SlideShare a Scribd company logo

Evaluating Risk and Selecting Recovery Strategies

Download as DOCX, PDF
K
keturahhazelhurst

Chapter 3: Evaluating Risk Terms Risk How likely this is to happen and how badly it will hurt. Disaster An event that disrupts a critical business function Business Interruption Something that disrupts the normal flow of business operations. Attributes of Risk Risk Predictability Location Impact Advanced Warning Time of Day Scope Day of Week Likelihood Risk Analysis Process that identifies the probable threats to your business Analysis used as basis for assessment later in the process Assessment compares risk analysis to what you have in place Begins with determining what are essential functions to business Scope Determined by the potential damage and/or cost Cost of downtime Cost of lost opportunity Five Layers of Risk External Risk Risk to local facility Data systems Individual department Own workstation External Risk Natural Disaster Fire Hurricanes Storms Earthquake Tornado Civil Risk Riots Labor Disputes Manufactured Risk Industrial Sites Transportation Facility-wide Risk Electricity Telephones Water Climate Control Data Network Data Systems Data Communication Network Telecomm System Data Systems Shared computers and LANs Viruses Departmental Risk Key Operating Equipment Lack of Data Systems Vital Records Desk’s risk Determine Tools Used Locked Down? Severity of Risk Time of Day Day of Week Location Making the Assessment Scoring Sorting Analyze the data Summary Determine cost of downtime Identify risks at five layers Determine impact of risk Identify outside sources Prioritize risks Q. Perform a search on the Web for articles and stories about social engineering attacks or reverse social engineering attacks. Find an attack that was successful and describe how it could have been prevented. Social engineering, in the field of cyber-attacks and security systems being referred as psychological manipulation of people into performing actions or misuse of confidential information. It largely involves human interaction and manipulating people into breaking security procedures and company practices/rules in order to breach the security networks, computer system, obtain financial documents when not supposed.  To discuss it at large, the recent social engineering attack I found where victim is the giant retail company in United States called Target corporation. Target is the 8th largest retailer company in North America. The incident happened at target’s point of sale systems in the year 2013. The result of incident has enabled hackers to gain access to a sum of 40million user credit and debit card information.  So, it is pretty huge.  The incident happened because for target has given remote access to its network including payment (which should be secure and isolated from other networks) to its Air conditioning vendor Fazio mechanical services.  The hackers tried with phishing ema ...

Education
1 of 17
Chapter 3: Evaluating Risk Terms Risk How likely this is to happen and how badly it will hurt. Disaster An event that disrupts a critical business function Business Interruption Something that disrupts the normal flow of business operations. Attributes of Risk Risk
Predictability Location Impact Advanced Warning Time of Day Scope Day of Week Likelihood Risk Analysis Process that identifies the probable threats to your business Analysis used as basis for assessment later in the process
Assessment compares risk analysis to what you have in place Begins with determining what are essential functions to business Scope Determined by the potential damage and/or cost Cost of downtime Cost of lost opportunity Five Layers of Risk External Risk Risk to local facility Data systems Individual department
Own workstation External Risk Natural Disaster Fire Hurricanes Storms Earthquake Tornado Civil Risk Riots Labor Disputes Manufactured Risk Industrial Sites Transportation Facility-wide Risk Electricity Telephones Water
Climate Control Data Network Data Systems Data Communication Network Telecomm System Data Systems Shared computers and LANs Viruses Departmental Risk Key Operating Equipment
Lack of Data Systems Vital Records Desk’s risk Determine Tools Used Locked Down? Severity of Risk Time of Day Day of Week Location
Making the Assessment Scoring Sorting Analyze the data Summary Determine cost of downtime Identify risks at five layers Determine impact of risk Identify outside sources Prioritize risks Q. Perform a search on the Web for articles and stories about social engineering attacks or reverse social engineering attacks.
Find an attack that was successful and describe how it could have been prevented. Social engineering, in the field of cyber-attacks and security systems being referred as psychological manipulation of people into performing actions or misuse of confidential information. It largely involves human interaction and manipulating people into breaking security procedures and company practices/rules in order to breach the security networks, computer system, obtain financial documents when not supposed. To discuss it at large, the recent social engineering attack I found where victim is the giant retail company in United States called Target corporation. Target is the 8th largest retailer company in North America. The incident happened at target’s point of sale systems in the year 2013. The result of incident has enabled hackers to gain access to a sum of 40million user credit and debit card information. So, it is pretty huge. The incident happened because for target has given remote access to its network including payment (which should be secure and isolated from other networks) to its Air conditioning vendor Fazio mechanical services. The hackers tried with phishing email that installed malware type of citadel Trojan on the victim’s machine, through which got access credentials to target network. And installed malware on target’s network which extracted the user payment information from the infected machine. So, from the above details target corporation was attacked by cyber attackers. Through one of the common method of attacking which is phishing. If we go back to what is phishing - phishing is a technique of fraudulently obtaining private information from a user by sending a fraudulent email or text
which seems as original message from the bank or a credit card company or any service provider. The link contains a dark web link which then collects all the user info as input it and then uses it to gain access to victim’s accounts and cause financial or security issues. The above phishing attack happened with Target corporation might have been successfully prevented if: 1. Target should have kept its payment network isolated and secured it with some extra authorization tokens. 2. Target should have its own cyber security team to tackle any breaches, or any security issues because gaining access to such huge data is time taking process, so they had enough time to retrieve it, which is only possible if the system is not under surveillance for any unusual activities. 3. vendor should have had a security for all its employees access to its customer’s database. 4. More scrutiny before allotting contracts to any third-party vendor. 5. Give access to only for what is needed, in this case for vendor who is to support AC absolutely doesn’t need access to payment systems. Reference : I. Ghafir, V. Prenosil, A. Alhejailan and M. Hammoudeh, "Social Engineering Attack Strategies and Defence Approaches," 2016 IEEE 4th International Conference on Future Internet of Things and Cloud (FiCloud), Vienna, 2016, pp. 145- 149. doi: 10.1109/FiCloud.2016.28 Mann, Ian. (2008). Hacking the Human: Social Engineering Techniques and Security Countermeasures Published by Gower Publishing Ltd. ISBN0-566-08773-1
ISOL534-50-51 Application Security: Request for Proposal (RFP) Form
Table of Contents
Introduction Access control Problem Statement: Purpose Statement Scope Statement: Impact assessment Budget /Financial Assessment High-Level Functional Requirements:
Business Benefits: (Tangible and Intangible) Special Issues or Constraints: Summary Conclusion References 1 Chapter 4: Selecting a Strategy Recovery strategy Main purpose is to restore vital business functions Restore to minimum acceptable level of service Selecting a strategy Trade off between time and money
Maximum recovery time = recovery time objective (RTO) Craft a strategy for each significant area Recovery Point Objective (RPO) Amount of data that may be lost since last backup Time Distance Recovery options Recover in a different company site Subscribe to a recovery site Wait until disaster-locate empty space
IT recovery strategy Environmental conditions Infrastructure Applications Data Recommended it recovery strategy Second company site Second site facility set-up Offsite data backup Work area recovery strategy
New location far enough away – not affected Alternate communications for legacy systems Pre-printed forms for legal or business reasons Pandemic strategy Plan to continue operation at a level that permits it to remain in business Plan will be in operation for 18-24 months Business continuity strategy Customers never notice interruption in service List critical processes identified in BIA Draft a process map
Identification of steps to eliminate Draft a risk assessment Draft end-to-end recovery plan summary Selecting a strategy is an important step Look at how quick one can recover Determine amount of data a company can afford to lose How much security the company can afford

Recommended

Module 02 Performance Risk-based Analytics With all the advancem
Module 02 Performance Risk-based Analytics With all the advancemModule 02 Performance Risk-based Analytics With all the advancem
Module 02 Performance Risk-based Analytics With all the advancemIlonaThornburg83
 
Chapter 4 Selecting a StrategyRecovery strategyMa.docx
Chapter 4 Selecting a StrategyRecovery strategyMa.docxChapter 4 Selecting a StrategyRecovery strategyMa.docx
Chapter 4 Selecting a StrategyRecovery strategyMa.docxketurahhazelhurst
 
Five strategies for gdpr compliance
Five strategies for gdpr complianceFive strategies for gdpr compliance
Five strategies for gdpr compliancePeter Goldbrunner
 
User_Access_IIA-LA_3-9-2016
User_Access_IIA-LA_3-9-2016User_Access_IIA-LA_3-9-2016
User_Access_IIA-LA_3-9-2016Karla Sasser, CPA CITP, CIA, CGMA
 
Replies Required for below Posting 1 user security awarene.docx
Replies Required for below Posting 1 user security awarene.docxReplies Required for below Posting 1 user security awarene.docx
Replies Required for below Posting 1 user security awarene.docxsodhi3
 
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...cyberprosocial
 
SMS Security Unleashed: Your Toolkit for Bulletproof Fraud Detection!
SMS Security Unleashed: Your Toolkit for Bulletproof Fraud Detection!SMS Security Unleashed: Your Toolkit for Bulletproof Fraud Detection!
SMS Security Unleashed: Your Toolkit for Bulletproof Fraud Detection!SecurityGen1
 
ZSAH Security - Web
ZSAH Security - WebZSAH Security - Web
ZSAH Security - WebFahd Khan
 

Recommended

Module 02 Performance Risk-based Analytics With all the advancem
Module 02 Performance Risk-based Analytics With all the advancemModule 02 Performance Risk-based Analytics With all the advancem
Module 02 Performance Risk-based Analytics With all the advancemIlonaThornburg83
 
Chapter 4 Selecting a StrategyRecovery strategyMa.docx
Chapter 4 Selecting a StrategyRecovery strategyMa.docxChapter 4 Selecting a StrategyRecovery strategyMa.docx
Chapter 4 Selecting a StrategyRecovery strategyMa.docxketurahhazelhurst
 
Five strategies for gdpr compliance
Five strategies for gdpr complianceFive strategies for gdpr compliance
Five strategies for gdpr compliancePeter Goldbrunner
 
User_Access_IIA-LA_3-9-2016
User_Access_IIA-LA_3-9-2016User_Access_IIA-LA_3-9-2016
User_Access_IIA-LA_3-9-2016Karla Sasser, CPA CITP, CIA, CGMA
 
Replies Required for below Posting 1 user security awarene.docx
Replies Required for below Posting 1 user security awarene.docxReplies Required for below Posting 1 user security awarene.docx
Replies Required for below Posting 1 user security awarene.docxsodhi3
 
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...cyberprosocial
 
SMS Security Unleashed: Your Toolkit for Bulletproof Fraud Detection!
SMS Security Unleashed: Your Toolkit for Bulletproof Fraud Detection!SMS Security Unleashed: Your Toolkit for Bulletproof Fraud Detection!
SMS Security Unleashed: Your Toolkit for Bulletproof Fraud Detection!SecurityGen1
 
ZSAH Security - Web
ZSAH Security - WebZSAH Security - Web
ZSAH Security - WebFahd Khan
 
Securité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForceSecurité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForcePatrick Bouillaud
 
IBM X-Force.PDF
IBM X-Force.PDFIBM X-Force.PDF
IBM X-Force.PDFBan Selvakumar
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesKrist Davood - Principal - CIO
 
Powerpoint v7
Powerpoint v7Powerpoint v7
Powerpoint v7Veronica Pereira
 
Ultimate_Guide_to_getting_started_with_AppSec
Ultimate_Guide_to_getting_started_with_AppSecUltimate_Guide_to_getting_started_with_AppSec
Ultimate_Guide_to_getting_started_with_AppSecJessica Lavery Pozerski
 
InsiderAttack_p3.ppt
InsiderAttack_p3.pptInsiderAttack_p3.ppt
InsiderAttack_p3.pptVaishnavGhadge1
 
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...IJNSA Journal
 
InformationSecurity_11141
InformationSecurity_11141InformationSecurity_11141
InformationSecurity_11141sraina2
 
Security and Privacy Issues of Cloud Computing; Solutions and Secure Framework
Security and Privacy Issues of Cloud Computing; Solutions and Secure FrameworkSecurity and Privacy Issues of Cloud Computing; Solutions and Secure Framework
Security and Privacy Issues of Cloud Computing; Solutions and Secure FrameworkIOSR Journals
 
Application security Best Practices Framework
Application security Best Practices FrameworkApplication security Best Practices Framework
Application security Best Practices FrameworkSujata Raskar
 
Conference Paper: Enabling Privacy Mechanisms in Apache Storm
Conference Paper: Enabling Privacy Mechanisms in Apache StormConference Paper: Enabling Privacy Mechanisms in Apache Storm
Conference Paper: Enabling Privacy Mechanisms in Apache StormEricsson
 
ultimate-guide-to-getting-started-with-appsec-veracode
ultimate-guide-to-getting-started-with-appsec-veracodeultimate-guide-to-getting-started-with-appsec-veracode
ultimate-guide-to-getting-started-with-appsec-veracodeSean Varga
 
Discuss the challenges of maintaining information security at a remo.docx
Discuss the challenges of maintaining information security at a remo.docxDiscuss the challenges of maintaining information security at a remo.docx
Discuss the challenges of maintaining information security at a remo.docxstandfordabbot
 
The Basics of Cyber Insurance
The Basics of Cyber InsuranceThe Basics of Cyber Insurance
The Basics of Cyber InsuranceHB Litigation Conferences
 
Cyber security guide
Cyber security guideCyber security guide
Cyber security guideMark Bennett
 
Mobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementMobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementDMIMarketing
 
5 Step Data Security Plan for Small Businesses
5 Step Data Security Plan for Small Businesses5 Step Data Security Plan for Small Businesses
5 Step Data Security Plan for Small BusinessesWilkins Consulting, LLC
 
10.1.1.436.3364.pdf
10.1.1.436.3364.pdf10.1.1.436.3364.pdf
10.1.1.436.3364.pdfmistryritesh
 
Internet Security Agent
Internet Security AgentInternet Security Agent
Internet Security AgentInternational Journal of Engineering Inventions www.ijeijournal.com
 
H04025057
H04025057H04025057
H04025057International Journal of Engineering Inventions www.ijeijournal.com
 
1. The ALIVE status of each SEX. (SEX needs to be integrated into th.docx
1. The ALIVE status of each SEX. (SEX needs to be integrated into th.docx1. The ALIVE status of each SEX. (SEX needs to be integrated into th.docx
1. The ALIVE status of each SEX. (SEX needs to be integrated into th.docxketurahhazelhurst
 
1. Some potentially pathogenic bacteria and fungi, including strains.docx
1. Some potentially pathogenic bacteria and fungi, including strains.docx1. Some potentially pathogenic bacteria and fungi, including strains.docx
1. Some potentially pathogenic bacteria and fungi, including strains.docxketurahhazelhurst
 

More Related Content

Similar to Evaluating Risk and Selecting Recovery Strategies

Securité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForceSecurité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForcePatrick Bouillaud
 
Ultimate_Guide_to_getting_started_with_AppSec
Ultimate_Guide_to_getting_started_with_AppSecUltimate_Guide_to_getting_started_with_AppSec
Ultimate_Guide_to_getting_started_with_AppSecJessica Lavery Pozerski
 
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...IJNSA Journal
 
InformationSecurity_11141
InformationSecurity_11141InformationSecurity_11141
InformationSecurity_11141sraina2
 
Security and Privacy Issues of Cloud Computing; Solutions and Secure Framework
Security and Privacy Issues of Cloud Computing; Solutions and Secure FrameworkSecurity and Privacy Issues of Cloud Computing; Solutions and Secure Framework
Security and Privacy Issues of Cloud Computing; Solutions and Secure FrameworkIOSR Journals
 
Application security Best Practices Framework
Application security Best Practices FrameworkApplication security Best Practices Framework
Application security Best Practices FrameworkSujata Raskar
 
Conference Paper: Enabling Privacy Mechanisms in Apache Storm
Conference Paper: Enabling Privacy Mechanisms in Apache StormConference Paper: Enabling Privacy Mechanisms in Apache Storm
Conference Paper: Enabling Privacy Mechanisms in Apache StormEricsson
 
ultimate-guide-to-getting-started-with-appsec-veracode
ultimate-guide-to-getting-started-with-appsec-veracodeultimate-guide-to-getting-started-with-appsec-veracode
ultimate-guide-to-getting-started-with-appsec-veracodeSean Varga
 
Discuss the challenges of maintaining information security at a remo.docx
Discuss the challenges of maintaining information security at a remo.docxDiscuss the challenges of maintaining information security at a remo.docx
Discuss the challenges of maintaining information security at a remo.docxstandfordabbot
 
Cyber security guide
Cyber security guideCyber security guide
Cyber security guideMark Bennett
 
Mobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementMobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementDMIMarketing
 
5 Step Data Security Plan for Small Businesses
5 Step Data Security Plan for Small Businesses5 Step Data Security Plan for Small Businesses
5 Step Data Security Plan for Small BusinessesWilkins Consulting, LLC
 
10.1.1.436.3364.pdf
10.1.1.436.3364.pdf10.1.1.436.3364.pdf
10.1.1.436.3364.pdfmistryritesh
 

Similar to Evaluating Risk and Selecting Recovery Strategies (20)

Securité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForceSecurité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-Force
 
IBM X-Force.PDF
IBM X-Force.PDFIBM X-Force.PDF
IBM X-Force.PDF
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
 
Powerpoint v7
Powerpoint v7Powerpoint v7
Powerpoint v7
 
Ultimate_Guide_to_getting_started_with_AppSec
Ultimate_Guide_to_getting_started_with_AppSecUltimate_Guide_to_getting_started_with_AppSec
Ultimate_Guide_to_getting_started_with_AppSec
 
InsiderAttack_p3.ppt
InsiderAttack_p3.pptInsiderAttack_p3.ppt
InsiderAttack_p3.ppt
 
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
 
InformationSecurity_11141
InformationSecurity_11141InformationSecurity_11141
InformationSecurity_11141
 
Security and Privacy Issues of Cloud Computing; Solutions and Secure Framework
Security and Privacy Issues of Cloud Computing; Solutions and Secure FrameworkSecurity and Privacy Issues of Cloud Computing; Solutions and Secure Framework
Security and Privacy Issues of Cloud Computing; Solutions and Secure Framework
 
Application security Best Practices Framework
Application security Best Practices FrameworkApplication security Best Practices Framework
Application security Best Practices Framework
 
Conference Paper: Enabling Privacy Mechanisms in Apache Storm
Conference Paper: Enabling Privacy Mechanisms in Apache StormConference Paper: Enabling Privacy Mechanisms in Apache Storm
Conference Paper: Enabling Privacy Mechanisms in Apache Storm
 
ultimate-guide-to-getting-started-with-appsec-veracode
ultimate-guide-to-getting-started-with-appsec-veracodeultimate-guide-to-getting-started-with-appsec-veracode
ultimate-guide-to-getting-started-with-appsec-veracode
 
Discuss the challenges of maintaining information security at a remo.docx
Discuss the challenges of maintaining information security at a remo.docxDiscuss the challenges of maintaining information security at a remo.docx
Discuss the challenges of maintaining information security at a remo.docx
 
The Basics of Cyber Insurance
The Basics of Cyber InsuranceThe Basics of Cyber Insurance
The Basics of Cyber Insurance
 
Cyber security guide
Cyber security guideCyber security guide
Cyber security guide
 
Mobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementMobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk Management
 
5 Step Data Security Plan for Small Businesses
5 Step Data Security Plan for Small Businesses5 Step Data Security Plan for Small Businesses
5 Step Data Security Plan for Small Businesses
 
10.1.1.436.3364.pdf
10.1.1.436.3364.pdf10.1.1.436.3364.pdf
10.1.1.436.3364.pdf
 
Internet Security Agent
Internet Security AgentInternet Security Agent
Internet Security Agent
 
H04025057
H04025057H04025057
H04025057
 

More from keturahhazelhurst

1. The ALIVE status of each SEX. (SEX needs to be integrated into th.docx
1. The ALIVE status of each SEX. (SEX needs to be integrated into th.docx1. The ALIVE status of each SEX. (SEX needs to be integrated into th.docx
1. The ALIVE status of each SEX. (SEX needs to be integrated into th.docxketurahhazelhurst
 
1. Some potentially pathogenic bacteria and fungi, including strains.docx
1. Some potentially pathogenic bacteria and fungi, including strains.docx1. Some potentially pathogenic bacteria and fungi, including strains.docx
1. Some potentially pathogenic bacteria and fungi, including strains.docxketurahhazelhurst
 
1. Terrestrial Planets                           2. Astronomical.docx
1. Terrestrial Planets                           2. Astronomical.docx1. Terrestrial Planets                           2. Astronomical.docx
1. Terrestrial Planets                           2. Astronomical.docxketurahhazelhurst
 
1. Taking turns to listen to other students is not always easy f.docx
1. Taking turns to listen to other students is not always easy f.docx1. Taking turns to listen to other students is not always easy f.docx
1. Taking turns to listen to other students is not always easy f.docxketurahhazelhurst
 
1. The main characters names in The Shape of Things are Adam and E.docx
1. The main characters names in The Shape of Things are Adam and E.docx1. The main characters names in The Shape of Things are Adam and E.docx
1. The main characters names in The Shape of Things are Adam and E.docxketurahhazelhurst
 
1. Select one movie from the list belowShutter Island (2010; My.docx
1. Select one movie from the list belowShutter Island (2010; My.docx1. Select one movie from the list belowShutter Island (2010; My.docx
1. Select one movie from the list belowShutter Island (2010; My.docxketurahhazelhurst
 
1. Select a system of your choice and describe the system life-cycle.docx
1. Select a system of your choice and describe the system life-cycle.docx1. Select a system of your choice and describe the system life-cycle.docx
1. Select a system of your choice and describe the system life-cycle.docxketurahhazelhurst
 
1. Sensation refers to an actual event; perception refers to how we .docx
1. Sensation refers to an actual event; perception refers to how we .docx1. Sensation refers to an actual event; perception refers to how we .docx
1. Sensation refers to an actual event; perception refers to how we .docxketurahhazelhurst
 
1. The Institute of Medicine (now a renamed as a part of the N.docx
1. The Institute of Medicine (now a renamed as a part of the N.docx1. The Institute of Medicine (now a renamed as a part of the N.docx
1. The Institute of Medicine (now a renamed as a part of the N.docxketurahhazelhurst
 
1. The Documentary Hypothesis holds that the Pentateuch has a number.docx
1. The Documentary Hypothesis holds that the Pentateuch has a number.docx1. The Documentary Hypothesis holds that the Pentateuch has a number.docx
1. The Documentary Hypothesis holds that the Pentateuch has a number.docxketurahhazelhurst
 
1. Search the internet and learn about the cases of nurses Julie.docx
1. Search the internet and learn about the cases of nurses Julie.docx1. Search the internet and learn about the cases of nurses Julie.docx
1. Search the internet and learn about the cases of nurses Julie.docxketurahhazelhurst
 
1. Search the internet and learn about the cases of nurses Julie Tha.docx
1. Search the internet and learn about the cases of nurses Julie Tha.docx1. Search the internet and learn about the cases of nurses Julie Tha.docx
1. Search the internet and learn about the cases of nurses Julie Tha.docxketurahhazelhurst
 
1. Review the three articles about Inflation that are found below th.docx
1. Review the three articles about Inflation that are found below th.docx1. Review the three articles about Inflation that are found below th.docx
1. Review the three articles about Inflation that are found below th.docxketurahhazelhurst
 
1. Review the following request from a customerWe have a ne.docx
1. Review the following request from a customerWe have a ne.docx1. Review the following request from a customerWe have a ne.docx
1. Review the following request from a customerWe have a ne.docxketurahhazelhurst
 
1. Research risk assessment approaches.2. Create an outline .docx
1. Research risk assessment approaches.2. Create an outline .docx1. Research risk assessment approaches.2. Create an outline .docx
1. Research risk assessment approaches.2. Create an outline .docxketurahhazelhurst
 
1. Research has narrowed the thousands of leadership behaviors into .docx
1. Research has narrowed the thousands of leadership behaviors into .docx1. Research has narrowed the thousands of leadership behaviors into .docx
1. Research has narrowed the thousands of leadership behaviors into .docxketurahhazelhurst
 
1. Research Topic Super Computer Data MiningThe aim of this.docx
1. Research Topic Super Computer Data MiningThe aim of this.docx1. Research Topic Super Computer Data MiningThe aim of this.docx
1. Research Topic Super Computer Data MiningThe aim of this.docxketurahhazelhurst
 
1. Research and then describe about The Coca-Cola Company primary bu.docx
1. Research and then describe about The Coca-Cola Company primary bu.docx1. Research and then describe about The Coca-Cola Company primary bu.docx
1. Research and then describe about The Coca-Cola Company primary bu.docxketurahhazelhurst
 
1. Prepare a risk management plan for the project of finding a job a.docx
1. Prepare a risk management plan for the project of finding a job a.docx1. Prepare a risk management plan for the project of finding a job a.docx
1. Prepare a risk management plan for the project of finding a job a.docxketurahhazelhurst
 
1. Please define the term social class. How is it usually measured .docx
1. Please define the term social class. How is it usually measured .docx1. Please define the term social class. How is it usually measured .docx
1. Please define the term social class. How is it usually measured .docxketurahhazelhurst
 

More from keturahhazelhurst (20)

1. The ALIVE status of each SEX. (SEX needs to be integrated into th.docx
1. The ALIVE status of each SEX. (SEX needs to be integrated into th.docx1. The ALIVE status of each SEX. (SEX needs to be integrated into th.docx
1. The ALIVE status of each SEX. (SEX needs to be integrated into th.docx
 
1. Some potentially pathogenic bacteria and fungi, including strains.docx
1. Some potentially pathogenic bacteria and fungi, including strains.docx1. Some potentially pathogenic bacteria and fungi, including strains.docx
1. Some potentially pathogenic bacteria and fungi, including strains.docx
 
1. Terrestrial Planets                           2. Astronomical.docx
1. Terrestrial Planets                           2. Astronomical.docx1. Terrestrial Planets                           2. Astronomical.docx
1. Terrestrial Planets                           2. Astronomical.docx
 
1. Taking turns to listen to other students is not always easy f.docx
1. Taking turns to listen to other students is not always easy f.docx1. Taking turns to listen to other students is not always easy f.docx
1. Taking turns to listen to other students is not always easy f.docx
 
1. The main characters names in The Shape of Things are Adam and E.docx
1. The main characters names in The Shape of Things are Adam and E.docx1. The main characters names in The Shape of Things are Adam and E.docx
1. The main characters names in The Shape of Things are Adam and E.docx
 
1. Select one movie from the list belowShutter Island (2010; My.docx
1. Select one movie from the list belowShutter Island (2010; My.docx1. Select one movie from the list belowShutter Island (2010; My.docx
1. Select one movie from the list belowShutter Island (2010; My.docx
 
1. Select a system of your choice and describe the system life-cycle.docx
1. Select a system of your choice and describe the system life-cycle.docx1. Select a system of your choice and describe the system life-cycle.docx
1. Select a system of your choice and describe the system life-cycle.docx
 
1. Sensation refers to an actual event; perception refers to how we .docx
1. Sensation refers to an actual event; perception refers to how we .docx1. Sensation refers to an actual event; perception refers to how we .docx
1. Sensation refers to an actual event; perception refers to how we .docx
 
1. The Institute of Medicine (now a renamed as a part of the N.docx
1. The Institute of Medicine (now a renamed as a part of the N.docx1. The Institute of Medicine (now a renamed as a part of the N.docx
1. The Institute of Medicine (now a renamed as a part of the N.docx
 
1. The Documentary Hypothesis holds that the Pentateuch has a number.docx
1. The Documentary Hypothesis holds that the Pentateuch has a number.docx1. The Documentary Hypothesis holds that the Pentateuch has a number.docx
1. The Documentary Hypothesis holds that the Pentateuch has a number.docx
 
1. Search the internet and learn about the cases of nurses Julie.docx
1. Search the internet and learn about the cases of nurses Julie.docx1. Search the internet and learn about the cases of nurses Julie.docx
1. Search the internet and learn about the cases of nurses Julie.docx
 
1. Search the internet and learn about the cases of nurses Julie Tha.docx
1. Search the internet and learn about the cases of nurses Julie Tha.docx1. Search the internet and learn about the cases of nurses Julie Tha.docx
1. Search the internet and learn about the cases of nurses Julie Tha.docx
 
1. Review the three articles about Inflation that are found below th.docx
1. Review the three articles about Inflation that are found below th.docx1. Review the three articles about Inflation that are found below th.docx
1. Review the three articles about Inflation that are found below th.docx
 
1. Review the following request from a customerWe have a ne.docx
1. Review the following request from a customerWe have a ne.docx1. Review the following request from a customerWe have a ne.docx
1. Review the following request from a customerWe have a ne.docx
 
1. Research risk assessment approaches.2. Create an outline .docx
1. Research risk assessment approaches.2. Create an outline .docx1. Research risk assessment approaches.2. Create an outline .docx
1. Research risk assessment approaches.2. Create an outline .docx
 
1. Research has narrowed the thousands of leadership behaviors into .docx
1. Research has narrowed the thousands of leadership behaviors into .docx1. Research has narrowed the thousands of leadership behaviors into .docx
1. Research has narrowed the thousands of leadership behaviors into .docx
 
1. Research Topic Super Computer Data MiningThe aim of this.docx
1. Research Topic Super Computer Data MiningThe aim of this.docx1. Research Topic Super Computer Data MiningThe aim of this.docx
1. Research Topic Super Computer Data MiningThe aim of this.docx
 
1. Research and then describe about The Coca-Cola Company primary bu.docx
1. Research and then describe about The Coca-Cola Company primary bu.docx1. Research and then describe about The Coca-Cola Company primary bu.docx
1. Research and then describe about The Coca-Cola Company primary bu.docx
 
1. Prepare a risk management plan for the project of finding a job a.docx
1. Prepare a risk management plan for the project of finding a job a.docx1. Prepare a risk management plan for the project of finding a job a.docx
1. Prepare a risk management plan for the project of finding a job a.docx
 
1. Please define the term social class. How is it usually measured .docx
1. Please define the term social class. How is it usually measured .docx1. Please define the term social class. How is it usually measured .docx
1. Please define the term social class. How is it usually measured .docx
 

Recently uploaded

Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfSumit Tiwari
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesFatimaKhan178732
 
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...M56BOOKSTORE PRODUCT/SERVICE
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxRoyAbrique
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Sakshi Ghasle
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Celine George
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17Celine George
 
Class 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfClass 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfakmcokerachita
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting DataJhengPantaleon
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 

Recently uploaded (20)

Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and Actinides
 
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application )
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
Class 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfClass 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdf
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 

Evaluating Risk and Selecting Recovery Strategies

  • 1. Chapter 3: Evaluating Risk Terms Risk How likely this is to happen and how badly it will hurt. Disaster An event that disrupts a critical business function Business Interruption Something that disrupts the normal flow of business operations. Attributes of Risk Risk
  • 2. Predictability Location Impact Advanced Warning Time of Day Scope Day of Week Likelihood Risk Analysis Process that identifies the probable threats to your business Analysis used as basis for assessment later in the process
  • 3. Assessment compares risk analysis to what you have in place Begins with determining what are essential functions to business Scope Determined by the potential damage and/or cost Cost of downtime Cost of lost opportunity Five Layers of Risk External Risk Risk to local facility Data systems Individual department
  • 4. Own workstation External Risk Natural Disaster Fire Hurricanes Storms Earthquake Tornado Civil Risk Riots Labor Disputes Manufactured Risk Industrial Sites Transportation Facility-wide Risk Electricity Telephones Water
  • 5. Climate Control Data Network Data Systems Data Communication Network Telecomm System Data Systems Shared computers and LANs Viruses Departmental Risk Key Operating Equipment
  • 6. Lack of Data Systems Vital Records Desk’s risk Determine Tools Used Locked Down? Severity of Risk Time of Day Day of Week Location
  • 7. Making the Assessment Scoring Sorting Analyze the data Summary Determine cost of downtime Identify risks at five layers Determine impact of risk Identify outside sources Prioritize risks Q. Perform a search on the Web for articles and stories about social engineering attacks or reverse social engineering attacks.
  • 8. Find an attack that was successful and describe how it could have been prevented. Social engineering, in the field of cyber-attacks and security systems being referred as psychological manipulation of people into performing actions or misuse of confidential information. It largely involves human interaction and manipulating people into breaking security procedures and company practices/rules in order to breach the security networks, computer system, obtain financial documents when not supposed. To discuss it at large, the recent social engineering attack I found where victim is the giant retail company in United States called Target corporation. Target is the 8th largest retailer company in North America. The incident happened at target’s point of sale systems in the year 2013. The result of incident has enabled hackers to gain access to a sum of 40million user credit and debit card information. So, it is pretty huge. The incident happened because for target has given remote access to its network including payment (which should be secure and isolated from other networks) to its Air conditioning vendor Fazio mechanical services. The hackers tried with phishing email that installed malware type of citadel Trojan on the victim’s machine, through which got access credentials to target network. And installed malware on target’s network which extracted the user payment information from the infected machine. So, from the above details target corporation was attacked by cyber attackers. Through one of the common method of attacking which is phishing. If we go back to what is phishing - phishing is a technique of fraudulently obtaining private information from a user by sending a fraudulent email or text
  • 9. which seems as original message from the bank or a credit card company or any service provider. The link contains a dark web link which then collects all the user info as input it and then uses it to gain access to victim’s accounts and cause financial or security issues. The above phishing attack happened with Target corporation might have been successfully prevented if: 1. Target should have kept its payment network isolated and secured it with some extra authorization tokens. 2. Target should have its own cyber security team to tackle any breaches, or any security issues because gaining access to such huge data is time taking process, so they had enough time to retrieve it, which is only possible if the system is not under surveillance for any unusual activities. 3. vendor should have had a security for all its employees access to its customer’s database. 4. More scrutiny before allotting contracts to any third-party vendor. 5. Give access to only for what is needed, in this case for vendor who is to support AC absolutely doesn’t need access to payment systems. Reference : I. Ghafir, V. Prenosil, A. Alhejailan and M. Hammoudeh, "Social Engineering Attack Strategies and Defence Approaches," 2016 IEEE 4th International Conference on Future Internet of Things and Cloud (FiCloud), Vienna, 2016, pp. 145- 149. doi: 10.1109/FiCloud.2016.28 Mann, Ian. (2008). Hacking the Human: Social Engineering Techniques and Security Countermeasures Published by Gower Publishing Ltd. ISBN0-566-08773-1
  • 10. ISOL534-50-51 Application Security: Request for Proposal (RFP) Form
  • 12. Introduction Access control Problem Statement: Purpose Statement Scope Statement: Impact assessment Budget /Financial Assessment High-Level Functional Requirements:
  • 13. Business Benefits: (Tangible and Intangible) Special Issues or Constraints: Summary Conclusion References 1 Chapter 4: Selecting a Strategy Recovery strategy Main purpose is to restore vital business functions Restore to minimum acceptable level of service Selecting a strategy Trade off between time and money
  • 14. Maximum recovery time = recovery time objective (RTO) Craft a strategy for each significant area Recovery Point Objective (RPO) Amount of data that may be lost since last backup Time Distance Recovery options Recover in a different company site Subscribe to a recovery site Wait until disaster-locate empty space
  • 15. IT recovery strategy Environmental conditions Infrastructure Applications Data Recommended it recovery strategy Second company site Second site facility set-up Offsite data backup Work area recovery strategy
  • 16. New location far enough away – not affected Alternate communications for legacy systems Pre-printed forms for legal or business reasons Pandemic strategy Plan to continue operation at a level that permits it to remain in business Plan will be in operation for 18-24 months Business continuity strategy Customers never notice interruption in service List critical processes identified in BIA Draft a process map
  • 17. Identification of steps to eliminate Draft a risk assessment Draft end-to-end recovery plan summary Selecting a strategy is an important step Look at how quick one can recover Determine amount of data a company can afford to lose How much security the company can afford