Unformatted Attachment Preview
ISOL 533 - Information Security and Risk Management
University of the Cumberlands
Task 1. Complete the BIA table below and use it for the remainder of the assignment. You may want
to review your Lab #07 assignment where you developed a BIA table. Information needed to create the
Business Functions and Processes below are in the “Project Management Plan” scenario and the
“Project Health Network Visual”. Hint: look at the processes that go from the customers and into the
systems/applications in the “Project Health Network Visual”.
Business Function or Process
Business
Impact
Factor
Recovery
Time
Objective
IT Systems/Apps
Infrastructure Impacts
ISOL 533 - Information Security and Risk Management
University of the Cumberlands
Task 1: Business Impact Analysis – extracts from the Boiler Plate
1.
Overview
This Business Impact Analysis (BIA) is developed as part of the contingency planning process for the
HNetExchange Message system, HNetConnect Directory system and HNetPay Payment system. It was
prepared for Health Network, Inc (Health Network).
2.
System Description
3.1.1
Identify Outage Impacts and Estimated Downtime
Estimated Downtime
The table below identifies the MTD, RTO, and RPO for the organizational business processes that rely on
the HNetExchange Message system, HNetConnect Directory system and HNetPay Payment system.
Mission/Business Process
For HNetExchange
MTD
RTO
RPO
Mission/Business Process
For HNetConnect
MTD
RTO
RPO
Mission/Business Process
For HNetPay
MTD
RTO
RPO
ISOL 533 - Information Security and Risk Management
University of the Cumberlands
Task 2: Business Continuity Plan – extracts from the Boiler Plate
EMERGENCY MANAGEMENT STANDARDS
Data backup policy
Full and incremental backups preserve corporate information assets and should be performed on a
regular basis for audit logs and files that are irreplaceable, have a high replacement cost, or are
considered critical. Backup media should be stored in a secure, geographically separate location from
the original and isolated from environmental hazards.
Department-specific data and document retention policies specify what records must be retained and
for how long. All organizations are accountable for carrying out the provisions of the instruction for
records in their organization.
IT follows these standards for its data backup and archiving:
Tape retention policy
Backup media is stored at locations that are secure, isolated from environmental hazards, and
geographically separate from the location housing the system.
Billing tapes
•
•
•
Tapes greater than three years old are destroyed every six months.
Tapes less than three years old must be stored locally off-site.
The system supervisor is responsible for the transition cycle of tapes.
System image tapes
•
•
•
A copy of the most current image files must be made at least once per week.
This backup must be stored offsite.
The system supervisor is responsible for this activity.
Off-site storage procedures
• Tapes and disks, and other suitable media are stored in environmentally secure facilities.
• Tape or disk rotation occurs on a regular schedule coordinated with the storage vendor.
Access to backup databases and other data is tested annually
ISOL 533 - Information Security and Risk Management
University of the Cumberlands
ISOL 533 - Information Security and Risk Management
University of the Cumberlands
Task 3: Disaster Recovery Plan – extracts from the Boiler Plate
DISASTER RECOVERY PLAN FOR
OVERVIEW
PRODUCTION SERVER
IT INFRASTRUCTURE
Location: Enter location
Provide details on what systems, applications, databases and
equipment are involved.
BACKUP STRATEGY FOR
SYSTEM ONE
DAILY / MONTHLY /
QUARTERLY
Choose which strategy on the left is use.
DISASTER RECOVERY
PROCEDURE
RISK #1: LOSS OF
COMPANY DATA DUE TO
HNETPAY HARDWARE
REMOVED FROM
PRODUCTION SYSTEMS.
Provide details
RISK #2: LOSS OF
CUSTOMERS DUE TO
PRODUCTION OUTAGES.
Provide details
ISOL 533 - Information Security and Risk Management
University of the Cumberlands
DISASTER RECOVERY PLAN FOR
OVERVIEW
PRODUCTION SERVER
IT INFRASTRUCTURE
Location: Enter location
Provide details on what systems, applications, databases and
equipment are involved.
BACKUP STRATEGY FOR
SYSTEM ONE
DAILY / MONTHLY /
QUARTERLY
Choose which strategy on the left is use.
DISASTER RECOVERY
PROCEDURE
RISK #1: LOSS OF
COMPANY DATA DUE TO
HNETCONNECT
HARDWARE REMOVED
FROM PRODUCTION
SYSTEMS.
Provide details
RISK #2: LOSS OF
CUSTOMERS DUE TO
PRODUCTION OUTAGES.
Provide details
ISOL 533 - Information Security and Risk Management
University of the Cumberlands
DISASTER RECOVERY PLAN FOR
OVERVIEW
PRODUCTION SERVER
IT INFRASTRUCTURE
Location: Enter location
Provide details on what systems, applications, databases and
equipment are involved.
BACKUP STRATEGY FOR
SYSTEM ONE
DAILY / MONTHLY /
QUARTERLY
Choose which strategy on the left is use.
SYSTEM DISASTER
RECOVERY PROCEDURE
RISK #1: LOSS OF
COMPANY DATA DUE TO
HNETEXCHANGE
HARDWARE REMOVED
FROM PRODUCTION
SYSTEMS.
Provide details
RISK #2: LOSS OF
CUSTOMERS DUE TO
PRODUCTION OUTAGES.
Provide details
ISOL 533 - Information Security and Risk Management
University of the Cumberlands
Task 4: Computer Incident Response Team Plan – extracts from the Boiler Plate
Appendix A – Incident Response Worksheet
Preparation:
What tools, applications, laptops, and communication devices were needed to address the Computer
Incident Response for this specific breach?
Identification: When an incident is reported, it must be identified, classified, and documented. During
this step, the following information is needed:
•
Identify the nature of the incident
o What Business Process was impacted
o What threat was identified
o What weakness was identified
o What risk was identified
o What was the Risk Factor/Impact of the incident
o What was the RTO, MTD and RPO assigned to the business process
o What hardware, software, database and other resource were impacted
Containment: The immediate objective is to limit the scope and magnitude of the computer/securityrelated incident as quickly as possible, rather than allow the incident to continue to gain evidence for
identifying and/or prosecuting the perpetrator.
•
What needs to be done to limit the scope of the incident
Eradication: The next priority is to remove the computer/security-related incident or breach’s effects.
•
What needs to be done to mitigate the risk of the incident
Recovery: Recovery is specific to bringing back into production those IT systems, applications, and
assets that were affected by the security-related incident.
•
What needs to be done to recover the IT systems
o What procedures need to be used and are they covered in the Disaster Recovery Plan
o Would the Business Continuity Plan be executed in response to this incident
o Would any issues be identified that would lead to updates to the BIA, BCP or DR plans.