Case Study #4
Conduct a web search on organizations that were affected by Hurricane Katrina. Please select one business and cover the following: (a) Provide a background of the organization. (b) How was the organization impacted? What losses did it suffer? (c) Describe the disaster recovery and business continuity that the business had in place? (d) What were the lessons learned?
############################################################################# Your paper should be 500-to-750 words, and written in APA Style. • 12-pt, Times New Roman font • Double-spaced • 1” margins on all sides • Please provide a title page including your Name, Course Number, Date of Submission, and Assignment name. • Paraphrasing of content – Demonstrate that you understand the case by summarizing the case in your own words. Direct quotes should be used minimally. • Reference Section (A separate page is recommended.) Please cite the source using APA formatting guidelines. If you need guidance or a refresher on this, please visit: https://owl.english.purdue.edu/owl/resource/560/10/ (link is external) Be sure to include at least three (3) reputable sources. • In-text citations – If you need additional guidance, please visit: https://owl.english.purdue.edu/owl/resource/560/02/ (link is external)
Discuss the challenges of maintaining information security at a remote recovery location.
DQ requirement: Note that the requirement is to post your initial response no later than Thursday and you must post one additional post during the week. I recommend your initial posting to be between 200-to-300 words. The replies to fellow students and to the professor should range between 100-to-150 words. All initial posts must contain a properly formatted in-text citation and scholarly reference.
NEED RESPONSES FOR THE FOLLOWING STUDENT ASSIGNMENTS?
1) Name: Raghurami Reddy
2) In an association, the Disaster Recovery Plan is tried to ensure it can enable us to make due in the significant catastrophe. The Disaster Recovery Plans are substantiated through testing, which perceives deficiencies and offers opportunities to settle issues before a noteworthy calamity happens. Testing can offer affirmation that the game plan is convincing and hits RPOs and RTOs. Since IT structures and advancements are continually hinting at change, DR testing similarly ensures that the Disaster Recovery design is updated. This sort of testing gives the association to get by in the real fiascos. This incorporates equipment or programming disappointment in my organization and furthermore physical harm to a building like fire or flooding, human blunder, and some different reasons.
3) A fiasco is an occasion that can cause a noteworthy disturbance in operational as well as PC handling abilities for a period, which influences the activities of the business.
4) Why you require it? A Disaster Recovery Plan is intended to guarantee the continuation of key business forms if a calamity happens. Calamity Recovery Strategy is to guarantee that each sensible measure has been taken to recognize and moderate potential dangers that exist inside the handling condition. Indeed, my association have a catastrophe recuperation design.
5) Exercises Involved in a Disaster Recovery Plan: • Back-Up Plans • Recovery Procedures • Maintenance Plans • Test Procedures The Disaster Recovery Plan gives a condition of status permitting brief individual reaction after a fiasco has happened. This, thus, accommodates a more viable and productive recuperation exertion.
2) Name : Madhur BellamKonda
Nowadays many schools have optimized for disaster plans to recover and maintain the safety in the school events or community calamities. This bought awareness and preparedness for the schools. To support school in the prevention of disasters all need to be unified such as health care professionals, public health officials, school staff, school nurses, parents and pediatricians for their efforts.
A disaster can be an unexpected event which it not only affects the school community but also cause disruption on a scale. The events in the School Disaster Recovery plan include the following activities.
a. A serious injury or death which can be the result of serious accident, illness, suicide or act of violence
b. If a building caught fire and any structural damage to the building.
c. Medical epidemic which are infectious diseases.
d. If anyone got miss or any abduction.
e. Any firearm or explosions in school.
f. If any fatal or hazardous substance released on the school premises.
The main objective of the School Disaster Recovery Plan is to save lives and to protect by proper aid to any victims in disaster. A proper and good safety plan for schools need a process to identify secure needs, intervention methods, preventive methods, physical facilities and proper communication with both school staff and students.
There are two basic types of disaster which are Disaster to property and Disaster to people. The school emergency response team known as SERT is to manage the aftermath of the disaster. It consist of school member such as Chair of Governors, Head teacher, Business Managers, and Site Facilities Officer.
By implementing these School Disaster Plans, I feel confident that we all can survive in disaster if we strictly implements the framework for the SERT to follow in the events of the incidents followed by the responsibilities in the areas in the SERT. It also highlights communication paths to identify and support various mechanisms to cope with the accidents occur.
References
1. https://thoresbyprimaryschool.co.uk/hull/primary/thoresby/arenas/websitecontent/web/disasterrecoveryplanws.pdf
2. http://www.disasterrecoveryplantemplate.org/wp-content/uploads/DisasterRecoveryPlanTemplate.org-School-Disaster-Recovery-Plan-Template.pdf
3. http://pediatrics.aappublications.org/content/122/4/895
——————————————————————————————————————————–3) Name: Rajan aghera
Data is the basis of your research. If you lose your data, recovery could be slow, costly, or impossible. It is important that you secure, store, and backup your data on a regular basis. Securing your data will help to prevent, Accidental or malicious damage/modification to data, Theft of valuable data, Breach of confidentiality agreements and privacy laws, Release before data have been checked for accuracy and authenticity Keeping reliable backups is an important part of data management. Regular backups protect against the risk of damage or loss due to hardware failure, software or media faults, viruses or hacking, power failure, or even human errors.
Issue of securing backups:
Securing Data in Transit, data in motion has to be protected via encryption, so that any captured traffic is unreadable by unauthorized parties.
Protecting Data Against Electronic Theft, When data at rest(not in motion), how secure is it from being accessed by unauthorized parties
Protecting Data From Physical Theft, If the data center is not physically secured, your data is still at risk
Protecting Data From Storage Hardware or Software Glitches, Backups also need protection. Hardware and software are subject to failures, but proper technology can also be used to prevent many failures, or avoid data loss caused by failures.
Protecting Data Against Natural Disasters, All buildings, data centers might affect from damage from weather — like flood, winter emergencies, hurricanes and tornadoes or earthquakes, power outages, accidents, and other events.
Backup media be secured Solutions:
· Encrypt your backups if your software and hardware support it. Encrypting the data by the backup client at the source (gives rise to password and/or key management problems), As with laptop computers and other mobile devices, portable backup media need to be encrypted with strong pass-phrases especially if they’re ever removed from the premises.
· Using a data transfer protocol that offers an encrypted mode (for example, sFTP, FTPS, and Secure WebDav over HTTPS)
· Using a secure tunnel such as an IPsec VPN.
· Store your backups offsite or at least in another building & use network-attached storage (NAS), or external drives.
· Maintain Physical security, Use a fireproof and media-rated safe. which includes locked doors and video surveillance. Many people store their backups in a “fireproof” safe, but typically one that’s only rated for paper storage. Backup media such as tapes. Be sure to control access to the room or house in which the data backed up.
· Ensure the preservation of data integrity, Assign backup software access rights only to those who have a business need to be involved in the backup process.
· For extra backup security, services may have multiple sites, replicating your backups — a backup for the backup, as it were.
· Backups at a minimum Password-protect. Passwords are not that much foolproof because some people with special tools & skills may be able to crack the code.
4) Name : Ravi Teja
In order to ensure a good storage security, it is a key thing to carry out effective and essential data backups , In simple, Data backups were the key things to be carried out for the purpose of ensuring the data security at storage locations. Yes of course, it is true that significant data security breaches were often occurred because of the mishandling and mismanagement of data backups. Insecurity of the Backup media resulted in many Data breaches previously which resulted in a loss of valuable customer’s personal and financial related information.A tamper evident unique label must be used in sealing the containers which consists of backup media. All the backup media must be logged, with the date of creation along with tamper evident label code. The log which contains the confidential information reading the backup media must be stored in two copies one along with the Backup media and the other with the authorized person surveillance who has no direct access to the Backup Media.All the backup media must be stored in a locked enclosure with limited and controlled access.If the data backup exists over a system or file server, then the corresponding system must be configured for FULL AUDIT audit on access of files. Those audit logs must also be reviewed regularly by the authorized person who has no direct access to the backup media directly.While transferring the backup Media form one location to other locations, it is mandatory to employ encryption and decryption techniques and those keys must be transported by separate medium or channels.Thus by implementing the above measures one can secure the backup media to the extent.Off-site storage of data backups means storing of data backup out of the main locations like remote server using internet or some other means. Yes, it is one of the security measures which help at the time of disaster recovery process to get the full data backup from the off-site locations.
Full: complete system backup• Differential: files changed or added as full backup• Incremental: archive files modified since last backup– Requires less space and time than differential• Copy: set of specified files• Daily: only files modified on that day• All on-site and off-site storage must be secured– Fireproof safes or filing cabinets to store tapes – Encryption to protect online or cloud data storage Also few Online backup, disk backup, and tape backup
5) Name :Bujji Lodagala
Discuss the challenges that incident handlers face in identifying incidents when resources have been moved to a cloud environment.
Incident management team handlers mostly face the challenge in identification of incidents in cloud in security purposes. Some of them are: lack of device network control, to control this fire wall is needed and intrusion detection has to be performed to control the issues and host-based security should be enabled. Next is audit issues, although cloud audit is not a major, but it has to be take in consideration for better analysis. (Bob, Mark, Jaatun, & ̃iga, 2017)
According to (Shackleford, 2012)log analysis also one challenge, here logs generated by local system will be send to analysis the issue arises here. Generally, Linux server running syslog will be used to send all local system logs to this server to lock. Handling and obtaining event data is also challenge for incident identifiers, web application fire wall will be needed on instances of web server to overcome the attacks of web application on cloud.
And, Denial of service (DoS) attacks are more effective before you came to know that. Cloud service provider (CSP) has to take care these attacks from DoS to protect and should be monitored. Incident Response Team has to be responsible for to take initiation and need to help in CSP to work on protecting attacks from Dos.
6) Name : Sathish Kotaru
CLOUD COMPUTING:
Cloud computing gives individuals the best approach to share disseminated assets and administrations that have a place with various associations or sites. As cloud computing assign the isolated belonging by methods for the frameworks in the discharged environment .That is the reason it makes the security issues for us to grow the distributed computing application.
An event is any perceptible event in a framework or system. Events incorporate a client interfacing with a document, a server accepting a demand for a Web page, a client sending electronic mail, and a firewall obstructing an association attempt.
Denial of Service: An attacker guides several outer compromised workstations to send however many ping demands as could be expected under the circumstances to a business organize, swamping the framework.
Unauthorized Access: An attacker runs a bit of “evil” programming to access a server’s secret word record. The attacker at that point acquires unapproved head level access to a framework and the touchy information it contains, either taking the information for sometime later or extorting the firm for its arrival. (UKEssays, 2003)
Challenges faced by incident handlers in identifying resources when resources are moved on the cloud:
*Identification of relevant data sources.
*Standardization of event information.
*Customer-specific logging.
*Detection despite missing information about customer infrastructure/resources (Grobauer, 2017).
7) Name: Rajshekar sanikommu
Business continuity planning: Describes as organization some essential business functions continued to operate during after a disaster plan. having an organization having some critical services giving the chance of survival type of functions re-establish functions smooth and fast as possible. the business continuity plan most of all the organization’s critical process and operations of an organization
Disaster recovery plan: Business continuity develop’s a series of some organization there are some specific technical plans that are developed the specific group of an organization to all the recovery of a particular business Typical tests for a delivery technology services they are having some in order functions The mistake of an organization depends on all the team there are some critical issues of disaster recovery plan.
Role of IT business operations: Almost all business operations all the business on profits and losses there are some recovery plans while an organization is in loss
1.Reducibility of cost
2.Flexibility
3.security analysis of the team4.Data back up
Data centers ate there for every organization external service provider to back up the data in some locations Critical applications are essential for small business and large business for business continuity plan access the applications in a disaster some testing and also verification backup systems are operational and It departments backup works and also some roles that are responding to the crisis for back up teams These are some responsibilities between disaster recovery plan and business continuity plan
8) Name : Chaitanya Pothudhari
COLLAPSE
Top of Form
Hi All,
The business continuity plan and disaster recovery plan are built for the purpose of protecting the organizations from the disasters and helping the critical business processes function. Though the purpose of the plans is same, the time at which they are actually used is quite different. The proactive nature of the business continuity plan, proactively takes lead, identifies the critical processes, risks involved in the critical process and ways to mitigate these risks. That is the reason, the business continuity plan will be performed even before the disaster occurs. The disaster occurrence is an unexpected situation. Therefore, the business continuity plan is a kind of precaution that is taken by the organization in advance. The disaster recovery plan is reactive in nature which will react to some emergency incident that might cause the disruption to the services of the business. Thus, the disaster recovery is all about how the organization reacts to the disaster right after it occurs. The BCP is a plan that allows the business to plan in advance about the techniques and services that should be used to ensure the continuity of the business.
It is a game plan settled upon ahead of time by the administration and key staff of the means that will be taken to enable the association to recoup should any kind of debacle happen. These projects get ready for different issues. Nitty gritty plans are made that plainly lay out the activities that an association or individuals from an association will take to help recuperate/re-establish any of its basic operations that may have been either totally or in part hindered amide or subsequent to (happening inside a predetermined time frame) a fiasco or other stretched out interruption in availability to operational capacities. To be completely compelling at calamity recuperation, these plans are prescribed to be consistently polished and delineated (Kunthe, 2012).
On the other hand, Disaster Recovery Plan (DRP) is an archived procedure or set of techniques
to recuperate and ensure a business IT framework in case of a fiasco. Such an arrangement, customarily reported in the composed frame, determines methodology an association is to follow in case of a catastrophe. It is “an exhaustive proclamation of predictable moves to be made sometime recently, amid and after a fiasco” (Kunthe, 2012).
Bottom of Form
9) Name : Sameer ahemad
Introduction
The data held by the organizations are of vast significance and needs proper security for its maintenance. Information security is the process of safeguarding both the digital and physical information unauthorized access. The paper discusses the challenges encountered in the maintenance of information security at remote recovery locations.
Challenges of maintaining information security at remote recovery location
The maintenance of Information security is of utmost importance to the respective firms as the conditions of data breaches can lead to huge financial as well as reputational loss. The situation possesses the capability to affect the firm adversely. There are numerous changes faced by the organizations in the maintenance of the Information Security at the remote locations. Some of the challenges include insufficient network or system design for compliance and auditing technique, the threat of various types of attacks, lack of safety awareness or security measurements, tremendous growth of the company beyond the network design and non-maintenance of the security patches (Alcaraz & Zeadally, 2015). The insufficient network design and lack of auditing technique enable the hackers to easily access the data leading to security breaches. The network security design addresses the business issues such that the disruption is minimal. Moreover, various types of attacks such as denial of service and masquerading may also hamper the data making recovery of the original data difficult (Furdek et al., 2016). Thus, hampers the disaster recovery techniques. In addition to these, the lack of security awareness also hampers the disaster recovery mechanism.
Conclusion
Thus, with the above discussion, it can be concluded that information security is of utmost importance to the organizations. However, the company’s face challenges such as manipulation of data which creates hindrance in the data recovery mechanisms. The employees must be kept aware of the proper maintenance of Information security.
10) Name: Vinay Kumar Thota.
The pattern of consolidating business continuity and disaster recovery into a solitary term has come about because of a developing acknowledgment that business and innovation officials need to team up nearly as opposed to creating plans in seclusion.
Business continuity is more proactive and for the most part alludes to the procedures and techniques an association must actualize to guarantee that mission-basic capacities can keep amid and after a disaster. BC includes more exhaustive arranging designed for long haul difficulties to an association’s prosperity.
Disaster recovery is more responsive and contains particular stages an association must take to continue activities following an occurrence. Disaster recovery moves make put after the occurrence, and reaction times can run from seconds to days.
How they work together:
BC commonly centers around the association all in all, while DR zeroes in on the innovation framework. Disaster recovery is a bit of business continuity arranging and focuses on getting to information effectively following a disaster. BC incorporates this component, yet in addition considers chance administration and other arranging an association needs to remain above water amid an occasion.
There are likenesses between business continuity and disaster recovery. They both think about different spontaneous occasions, from cyber attacks to human blunder to a catastrophic event. They likewise have the objective of getting the business running as near ordinary as could be allowed, particularly concerning mission-basic applications. By and large, a similar group will be included with both BC and DR inside an association.
A business continuity design (BCP) contains contact data; change administration methodology; rules on how and when to utilize the arrangement; well ordered systems; and a calendar for investigating, testing and refreshing. A disaster recovery design (DRP) highlights an outline of key activity steps and contact data, the characterized obligations of the DR group, rules for when to utilize the arrangement, the DR approach explanation, design objectives, occurrence reaction and recovery steps, verification apparatuses, land dangers and plan history.
Key elements of BCP
The accompanying seven components are basic parts of any compelling business continuity system.
1. An unmistakably characterized group
In a crisis, individuals shouldn’t need to ponder who’s in control. Make a business continuity group with individuals in all aspects of your association, in each area where you work.
2. A detailed plan
Thoroughly consider the sort of disturbances that could happen in each place where you work together. Accept the most exceedingly terrible; at that point make sense of what you’d have to do to keep up your most imperative activities.
3. Powerful testing
An outdated or insufficient business continuity design can be more terrible than none by any stretch of the imagination, giving you a misguided sensation that all is well and good and abandoning you to scramble when things turn out badly.
Key elements of DR
The accompanying key of Disaster Recovery Plan (DRP) ought to be to:
· Accommodate the security and prosperity of individuals on the premises at the season of a disaster;
· Precede basic business tasks;
· Limit the term of a genuine disturbance to activities and assets (both data handling and different assets);
· Limit quick harm and misfortunes;
