Incident Response & Disaster Recovery

User Generated

Fnz112211

Computer Science

Description

I'm looking for help to do the work, and make it basic international writing please.

1.  Readings from Incident Response & Disaster Recovery Chapter 5.

2.  Case Study:

Data Security - Top Threats to Data Protection.pdf 

Business Continuity, Disaster Recovery and Data Center Consolidation.pdf 

Business continuity and disaster recovery Reference Guide.pdf 

Protect your organizationu2019s sensitive information and reputation with high-risk data discovery.pdf 

After reviewing the case studies (Business continuity and disaster recovery Reference Guide, Data Security - Top Threats to Data Protection, Business Continuity, Disaster Recovery and Data Center Consolidation & Protect your organization’s sensitive information and reputation with high-risk data discovery) use the Finding Page document and answer (A) what are the issues & best practices of data protection and (B) data centers and (C) how do you protect your organization’s sensitive information and reputation with high-risk data discovery?

3.  Internet/Exercise Problem:

 Enter and surf the terms “Data centers” in search and find 3 companies that provide those services/tools, then use the Finding Page document and answer/evaluate (A) what are some of the tools/services being offered and (B) what are the benefits of using these outside services versus in-house, how effectively can they be and (C) after reviewing these templates, (Data Center Disaster Recovery Plan Template & IT Disaster Recovery Template) what are their key components, what’s their value, usefulness for the organization?

4.  Discussion Questions:

1.  In the field of computer forensics, what types of tools and techniques are used?

2.  What are the issues involved in protecting all of the organization’s information. Should all digital conversations be preserved and how, what are the legal aspects? How might an organization notify its users that all communications are being monitored and preserved?

3.  There have been several incidents lately in which backup media containing personal customer information were lost or stolen. How should backup media be secured? What about off-site storage of backups?

4.  As with any recovery strategy, an organization should schedule a full test rehearsal, what should the after-action review focus on?




Unformatted Attachment Preview

For more information please visit the Privacy Technical Assistance Center: http://nces.ed.gov/ptac Data Security: Top Threats to Data Protection Overview The U.S. Department of Education established the Privacy Technical Assistance Center (PTAC) as a “one-stop” resource for education stakeholders to learn about data privacy, confidentiality, and security practices related to student-level longitudinal data systems. PTAC provides timely information and updated guidance on privacy, confidentiality, and security practices through a variety of resources, including training materials and opportunities to receive direct assistance with privacy, security, and confidentiality of longitudinal data systems. More PTAC information is available on http://ed.gov/ptac. Purpose Advancements in information technology (IT) have raised concerns about the risks to data associated with weak IT security, including vulnerability to viruses, malware, attacks and compromise of network systems and services. Inadequate IT security may result in compromised confidentiality, integrity, and availability of the data due to unauthorized access. To ensure that individual privacy remains carefully protected, local and state education agencies should implement state-of-the-art information security practices. Staying ahead of the ever-evolving threat of a data breach requires diligence on the part of the education community in understanding and anticipating the risks. This short paper outlines critical threats to educational data and information systems. Threats are divided into two categories: technical and non-technical. A brief description of each threat is followed by a suggestion of appropriate risk mitigation measures. As a rule, an organization can greatly reduce its vulnerability to security threats by implementing a comprehensive privacy and data security plan. PTAC’s Data Security Checklist provides additional guidance on protecting information systems. Technical Data Security Threats to Information Systems  Non-existent Security Architecture. Some organizations do not have an established security architecture in place, leaving their networks vulnerable to exploitation and the loss of personally identifiable information (PII). At times, due to a lack of resources or qualified IT staff, organizations’ networks are connected to the internet directly, or are connected using out-of-the-box network appliances with default configurations attached, with no additional layer of protection. It is important to note that having a firewall alone is not sufficient to ensure the safety of a network. Inadequate network protection results in increased vulnerability of the data, hardware, and software, including susceptibility to malicious software (malware), viruses, and hacking. If the network contains sensitive information or PII, such as students’ social security numbers, it is critical that even in a very limited resource environment, minimal user, network and perimeter security protection mechanisms (such as anti-virus) are implemented, including making sure that anti-virus software is properly configured. Robust security architecture is essential and provides a roadmap to implementing necessary data protection measures. Mitigation: If an organization does not have the appropriate personnel to design a security architecture, it is recommended that a third party be brought in to consult with the IT team.  Un-patched Client Side Software and Applications. Computers run a variety of software applications, including older versions of that may sometimes contain vulnerabilities that can be exploited by malicious actors. Keeping up with software updates and upgrades, in addition to applying manufacturer-recommended patches, minimizes many of the vulnerabilities. Mitigation: To reduce the ability of malicious actors to compromise or destroy an organization’s security system, implement a robust patch management program that identifies vulnerable software applications and regularly updates the software security to ensure ongoing protection from known threats.  “Phishing” and Targeted Attacks (“Spear Phishing”). One way malicious individuals or criminals (e.g., hackers) target individuals and organizations to gain access to personal information is through emails containing malicious code—this is referred to as phishing. Once infected emails are opened, the user’s machine can be compromised. Mitigation: To reduce vulnerability to phishing and other e-mail security scams, organizations should install professional enterprise-level e-mail security software. It is recommended that this software check both incoming and outgoing messages to ensure that spam messages are not being transmitted if a system becomes compromised. In addition, organizations should provide regular internet security training to staff to ensure user-awareness about e-mail scams.  Internet Web sites. Malicious code can be transferred to a computer through browsing webpages that have not undergone security updates. Therefore, simply browsing the internet and visiting compromised or unsecured websites could result in malicious software being downloaded to an organization’s computers and network. Mitigation: To prevent threats from compromised websites, employ firewalls and antivirus software to help identify and block potentially risky web pages.  Poor Configuration Management. Any computer connected to the network, whether at work or at home, that does not follow configuration management policy, is vulnerable to an attack. Weak data security protection measures that do not restrict which machines can connect to the organization’s network make it vulnerable to this type of threat. Mitigation: Establish a configuration management policy for connecting any hardware to the Page 2 of 8 network. The policy should specify security mechanisms and procedures for various types of hardware, including computers, printers, and networking devices. It is also recommended to implement a Network Access Control solution to enforce configuration policy requirements (e.g., by automatically preventing network access to the devices that do not comply with the network security policies).  Mobile Devices. Use of mobile devices, such as laptops or handheld devices, including smartphones, is exploding; however, the ability to secure them is lagging behind. The situation is complicated by the fact that these devices are often used to conduct work outside the organization’s regular network security boundaries. Data breaches can occur in a number of ways: devices can be lost, stolen, or their security can be compromised by malicious code invading the operating system and applications. Mitigation: To promote data security in case a device is lost or stolen, encrypt data on all mobile devices storing sensitive information (i.e., data that carry the risk for harm1 from an unauthorized or inadvertent disclosure). Until more data encryption, user authentication, and anti-malware solutions become available for mobile devices, the best protection strategy is to implement a strict mobile device usage policy and monitor the network for malicious activity.  Cloud Computing. Delegating the bulk of data protection services to a third party shifts enterprise security architecture. In cloud computing, for example, large amounts of customer data are stored in shared resources, which raises a variety of data encryption and availability issues. Further, the cloud provider faces the same data security responsibilities and challenges as the organization that owns the data, including patching and managing their applications against malicious code. Mitigation: Conduct an assessment to compare benefits from adopting cloud computing, including cost savings and increased efficiency, against associated security risks. It is critical to ensure that solutions offered by the cloud provider effectively comply with the organization’s information system security requirements, including operational and risk management policies. As cloud solutions and security requirements continue to evolve, periodically review the costbenefit assessment. Also review applicable requirements of the Family Educational Rights and Privacy Act, in addition to the state, local, and organization’s policies and regulations.  Removable media. The use of removable media (e.g., flash drives, CDs, and external hard drives) on an organization’s network poses a significant security threat. Without proper protection, these types of media provide a pathway for malware to move between networks or hosts. Following proper security measures when using removable media devices is necessary to decrease the risk of infecting organization’s machines or the entire network. Mitigation: To minimize the security risks, apply simple preventative steps. These include disabling the “auto run” feature of the operating system on the organization’s machines and training users to scan removable media for viruses before opening the files. 1 Here, harm refers to any adverse effects that would be experienced by an individual whose PII was the subject of a loss of confidentiality, as well as any adverse effects experienced by the organization that maintains the PII (NIST, Guide to Protecting the Confidentiality of Personally Identifiable Information (PII), 2010 Special Publication 800-122, p. 3-1, 2). Harm to an individual includes any negative or unwanted effects (i.e., that may be socially, physically, or financially damaging). Page 3 of 8  Botnets. Botnets are networks of compromised computers used by hackers for malicious purposes, usually criminal in nature. If it is discovered that an organization’s network has been infected, it is organization’s responsibility to notify stakeholders about a potential compromise of all data residing on the network, regardless of whether the data themselves were the target. Clean up efforts resulting from botnet infestation may be costly and damaging to an organization’s reputation. Mitigation: Since there are many ways computers can become compromised, having a strong security architecture is critical to defending against a malicious botnet attack. Implement a holistic approach to data security and use preventative measures to ensure that the network is secure. Strategies for botnet detection involve analyzing patterns of data sent over the network, and monitoring computer resources usage and external connections.  Zero-day Attacks. A zero-day attack is a threat aimed at exploiting a software application vulnerability before the application vendor becomes aware of it and before the vulnerability becomes widely known to the internet security community. These attacks are among the hardest to mitigate and leave computers and networks extremely vulnerable. Mitigation: Unless an organization has access to IT analysts who are highly experienced in technical vulnerability assessment, a frequently recommended approach to mitigation is to wait for the vendor to release a patch that fixes the vulnerability. The organization should keep abreast of the latest software patches and deploy the fix as soon as it is distributed by the developer. Non-technical Cyber Security Threats to Information Systems  Insider. An insider is defined as someone with legitimate access to the network. Because information accessed by insiders can be easily stolen, copied, deleted, misfiled, or changed, insider threats can be some of the most damaging, regardless of whether they occur due to user carelessness or malicious attempts. Mitigation: To mitigate this type of threat, establish and enforce a well-defined privilege rights management system, restricting users’ access to certain information and allowing them to only perform specific functions. Audit programs are useful in enforcing access controls and monitoring suspicious activity. In addition, it is recommended that organizations conduct annual training and awareness programs to educate users about insider threats.  Poor Passwords. Implementing a policy on strong user passwords is critical to data protection. It is especially important for users with access to the most sensitive information. Modern password-cracking programs can easily break weak passwords, such as those containing common words or word groups found in a dictionary. For this reason, user-selected passwords are generally considered to be weaker than randomly-generated passwords. User-generated Page 4 of 8 passwords often follow a predictable pattern or association to something in the user’s life (city, family, or pet names for example) and are therefore more vulnerable to password-cracking programs. While randomly-generated passwords may be harder to remember, they are relatively more secure. Mitigation: Use a professional password-generating program as an enterprise-level solution. A variety of highly-rated programs are available on the market. In addition to implementing procedures for generating strong passwords, train users on how to maintain the security of their passwords, which includes not keeping written passwords in the vicinity of the computer. For enhanced security, consider implementing more advanced authentication capabilities, such as multi-factor authentication.  Physical Security. Physical security is essential to preventing unauthorized access to sensitive data as well as protecting an organization’s personnel and resources. An effective physical security system is an integral part of a comprehensive security program. Physical safety measures include securing access to dedicated computers, server rooms, routers, printers, and any areas that process or store sensitive data. Mitigation: Establish and enforce a physical security system. Strong physical security includes access control policies and procedures; physical barriers (e.g., fences, doors, locks, safes, etc.); surveillance and alarm systems; and security breach notification, response, and system recovery procedures.  Insufficient Backup and Recovery. Lack of a robust data backup and recovery solution puts an organization’s data at risk and undermines the effectiveness of its IT operations. Data and system recovery capabilities allow an organization to reduce the risk of damage associated with a data breach. It is essential to conduct routine backups of critical data and store backup media in a safe and secure manner. Mitigation: Establish an organizational policy and specify procedures for data backup, storage, and retrieval. Many advanced data and system backup and recovery tools are available on the market.  Improper Destruction. Paper documents, such as reports and catalogs, may contain sensitive data. Unless these documents are destroyed properly (for example, by shredding or incinerating), they may be salvaged and misused. Discarded electronic devices, such as computers or portable drives, that have been used in processing and storing sensitive data, remain vulnerable unless the data are erased properly. A data breach can occur if recovery tools are used to extract improperly erased or overwritten data. Mitigation: Establish a policy for protecting or destroying no longer needed IT assets and media that may contain sensitive data. Several standards organizations offer guidelines that outline best practices for ensuring data are discarded properly, including recommendations published Page 5 of 8 by the National Institute of Standards and Technology (NIST) titled NIST SP 800-88, “Guidelines for Media Sanitization.” (http://csrc.nist.gov/publications/nistpubs/800-88/NISTSP800-88_rev1.pdf)  Social Media. Using organization’s devices and network resources to access social media websites poses a high data security threat. Social networking sites are often targeted by malware, receive a high degree of spam, and are frequently used to gain information for identity theft. Mitigation: Introduce and reinforce a policy forbidding access to some social media websites while using an organization’s resources and equipment. Train users about the security threats generated by visiting these sites. Organizations that allow access to social media websites should deploy a strong anti-virus and spam filtering solution.  Social Engineering. Breaking into a network does not require technical skills. Access to sensitive information can be gained by manipulating legitimate users after securing their trust. Caution should be advised when communicating any account or network information. This involves making sure the requester is well-known to the user and has a legitimate reason for this information. Socially engineered attacks are the means for some hackers to gain passwords, access codes, IP addresses, router or server names, and other information that can be exploited to break into a network. Mitigation: Train users to increase their awareness about social engineering threats and educate them on how to avoid being manipulated. For example, users should be instructed to use caution when someone inquires about their account information or technical information about the network, especially if this person claims to be a network administrator. Summary This paper briefly describes various threats to an organization’s information system and highlights the importance of implementing a broad approach to data security protection, encompassing both technical and non-technical solutions. Understanding the vast array of threats is the first step in ensuring adequate protection of sensitive data. All networks are vulnerable to cybersecurity threats. A comprehensive data security program is essential for mitigating these threats and preventing a data breach. A holistic approach to data security begins with understanding the network, its architecture, user population, and mission requirements. For example, security risks for networks with large user populations and networks connected to the internet are particularly high. Once the risks have been assessed and organizational security policies specified, a security architecture should be designed and a security plan implemented. Consistent implementation of the security plan will reduce susceptibility to cyber threats and increase the overall security of an organization’s data. Page 6 of 8 Glossary Configuration management policy also referred to as Secure Configuration Management policy, is the management of security features through control of changes made to hardware, software, firmware, and security documentation throughout the life cycle of an information system. Network security mechanisms are the security products, and policies used by network security personnel to prevent and monitor unauthorized access misuse, modification, or denial of the information system and network resources. For example, anti-virus and e-mail security software are network security mechanisms. Perimeter security mechanisms are the specific security policies and products used at the network perimeter which is defined as the boundary between the private locally managed and operated side of the network and the public side of the network. For example a firewall and an intrusion detection system are perimeter security mechanisms. Personally identifiable information (PII) refers to information, such student’s name or identification number, that can be used to distinguish or trace an individual’s identity either directly or indirectly through linkages with other information. See Family Educational Rights and Privacy Act regulations, 34 CFR §99.3, for a complete definition of PII specific to education data and for examples of education data elements that can be considered PII. Sensitive data are data that carry the risk for adverse effects from an unauthorized or inadvertent disclosure. This includes any negative or unwanted effects experienced by an individual whose personally identifiable information (PII) was the subject of a loss of confidentiality that may be socially, physically, or financially damaging, as well as any adverse effects experienced by the organization that maintains the PII. See NIST, Guide to Protecting the Confidentiality of Personally Identifiable Information (PII), 2010 Special Publication 800-122, for more information. Additional Resources National Institute of Standards and Technology (NIST) titled NIST SP 800-88, “Guidelines for Media Sanitization.” Department of Homeland Security’s Computer Emergency Response Team’s (DHS US-CERT) website: www.us-cert.gov/index.html Carnegie Mellon University Computer Emergency Response Team (CERT) website: http://www.cert.org/ System Administration, Networking, and Security (SANS) Institute website: http://www.sans.org/ PTAC’s Data Security Checklist: http://www2.ed.gov/policy/gen/guid/ptac/pdf/ptac-data-securitychecklist.pdf Page 7 of 8 Page 8 of 8 courtesy of F5 NETWORKS New Technologies For Disaster Recovery/Business Continuity overview F5 NETWORKS | P1 Business Continuity, Disaster Recovery and Data Center Consolidation The Recovery Time and Recovery Point Objective What You Need To Know The recovery time objective (RTO) is the maximum allowable downtime after an outage for recovering systems, applications, and functions (see Figure 1). RTO provides the basis for developing cost-effective recovery strategies and for determining when and how to implement these recovery strategies during a disaster situation. FIGURE 1 Data Recovery Continuum of Service Synchronous Replication Mirroring Traditionally, the faster you want to get data back, the more you will pay Costs ($$$) IT managers today must be ready for the unexpected, especially in consideration of new industry and government rules concerning data protection and disaster recovery. Disaster recovery initiatives, of course, have been around for some time; however, it is only recently that several new technologies have emerged that are changing the way we think about disaster recovery and business continuity planning. These technologies focus on WAN optimization, traffic redirection, data replication, and secure remote access. Together, they represent a new methodology for organizations seeking to consolidate cost and equipment, reduce management time, and ensure applications are always available when disaster strikes. Continuous Data Protection Snapshot File Server Protection Disk Based Backup F5 Solutions make seconds-to-failover cost effective Tape Based Backup Off-site Storage Days to Hours Hours to Minutes Minutes to Seconds Recovery Time Objective Source: Network World, The New Face of Disaster Recovery, 050806 F5 NETWORKS | P2 FIGURE 2 The Disaster Radius of a Data Center DR Site Regional Secondary Data Center Primary Data Center Metro
Purchase answer to see full attachment
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer


Anonymous
Really great stuff, couldn't ask for more.

Studypool
4.7
Trustpilot
4.5
Sitejabber
4.4

Similar Content

Related Tags