Information Security Management & Compliance
Case Study on Incident Response & Business Continuity
THE ASSIGNMENT TASK:
This is an individual assessment. Case Study
ISMC Ltd is involved in designing hundreds of small electronic products. These carry a minimal intellectual property value as there are hundreds of other companies in this field designing similar products.
Over the last 3 years, the company has been exploring the South American markets and is about to bid for a highly ambitious contract which will have a huge impact on the organisation. The contract is for the Colombian government to design different cutting edge electronic products for the Colombian secret services.
Up to now there has been little or no consideration of Information Security, however this will need to change significantly. Amongst the various presentations and reports that ISMC Ltd will have to make in the bidding process, there is a specific requirement by the contract awarding body that the bidders demonstrate a highly effective and sound approach towards information security. This will be demonstrated by ISMC Ltd through a report to the contract awarding body.
You have been assigned by your company to review the current situation at the company, respond and prepare the initial Incident Response and Business Continuity report.
You had a meeting with the IT director who provided you with the following information in relation to the Incident Response and Business Continuity situation in ISMC Ltd.
She informed you there was an attempt a year ago to draft an Incident Response and Business Continuity policy, but it was difficult to identify a member of staff or department that should be responsible for developing and maintaining it. In fact, the IT department suggested the HR department is responsible for developing the policy, while the HR department supported they don't have the technical background to write such a policy. Therefore, the policy was never implemented.
However, she reassured you for the following items:
- All corporate servers are backed up at least once a month onto external portable hard drive systems.
- Requirements are being set for data storage to be outsourced on the cloud abroad as a more efficient and cost-effective way to backup data.
- It is the responsibility of the employees to ensure that they backup data regularly.
- Staff training sessions were used to inform employees of the requirement to backup data and the consequences of losing data
- Based on the current practice data can be backed up in
- Staff local machine hard disks
- External drives
- Company's central storage system
Task
You are required to produce a report which identifies the technical problems relating to the current situation, which also highlights the best practise in relation to Incident Response and Business Continuity.
You should identify 3 priority security risks in relation to the current practise; discuss the threat by providing an adequate background to each of the risks and then a solution. The background should be your interpretation of the problem.
You should also research on Incident Response and Business Continuity (technical, practise, policies, procedures, standards) for you to be able to expand on the topic and recommend the good practise for ISMC Ltd.
Your report should be professionally formatted and approximately 1500 words.
MODULE LEARNING OUTCOMES ASSESSED BY THIS ASSIGNMENT:
1. Advanced current concepts and issues of information environment risks, vulnerabilities and threats
2. Managing an information environment in terms of deterrence, detection, protection and reaction to access
3. A systematic application of the tools, methods and procedures (theoretical and methodological) used within the cyber security arena under the context of a risk and threat assessment
4. Critically demonstrate self-direction and creativity in managing the security of an information environment at the strategic, tactical and operational levels, effectively developing information security policies.
5. Use initiative to autonomously conduct and manage a risk assessment of a complex and unpredictable environment
6. Demonstrating a systematic approach of creatively applying security standards to unfamiliar contexts for solving problems