Premium Essay

Disaster Recovery Plan

In:

Submitted By attyman04
Words 622
Pages 3
Disaster Recovery Plan Brandon Brown University of Phoenix IT/244 Intro to IT Security
Katarina Brunski
October 14, 2013
Access Control Policy
Due in Week Seven: Outline the Access Control Policy. Describe how access control methodologies work to secure information systems
Authentication
Authentication establishes the identity of a user on a network. Malicious user and programs try to disrupt the service of the network in an attempt to obtain sensitive information or falsify data by mimicking valid persons. Differentiating the malevolent from the valid or appropriate individuals is a part of the authentication process and is vital to network security.
Every worker will have photo access badges that will be coded to either allow or disallow personnel from certain areas. The access badges will only allow the workers into areas that they are cleared to enter, and when they enter those areas, the times will be logged.
Workers will access to the network by having a unique username and password that is not to be shared with anyone else, at all.
Access control strategy
Discretionary access control
This is to permit the right to use the system only to users who have correct authorization. Least privilege is basically having things on a need to know basis. The entry-level worker does not need to be privileged to the same information and access as the senior IT director. Least privilege will allow the user to access only the information that they need to do their job. The IT director will be the owner of information and based of protocol and credentials status of the employees, the IT director will decide the level of access for the user.
Mandatory access control
Describe how and why mandatory access control will be used.
The strictest form of access control is mandatory access control (MAC) because it uses a hierarchical methodology for when it

Similar Documents

Premium Essay

Disaster Recovery Plan

...State of Oklahoma Disaster Recovery Plan Template Version 1.0 31 October 2007 TABLE OF CONTENTS DISASTER RECOVERY PLAN – DOCUMENT CHANGE CONTROL 6 EXECUTIVE SUMMARY 8 Overview 8 Recovery Statement Summary 8 Recovery Scenario #1: The Preferred Solution for a Total Data Center Loss 8 Recovery Strategies: Activities and Time Frames 9 Short-Term (2 to 3 Days): 9 Medium-Term (6 to 12 weeks): 9 Longer-Term (6 months to 2 years): 9 Recovery Scenario #2: The Strategy for Loss of a Critical System or Component 9 Summary 10 INTRODUCTION 11 INFORMATION SECURITY POLICY – DEFINITIONS & STATED REQUIREMENTS 11 8.2 Disaster Recovery Plan 11 8.3 Business Recovery Strategy 11 PLAN DISTRIBUTION 11 PLAN OBJECTIVES 11 PLAN ASSUMPTIONS 12 Definitions 12 PROCESSING ENVIRONMENT 13 Scope of Recovery 13 Environment Description 13 Essential Equipment 13 Disaster Recovery Scripts 15 RECOVERY PLAN ELEMENTS 17 1. Recovery Plan for Major Disasters 17 A. Detection and Reaction 17 B. Identifying the problem – Notifying the authorities 17 C. Establishing a Command Center 17 D. Reducing Exposure 17 2. Roles and Responsibilities 20 A. Management / Damage Assessment Team: Initial Response 21 B. Disaster Recovery Teams — Emergency Contact List 22 (AGENCY) FUNCTIONAL AREA MANAGERS 23 3. Recovery Plan for Major Disasters 24 A. Establishment of Full Recovery at Backup Site 24 B. Disaster Recovery Team Checklists 24 C. Restoration of Facilities and...

Words: 17396 - Pages: 70

Premium Essay

Disaster Recovery Plan

...Disaster Recovery Plan Saphia Christopher Strayer University CIS 462 Dr. Basta An IT disaster recovery plan provides step-by-step procedures for recovering disrupted systems and networks, to help them resume normal operations. The goal of these processes is to minimize any negative impacts to company operations. The IT disaster recovery process identifies critical IT systems and networks; prioritizes their recovery time objective; and delineates the steps needed to restart, reconfigure, and recover them. A comprehensive IT DR plan also includes all the relevant supplier contacts, sources of expertise for recovering disrupted systems and a logical sequence of action steps to take for a smooth recovery (Kirvan, 2009). The following Disaster Recovery Plan has been put together for the mock company which will be named ABC Technologies. The information contained in the DRP is partially real information from my current employer and other parts are made up. This is in response to my current firm’s policy against the dissemination of proprietary information. Information Technology Statement of Intent This document delineates our policies and procedures for technology disaster recovery, as well as our process-level plans for recovering critical technology platforms and the telecommunications infrastructure. This document summarizes our recommended procedures. In the event of an actual emergency situation...

Words: 2966 - Pages: 12

Premium Essay

The Disaster Recovery Plan

...Associate Level Material Appendix D Disaster Recovery Plan Student Name: Enter Your Name Here UNIVERSITY OF PHOENIX IT/244 INTRO TO IT SECURITY Instructor’s Name: Enter Your Instructor's Name Here Date: Enter the date here 1. Disaster Recovery Plan Due in Week Three: For your selected scenario, describe the key elements of the Disaster Recovery Plan to be used in case of a disaster and the plan for testing the DRP. 1.1. Risk Assessment 1.1.1. Critical business processes List the mission-critical business systems and services that must be protected by the DRP. No business wants to face the horror of a disaster, be it from mother nature, external threats, or other catastrophes, but will a well crafted disaster recovery plan, the firm may sustain minimal damage. In preparing for disaster, the planning committee should prepare risk analysis and should be analyzed to determine the potential consequence and impact of several disaster scenarios. The critical needs of each department within Sunica Music and Movies will include functional operations, key personnel, information, processing systems, service, documentation, vital records, and policies and procedures. Processing and operations should be analyzed to determine the maximum amount of time that the department and organization can operate without each critical system. 1.1.2. Internal, external, and environmental risks Briefly discuss the internal, external, and environmental risks, which might be likely to...

Words: 860 - Pages: 4

Premium Essay

Disaster Recovery Plan

... 2010 Axia College IT/224 Intro to IT Security Disaster Recovery Plan: Risk Assessment: There are many risk that assessments that come into play when it comes to a business, in this cases our risk assessments are centered around the protection of our systems such as; human resources system, interior design system, exterior design system, customer privacy system, and our back-up system. Internal, external, and environmental risks: There are many risks that come with any type of business, it is up to the owners to identify these risks and deal with them in the appropriate way. With any business there will be some type of problem such as loss of business, which is a result of customers not using our services; the more customers that we lose would result in more money spent and less money made hence the loss of assets. There is also the case of fires; no company is completely safe from the threat of fires and depending on the type of fire, and because of this there could be some type of loss of life. This is also possible when there are bad weather, earthquakes, or terrorists attacks. Disaster Recovery Strategy: Of the different types of strategies talked about I think the best way to go in my situation and the business that I am conducting would be a warm site. A warm site is like a mediator between hot and cold sites and would provide the advantages of both sites in the different ways. Disaster Recovery test Plan: Walk-through: Each member or client will have an...

Words: 470 - Pages: 2

Premium Essay

Disaster Recovery Plan Term Paper

...Disaster Recovery Plan Company Overview Strategic Business Solutions is a Veteran-owned small business with less than fifty employees and the business goal is to continue specializing in Information Technology (IT), project management, and business development solutions. Our main projects involve Internet-based E-commerce solutions. The following diagram depicts our current network, which is PCI compliant and can handle high-traffic websites: Risk Assessment Critical business processes Disruption of an information resource is not a disaster in itself, unless it is related to a critical business process, for example, an organization losing its revenue generating business process due to an information system failure. Other examples of potential critical business processes may include: * Production of finished goods * Advertising of the organization’s product(s) to be sold * Selling of the enterprise’s products or services * Receiving payments * Dispatching of finished goods * Provision of final services * Legal and regulatory compliance * Safeguarding of private and confidential data and other Information assets * Logistics services in the organization * Paying the employees Internal, external, and environmental risks Although all forms of corporate risks and potential damage can’t be avoided, but a realistic objective is to ensure the survival of the organization by establishing a culture that will identify and manage...

Words: 1568 - Pages: 7

Premium Essay

Disaster Recovery Plan / Enterprise Continuity Plan

...DRP / ECP Disaster Recovery Plan Enterprise Continuity Plan This presentation will explore the different parts and pieces necessary for a successful Disaster Recovery Plan / Enterprise Continuity Plan. More specifically, this presentation will provide information needed to garner and bolster support for such a plan from the university’s executive team. A well prepared, maintained and rehearsed recovery and/or continuity plan should have the ability to keep the university up and running throughout any type of disruptive event. DRP/ECP Team Members & Roles ● ● ● ● ● ● ● ● ● ● Crisis Management Team Administrative Support Team Damage Assessment Team Recovery Coordination Team Corporate Communications Team Human Resources Support Team Site Restoration Team Transportation Support Team System Restoration Team Voice Recovery Team and End-User Tech Support Team The Crisis Management Team should be a cohort of upper level management that will be responsible for all significant decision making in response to the current event. Only specific members of the Crisis Management team should be authorized to declare an emergency and decide on the appropriate action. Key responsibilities of this group include: analyzation of preliminary reports, disaster declaration, determination of appropriate response, activation of contingency plans and notification of team leaders (Hiles, 2010). The Administrative Support Team includes representatives from all major departments who can provide...

Words: 2423 - Pages: 10

Premium Essay

Disaster Recovery Plan: a Brief Overview

...Disaster Recovery Plan: A Brief Overview IT244 Axia Online College of University of Phoenix This following paper will highlight a brief overview of a DRP, covering the purpose of a DRP, key elements of a DRP, methods to test a DRP, and why testing should be done on a DRP. The main function or purpose of a DRP is to basically help identify a logical plan to recover from a disaster. Such as in any business, especially dealing with information technology, a DRP can help a business or company continue to run smoothly, with minimum disruption to normal operations. Every DRP is created differently and key elements that make a DRP may differentiate. To give an example onto what kind of key elements are found in a DRP; according to the information shown by the University of Arkansas, Fayetteville Department of Computing Services website, DRP can contain the following key elements: 1. General Information About The Plan 2. Disaster Planning 3. Initiation of Emergency Procedures 4. Initiation of Recovery Procedures 5. Maintaining the Plan A DRP cannot be fully realized or put into action unless a testing of the DRP can be done. The testing basically helps find any weak areas in the DRP so planner can improve in those areas. According to Mark S. Merkow and Jim Breithaupt authors of Information Security: Principles and Practices there are five methods to test a DRP and they are as follow: 1. Walk-through: Members...

Words: 583 - Pages: 3

Premium Essay

Disaster Recovery Plan

...Associate Level Material Appendix D Disaster Recovery Plan Student Name: Casey DeCesare University of Phoenix IT/244 Intro to IT Security Instructor’s Name: Scott Sabo Date: 4/27/14 Disaster Recovery Plan Due in Week Three: For your selected scenario, describe the key elements of the Disaster Recovery Plan to be used in case of a disaster and the plan for testing the DRP. 1 Risk Assessment 1 Critical business processes List the mission-critical business systems and services that must be protected by the DRP. The mission-critical business systems and services that must be protected by this DRP are: Payroll, Human Resource Data, POS backup media, and Web Servers and their services. 2 Internal, external, and environmental risks Briefly discuss the internal, external, and environmental risks, which might be likely to affect the business and result in loss of the facility, loss of life, or loss of assets. Threats could include weather, fire or chemical, earth movement, structural failure, energy, biological, or human. Examples of internal risks that may affect business are unauthorized access by individuals who are employed by the company, and those who aren’t employed by the company but still have access to individual store’s computer systems, applications, or areas where the servers and backup media are located. Other external and environmental...

Words: 638 - Pages: 3

Free Essay

Case Study of Designing a Self-Service Disaster Recovery Plan

...Study of Designing a Self-Service Disaster Recovery Plan 1.0 Issues regarding disaster recovery plan (DRP) Disaster recovery plan (DRP) is a clearly defined and documented plan of action for use at the time of a crisis. Typically a plan will cover all the key personnel, resources, services and actions required to implement and manage the DR process (comission, 2014). A large US public power provider, with millions of residential and business customers, needed to rethink its disaster recovery program. Due to budget constraints, the utility’s data recovery program had not been updated or tested for several years. Under the existing program, systems recovery could take up to 20 days—an unacceptable timeframe for a utility relied upon by numerous states for critical infrastructure services. Moreover, the utility was grappling with internal audit findings pertaining to unresolved disaster recovery deficiencies, which attracted the attention of board members. The board suggested that the utility modernize its disaster recovery program and keep it up to date. A Disaster Recovery Plan is designed to ensure the continuation of vital business processes in the event that a disaster occurs. The September 11, 2001 attacks on the World Trade Center has trigger the urgent of the DRP (Krocker, 2002).     1.1 Reason for a self-service disaster recovery plan 1.1.1. Ease of Getting Started Deploying and managing a traditional disaster recovery plan can be complex and require time...

Words: 1084 - Pages: 5

Premium Essay

Cis 462 Wk 10 Term Paper Disaster Recovery Plan

...CIS 462 WK 10 TERM PAPER DISASTER RECOVERY PLAN To purchase this visit here: http://www.activitymode.com/product/cis-462-wk-10-term-paper-disaster-recovery-plan/ Contact us at: SUPPORT@ACTIVITYMODE.COM CIS 462 WK 10 TERM PAPER DISASTER RECOVERY PLAN CIS 462 WK 10 Term Paper - Disaster Recovery Plan This assignment consists of two (2) parts: a written paper and a PowerPoint presentation. You must submit both parts as separate files for the completion of this assignment. Label each file name according to the section of the assignment it is written for. Additionally, you may create and / or assume all necessary assumptions needed for the completion of this assignment. In recent years, organizations have witnessed the impact of having effective and non-effective business continuity plans and disaster recovery plans. In today’s environment, with significant potential natural disasters, terrorist threats, and other man-made threats, it is critical that organizations develop effective business continuity plans and disaster recovery plans. Select an organization that you are familiar with, such as where you currently or previously have worked, contact a local organization, or search on the Internet for the needed detail of an organization you are interested in. Prepare a disaster recovery plan policy for that organization. Part 1: Written Paper 1. Write a six to eight (6-8) page paper in which you: a. Provide an overview of the organization that will be delivered...

Words: 1069 - Pages: 5

Free Essay

Disaster Recovery Plan

...Disaster Recovery Plans   The headquarters of Hill Crest Corporation, a private company with $15.5 million in annual sales, is located in California. Hill Crest provides for its 150 clients an online legal software service that includes data storage and administrative activities for law offices. The company has grown rapidly since its inception 3 years ago, and its data processing department has expanded to accommodate this growth. Because Hill Crest’s president and sales personnel spend a great deal of time out of the office soliciting new clients, the planning of the IT facilities has been left to the data processing professionals. Hill Crest recently moved its headquarters into a remodeled warehouse on the outskirts of the city. While remodeling the warehouse, the architects retained much of the original structure, including the wooden-shingled exterior and exposed wooden beams throughout the interior. The minicomputer distributive processing hardware is situated in a large open area with high ceilings and skylights. The openness makes the data processing area accessible to the rest of the staff and encourages a team approach to problem solving. Before occupying the new facility, city inspectors declared the building safe; that is, it had adequate fire extinguishers, sufficient exits, and so on. In an effort to provide further protection for its large database of client information, Hill Crest instituted a tape backup procedure that automatically backs up the database...

Words: 860 - Pages: 4

Premium Essay

Disaster Recovery Plan

...Disaster Recovery Plan Kawa, Tonderai B. Fanshawe College INFO- 6027-02 Security Planning Defined Recovery Process: To insure the continuation of business at Sunnylake and secure accesses to the electronic medical records (EMRs) and insure a continued business through a disaster recovery plan that will be initiated with group 5 members. The plan has considered the Sunnylake hackers who have caused an access denied on EMRs so the DRP that is going to be implemented and will include management procedures and technology procedures to insure an on-time recovery. So the crisis being faced is hacked EMRs so doctors and nurses are at risk of medication errors and drug interactions, what was the most efficient method has becomes less reliable. Moverover if the recovery time takes longer there is little hope of reverting to EMRs. Some patients are receiving the wrong prescription due to a poor adjustment to the tedious and robust situation. Infrastructure (replace): Attempts for system restore, contemplating to pay ransom demanded by extortionist. Use of paper records as means of keeping patient and medication records and patients’ confidential information and doing filing as alternative means of record keeping. Whilst the hospital workstations being the major points of data entry. People (retain): The proactive participants and their role at Sunnylake; George Knudsen - (Chief of staff)...

Words: 933 - Pages: 4

Premium Essay

Disaster Recovery Plan

...Disaster Recovery Plan: A Risk Management Strategy CIS 359 8/25/13 Professor Michelle Hansen CEO CEO CISO CISO CIO CIO IT Procurement Specialist IT Procurement Specialist IT Security Compliance Officer IT Security Compliance Officer IT Security Engineer IT Security Engineer Needs to monitor compliance with the security directives ,and overall policy to ensure IT effectiveness. Needs to monitor compliance with the security directives ,and overall policy to ensure IT effectiveness. Use results and feedback from various other sources to form a system budget enquiry that will help with financial planning Use results and feedback from various other sources to form a system budget enquiry that will help with financial planning Helps ensure the programs uptake and success. Helps ensure the programs uptake and success. Privacy Security Professional Privacy Security Professional Security Manager Security Manager Need to ensure that awareness and training requirements are established within the organization’s position and ensure that staff receives effective professional development services. Need to ensure that awareness and training requirements are established within the organization’s position and ensure that staff receives effective professional development services. Can help identify training sources, evaluate vendor based and other training sources and aid in the development of awareness and other training materials. ...

Words: 1441 - Pages: 6

Free Essay

Disaster Recovery Plan

...mirror sites. Triangular architecture: WTC – Rochelle Park – London. The significant loss of lives made recovery from this event especially difficult. Sources (moving forward): http://www.baselinemag.com/c/a/Business-Intelligence/Pop-Culture/ From day one, Rochelle Park was seen as a concurrent system, not a disaster-recovery site. The shift was driven by eSpeed's role as the largest player in electronic bond-trading, which meant uninterrupted service was an imperative. The nondescript building in a blue-collar town was perfect—a former telecom facility across from another telecom building. Systems alternated between the trade center and the mirror site, with particular products (e.g., zero coupon bonds) running live for a month at one location and then switching to the other; about half of the company's approximately 40 products were live at each location at any given time. "In that sense we had run our disaster-recovery tests the day before," says Noviello. The mirror site and the World Trade Center were connected by a high-speed optical line, over which eSpeed linked the storage area networks at each site. Sybase data-replication software mirrored critical databases between the sites. Half of the company's Microsoft Exchange e-mail servers were also located full-time in Rochelle Park. Some DRPs are approved and put in place with the awareness that the plan itself will not work, only for audit purposes. On Wednesday, Cantor Chairman and CEO Howard Lutnick told...

Words: 2816 - Pages: 12

Premium Essay

Disaster Recovery Plan

...| Enhanced Security for Data Access | | Richard Edvalson 1/12/2014 | Contents I. Contents 1 II. Introduction 5 III. Access Control Layers 5 A. The Access Control Perimeter 5 B. Asset Containers 5 C. Workplace Perimeter 5 IV. Access Control Methods and Technical Strategies 5 A. Identification, Authentication, and Authorization 5 B. Logical Access Controls 5 1. Network Architecture Controls 5 2. Remote Network Access 5 3. Security Network Ports 5 4. Encryption 5 5. PKI Compliance Requirements 5 6. Passwords, Pins, and Other Forms of Access 5 C. Physical Access Controls 5 1. Classified Storage and Handling 5 2. Badges, Memory Cards, and Smartcards 5 3. Physical Tokens and Physical Intrusion Detection 5 V. Access Control Integration and Administrative Strategies 5 A. Biometric Systems 5 B. Separation of Duties 5 C. Protecting the Enrollment Process 6 D. Protecting the Verification Process 6 E. Cryptographic Controls 6 F. Integrating Access Control Methods 6 VI. Public Key Infrastructure 6 A. DoD-Approved PKI 6 B. Multi-factor Authentication 6 C. Identification and Authentication through Digit Signature of Challenge 6 D. Data Integrity through Digital Signature of the Information 6 E. Confidentiality through Encryption 6 F. Assists with Technical non-Repudiation through Digital Signatures 6 VII. Mitigating Risk in the User Domain 6 A. Interviewing and Background Screening...

Words: 590 - Pages: 3