Assignment: Disaster Recovery Planning, Prevention And Response
Task 1,
1. Integrated Principles of Disaster Recovery and Enterprise Continuity
The graduate evaluates the background, purpose, and value of a comprehensive disaster recovery plan; integrates principles of disaster recovery and enterprise continuity; and documents the plans in a disaster recovery and enterprise continuity brief.
SCENARIO
A university is applying for the National Security Agency's Center of Academic Excellence. As part of that application, the university must put together a disaster recovery/enterprise continuity plan and show proof of its implementation. To do this, the university first needs to obtain executive support for the plan. The application requires a written justification to the executive team to support the project. You have been hired as a consultant to help them get organized so they can begin putting together this plan.
The university's administrative offices are located in a downtown urban area. The university itself occupies all of the sixth, seventh, and eighth floors of an 11-story building. The university's servers are housed in an offsite location. Approximately 350 employees work on the university's three floors. All but 50 employees work in 5 feet x 5 feet cubicles. Each cubicle has one laptop, one additional monitor, wired and wireless access, and one voice over IP (VoIP) phone for equipment. The network uses Microsoft Server 2003, an Exchange server, and a SharePoint server for all data. Student records are stored on the offsite servers, and backups of the servers are run three times a day.
Employees can only get into secured office locations with a secure electronic key. Stairwells are locked and are only accessible via a key code punched in at each entrance. Elevators can only access the three university floors by using the same secure electronic key that will get employees into office spaces.
There are some physical risks to the operation. Blizzards could potentially knock out power. Earthquakes could damage the building. High winds could blow out windows and possibly injure people near those windows.
REQUIREMENTS
Your submission must be your original work. No more than a combined total of 30% of the submission and no more than a 10% match to any one individual source can be directly quoted or closely paraphrased from sources, even if cited correctly. An originality report is provided when you submit your task that can be used as a guide.
You must use the rubric to direct the creation of your submission because it provides detailed criteria that will be used to evaluate your work. Each requirement below may be evaluated by more than one rubric aspect. The rubric aspect titles may contain hyperlinks to relevant portions of the course.
1. Create a multimedia presentation (e.g., PowerPoint, Keynote) (suggested length of 15 slides) which presents a disaster recovery plan/enterprise continuity plan (DRP/ECP) by doing the following:
Note: The purpose of the presentation is to justify to administrators in the scenario the need to implement a disaster recovery and enterprise continuity plan for the organization.
1. Describe the roles of a DRP/ECP team.
1. Outline the type of training a typical DRP team will need.
2. Outline the six resilience layers that need to be integrated into the ECP.
1. Provide one example for each of the six resilience layers related to this enterprise.
3. Outline how the university should go about choosing outside expertise to assist with the development of a DRP.
1. Describe what the university will outsource to the outside experts.
2. Discuss the process of how the university will go about identifying the qualified outside experts and what service agreements you will put in place.
3. Describe the outside expert's qualifications for what you are outsourcing.
4. Evaluate one best method for developing a DRP/ECP awareness campaign.
1. Evaluate one best method for implementing a DRP/ECP awareness campaign.
5. Develop presenter notes for each slide. Please submit any PowerPoint presenter notes in a seperate file that is in document format (for example, MS Word). Identify which slide each set of notes apply.
2. When you use sources, include all in-text citations and references in APA format.
Task 2
1. Responding to Attacks and Special Circumstances
The graduate identifies, evaluates, and applies network response procedures for attacks with special circumstances.
2. Continued Assessments During a Disaster
The graduate assesses needs, threats, and solutions prior to and during a network disaster.
SCENARIO
An employee hacked into the human resource records system at the employee's place of business and changed the employee's base salary rate to obtain a pay raise. The employee did this by spoofing an IP address in order to eavesdrop on the network. Once the employee identified where the data was stored and how to modify it, the employee made the changes and received two paychecks with the new amount.
Fortunately, an auditor happened to discover the error. The auditor sent an e-mail to several individuals within the organization to let them know there was a potential problem with the employee's paycheck. However, the employee was able to intercept the message and craft fake responses from the individuals the original e-mail was sent to. The employee and the auditor exchanged e-mails back and forth until the employee was soon given access permissions for some other financial records. With this new information, the employee was able to lower the salaries of the president of the company and several other employees and then to include the salary difference in the employee's own paycheck.
The IT staff determined that the spoofing that occurred that allowed the employee to gain access to the human resources system was caused by a lack of authentication and encryption controls. As such, a local root certificate authority was installed to implement a public key infrastructure (PKI) in which all communication to the human resource system required a certificate. This would encrypt network traffic to and from the human resources system and prevent eavesdropping. It would also properly authenticate the host to prevent spoofing.
REQUIREMENTS
1. Perform a postevent evaluation of how the organization's IT staff responded to the attack described in the scenario by doing the following:
1. Describe the series of malicious events that led up to the incident.
2. Identify who needs to be notified based on the type and severity of the incident.
3. Outline how the incident could be contained.
4. Discuss how the factor that caused the incident could be eradicated.
5. Discuss how the system could be recovered to return to normal business practice.
1. Explain how the system could be verified as operational.
2. Perform a follow-up of the postevent evaluation by doing the following:
1. Identify areas that were not addressed by the IT staff's response to the incident.
2. Identify the other attacks mentioned in the scenario that were not noticed by the organization.
1. Describe the type and severity of the attacks not noticed by the organization.
2. Describe how these additional attacks can be prevented in the future.
3. Recommend a recovery procedure to restore the computer systems back to a fully operational state.
3. When you use sources, include all in-text citations and references in APA format.
Task 3
1. Continued Assessments During a Disaster
The graduate assesses needs, threats, and solutions prior to and during a network disaster.
INTRODUCTION
Disaster planning can help eliminate and reduce the potential for economic damage, loss of life, and destruction of property during a disaster. This task will focus on the recovery phase of the disaster recovery cycle.
Imagine you have been hired as a disaster recovery trainer. Your job is to respond to a scenario that requires individuals being trained to evaluate a simulated disaster response. The simulated organization and disaster are outlined in the attached "LPHG Disaster Recovery Scenario." The organization's plans, policies and impact analysis are attached as well ("LPHG Backup and Recovery Policy," "LPHG Business Impact Analysis," "LPHG Disaster Recovery Plan").
REQUIREMENTS
1. Using the attached "After Action Report Survey Template," create an after action report (AAR) by doing the following:
1. Discuss the plans, procedures, or other documents that were in place before the disaster in the General Information section of the template.
2. Summarize what occurred during the response in the scenario in the General Information section of the template.
3. Identify three strengths of the disaster response in the scenario.
4. Analyze the strengths of the disaster response in the scenario by doing the following:
1. Discuss the contributing factors of each of the three strengths.
1. Discuss how the organization's plans, policies, and impact analysis contributed to each strength.
2. Discuss positive consequences of each of the three strengths.
3. Recommend ways to improve on each of the three strengths.
5. Identify three areas of improvement of the disaster response in the scenario.
6. Analyze the areas for improvement of the disaster response in the scenario by doing the following:
1. Discuss the contributing factors of each of the three areas for improvement.
1. Discuss how the organization's plans, policies, and documents contributed to each of the three areas for improvement.
2. Discuss consequences of each of the three areas for improvement.
3. Recommend changes to the response plan (e.g., plans, procedures, equipment, training, mutual aid support, management, and leadership support) that could resolve the causes of each of the three areas for improvement.
Format your assignment according to the following formatting requirements:
1. The answer should be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides.
2. The response also includes a cover page containing the title of the assignment, the student's name, the course title, and the date. The cover page is not included in the required page length.
3. Also include a reference page. The Citations and references should follow APA format. The reference page is not included in the required page length.
Attachment:- Task-Business-Impact-Analysis.rar