King Saud University NHS Disaster Recovery Plan Thesis Paper

king saud university

Question Description

I need support with this Computer Science question so I can learn better.

Consider your organization or another organization with which you are familiar. Briefly describe the organization and then, in detail, describe how they developed a Business Continuity Plan or a Disaster Recovery Plan. Have they tested the plan? Have they had to implement the plan?

Support your discussion with at least four resources including the attached textbook.

Introduction, body and conclusion with citation.

Unformatted Attachment Preview

About This E-Book EPUB is an open, industry-standard format for e-books. However, support for EPUB and its many features varies across reading devices and applications. Use your device or app settings to customize the presentation to your liking. Settings that you can customize often include font, font size, single or double column, landscape or portrait mode, and figures that you can click or tap to enlarge. For additional information about the settings and features on your reading device or app, visit the device manufacturer’s Web site. Many titles include programming code or configuration examples. To optimize the presentation of these elements, view the e-book in single-column, landscape mode and adjust the font size to the smallest setting. In addition to presenting code and configurations in the reflowable text format, we have included images of the code that mimic the presentation found in the print book; therefore, where the reflowable format may compromise the presentation of the code listing, you will see a “Click here to view code image” link. Click the link to view the printfidelity code image. To return to the previous page viewed, click the Back button on your device or app. Developing Cybersecurity Programs and Policies Omar Santos Developing Cybersecurity Programs and Policies Copyright © 2019 by Pearson Education, Inc. All rights reserved. No part of this book shall be reproduced, stored in a retrieval system, or transmitted by any means, electronic, mechanical, photocopying, recording, or otherwise, without written permission from the publisher. No patent liability is assumed with respect to the use of the information contained herein. Although every precaution has been taken in the preparation of this book, the publisher and author assume no responsibility for errors or omissions. Nor is any liability assumed for damages resulting from the use of the information contained herein. ISBN-13: 978-0-7897-5940-5 ISBN-10: 0-7897-5940-3 Library of Congress Control Number: 2018942730 01 18 Trademarks All terms mentioned in this book that are known to be trademarks or service marks have been appropriately capitalized. Pearson IT Certification cannot attest to the accuracy of this information. Use of a term in this book should not be regarded as affecting the validity of any trademark or service mark. Warning and Disclaimer Every effort has been made to make this book as complete and as accurate as possible, but no warranty or fitness is implied. The information provided is on an “as is” basis. The author and the publisher shall have neither liability nor responsibility to any person or entity with respect to any loss or damages arising from the information contained in this book. Special Sales For information about buying this title in bulk quantities, or for special sales opportunities (which may include electronic versions; custom cover designs; and content particular to your business, training goals, marketing focus, or branding interests), please contact our corporate sales department at corpsales@pearsoned.com or (800) 382-3419. For government sales inquiries, please contact governmentsales@pearsoned.com. For questions about sales outside the U.S., please contact intlcs@pearson.com. Editor-in-Chief Mark Taub Product Line Manager Brett Bartow Executive Editor Mary Beth Ray Development Editor Christopher Cleveland Managing Editor Sandra Schroeder Senior Project Editor Tonya Simpson Copy Editor Barbara Hacha Indexer Erika Millen Proofreader Larry Sulky Technical Editors Sari Greene Klee Michaelis Publishing Coordinator Vanessa Evans Cover Designer Chuti Prasertsith Compositor codemantra Contents at a Glance 1 Understanding Cybersecurity Policy and Governance 2 Cybersecurity Policy Organization, Format, and Styles 3 Cybersecurity Framework 4 Governance and Risk Management 5 Asset Management and Data Loss Prevention 6 Human Resources Security 7 Physical and Environmental Security 8 Communications and Operations Security 9 Access Control Management 10 Information Systems Acquisition, Development, and Maintenance 11 Cybersecurity Incident Response 12 Business Continuity Management 13 Regulatory Compliance for Financial Institutions 14 Regulatory Compliance for the Health-Care Sector 15 PCI Compliance for Merchants 16 NIST Cybersecurity Framework Appendix A: Cybersecurity Program Resources Appendix B: Answers to the Multiple Choice Questions Index Table of Contents Chapter 1: Understanding Cybersecurity Policy and Governance Information Security vs. Cybersecurity Policies Looking at Policy Through the Ages Policy in Ancient Times The United States Constitution as a Policy Revolution Policy Today Cybersecurity Policy What Are Assets? Successful Policy Characteristics What Is the Role of Government? Additional Federal Banking Regulations Government Cybersecurity Regulations in Other Countries The Challenges of Global Policies Cybersecurity Policy Life Cycle Policy Development Policy Publication Policy Adoption Policy Review Summary Chapter 2: Cybersecurity Policy Organization, Format, and Styles Policy Hierarchy Standards Baselines Guidelines Procedures Plans and Programs Writing Style and Technique Using Plain Language The Plain Language Movement Plain Language Techniques for Policy Writing Policy Format Understand Your Audience Policy Format Types Policy Components Summary Chapter 3: Cybersecurity Framework Confidentiality, Integrity, and Availability What Is Confidentiality? What Is Integrity? What Is Availability? Who Is Responsible for CIA? NIST’s Cybersecurity Framework What Is NIST’s Function? So, What About ISO? NIST Cybersecurity Framework ISO Standards Summary Chapter 4: Governance and Risk Management Understanding Cybersecurity Policies What Is Governance? What Is Meant by Strategic Alignment? Regulatory Requirements User-Level Cybersecurity Policies Vendor Cybersecurity Policies Cybersecurity Vulnerability Disclosure Policies Client Synopsis of Cybersecurity Policies Who Authorizes Cybersecurity Policy? What Is a Distributed Governance Model? Evaluating Cybersecurity Policies Revising Cybersecurity Policies: Change Drivers NIST Cybersecurity Framework Governance Subcategories and Informative References Regulatory Requirements Cybersecurity Risk Is Risk Bad? Understanding Risk Management Risk Appetite and Tolerance What Is a Risk Assessment? Risk Assessment Methodologies Summary Chapter 5: Asset Management and Data Loss Prevention Information Assets and Systems Who Is Responsible for Information Assets? Information Classification How Does the Federal Government Classify Data? Why Is National Security Information Classified Differently? Who Decides How National Security Data Is Classified? How Does the Private Sector Classify Data? Can Information Be Reclassified or Even Declassified? Labeling and Handling Standards Why Label? Why Handling Standards? Information Systems Inventory Why an Inventory Is Necessary and What Should Be Inventoried Understanding Data Loss Prevention Technologies Summary Chapter 6: Human Resources Security The Employee Life Cycle What Does Recruitment Have to Do with Security? What Happens in the Onboarding Phase? What Is User Provisioning? What Should an Employee Learn During Orientation? Why Is Termination Considered the Most Dangerous Phase? The Importance of Employee Agreements What Are Confidentiality or Nondisclosure Agreements? What Is an Acceptable Use Agreement? The Importance of Security Education and Training Influencing Behavior with Security Awareness Teaching a Skill with Security Training Security Education Is Knowledge Driven Summary Chapter 7: Physical and Environmental Security Understanding the Secure Facility Layered Defense Model How Do We Secure the Site? How Is Physical Access Controlled? Protecting Equipment No Power, No Processing? How Dangerous Is Fire? What About Disposal? Stop, Thief! Summary Chapter 8: Communications and Operations Security Standard Operating Procedures Why Document SOPs? Developing SOPs Operational Change Control Why Manage Change? Why Is Patching Handled Differently? Malware Protection Are There Different Types of Malware? How Is Malware Controlled? What Is Antivirus Software? Data Replication Is There a Recommended Backup or Replication Strategy? Secure Messaging What Makes Email a Security Risk? Are Email Servers at Risk? Other Collaboration and Communication Tools Activity Monitoring and Log Analysis What Is Log Management? Service Provider Oversight What Is Due Diligence? What Should Be Included in Service Provider Contracts? Threat Intelligence and Information Sharing How Good Is Cyber Threat Intelligence if It Cannot Be Shared? Summary Chapter 9: Access Control Management Access Control Fundamentals What Is a Security Posture? How Is Identity Verified? What Is Authorization? Accounting Infrastructure Access Controls Why Segment a Network? What Is Layered Border Security? Remote Access Security User Access Controls Why Manage User Access? What Types of Access Should Be Monitored? Summary Chapter 10: Information Systems Acquisition, Development, and Maintenance System Security Requirements What Is SDLC? What About Commercially Available or Open Source Software? The Testing Environment Protecting Test Data Secure Code The Open Web Application Security Project (OWASP) Cryptography Why Encrypt? Regulatory Requirements What Is a “Key”? What Is PKI? Why Protect Cryptographic Keys? Digital Certificate Compromise Summary Chapter 11: Cybersecurity Incident Response Incident Response What Is an Incident? How Are Incidents Reported? What Is an Incident Response Program? The Incident Response Process Tabletop Exercises and Playbooks Information Sharing and Coordination Computer Security Incident Response Teams Product Security Incident Response Teams (PSIRTs) Incident Response Training and Exercises What Happened? Investigation and Evidence Handling Documenting Incidents Working with Law Enforcement Understanding Forensic Analysis Data Breach Notification Requirements Is There a Federal Breach Notification Law? Does Notification Work? Summary Chapter 12: Business Continuity Management Emergency Preparedness What Is a Resilient Organization? Regulatory Requirements Business Continuity Risk Management What Is a Business Continuity Threat Assessment? What Is a Business Continuity Risk Assessment? What Is a Business Impact Assessment? The Business Continuity Plan Roles and Responsibilities Disaster Response Plans Operational Contingency Plans The Disaster Recovery Phase The Resumption Phase Plan Testing and Maintenance Why Is Testing Important? Plan Maintenance Summary Chapter 13: Regulatory Compliance for Financial Institutions The Gramm-Leach-Bliley Act What Is a Financial Institution? Regulatory Oversight What Are the Interagency Guidelines? New York’s Department of Financial Services Cybersecurity Regulation (23 NYCRR Part 500) What Is a Regulatory Examination? Examination Process Examination Ratings Personal and Corporate Identity Theft What Is Required by the Interagency Guidelines Supplement A? What Is Required by the Supplement to the Authentication in an Internet Banking Environment Guidance? Summary Chapter 14: Regulatory Compliance for the Health-Care Sector The HIPAA Security Rule What Is the Objective of the HIPAA Security Rule? How Is the HIPAA Security Rule Organized? What Are the Physical Safeguards? What Are the Technical Safeguards? What Are the Organizational Requirements? What Are the Policies and Procedures Standards? The HIPAA Security Rule Mapping to NIST Cybersecurity Framework The HITECH Act and the Omnibus Rule What Changed for Business Associates? What Are the Breach Notification Requirements? Understanding the HIPAA Compliance Enforcement Process Summary Chapter 15: PCI Compliance for Merchants Protecting Cardholder Data What Is the PAN? The Luhn Algorithm What Is the PCI DDS Framework? Business-as-Usual Approach What Are the PCI Requirements? PCI Compliance Who Is Required to Comply with PCI DSS? What Is a Data Security Compliance Assessment? What Is the PCI DSS Self-Assessment Questionnaire (SAQ)? Are There Penalties for Noncompliance? Summary Chapter 16: NIST Cybersecurity Framework Introducing the NIST Cybersecurity Framework Components The Framework Core Identify Protect Detect Respond Recover Framework Implementation Tiers (“Tiers”) Who Should Coordinate the Framework Implementation? NIST’s Recommended Steps to Establish or Improve a Cybersecurity Program Communication with Stakeholders and Supply Chain Relationships NIST’s Cybersecurity Framework Reference Tool Adopting the NIST Cybersecurity Framework in Real Life Summary Appendix A: Cybersecurity Program Resources Appendix B: Answers to the Multiple Choice Questions Index About the Author Omar Santos is a principal engineer in the Cisco Product Security Incident Response Team (PSIRT) within the Cisco Security Research and Operations. He mentors and leads engineers and incident managers during the investigation and resolution of security vulnerabilities in all Cisco products, including cloud services. Omar has been working with information technology and cybersecurity since the mid-1990s. Omar has designed, implemented, and supported numerous secure networks for Fortune 100 and 500 companies and the U.S. government. Prior to his current role, he was a technical leader within the World-Wide Security Practice and the Cisco Technical Assistance Center (TAC), where he taught, led, and mentored many engineers within both organizations. Omar is an active member of the security community, where he leads several industrywide initiatives and standard bodies. His active role helps businesses, academic institutions, state and local law enforcement agencies, and other participants that are dedicated to increasing the security of the critical infrastructure. Omar often delivers technical presentations at many conferences and to Cisco customers and partners. He is the author of dozens of books and video courses. You can follow Omar on any of the following: Personal website: omarsantos.io Twitter: @santosomar LinkedIn: https://www.linkedin.com/in/santosomar Dedication I would like to dedicate this book to my lovely wife, Jeannette, and my two beautiful children, Hannah and Derek, who have inspired and supported me throughout the development of this book. I also dedicate this book to my father, Jose, and to the memory of my mother, Generosa. Without their knowledge, wisdom, and guidance, I would not have the goals that I strive to achieve today. Acknowledgments This manuscript is a result of concerted efforts of various individuals—without their help, this book would have not been a reality. I would like to thank the technical reviewers Sari Green and Klee Michaelis for their significant contributions and expert guidance. I would also like to express my gratitude to Chris Cleveland, development editor, and Mary Beth Ray, executive editor, for their help and continuous support during the development of this book. We Want to Hear from You! As the reader of this book, you are our most important critic and commentator. We value your opinion and want to know what we’re doing right, what we could do better, what areas you’d like to see us publish in, and any other words of wisdom you’re willing to pass our way. We welcome your comments. You can email or write to let us know what you did or didn’t like about this book—as well as what we can do to make our books better. Please note that we cannot help you with technical problems related to the topic of this book. When you write, please be sure to include this book’s title and author as well as your name and email address. We will carefully review your comments and share them with the author and editors who worked on the book. Email: feedback@pearsonitcertification.com Reader Services Register your copy of Developing Cybersecurity Programs and Policies at www.pearsonitcertification.com for convenient access to downloads, updates, and corrections as they become available. To start the registration process, go to www.pearsonitcertification.com/register and log in or create an account*. Enter the product ISBN 9780789759405 and click Submit. When the process is complete, you will find any available bonus content under Registered Products. *Be sure to check the box that you would like to hear from us to receive exclusive discounts on future editions of this product. Introduction The number of cyber attacks continues to rise. Demand for safe and secure data and other concerns mean that companies need professionals to keep their information safe. Cybersecurity risk includes not only the risk of a data breach, but also the risk of the entire organization being undermined via business activities that rely on digitization and accessibility. As a result, learning how to develop an adequate cybersecurity program is crucial for any organization. Cybersecurity can no longer be something that you delegate to the information technology (IT) team. Everyone needs to be involved, including the Board of Directors. This book focuses on industry-leading practices and standards, such as the International Organization for Standardization (ISO) standards and the National Institute of Standards and Technology (NIST) Cybersecurity Framework and Special Publications. This book provides detailed guidance on how to effectively develop a cybersecurity program within your organization. This book is intended for anyone who is preparing for a leadership position in business, government, academia, financial services, or health-care. Mastering the material presented in this book is a must for any cybersecurity professional. This book starts by providing an overview of cybersecurity policy and governance, and how to create cybersecurity policies and develop a cybersecurity framework. It then provides details about governance, risk management, asset management, and data loss prevention. You will learn how to incorporate human resource, physical, and environmental security as important elements of your cybersecurity program. This book also teaches you best practices in communications and operations security, access control management, and information systems acquisition, development, and maintenance. You will learn principles of cybersecurity incident response and how to develop an incident response plan. Organizations across the globe have to be aware of new cybersecurity regulations and how they affect their business in order to remain compliant. Compliance is especially crucial because the punishments for noncompliance typically include large fines. Three chapters in this book cover regulatory compliance for financial institutions and health-care institutions and provide detailed insights about the Payment Card Industry Data Security Standard (PCI DSS). The last chapter provides an overview of the NIST Cybersecurity Framework, and Appendix A provides comprehensive lists of resources covered throughout the book. Anyone—from cybersecurity engineers to incident managers, auditors, and executives—can benefit from the material covered in this book. Chapter 1 Understanding Cybersecurity Policy and Governance Chapter Objectives After reading this chapter and completing the exercises, you should be able to do the following: Describe the significance of cybersecurity policies. Evaluate the role policy plays in corporate culture and civil society. Articulate the objective of cybersecurity-related policies. Identify the different characteristics of successful cybersecurity policies. Define the life cycle of a cybersecurity policy. We live in an interconnected world where both individual and collective actions have the potential to result in inspiring goodness or tragic harm. The objective of cybersecurity is to protect each of us, our economy, our critical infrastructure, and our cou ...
Purchase answer to see full attachment
Student has agreed that all tutoring, explanations, and answers provided by the tutor will be used to help in the learning process and in accordance with Studypool's honor code & terms of service.

Final Answer



By (name)
Institutional affiliations




Disaster Recovery Plan
The Northern Lincolnshire and Goole NHS Foundation Trust was established in 2001 the
Trust is under NHS Foundation Trust, which is a merger of North East Lincolnshire NHS Trust
and Scunthorpe and Goole Hospitals NHS Trust. There are a couple of hospitals that are
controlled by the trust foundation, which are Diana, Princess of Wales Hospital in Grimsby, and
the Scrunthrope General Hospital in Lincolnshire. The hospital is one of the 11 trusts that were
placed under special measures after the Keogh Review due to high mortality rates that were
above the stipulated rate. The health facility has not been performing well in terms of health due
to more cases on mortality rates, which made it being judged as inadequate in terms of services
by the Care Quality Commission. According to Haidzir et al....

TutorLarra (21788)
Cornell University

Top quality work from this tutor! I’ll be back!

Just what I needed… fantastic!

Use Studypool every time I am stuck with an assignment I need guidance.

Similar Questions
Related Tags