systems.
 

Provide details

 
Risk #2: Loss of customers due to production outages.
 

Provide details

 

 

 

 

 

 

 

Disaster Recovery Plan for <HNetExchange>

 

OVERVIEW
 
      PRODUCTION SERVER Location: Enter location

 

IT INFRASTRUCTURE Provide details on what systems, applications, databases and equipment are involved.

 

 

BACKUP STRATEGY FOR SYSTEM ONE
 
Daily / Monthly / Quarterly
Choose which strategy on the left is use.

 

<For each Risk below, 1. Explain how the risk impacts the critical IT Infrastructure, 2. Explain how the Loss impacts the company, and 3. Explain the steps needed to resolve the problem>

 

SYSTEM DISASTER RECOVERY PROCEDURE
 
 
Risk #1: Loss of company data due to HNetExchange hardware removed from production systems.
 

Provide details

 
Risk #2: Loss of customers due to production outages.
 

Provide details

 

 

 

Task 4: Computer Incident Response Team Plan – extracts from the Boiler Plate

<There are 6 Threats Identified in the “Project Risk Management Plan”.  For this assignment, assume the following Threat exploited a Vulnerability:

  • Loss of company information on lost company-owned laptop

Complete all HIGHLIGHTED areas below. >

 

Appendix A – Incident Response Worksheet

Preparation:

What tools, applications, laptops, and communication devices were needed to address the Computer Incident Response for this specific breach?

Identification: When an incident is reported, it must be identified, classified, and documented. During this step, the following information is needed:

  • Identify the nature of the incident
    • What Business Process was impacted
    • What threat was identified
    • What weakness was identified
    • What risk was identified
    • What was the Risk Factor/Impact of the incident
    • What was the RTO, MTD and RPO assigned to the business process
    • What hardware, software, database and other resource were impacted

Containment: The immediate objective is to limit the scope and magnitude of the computer/security-related incident as quickly as possible, rather than allow the incident to continue to gain evidence for identifying and/or prosecuting the perpetrator.

  • What needs to be done to limit the scope of the incident

Eradication: The next priority is to remove the computer/security-related incident or breach’s effects.

  • What needs to be done to mitigate the risk of the incident

Recovery: Recovery is specific to bringing back into production those IT systems, applications, and assets that were affected by the security-related incident.

  • What needs to be done to recover the IT systems
    • What procedures need to be used and are they covered in the Disaster Recovery Plan
    • Would the Business Continuity Plan be executed in response to this incident
    • Would any issues be identified that would lead to updates to the BIA, BCP or DR plans.

 

Order a unique copy of this paper
(550 words)

Approximate price: $22

Basic features
  • Free title page and bibliography
  • Unlimited revisions
  • Plagiarism-free guarantee
  • Money-back guarantee
  • 24/7 support
On-demand options
  • Writer’s samples
  • Part-by-part delivery
  • Overnight delivery
  • Copies of used sources
  • Expert Proofreading
Paper format
  • 275 words per page
  • 12 pt Arial/Times New Roman
  • Double line spacing
  • Any citation style (APA, MLA, Chicago/Turabian, Harvard)

Our guarantees

We value our customers and so we ensure that what we do is 100% original..
With us you are guaranteed of quality work done by our qualified experts.Your information and everything that you do with us is kept completely confidential.

Money-back guarantee

At homeworkcheg.com, You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.

Read more

Zero-plagiarism guarantee

The Product ordered is guaranteed to be original. Orders are checked by the most advanced anti-plagiarism software in the market to assure that the Product is 100% original. The Company has a zero tolerance policy for plagiarism.

Read more

Free-revision policy

The Free Revision policy is a courtesy service that the Company provides to help ensure Customer’s total satisfaction with the completed Order. To receive free revision the Company requires that the Customer provide the request within fourteen (14) days from the first completion date and within a period of thirty (30) days for dissertations.

Read more

Privacy policy

The Company is committed to protect the privacy of the Customer and it will never resell or share any of Customer’s personal information, including credit card data, with any third party. All the online transactions are processed through the secure and reliable online payment systems.

Read more

Fair-cooperation guarantee

By placing an order with at HomeworkCheg, you agree to the service we provide. We will endear to do all that it takes to deliver a comprehensive paper as per your requirements. We also count on your cooperation to ensure that we deliver on this mandate.

Read more

Calculate the price of your order

550 words
We'll send you the first draft for approval by September 11, 2018 at 10:52 AM
Total price:
$26
The price is based on these factors:
Academic level
Number of pages
Urgency