You are on page 1of 4

SEC340ON_A

Desiree Carter Week 5 Assignment


Assignment: Students will submit a paper this week outlining and describing the key components of a comprehensive Disaster Recovery Plan for any incident that could disrupt an organization's network and data. This paper should start with the composition of the Disaster Recovery Team and their respective roles and responsibilities. Suggested Format: 1. Select three of the DR team members listed on page 266. Describe, in two to three sentences, their respective roles and responsibilities. IT managers An IT manager is effective at strategic IT planning and oversight of IT performance. They also: Oversee the development and maintenance of the of the IT strategic plan. Approve vendors used by the organization and monitors their financial condition. Approve and monitor major projects, IT budgets, Approve and monitor major projects, IT budgets, priorities, standards, procedures, and overall IT performance Coordinate priorities between the IT department and user departments

InfoSec technicians

InfoSec managers

Review the adequacy and allocation of IT resources in terms of funding, personnel, equipment, and service levels. The role of the Information Security Technicians help plan, coordinate and implement the organizations information security. These workers educate users about computer security, install security software, monitor networks for security breaches, respond to cyber-attacks, and in some cases, gather data and evidence to be used in prosecuting cybercrime. An information security manager has the general responsibility for establishing security policies relating to access to an information system, user rights and privileges to applications, system security utilities and establishing data protection from the Internet by applying firewalls on the computer system. The security manager also addresses the physical security of data processing facilities or operations, risk management audits and compliance with established policies.

The IT manager is a crucial to a Disaster Recovery team. They control the IT department. They would need to know if the Computers and other parts of the network were performing poorly. The Information Security Technicians are important because they are the ones that would first know if there was a breach in Computer security and respond to it. Also they are the ones to gather data and collect evidence if a cybercrime happens. Information Security managers are important because they oversee the security department. Also they develop polices and implementing access to the users of the organizations information system.

2. Complete the Purpose and Scope sections of your Disaster Recover Plan. Review pages 271 and 272. The purpose of this policy is to ensure that business function and information resource in investments made by the organization are protected against the interruptions of service, including large-scale disasters, by the development, implementation, and testing of disaster recovery plans. For purposes of this policy, disaster recovery planning is not limited to, the documentation, plans, policies, and procedures that are required to restore normal operation to a division impacted by man-made or natural outages or disasters at the organizations primary or permanent alternate site. The policy assists the organization in the following ways: It Identifies business resources that are at risk within the organization. Implements the plans that are deemed useful in protecting against identified threats and mitigate risk. Implements the tested emergency procedures when a service outage occurs. Implements and tests the procedures that enable reestablishment of services at the primary site or permanent alternate site following a disaster. Develops a plan that enables the full recovery and the resumption of the organizations normal operations. The purpose and scope of a Disaster Recovery plan is to lay the foundation for the Disaster Recovery plan. It states that it is to ensure business function despite a disaster. The policy itself outlines how the policy helps to assist the organization in recovering from a disaster at its primary or alternative site. The disaster below of a possible occurrence that can destroy a company but also has a plan outlined to help the organization recover from it.

3. Develop a theoretical incident and complete figure 7-1 on page 278. Disaster type: Trigger: Team Lead: Notification method: Response time: Actions during disaster: 1. Actions during disaster are complete when: Actions after disaster: 1. 2. 3. 4. 5. Tornado Tornado has hit Toshibas HQ The InfoSec Manager Katina Hashimoto Phone call 30 minutes Personnel are evacuated from the building.

6.

Actions after disaster are complete when:

The company for the organizations casualty insurance is called The company for the organizations business interruption insurance is called The hardware team recovers any physical computing assets that might be useable after the disaster. The OS team works to recover operating systems and may contain one or more specialists on each OS the organization employs. The network team works to determine the extent of damage to the network wiring and hardware (hubs, switches, and routers) as well as Internet and intranet connectivity. Storage recovery team: has the organization storage area network or network attached storage, this group works with the others to recover information and reestablish operations. If necessary, they wait to begin their efforts until the hardware, systems, and applications teams have completed their operations The insurance companies assess the damage. And operations are moved to the alternative site until the organization is reimbursed and operations can be moved back to the main site by the protocols taken by all that are needed to restore the original site. Develop the DR planning policy statement: A formal department or agency policy provides the authority and guidance necessary to develop an effective contingency plan. Measures taken to reduce the effects of system disruptions can increase system availability and reduce contingency life cycle costs.

Actions before disaster: 1.

2.

3. Actions before disaster are complete when:

Team members have access to DR and BC at the following locations: homes, vehicles, and offices. The Disaster Recovery and Business Continuity plans are housed in the homes, vehicles and offices of the employees and all employees are trained to respond to disasters according to the DR and BC plans.

The time before a disaster is crucial this is when you plan for any possible oncoming disaster. It is when the Disaster Recovery planning policy statement is made. It is also when teams are formed to help create the Disaster plan for oncoming disasters. An organization may also test its alternative site to make sure its operational in case of a disaster that makes the primary site inoperable for an extended amount of time. The preparing for a disaster is complete when the teams to react to a disaster are formed and all members of the teams have access to both the Disaster Recovery plan as well as the Business Continuity plan in their homes, vehicles and offices. If a Head Quarters of Toshiba had a Tornado warning they would evacuate the building and go to the alternative site. If a Tornado actually hit Toshibas Head Quarters two insurance forms would be implemented organizations casualty insurance and interruption insurance. Four teams within the organization would help try to restore Toshibas HQ to its former state the: hardware, OS, Network and Storage. The hardware team would recover any computing parts that are reusable. The OS would work to restore the operating systems of the Toshiba. The network team would assess the damage to Toshibas network. The storage team would work with the other teams to recover the information necessary and make Toshibas HQ operable again.