Final Project 2 this is based on the IT Risk management

User Generated

QriraqreE

Computer Science

ucm

Description

Attached is the template that you must download, complete and submit here. Instructions are located in the template

Task #4 is NOT ASSIGNED but is available for those who would like to attempt it.

This is EXTRA CREDIT and worth 9 Extra Points

Unformatted Attachment Preview

ISOL 533 - Information Security and Risk Management University of the Cumberlands NOTE: BEFORE TURNING THIS IN, REMOVE THE HIGHLIGHTED TEXT. Task 1. Complete the BIA table below and use it for the remainder of the assignment. You may want to review your Lab #07 assignment where you developed a BIA table. Information needed to create the Business Functions and Processes below are in the “Project Management Plan” scenario and the “Project Health Network Visual”. Hint: look at the processes that go from the customers and into the systems/applications in the “Project Health Network Visual”. Business Function or Process Business Recovery IT Systems/Apps Impact Time Infrastructure Impacts Factor Objective ISOL 533 - Information Security and Risk Management University of the Cumberlands Task 1: Business Impact Analysis – extracts from the Boiler Plate 1. Overview This Business Impact Analysis (BIA) is developed as part of the contingency planning process for the HNetExchange Message system, HNetConnect Directory system and HNetPay Payment system. It was prepared for Health Network, Inc (Health Network). 2. System Description 3.1.1 Identify Outage Impacts and Estimated Downtime Estimated Downtime The table below identifies the MTD, RTO, and RPO for the organizational business processes that rely on the HNetExchange Message system, HNetConnect Directory system and HNetPay Payment system. Mission/Business Process For HNetExchange MTD RTO RPO Mission/Business Process For HNetConnect MTD RTO RPO Mission/Business Process For HNetPay MTD RTO RPO ISOL 533 - Information Security and Risk Management University of the Cumberlands Task 2: Business Continuity Plan – extracts from the Boiler Plate EMERGENCY MANAGEMENT STANDARDS Data backup policy Full and incremental backups preserve corporate information assets and should be performed on a regular basis for audit logs and files that are irreplaceable, have a high replacement cost, or are considered critical. Backup media should be stored in a secure, geographically separate location from the original and isolated from environmental hazards. Department-specific data and document retention policies specify what records must be retained and for how long. All organizations are accountable for carrying out the provisions of the instruction for records in their organization. IT follows these standards for its data backup and archiving: Tape retention policy Backup media is stored at locations that are secure, isolated from environmental hazards, and geographically separate from the location housing the system. Billing tapes • • • Tapes greater than three years old are destroyed every six months. Tapes less than three years old must be stored locally off-site. The system supervisor is responsible for the transition cycle of tapes. System image tapes • • • A copy of the most current image files must be made at least once per week. This backup must be stored offsite. The system supervisor is responsible for this activity. Off-site storage procedures • Tapes and disks, and other suitable media are stored in environmentally secure facilities. • Tape or disk rotation occurs on a regular schedule coordinated with the storage vendor. Access to backup databases and other data is tested annually ISOL 533 - Information Security and Risk Management University of the Cumberlands Task 3: Disaster Recovery Plan – extracts from the Boiler Plate DISASTER RECOVERY PLAN FOR OVERVIEW PRODUCTION SERVER IT INFRASTRUCTURE Location: Enter location Provide details on what systems, applications, databases and equipment are involved. BACKUP STRATEGY FOR SYSTEM ONE DAILY / MONTHLY / QUARTERLY Choose which strategy on the left is use. DISASTER RECOVERY PROCEDURE RISK #1: LOSS OF COMPANY DATA DUE TO HNETPAY HARDWARE REMOVED FROM PRODUCTION SYSTEMS. Provide details RISK #2: LOSS OF CUSTOMERS DUE TO PRODUCTION OUTAGES. Provide details ISOL 533 - Information Security and Risk Management University of the Cumberlands DISASTER RECOVERY PLAN FOR OVERVIEW PRODUCTION SERVER IT INFRASTRUCTURE Location: Enter location Provide details on what systems, applications, databases and equipment are involved. BACKUP STRATEGY FOR SYSTEM ONE DAILY / MONTHLY / QUARTERLY Choose which strategy on the left is use. DISASTER RECOVERY PROCEDURE RISK #1: LOSS OF COMPANY DATA DUE TO HNETCONNECT HARDWARE REMOVED FROM PRODUCTION SYSTEMS. Provide details RISK #2: LOSS OF CUSTOMERS DUE TO PRODUCTION OUTAGES. Provide details ISOL 533 - Information Security and Risk Management University of the Cumberlands DISASTER RECOVERY PLAN FOR OVERVIEW PRODUCTION SERVER IT INFRASTRUCTURE Location: Enter location Provide details on what systems, applications, databases and equipment are involved. BACKUP STRATEGY FOR SYSTEM ONE DAILY / MONTHLY / QUARTERLY Choose which strategy on the left is use. SYSTEM DISASTER RECOVERY PROCEDURE RISK #1: LOSS OF COMPANY DATA DUE TO HNETEXCHANGE HARDWARE REMOVED FROM PRODUCTION SYSTEMS. Provide details RISK #2: LOSS OF CUSTOMERS DUE TO PRODUCTION OUTAGES. Provide details ISOL 533 - Information Security and Risk Management University of the Cumberlands Task 4: Computer Incident Response Team Plan – extracts from the Boiler Plate Appendix A – Incident Response Worksheet Preparation: What tools, applications, laptops, and communication devices were needed to address the Computer Incident Response for this specific breach? Identification: When an incident is reported, it must be identified, classified, and documented. During this step, the following information is needed: • Identify the nature of the incident o What Business Process was impacted o What threat was identified o What weakness was identified o What risk was identified o What was the Risk Factor/Impact of the incident o What was the RTO, MTD and RPO assigned to the business process o What hardware, software, database and other resource were impacted Containment: The immediate objective is to limit the scope and magnitude of the computer/securityrelated incident as quickly as possible, rather than allow the incident to continue to gain evidence for identifying and/or prosecuting the perpetrator. • What needs to be done to limit the scope of the incident Eradication: The next priority is to remove the computer/security-related incident or breach’s effects. • What needs to be done to mitigate the risk of the incident Recovery: Recovery is specific to bringing back into production those IT systems, applications, and assets that were affected by the security-related incident. • What needs to be done to recover the IT systems o What procedures need to be used and are they covered in the Disaster Recovery Plan o Would the Business Continuity Plan be executed in response to this incident o Would any issues be identified that would lead to updates to the BIA, BCP or DR plans.
Purchase answer to see full attachment
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

check_circle Chancellor_Ivy marked this question as complete.

ISOL 533 -Information Security and Risk Management

University of the Cumberlands

NOTE: BEFORE TURNING THIS IN, REMOVE THE HIGHLIGHTED TEXT.
Task 1. Complete the BIA table below and use it for the remainder of the assignment.You
maywant to review your Lab #07 assignment where you developed a BIA table. Information
needed to create the Business Functions and Processes below are in the “Project Management
Plan” scenario and the “Project Health Network Visual”. Hint: look at the processes that go from
the customers and into the systems/applications in the “Project Health Network Visual”.

Business Function or Process

Business
Impact
Factor

Recovery
Time
Objective

IT Systems/Apps
Infrastructure Impacts

Email communication with patients that

Critical

4 hours

LAN-TO-WAN Network

is both internal and external that is done

as the email server

via forward and store messaging.

Voice communication with the patients

Critical

4 hours

VoIP Call Servers

done in real time both external and

DNSLAN-TO-WAN

internal

Network

Internal and External Internet Protocol

Critical

4 hours

(IP) Communications done through

DNS Server LAN-I-WAN
Network

Domain Name Server (DNS)

Internet connectivity for store and email
and forward customer service

Critical

4 hours

WAN LAN-to-WAN
Network

ISOL 533 -Information Security and Risk Management

Website for patients that is self-service.

Major

University of the Cumberlands

18 hours

They access information and personal

VoIP Call Servers WAN
LAN-to-WAN Network

account information

Patient services via the Website in Real

Critical

4 hours

Time, or via email or telephone which

VoIP Call Servers WAN
LAN-to-WAN Network

requires Customer Relationship
Management (CRM)

Voice and email communications done

Major

24 hours

to branches that are remote

Finance and Accounting support:

VoIP Call Servers LANto-WAN Network

Major

24 hours

LAN Accounting Services

Critical

12 hours

LAN-to-WAN Network

Accounts receivable, accounts payable
etc

Network Management and technical
support

ISOL 533 -Information Security and Risk Management

University of the Cumberlands

ISOL 533 -Information Security and Risk Management

University of the Cumberlands

Task 1: Business Impact Analysis – extracts from the Boiler Plate
1.

Overview

This Business Impact Analysis (BIA) is developed as part of the contingency planning process
for the HNetExchange Message system, HNetConnect Directory system and HNetPay Payment
system. It was prepared for Health Network, Inc (Health Network).
2.

Syst...


Anonymous
I was struggling with this subject, and this helped me a ton!

Studypool
4.7
Trustpilot
4.5
Sitejabber
4.4

Similar Content

Related Tags