Premium Essay

Security Policies and Implementation Week Four Lab

In:

Submitted By komi018
Words 1852
Pages 8
-------------------------------------------------
Sara
-------------------------------------------------
10/11/2014
-------------------------------------------------
Week 4 Laboratory: Part 1 Part 1: Identify Necessary Policies for Business Continuity - BIA & Recovery Time Objectives Learning Objectives and Outcomes
Upon completing this lab, students will be able to complete the following tasks:

* Identify the major elements of a Business Continuity Plan (BCP)

* Align the major elements of a Business Continuity Plan with required policy definitions

* Review the results of a qualitative Business Impact Analysis (BIA) for a mock organization

* Review the results of defined Recovery Time Objectives (RTOs) for mission-critical business functions and applications

* Create a BCP policy defining an organization’s prioritized business functions from the BIA with assigned RTOs

Week 4 Lab Part 1: Assessment Worksheet (PART A)

Sample Business Impact Analysis for an IT Infrastructure

Overview

When conducting a BIA, you are trying to assess and align the affected IT systems, applications, and resources to their required recovery time objectives (RTOs). The prioritization of the identified mission-critical business functions will define what IT systems, applications, and resources are impacted. The RTO will drive what type of business continuity and recovery steps are needed to maintain IT operations within the specified time frames.

1. Fill in the sample BIA with prioritization in (parentheses):

Business Function Business Impact RTO/RPO IT Systems/Apps Or Process Factor Infrastructure Impacts

Internal and external voice communications with customers in real-time | (Medium) Depends on the

Similar Documents

Premium Essay

Informative

...IS4550 Security Policies and Implementation INSTRUCTOR GUIDE Course Revision Table Change Date | Updated Section | Change Description | Change Rationale | Implementation Quarter | 12/20/2011 | All | New curriculum | | June 2012 | | | | | | | | | | | | | | | | | | | | | | | | | | ------------------------------------------------- ------------------------------------------------- Credit hours: 4.5 Contact/Instructional hours: 60 (30 Theory, 30 Lab) Prerequisite: IS3110 Risk Management in Information Technology Security or equivalent Corequisite: None Table of Contents Course Overview 5 Course Summary 5 Critical Considerations 5 Instructional Resources 6 Required Resources 6 Additional Resources 6 Course Management 8 Technical Requirements 8 Test Administration and Processing 8 Replacement of Learning Assignments 9 Communication and Student Support 9 Academic Integrity 10 Grading 11 Course Delivery 13 Instructional Approach 13 Methodology 13 Facilitation Strategies 14 Unit Plans 15 Unit 1: Information Security Policy Management 15 Unit 2: Risk Mitigation and Business Support Processes 25 Unit 3: Policies, Standards, Procedures, and Guidelines 33 Unit 4: Information Systems Security Policy Framework 42 Unit 5: User Policies 50 Unit 6: IT Infrastructure Security Policies 58 Unit 7: Risk Management 66 Unit 8: Incident Response Team Policies 74 Unit 9: Implementing...

Words: 18421 - Pages: 74

Free Essay

Crime

...CASE #1 WHEN THE WORKPLACE BECOMES A CRIME SCENE On the morning of September 8, 2009, security cameras showed Annie Le, a doctoral student in the Yale School of Medicine’s Department of Pharmacology, entering the campus building in which she worked as an animal researcher. When Le failed to return home that evening, her roommates reported her missing to local police. Because security footage didn’t show Le leaving the building, authorities immediately closed it off, and Le’s body was found five days later, hidden inside a wall in a basement laboratory. She had been strangled. It was September 13 – the day on which Le, 24, was to be married. On September 17, police arrested Raymond Clark III, also 24, a lab technician who’d been working in the building on the day that Le disappeared. As of this writing, neither Clark nor the police have indicated any motive, but New Haven police chief James Lewis is on record as saying, “This is not about urban crime, university crime, [or] domestic crime, but an issue of workplace violence, which is becoming a growing concern around the country.” How much concern? In 2007, the last year for which there is reliable data, there were more than 5,600 work-related deaths in the United States. Of these, 864, or 15 percent, were due to assaults or other violent acts; homicides accounted for 628 deaths, or 11 percent of the total, with murder passing “Contact with objects and equipment” to take over the number-two spot in cause of workplace...

Words: 2401 - Pages: 10

Premium Essay

Rn Bsn

...Award Minerva Ndikum Medical Informatics 6208 DE PhD Philip Aspden This paper compares and contrasts eight different views of two winners of Davies enterprise award. The HIMSS Nicholas E. Davies award recognizes excellence in the implementation and use of health information technology, specifically electronic health records (EHRs), for healthcare organizations, private practices, public health systems, and community health organizations.  The Award honors Dr. Nicholas E. Davies, an Atlanta-based practicing physician, president-elect of the American College of Physicians, and a member of the Institute of Medicine Committee on Improving the Patient Record, who died in 1991 in a plane crash. This paper will compare and contrast the eight difference, the process by which each organization decided to implement an EHR, the goals of each implementation, the governance process for planning and implementation and how stakeholders were involved in each case, the functionality that was implemented in each case, including clinical decision support tools and data sharing with external organizations, how security and data integrity issues were addressed in each case, how user satisfaction with the implementation in each case was addressed and give the results, and how each implementation’s success in meeting the original goals of Sentara healthcare system who won the award in 2010 and Eastern Maine Medical Center won the award in 2008.Sentara Healthcare in Norfolk...

Words: 2728 - Pages: 11

Premium Essay

Workplace

... STUDY CENTER – MUMBAI, SHIVAJI PARK The HR Colleagues whom I have identified as role model are: 1) Mr. Manish Kumar – President HR; Dhanalaxmi Bank (I have interacted with him during my stint with Alkem Labs. 2) Ms. Aarti Mudaliar – HR Business Partner; Novartis (I have interacted with her while assessing her for the opportunity in Novartis India). The HR Colleagues whom I would prefer avoiding working with 1) Mr. Alfred Mendes – Manager HR; PSS India Pvt Ltd. 2) Mr. Ashim Banerjee – Director HR; Wanbury (have interacted with him as a client of PSS) The working style of all the above mentioned professionals is very diverse from each other: Mr. Manish Kumar – President HR; Dhanalaxmi Bank * Mr. Manish Kumar was the Director HR in Alkem, when I was working there as a Brand Manager. * Manish Kumar has an ever smiling face in the organization. He has a warm and welcoming personality. He was down to earth, passionate, executioner with strategic bent of mind, relationship - oriented, and had a personal rapport with people across functions. He had a knack of making people comfortable around him. * Alkem Labs is a typical family run organization, where most of the decisions are influenced by the owners. Also Alkem was perceived to have a typical Family culture which was not very conducive for the employees. Due to this...

Words: 1541 - Pages: 7

Free Essay

A Fully Functional Network Design for Shelly Fashion

...NETWORKS AND TELECOMMUNICATONS A FULLY FUNCTIONAL NETWORK DESIGN FOR SHELLY FASHION PRESENTED BY: Osazuwa Olufemi George Business requirement Shelly fashion is a clothing boutique that sells clothes to both male and female customers. Their goal is to be the biggest retail clothing store in the country which aims to provide customers from the ages of 5 to 45 years of age a wide variety of quality clothing. The clothing retail store is open six days a week to customers who come in and buy their clothes directly at the store. The transaction is recorded and stored on the store’s computer with a Store Management Software which keeps track of inventory, sales, and computes the profits of the retail store biannually. Shelly fashion is looking to expand its reach using internet technology so it would be able to meet with the growing number of customers and also to connect all its other and future branches together to form a centralized network. With the network the retail store would be able to launch its home delivery option where customers would be able to buy clothes online and have their goods brought to them at their homes without having to be physically present at store. The business owners want to embark on a project to set up a telecommunications network which should be able to reach their business requirements. Shelly fashion’s business requirements for the proposed network are as follows: * Reduce operating cost by cutting cost too make telephone calls...

Words: 2953 - Pages: 12

Premium Essay

Capstone Project

...Project Security Plan This plan was developed by David Hanuschak, Managing Director of On-point Technologies, in cooperation with other key members of the On-point Technologies staff.   About On-point Technologies We are a three man great solution for your networking needs. On-point technologies are top rated with the Better Business Bureau for customer satisfaction. Objectives   This security plan is our first. We will take a broad view of the security risks facing the firm and take prompt action to reduce our exposure. Everyone remembers the virus attack we had earlier this year, and we hope to avoid another disaster like that! However, I hope that by taking a wider view, we may be able to plan for threats we don’t know about yet.   I realize that we are limited in time, people, and (of course) cash. Our main priority is to continue to grow a successful business. We cannot hope for Central Intelligence Agency (CIA)-like security, and it wouldn’t be good for our culture to turn On-point into Fort Knox. The project team has weighed these constraints carefully in deciding what to do and has tried to strike a balance between practicality, cost, comfort, and security measures. We are all convinced, however, that doing nothing is not an option.   I am taking responsibility for leading this review and ensuring that all the action items are carried out. I am concerned about the risks we face, although having reviewed the plan, I am sure we can address them properly. This...

Words: 2146 - Pages: 9

Premium Essay

Week 6

...affected, but on the other hand they have to maintain the quality health care services. Due to the seriousness of the latest economic recession, U.S. dollars of investment have been the organizations "slow." Therefore, it is necessary to reconsider the existing staff of PFCH business model, and consider the transformation of them, to enable them to compete in today's economic climate. Current Business System The Facilities Department's proposed, emergency room remodeling will include the use of environmentally friendly materials. In an effort to reduce waste, all e-mails will be water marked "Please consider the environment before printing this e-mail." This is an important piece in the hospital ERP system and implementation of reasons to reduce paperwork. The Fund's policies and procedures outlined manually equipment tracking asset inventory, including risk assessment, use of equipment, employee training in the use, equipment maintenance agreement, compliance. The various hospital departments are individually responsible for the procurement of equipment, training, and all electrical and mechanical equipment maintenance costs for their area. Chief compliance officer, Frederick Adair, monitors personal data privacy issues that require hospitals to keep private personal health information (PHI). Access to patient data is restricted to those with a need to know. These parties are involved in the process such as insurance companies to pay claims and business partners which will have...

Words: 2633 - Pages: 11

Premium Essay

Form

...OFFICIAL CATALOG This Catalog contains information, policies, procedures, regulations and requirements that were correct at the time of publication and are subject to the terms and conditions of the Enrollment Agreement entered into between the Student and ECPI University. In keeping with the educational mission of the University, the information, policies, procedures, regulations and requirements contained herein are continually being reviewed, changed and updated. Consequently, this document cannot be considered binding. Students are responsible for keeping informed of official policies and meeting all relevant requirements. When required changes to the Catalog occur, they will be communicated through catalog inserts and other means until a revised edition of the Catalog is published. The policies in this Catalog have been approved under the authority of the ECPI University Board of Trustees and, therefore, constitute official University policy. Students should become familiar with the policies in this Catalog. These policies outline both student rights and student responsibilities. The University reserves the right and authority at any time to alter any or all of the statements contained herein, to modify the requirements for admission and graduation, to change or discontinue programs of study, to amend any regulation or policy affecting the student body, to increase tuition and fees, to deny admission, to revoke an offer of admission and to dismiss from the...

Words: 149595 - Pages: 599

Premium Essay

Kudler Fine Foods Network Design Project

...INDP Final Kudler Fine Foods Network Design Project NTC 362 March 17, 2014 Introduction This paper will present the Final Integrative Network Design outlining the cumulative plan that Kudler Fine Foods has accepted and agreed on for implementation of the following: Final Network Design The integrative network design project for Kudler Fine Foods will include Transmission Control Protocol/ Internet Protocol (TCP/IP) will be used as a means of communication within a private network or the internet for Kudler Fine Foods network devices. Hypertext Transfer Protocol (HTTP) is used for transfer of multimedia files, video, sound, and text over the internet. Kudler Fine Foods will implement File Transfer Protocol (FTP) to download files, transfer files, delete files, copy and rename files from the internet as needed. Mesh Protocol will be used to connect all devices such as printers, computers, and scanners on the network. In a true mesh topology every node has a connection to every other node in the network ("Common Physical Network Topologies ", 2014).   The network will consist of a hardware firewall blocking unwanted access from outside of the location. The next step is to set up a hub or switch that will connect all of the stores terminals. All of these terminals such as registers and remote locations such as warehouse will be hardwired with twisted pair CAT 5 Ethernet cable. The server will be located in a room in each store with the hub or switch. A wireless...

Words: 4817 - Pages: 20

Premium Essay

Scavenger Hunt Questions and Answers

...2012 Catalog Volume 20 Issue 1 March 5, 2012 – December 31, 2012 This Catalog contains information, policies, procedures, regulations and requirements that were correct at the time of publication and are subject to the terms and conditions of the Enrollment Agreement entered into between the Student and ECPI University. In keeping with the educational mission of the University, the information, policies, procedures, regulations and requirements contained herein are continually being reviewed, changed and updated. Consequently, this document cannot be considered binding. Students are responsible for keeping informed of official policies and meeting all relevant requirements. When required changes to the Catalog occur, they will be communicated through catalog inserts and other means until a revised edition of the Catalog is published. The policies in this Catalog have been approved under the authority of the ECPI University Board of Trustees and, therefore, constitute official University policy. Students should become familiar with the policies in this Catalog. These policies outline both student rights and student responsibilities. The University reserves the right and authority at any time to alter any or all of the statements contained herein, to modify the requirements for admission and graduation, to change or discontinue programs of study, to amend any regulation or policy affecting the student body, to increase tuition and fees, to deny admission, to revoke an offer of admission...

Words: 130938 - Pages: 524

Premium Essay

Company Security Policy

...------------------------------------------------- Rhombus, Inc. Company Security Policy Rev 1.1.15.12.4 Dec 2015 Editors: Rhombus, Inc. Policy Team 1 Rhombus, Inc. 14 1.1 About This Document 14 1.2 Company History 14 1.3 Company Structure and IT Assets 14 1.4 Industry Standards 15 1.5 Common Industry Threats 15 1.6 Policy Enforcement 16 2 Credit Card Security Policy 17 2.1 Introduction 17 2.2 Scope of Compliance 17 2.3 Requirement 1: Build and Maintain a Secure Network 17 2.4 Requirement 2: Do not use Vendor-Supplied Defaults for System Passwords and Other Security Parameters 18 2.5 Requirement 3: Protect Stored Cardholder Data 19 2.6 Requirement 4: Encrypt Transmission of Cardholder Data across Open and/or Public Networks 20 2.7 Requirement 5: use and Regularly Update Anti-Virus Software or Programs 20 2.8 Requirement 6: Develop and Maintain Secure Systems and Applications 21 2.9 Requirement 7: Restrict Access to Cardholder Data by Business Need to Know 21 2.10 Requirement 8: Assign a Unique ID to Each Person with Computer Access 22 2.11 Requirement 9: Restrict Physical Access to Cardholder Data 22 2.12 Requirement 10: Regularly Monitor and Test Networks 23 2.13 Requirement 11: Regularly Test Security Systems and Processes 25 2.14 Requirement 12: Maintain a Policy that Addresses Information Security for Employees and Contractors 26 2.15 Revision History 29 3 Acceptable Use Policy 30 3.1 Overview 30 3.2 Purpose 30 ...

Words: 26545 - Pages: 107

Premium Essay

Final Project Risk Managment

...Introduction of the purpose and importance of risk management Risk management planning is a critical and often overlooked process on every project.  Allowing for the proper amount of risk planning in your project schedule can mean the difference between project success and project failure when those potential risks become real issues. The plan is only the output of the process. It details how the process will be implemented, monitored, and controlled through the life of this project. It details how the group will manage risks but doesn’t attempt to define the responses to individual risks. Risks come about for many reasons, some are internal to the project, and some are external such as but not limited to the project environment, the management process, planning process, inadequate resources, and other unforseen instances that can contribute to risk. Risks associated with the project generally concern the objectives, which turn to impact time, cost, or quality, or combination of those three things. Risk management provides assurance that an organization can create and implement an effective plan to prevent losses or reduce the impact if the a loss occurs. A good plan includes strategies and techniques for recognizing and confronting the threats, solutions for both preventing and solving the situation and indicates financial opportunities. An effective risk management practice does not terminate risks. However, an effective and operational risk management practice demonstrates...

Words: 3711 - Pages: 15

Premium Essay

Religion

...Charles Greene Student ID: 22490324 Presented to Dr. Frank Schmitt In partial fulfillment of the requirements of EDMN 876 CREATIVE MINISTRY USES FOR THE COMPUTER Liberty Baptist Theological Seminary Lynchburg, VA February, 15th 2011 Technology Recommendations for Mount Olive Baptist Church Prepared by Charles Greene PO Box 73404 Richmond, VA. 23235 Phone: 804-439-0486 Technology Recommendation MOBC should standardize and improve its network security. The mix of local vs. server accounts and the lack of standards for file church and file sharing not only requires more overall administration; but also puts MOBC’s data at risk from loss, theft, or access to private files by individuals who should normally be denied access. In order to provide a consistent model among its church MOBC should follow a standard set of guidelines for storing and sharing files. Additionally, all user accounts should be centralized on the servers at each location. Consistent file storage and sharing model will help users across the church to know where to put files so that they are secure and confidential. MOBC presently does not do any detailed technology budgeting. Not forecasting technology needs...

Words: 2966 - Pages: 12

Premium Essay

Com545 Lab 5

...Lab Five Executive Summary A security test is a method of evaluating the security of a computer system or network by methodically validating and verifying the effectiveness of application security controls. A web application security test focuses only on evaluating the security of a web application. The process involves an active analysis of the application for any weaknesses, technical flaws, or vulnerabilities. Any security issues that are found will be presented to the system owner, together with an assessment of the impact, a proposal for mitigation or a technical solution (Open Web Application Security Project [OWASP], 2014a). Vulnerability is a flaw or weakness in a system's design, implementation, operation or management that could be exploited to compromise the system's security objectives. A threat is anything such as a malicious external attacker, an internal user, or a system instability that can harm the owner’s assets by an application or resource of value, such as data in a database or in the file system by exploiting vulnerabilities. A test is an action to demonstrate that an application meets the security requirements of its stakeholders (OWASP, 2014a). Test to Be Performed The first phase in security assessment is focused on collecting as much information as possible about a target application. Information Gathering is the most critical step of an application security test. The security test should endeavor to test as much of the code base as possible...

Words: 5541 - Pages: 23

Premium Essay

Capstone

...Capstone Project Cover Sheet Capstone Proposal Project Name: Upgrading from XP to Windows 7 is important for Security Student Name: Matthew Phelps Degree Program: Security Emphasis Mentor Name: Julianne Evans Table of Contents Capstone Proposal Summary 3 Review of Other Work 7 Project Rationale 10 Systems Analysis and Methodology 10 Goals and Objectives 14 Project Deliverables 21 Project Plan and Timelines 24 Project Development 25 Conclusion 29 References 31 Competency Matrix 32 Project Timeline 34 Additional Deliverables 35 Capstone Report Summary The entire world is becoming increasingly more reliant on data determined technology. Industries cannot ignore the inevitability of a reliable Information Technology network to be successful and to remain competitive with other corporations. Most companies obviously tend to ignore the necessity of maintaining efficient Operating Systems in their networks; the consequences can lead to amplified employee hindrance, diminished customer contentment and eventually reduced revenue. This capstone project emphasis is on a company facing those very problems. Providence Health Services is a large company that operates multiple hospitals across five states, with its headquarters located in Renton, Washington. The health system includes 27 hospitals, more than 35 non-acute facilities...

Words: 8794 - Pages: 36